[PHP] Is session_start() using encrypted cookies with HTTPS
Hi all, It came to my attention through the Netcraft newsletter[1] that cookies in a web application are not always sent encrypted when a server is contacted through HTTPS. Looking at the setcookie()[2] documentation, there is effectively a specific parameter (set to false by default). The description of this parameter says: Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER[HTTPS]). This part is clear. No problem with that. However, my application relies on the session_start()[3] function, which doesn't say anything about the potential differences in behaviour between a secure and a non-secure connection (ie HTTPS or HTTP) when the session identifier is set to be passed through cookies. However, the session ID is still passed through a cookie, so somehow the cookie must be set with a decision on whether the mode is secure or not. Would someone know the internals of that function and whether there is a way to force it to secure=true when the connection is made through HTTPS? Or maybe my question doesn't make sense because I am missing the point on how it works? I develop an open-source application which can be used through both HTTP and HTTPS, so I'm a bit worried about not having this question answered in the doc for session_start(). Thanks, Yannick Warnier [1] http://news.netcraft.com/archives/2010/11/03/github-moves-to-ssl-but-remains-firesheepable.html [2] http://www.php.net/setcookie [3] http://www.php.net/session-start -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Securing web services
Le dimanche 22 février 2009 à 21:29 +, Nathan Rixham a écrit : Yannick Warnier wrote: Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Yanick, I'm hoping to save you some time here; Web Services are very poorly implemented in PHP (and that sentence is the reason I'm emailing you off-list). Nevermind :-) Everything you need is catered for in SOAP and by using the WS-xxx extensions which are common place in the Java and .net world (infact most languages) - thankfully those who are fortunate enough to know can do this in PHP as well and consume all manner of web services, as well as generate them. You need WSO2 (oxygen) - specifically WSO2 WSF/PHP; it's the finest web service library for all languages and has a massive community behind it. http://wso2.org/projects/wsf/php docs: http://wso2.org/project/wsf/php/2.0.0/docs/api.html The license is Apache 2, which doesn't really match my GPLv2 (or superior) license. Does anyone know how one deals with this kind of headache? If my software is GPLv2 or superior, does it means that if I include a library that is only compatible with GPLv3 I have to restrict my soft to GPLv3? (and not v2 anymore) Apart from that, from a quick view through the code, I didn't really find something better than NuSOAP setCredentials in the list of available functions, but I suppose this should be an off-list topic now... Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP5 - SOAP extension and WSDL generation
Hi there, I'm trying to find out how to generate a WSDL with the functions I am providing as web services, and I'm finding various posts on the net that say it's not possible with the SOAP extension built in PHP5. At the same time, I find that http://www.php.net/manual/en/soap.constants.php lists four constants that have to do with WSDL caching: WSDL_CACHE_NONE (integer) WSDL_CACHE_DISK (integer) WSDL_CACHE_MEMORY (integer) WSDL_CACHE_BOTH (integer) which apparently are only used in the http://www.php.net/manual/en/soapserver.soapserver.php method. so I'm a bit confused about the lack of info there. Why would the extension not include a WSDL-generation method for one given server object while other libraries (NuSOAP and PEAR::SOAP) do? Isn't that kind of pushing users away from the core extension? I mean, generating a WSDL is not a funny job, but many services will need one and a developer doesn't want to be updating his at every change he makes in his service function, does he? Thank you, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Securing web services
Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Following the very nice table on page 32 of http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf using a combination of XML Encryption and XML Signature would provide a cover for almost all security risks related to providing web services. This article: http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html also goes away from the SSL method and *talks* about XML-DSIG and WS-Security, but that's out of PHP context. Finally, the following article talks about NuSOAP and the SetCredentials method, which is probably the closest I can get to secure web services using existing PHP code. Would anybody out here have gotten further and be able to tell me how they did it? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Geometrical library
