[PHP] highlight_string for VB, CPP or .NET source code?
Hello all PHP offers the fantastic function highlight_string to highlight PHP source code. I was wondering whether anyone had written a function to highlight Visual Basic, CPP or .NET source code. Alternatively, would anyone have any suggestions on how to write such a function. Ideally, the output of this function / these functions would look very similar to that of highlight_string. Thank you in advance for any light that you could shed on this subject. All the best Stefen Lars _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cross-Site Sesison ID Propagation
Hello all fellow-hackers I am working on a project that includes a number of web sites, which are grouped together into one network. Kind of like the OSDN network, of which Slashdot.org, for example, is a member. I need to implement a cross-site session. Using a technique, similar to the one described at PHPBuilder (http://www.phpbuilder.com/columns/chriskings20001128.php3) I implemented this without too much difficulty. The links at the top of each site (links to other sites in the network) simply include the session id in the GET request: a href=http://www.site.com/?sid=1234567;Site1/a | a href=http://www.site2.com/?sid=1234567;Site2/a | a href=http://www.site3.com/?sid=1234567;Site3/a etc As per article, the session id is passed between the sites with ease and the session from Site 1 can be continued on Site 3 for example. However, there are a number of cross-site links in the main body of the site (i.e. not in the network link bar at the top of the page) that link various articles from one site to another. Thus, when a user clicks on one of these cross-site links, s/he cannot continue her/his session, as the session ID is not propagated; the --enable-trans-sid option only works on internal links (a very wise design choice, may I add). However, in my case, I would like to be able to define a list of external sites that the --enable-trans-sid option works with. (i.e. the sites in the network). Is this possible? If not, which method could I use to propagate the session id between the sites in the network? I know, it would be possible to manually add the session id to each cross-site link, but this is not a great idea, as a number of the links are from web site visitors in user-comments / forum posts they have submitted. I may be possible to use output buffering to rewrite the cross-site links to include the session id (like the --enable-trans-sid option works, I guess). But, as I am using compression (ob_start(zlib.output_compression);), that may not work. Plus, it seems a very fiddly method to me. Any suggestions from anyone, on how I may perform the cross-site session propagation? All the best /S _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cross-Site Sesison ID Propagation
Hello Chris And thank you for your comments and suggestions. I think that the solution you offer is a great idea. However, in my case, I may not be able to implement it as I, as the webmaster, do not always get the chance to add $next_query_string to the a href. Some of the cross-site links are added to discussion forums by the users. I will try making a wrapper function that makes the special sauce links in the normal body of the pages. That will just leave the cross site links in the forum. May be I will be able to implement a special solution for the forum May I asked what CDSM specification is I am not familiar with the term. Thanks again for your comments. They have been really helpful to me. Stefen From: Chris Shiflett [EMAIL PROTECTED] To: Chris Shiflett [EMAIL PROTECTED] CC: Stefen Lars [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP] Cross-Site Sesison ID Propagation Date: Mon, 08 Jul 2002 17:31:02 -0500 I made an error in my explanation (below). The reason you don't want to include the query string separator character in your variable is to allow flexibility with the types of URLs you can easily integrate this in with. My example should have looked like this: a href=http://www.site3.com/?? echo $next_query_string; ?Site 3/a The same conditional logic can be used. This allows for URLs that already have a query string to be addressed as follows: a href=http://www.site3.com/index.php?task=incoming;? echo $next_query_string; ?Site 3/a Happy hacking. Chris Chris Shiflett wrote: Stefen, There is no built-in way to do what you are speaking about here (that I know of), but there is a pretty easy technique. However, even this requires a lot of work to integrate into your existing code, but it will ease all future additions and maintenance. Keep a variable called something like $next_query_string (so you don't confuse it with the current one - you can just use $query or something if you prefer brevity), and keep up with any and all variables that you may need to include in all of your external links to other affiliated sites. For example: $next_query_string=sid=1234567; For all links where you're wanting to include the session ID in the URL, build them as follows: a href=http://www.site3.com/? echo $next_query_string; ?Site 3/a I'm sure this seems like just as much work, but once in place, your development will be much easier. This will also allow you to add conditional logic to which sites receive the special sauce in their URL. :-) if (in_array(www.site3.com, $hosts_allow)) { ? a href=http://www.site3.com/? echo $next_query_string; ?Site 3/a ? } else { ? a href=http://www.site3.com/;Site 3/a ? } This will also allow you to make global changes to how you handle this cross-domain session management. I wrote an extensive CDSM specification for the USPS to use (if you ever notice, many of their services are not in the usps.com domain) that leverages the HTTP protocol to maintain *some* security. I would recommend that you also consider passing additional information on the URL that is, for example, some encrypted information about the client that would at least be somewhat challenging to spoof. This would make it more difficult for someone to impersonate your user, since more than just the session ID on the URL would be necessary. How secure you want to make this needs to be balanced with your performance requirements, of course, because checks do take time. Just a suggestion. Happy hacking. Chris Stefen Lars wrote: Hello all fellow-hackers I am working on a project that includes a number of web sites, which are grouped together into one network. Kind of like the 'OSDN' network, of which Slashdot.org, for example, is a member. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Turning OFF auto_prepend_file on a page by page basis
Hello all I am using auto_prepend_file to include a load of files. This is prepended to all PHP parsed files. The prepend files contain the HTML for the framework of my site. How I want to create an XML file for other web sites to use. I do this by getting some data from a database and packaging it as RSS. Correctly, PHP appends my prepend file HTML on top of the XML. I do not want that, as it produced invalid XML. :-(( Is there a way to say, for example: Prepend this file to all files, but NOT this one? i.e. is it possible to turn off the prepend functionality on a page by page basis?? Thanks for your comments S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis
Usually, I use the Apache directive to add the prepend option. I already tried setting another prepend option in the apache directives, but it seems one does not overwite the other. I tried prepending a blank file. But that did not work. The other prepend file was prepended. When you say use ini_set(), do you mean ini_set(auto_prepend_file, /a/blank/file.php); ?? From: Maxim Maletsky \(PHPBeginner.com\) [EMAIL PROTECTED] To: 'Stefen Lars' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis Date: Fri, 3 May 2002 15:53:16 +0200 .htaccess Not sure if ini_set() will work in your case. But try. Sincerely, Maxim Maletsky Founder, Chief Developer www.PHPBeginner.com // where PHP Begins -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 3:02 PM To: [EMAIL PROTECTED] Subject: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis Hello all I am using 'auto_prepend_file' to include a load of files. This is prepended to all PHP parsed files. The prepend files contain the HTML for the framework of my site. How I want to create an XML file for other web sites to use. I do this by getting some data from a database and packaging it as RSS. Correctly, PHP appends my prepend file HTML on top of the XML. I do not want that, as it produced invalid XML. :-(( Is there a way to say, for example: Prepend this file to all files, but NOT this one? i.e. is it possible to 'turn off' the prepend functionality on a page by page basis?? Thanks for your comments S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Secure MySQL connections in PHP with 'stunnel'
Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: ?PHP $db_link = mysql_connect(SERVERB:3308, User, Pwd) or die(Cannot connect to db); mysql_select_db(DBNAME,$db_link) or die(Cannot select MASTER db\n); ? and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