Le samedi 06 septembre 2008 à 23:09 -0300, Manuel Lemos a écrit : Hello, on 09/03/2008 01:54 PM Yannick Warnier said the following: Hi there, I've been looking for a PHP library that would allow me to calculate superpositions of geometrical surfaces defined by polygones (defined themselves by points bound with lines) in 2D (surface of a polygone, intersections between two vectors, surface of intersection - considering the polygons could be complex and superpose themselves in more than one point). The closest to what I'm looking for, I guess, would be the PEAR Math_Vector package, but it is mainly based on vectors as mathematical arrays, whereas I would need calculations based on surfaces. Does anyone know of something that could help me? I think this PHP class does exactly what you need: http://www.phpclasses.org/polygon Seems to be pretty much everything I needed, indeed. Pretty hard to find through Google though. Thank you *very* much. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CMS-Blog system
Le jeudi 04 septembre 2008 à 10:31 +0100, Stut a écrit : On 4 Sep 2008, at 06:56, Yannick Warnier wrote: Le mercredi 03 septembre 2008 à 22:07 +0100, Luke a écrit : seperate databases is a hassle, since you have to mess with multiple connections, I would go with the one database. Just cut down on data storage, use userids instead of usernames for identification in the tables and such. Not only is it a hassle, it is also a major system bottleneck on most filesystems. If using MySQL for example, each database creates one directory. If you get to 10.000 directories in /var/lib/mysql for example (based on Debian systems), you will start to feel the weight of having so many items in only one directory. If you ever reach 30.000, you'll start to think it *really* was a bad idea. Not to mention any database backup will be accordingly slower. Personal recommendation: don't go for the multiple database solution if you plan to have more than 100 and you can avoid it. How bad this is depends on the OS and filesystem you're using. One of the sites I manage has a directory with over 300k files in it, and it's never a problem unless I want to list the contents (which I never do!). Accessing the files (for backups or other purposes) is just as fast as it is with only a few files. That's a CentOS box using ext3. Yes, I know. I'm talking about a Debian system with ext3, so I wouldn't really consider it as a low configuration/OS/FS, but I'm reporting, nevertheless, that it can have important drawbacks. On the other hand, 120.000 files in the same directory seemed to be the limit on one of the disks we have (the system reported: max number of inodes assigned, impossible to create new file). I'm sure there are also ways to improve performance by setting ext3 to use larger inodes, but you have to plan that from the start. It's possible the limitation you're seeing is related to MySQL rather than the filesystem, but I've never had anywhere near that number of databases on a single box so I can't speak to that. I think that isn't MySQL (system usage shows the system itself is overwhelmed, apart from MySQL). Thanks for the suggestions anyway. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Geometrical library
Hi there, I've been looking for a PHP library that would allow me to calculate superpositions of geometrical surfaces defined by polygones (defined themselves by points bound with lines) in 2D (surface of a polygone, intersections between two vectors, surface of intersection - considering the polygons could be complex and superpose themselves in more than one point). The closest to what I'm looking for, I guess, would be the PEAR Math_Vector package, but it is mainly based on vectors as mathematical arrays, whereas I would need calculations based on surfaces. Does anyone know of something that could help me? Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CMS-Blog system
Le mercredi 03 septembre 2008 à 22:07 +0100, Luke a écrit : seperate databases is a hassle, since you have to mess with multiple connections, I would go with the one database. Just cut down on data storage, use userids instead of usernames for identification in the tables and such. Not only is it a hassle, it is also a major system bottleneck on most filesystems. If using MySQL for example, each database creates one directory. If you get to 10.000 directories in /var/lib/mysql for example (based on Debian systems), you will start to feel the weight of having so many items in only one directory. If you ever reach 30.000, you'll start to think it *really* was a bad idea. Not to mention any database backup will be accordingly slower. Personal recommendation: don't go for the multiple database solution if you plan to have more than 100 and you can avoid it. Yannick 2008/9/3 Martin Zvarík [EMAIL PROTECTED] Hi, I am working on CMS-Blog system, which will be using approx. 10 000 users. I have a basic question - I believe there are only two options - which one is better? 1) having separate databases for each blog = fast (problem: what if I will need to do search in all of the blogs for some article?) 2) having all blogs in one database - that might be 10 000 * 100 articles = too many rows, but easy to search and maintain, hmm? --- I am thinking of having some file etc. cms-core.php in some base directory and every subdirectory (= users subdomains) would include this cms-core file with some individual settings. Is there better idea? I appreciate your discussion on this topic. Martin Zvarik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Replacing accented characters by non-accented characters