Thank you Carl, for your suggestion. You are correct. In this case, it would be possible to use mysqldump to create a file, then SSH to transfer it and then pipe it into the database. However, I am interested in learning how to connect directly to the MySQL port, as in a second step of the project I am working on, various data from various servers will be handled. The 'dump to a file' approach, while fine in my little example below, will no longer be manageable in step two. Do you have any experience with stunnel or indeed, any other method of securely transferring data between 2 MySQL servers?? Stefen From: Cal Evans [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Stefen Lars [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] Secure MySQL connections in PHP with 'stunnel' Date: Mon, 29 Apr 2002 10:31:00 -0500 My suggestion, if you just want to move data between the 2 servers, is to mysqldump to a file, scp the file to the destination server and then mysql filename to get it into the second server. You can't do it under programmatic control but it will work and your data will remain secure in transport. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:24 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure MySQL connections in PHP with 'stunnel' Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: ?PHP $db_link = mysql_connect(SERVERB:3308, User, Pwd) or die(Cannot connect to db); mysql_select_db(DBNAME,$db_link) or die(Cannot select MASTER db\n); ? and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] The definitive source for PHP news, tutorials and articles (also, as XML)
Hello all I posted a link to Coding The Web (CodingTheWeb.com) a while ago as they had a channel dedicated to Google. It seems that they have updated the site a bit in the past few days and now have a news channel for PHP too. It is pretty cool: http://www.codingtheweb.com/projects/newslog/portal/1_1.htm What is really cool is the fact that you can syndicate their content for free. Take a look at the bottom of the page. There are two links to XML files: http://www.codingtheweb.com/projects/newslog/portal/1_2.xml (RDF) http://www.codingtheweb.com/projects/newslog/portal/1_3.xml (RSS) You can use this content on your own web site for free! Parsing out the data from an RDF file is pretty easy. Take a look at this tutorial to learn more: http://www.webmasterbase.com/article/560 (or see: http://www.phpclasses.org/browse.html/package/259.html http://www.phpclasses.org/browse.html/package/61.html http://www.phpclasses.org/browse.html/package/80.html ) I have already added the RDF file to my personal start page. It makes sure that I always know about the latest PHP articles, tutorials, news etc. To the Webmaster of CodingTheWeb.com if you are reading this: Thanks for creating this simple news portal. It works well, loads fast and you offer your content as XML. Nice. Well done. Stefen _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using Google's new SOAP based API in PHP
Hello all CodingTheWeb.com has several reports of Google's new SOAP based application programming interface: http://www.codingtheweb.com/projects/newslog/index.php?filter=Google Has anyone tries using this in PHP yet??? S. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Returning mutliple matches of a regex with preg_match()
Thank you James and Niklas. Here is the code that I need: ?PHP // open file $fd = fopen (./text.htm, r); // load contents into a variable while (!feof ($fd)) { $content .= fgets($fd, 4096); } // close file fclose ($fd); // remove char returns and co $content = preg_replace(/(\r\n)|(\n\r)|(\n|\r)/, ,$content); if (preg_match_all(/BLOCKQUOTEP(.*)\/P\/BLOCKQUOTE/U,$content,$matches)) { echo pre; var_dump($matches); echo /pre; } ? This returns exactly what I want (see my original post to learn what that is.) Thank again. :-)) S. From: liljim [EMAIL PROTECTED] Reply-To: liljim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] Returning mutliple matches of a regex with preg_match() Date: Thu, 21 Mar 2002 11:42:35 - Also, make sure that you make the match ungreedy with the U modifier, or use: (.*?) James Niklas lampén wrote in message 000501c1d0aa$4a5d97f0$ba93c5c3@Niklas">news:000501c1d0aa$4a5d97f0$ba93c5c3@Niklas... preg_match_all(); Niklas -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: 21. maaliskuuta 2002 7:28 To: [EMAIL PROTECTED] Subject: [PHP] Returning mutliple matches of a regex with preg_match() Hello all I have been scratching my head for the last two days about this regular expression problem. I would be really VERY happy if someone could help me! I have the following text in the file 'text.htm', for example: -- BLOCKQUOTEP Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig /P/BLOCKQUOTE -- I want to return all the stuff between BLOCKQUOTEP ... /P/BLOCKQUOTE in an array. One element per match. For example, for the above text, I would like to get back an array back like this: array( Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines, Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines, Rabbit, Rabbit, Rabbit, Rabbit, Pig, Pig, Pig, Pig, Pig ) I have been trying to do this with (many variations of) the following code: -- ?PHP // open file $fd = fopen (./text.htm, r); // load contents into a variable while (!feof ($fd)) { $content .= fgets($fd, 4096); } // close file fclose ($fd); // remove char returns and co. $content = preg_replace(/(\r\n)|(\n\r)|(\n|\r)/, ,$content); // match agains regex -- this does not work correctly if (preg_match(/BLOCKQUOTEP(.*)\/P\/BLOCKQUOTE/i,$content,$matche s)) { echo pre; var_dump($matches); echo /pre; } ? -- For the above, var_dump() returns this: -- array(2) { [0]= string(556) BLOCKQUOTEP Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig /P/BLOCKQUOTE [1]= string(524) Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig } -- Clearly not what I want. Is my approach here incorrect? Or is it indeed possible to construct a regex to do what I want (with just one pass of the text)? Thank you in advance. :-)) S. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returning mutliple matches of a regex with preg_match()
Hello all I have been scratching my head for the last two days about this regular expression problem. I would be really VERY happy if someone could help me! I have the following text in the file 'text.htm', for example: -- BLOCKQUOTEP Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig /P/BLOCKQUOTE -- I want to return all the stuff between BLOCKQUOTEP ... /P/BLOCKQUOTE in an array. One element per match. For example, for the above text, I would like to get back an array back like this: array( Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines, Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines, Rabbit, Rabbit, Rabbit, Rabbit, Pig, Pig, Pig, Pig, Pig ) I have been trying to do this with (many variations of) the following code: -- ?PHP // open file $fd = fopen (./text.htm, r); // load contents into a variable while (!feof ($fd)) { $content .= fgets($fd, 4096); } // close file fclose ($fd); // remove char returns and co. $content = preg_replace(/(\r\n)|(\n\r)|(\n|\r)/, ,$content); // match agains regex -- this does not work correctly if (preg_match(/BLOCKQUOTEP(.*)\/P\/BLOCKQUOTE/i,$content,$matches)) { echo pre; var_dump($matches); echo /pre; } ? -- For the above, var_dump() returns this: -- array(2) { [0]= string(556) BLOCKQUOTEP Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig /P/BLOCKQUOTE [1]= string(524) Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a lot of lines /P/BLOCKQUOTE pboring stuff - we are not interested in this/p BLOCKQUOTEP Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines /P/BLOCKQUOTE pmore boring stuff - we are not interested in this/p BLOCKQUOTEP Rabbit, Rabbit, Rabbit, Rabbit /P/BLOCKQUOTE peven more boring stuff - we are not interested in this/p BLOCKQUOTEP Pig, Pig, Pig, Pig, Pig } -- Clearly not what I want. Is my approach here incorrect? Or is it indeed possible to construct a regex to do what I want (with just one pass of the text)? Thank you in advance. :-)) S. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returning a specific 'record' from an XML file
Hello all I am looking for a PHP example or tutorial that shows how it is possible to return one particular record (is that the correct terminology for an XML file?) from an XML file. For example, consider this very simple XML file: ?xml version=1.0? library book titleHannibal/title authorThomas Harris/author genreSuspense/genre pages564/pages price8.99/price rating4/rating /book book titleRun/title authorDouglas E. Winter/author genreThriller/genre pages390/pages price7.49/price rating5/rating /book book titleHannibal - the return/title authorThomas Harris/author genreSuspense/genre pages586/pages price21.12/price rating10/rating /book /library I would like to be able to say, give me all the data from books written by author 'Thomas Harris'. In this case, I would be returned with the first and last 'record' from the above file. It would then be possible to loop through the resulting array like one can do with mysql_fetch_array and co. I know that to perform such a query in MySQL is a piece of cake, but I am currently interested in learning a little more about XML handling. If someone could point me in the correct direction to learn how do this, I would be very grateful. Also, if anyone thinks that using XML for such an application is completely wrong, please also say that. Thank you in advance /S _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Regex help