Hello, I've been trying to find something nice to transform an accentuated string into a non-accentuated string. Obviously, I'm mostly playing inside the European languages, but any method that could transform arabic or asian characters to plain non-accentuated characters would be perfect. I have found a number of solutions, ranging from str_replace() for every known accentuated character to strtr() to a preg_replace() of a conversion of the string to html characters then removing the and the alteration string (acute, grave, circ, ...). I must say the last one seems to work better because it's less affected by charset changes, but it still seems awfully slow to me and I would like to know if there is any function that exists that could do that for me? Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Replacing accented characters by non-accented characters
Thanks James, That would probably work out if it wasn't too dependent on the locales to work. I'm developing an open-source product which could end up on a server without the locales for French but be used by some French people, which would make (as far as I can get out of one comment from Richie in the PHP manual) the transliteration somewhat wrong. The dependency on iconv is also a minor problem to me as we are rather using MB at the moment, but I guess I might find something similar in MB anyway. Thanks, Yannick Le lundi 12 mai 2008 à 16:28 +0100, James Dempster a écrit : oops wrong way round echo iconv('UTF-8', 'ISO-8859-1//TRANSLIT', 'français'); On Mon, May 12, 2008 at 4:27 PM, James Dempster [EMAIL PROTECTED] wrote: maybe try iconv (http://uk.php.net/manual/en/function.iconv.php) e.g. echo iconv('ISO-8859-1', 'UTF-8//TRANSLIT', 'français'); -- /James On Mon, May 12, 2008 at 4:09 PM, Yannick Warnier [EMAIL PROTECTED] wrote: Hello, I've been trying to find something nice to transform an accentuated string into a non-accentuated string. Obviously, I'm mostly playing inside the European languages, but any method that could transform arabic or asian characters to plain non-accentuated characters would be perfect. I have found a number of solutions, ranging from str_replace() for every known accentuated character to strtr() to a preg_replace() of a conversion of the string to html characters then removing the and the alteration string (acute, grave, circ, ...). I must say the last one seems to work better because it's less affected by charset changes, but it still seems awfully slow to me and I would like to know if there is any function that exists that could do that for me? Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Replacing accented characters by non-accented characters
Le lundi 12 mai 2008 à 19:07 +0300, Dotan Cohen a écrit : 2008/5/12 Yannick Warnier [EMAIL PROTECTED]: Hello, I've been trying to find something nice to transform an accentuated string into a non-accentuated string. Obviously, I'm mostly playing inside the European languages, but any method that could transform arabic or asian characters to plain non-accentuated characters would be perfect. I have found a number of solutions, ranging from str_replace() for every known accentuated character to strtr() to a preg_replace() of a conversion of the string to html characters then removing the and the alteration string (acute, grave, circ, ...). I must say the last one seems to work better because it's less affected by charset changes, but it still seems awfully slow to me and I would like to know if there is any function that exists that could do that for me? Yannick Why are you removing the accents? Why not store/process the data as UTF-8, which supports all the accents in all the languages, and even non-latin languages. You mention Arabic, which does not use accented latin characters (Maybe you are thinking of Turkish, Ubek or Tadjic). UTF-8 supports Arabic, Russian, Greek, Latin including modified accented letters, and almost everything else save CJK. What is your end goal? Why are you removing the accents? Hi Dotan, I'm trying to give a universally-manageable directory name to an item using a free-text title. I want to avoid every type of accentuated character and everything outside of pure ASCII to make it the most portable possible. Generating a random hash is not acceptable as we want to be the most user-friendly possible. I'm talking about Arabic not to remove accentuated characters, but in case there would be a transliteration function that allows me to turn an Arabic character into something similar in terms of pronunciation but in ASCII. So the goal is to create a directory name that is both intuitive *and* portable for the user and the admin. The title is kept for the user, but there is a generic shortened code that is generated following the given title. We used to ask for a title in a webform, but realised our users liked it much better when we give them the possibility to generate the code themselves, but generating one ourselves by default. I just realised that the developer who did it seemed to make it using html codes directly, so we end up with codes like EACUTETEACUTE for an item called été, while ETE would be far better. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mbstring vs iconv - Any existing benchmark?