Hello all In the Apache config file, we have the following directive: SetEnvIfNoCase Referer ^http://www.oursite.com/; local_ref=1 FilesMatch .(gif|jpg) Order Allow,Deny Allow from env=local_ref /FilesMatch We use this to prevent people from directly linking to .gif and .jpg files. This technique is covered here: http://apachetoday.com/mailprint.php3?action=pvltsn=2000-06-14-002-01-PS However, we have to add more and more file types to the FilesMatch directive. Currently it looks like this: FilesMatch .(doc|zip|xls|exe|jpg|gif|png|psd|tif|tif) However, this list continues to grow. And we can never be sure that every file type is included. It occurred to me that it would be better to say do not serve any files except .htm, .html and .php files.. I have spent quite a long time with several regexes, but I am unable to create a regex that archives this seemingly simple talk. If anyone could help, I would be really happy . S _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Insecurity with PHP authorization
I just have just found this article, that describes this technique: http://apachetoday.com/mailprint.php3?action=pvltsn=2000-06-14-002-01-PS#SetEnvIf Thank you all for your help. :-)) S From: Maxwell Hung [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] Insecurity with PHP authorization Date: Tue, 7 Aug 2001 11:22:33 +0100 (BST) Hi Stefan You can do this #Add this httpd.conf N.B apache 1.3.12 SetEnvIfNoCase Referer ^http://www.mysite/; local_ref=1 # place the following into a .htaccess file in the dir you wish to protect the files Options -Indexes # change the extensions you want to protect FilesMatch .(doc|zip|xls|flp) Order Allow,Deny Allow from env=local_ref /FilesMatch This will stop and direct requests to files as the env var will not be set. I've used it on my setup and it's fine. As noted above this will only work with apache 1.3.12 If you get it working could you forward it to the php list I can't get there through this a/c HTH M@ --- Stefen Lars [EMAIL PROTECTED] wrote: Hello all I have just implemented a mySQL authorization: each html and php page checks to see whether a user is logged in by checking a cookie in the user browser. The user can log out and edit her profile (including password). If a page is called without the user being logged in, he is presented with a log in form. This works very well. There is an SSL connection to the server. Only a hash value of the password is stored in the database. However, if I directly request a graphic (or a ZIP file etc) from the site, by entering: https://www.myserver.com/photo.jpg for example, I can download that file without being logged in (naturally). In the particular *intranet* project that I am working on, this is particularly undesirable, as only personnel at the companys four locations may have access to the intranet. And there certainly will be a lot of confidential ZIP and graphic files placed on the server. I do realize that if I were to place a .htaccess file in the root of the intranet server, I could prevent the above from happening, but then I loose the advantage of having the users profile in a database, where a user can easily change her password. Allowing a web user to edit a password in the .htaccess file poses more problems than it solves, especially as it certainly could occur that more than one persons wants to edit his password simultaneously. Could anyone suggest a method to allow a user to easily edit his password, but at the same time, not allow direct access to specific non-PHP files on the intranet server? Perhaps one method would be to restrict access to the companys four gateway servers (IP addresses). However, I feel this is not to secure, and these IPs could be spoofed (and this does not really solve the problem). Any enlightenment on this subject would be well received. TIA S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Insecurity with PHP authorization
Hello all I have just implemented a mySQL authorization: each html and php page checks to see whether a user is logged in by checking a cookie in the user browser. The user can log out and edit her profile (including password). If a page is called without the user being logged in, he is presented with a log in form. This works very well. There is an SSL connection to the server. Only a hash value of the password is stored in the database. However, if I directly request a graphic (or a ZIP file etc) from the site, by entering: https://www.myserver.com/photo.jpg for example, I can download that file without being logged in (naturally). In the particular *intranet* project that I am working on, this is particularly undesirable, as only personnel at the companys four locations may have access to the intranet. And there certainly will be a lot of confidential ZIP and graphic files placed on the server. I do realize that if I were to place a .htaccess file in the root of the intranet server, I could prevent the above from happening, but then I loose the advantage of having the users profile in a database, where a user can easily change her password. Allowing a web user to edit a password in the .htaccess file poses more problems than it solves, especially as it certainly could occur that more than one persons wants to edit his password simultaneously. Could anyone suggest a method to allow a user to easily edit his password, but at the same time, not allow direct access to specific non-PHP files on the intranet server? Perhaps one method would be to restrict access to the companys four gateway servers (IP addresses). However, I feel this is not to secure, and these IPs could be spoofed (and this does not really solve the problem). Any enlightenment on this subject would be well received. TIA S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Insecurity with PHP authorization
Hello Max Thank you for this interesting idea! I have implemented it on my test server and it seems to do what I want. However, at the moment, I do not fully understand what is happening. However, I will study the Apache docs right now. Thanks! Jonathan From: Maxwell Hung [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] Insecurity with PHP authorization Date: Tue, 7 Aug 2001 11:22:33 +0100 (BST) Hi Stefan You can do this #Add this httpd.conf N.B apache 1.3.12 SetEnvIfNoCase Referer ^http://www.mysite/; local_ref=1 # place the following into a .htaccess file in the dir you wish to protect the files Options -Indexes # change the extensions you want to protect FilesMatch .(doc|zip|xls|flp) Order Allow,Deny Allow from env=local_ref /FilesMatch This will stop and direct requests to files as the env var will not be set. I've used it on my setup and it's fine. As noted above this will only work with apache 1.3.12 If you get it working could you forward it to the php list I can't get there through this a/c HTH M@ --- Stefen Lars [EMAIL PROTECTED] wrote: Hello all I have just implemented a mySQL authorization: each html and php page checks to see whether a user is logged in by checking a cookie in the user browser. The user can log out and edit her profile (including password). If a page is called without the user being logged in, he is presented with a log in form. This works very well. There is an SSL connection to the server. Only a hash value of the password is stored in the database. However, if I directly request a graphic (or a ZIP file etc) from the site, by entering: https://www.myserver.com/photo.jpg for example, I can download that file without being logged in (naturally). In the particular *intranet* project that I am working on, this is particularly undesirable, as only personnel at the companys four locations may have access to the intranet. And there certainly will be a lot of confidential ZIP and graphic files placed on the server. I do realize that if I were to place a .htaccess file in the root of the intranet server, I could prevent the above from happening, but then I loose the advantage of having the users profile in a database, where a user can easily change her password. Allowing a web user to edit a password in the .htaccess file poses more problems than it solves, especially as it certainly could occur that more than one persons wants to edit his password simultaneously. Could anyone suggest a method to allow a user to easily edit his password, but at the same time, not allow direct access to specific non-PHP files on the intranet server? Perhaps one method would be to restrict access to the companys four gateway servers (IP addresses). However, I feel this is not to secure, and these IPs could be spoofed (and this does not really solve the problem). Any enlightenment on this subject would be well received. TIA S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] XML parsing without the PHP4 XML functions
Hello all I have recently been assigned the task of parsing an xml file and format the contents of the file in HTML. The xml file lies on another server. Our web space provider does not provide the XML functions (nor is he willing to install them) :-gr. I am sure that I am not the only who has come across this problem. Would someone have already created a few functions to parse xml that they are willing to share? I have the following structure to deal with: faq item productProductName/product questionWhy does it not work/question answerBecause it is not turned onanswer item /faq There are whole load of items in the file. I then want to display the contents a bit like this: echo $product; echo $question; etc (of course with some HTML formatting, like a bulleted list). Any help would be really VERY appreciated! Thanks S _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]