Hi all, Out of curiosity, I'm trying to find information about how well mbstring and iconv behave and possibly a comparison between the two. The basic functions offered by both extensions seem to be providing *about* the same features, and I read a ppt presentation from Carlos Hoyos [1] just saying this: PHP supports multi byte in two extensions: iconv and mbstring * iconv uses an external library (supports more encodings but less portable) * mbstring has the library bundled with PHP (less encodings but more portable) Is this really all there is to having two extensions providing character encoding features? Is there any kind of strong difference in efficiency? Information is pretty difficult to find on the topic (and judging by hits on my blog, my article is about the only quick and easy to find reference to such comparison, so I'd like to extend that). I also hear that Zend framework is mostly heading in the iconv direction. What about what's included in PHP6? (ok, I can do that last bit of research by myself). It's out of curiosity, so not urgent, but I'd like to be sure I do the right choice next time around. Thanks, Yannick [1] http://www.nyphp.org/content/presentations/smallworld/April2006-nyphp-Presentation.ppt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] open_basedir restriction in effect
Le jeudi 24 avril 2008 à 15:35 -0700, Richard Kurth a écrit : *I keep getting this warning when I try run my script that I what to look at the data in the mailbox for bounced email Warning*: opendir() [function.opendir http://easycontactpro.com/function.opendir]: open_basedir restriction in effect. File(/var/qmail/mailnames/easycontactpro.com/bounce/Maildir/new) is not within the allowed path(s): (/var/www/vhosts/easycontactpro.com/httpdocs:/tmp) I have set open_basedir =/var/qmail/mailnames/easycontactpro.com/bounce/Maildir/new in the php.ini file and restarted apache. How can I look at the files in this directory Hi Richard, Any chance you would have a virtual host configuration or some part of your scripts that redefine the open_basedir? I would put some logging in the middle with ini_get('open_basedir'); and see if it changes sometime between the first line of your script and the location where the error above appears. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] putting variables in a variable
Le lundi 28 mars 2011 à 12:06 +0100, Hulf a écrit : Hi, I am making and HTML email. I have 3 images to put in. Currently I have $body .= table tr tdimg src=\image1.jpg\/td /tr tr td/td /tr /table ; ideally I would like to have $myimage1 = image1.jpg; $myimage2 = image2.jpg; $myimage3 = image3.jpg; and put them into the HTML body variable. I have tried escaping them in every way i can think of, dots and slashes and the rest. Any ideas? The question is not very clear to me, but doesn't the following give what you are trying to get? $myimage1 = image1.jpg; $body .= table tr tdimg src=\$myimage1\/td /tr tr td/td /tr /table ; Otherwise, could you explain your intentions in another way? Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Generating PDF files (XSLT, ps, XSL-FO, FOP, etc)
Hello, I'm currently researching a bit on a possible PDF export format for some of my application's output. So far, what I get is this: - some packages allow PDF generation (FPDF, EZPDF, etc) from nothing - some packages allow generation of PDF from HTML, using the ps format - some packages allow generation of PDF from XML, using XSL-FO and FOP Somehow, I'm having difficulties understanding why you can make a PDF out of nothing (using only a set of PHP classes) but you can't generate a PDF using XML and XSLT, although XSLT is, to my understanding, made to enable export in various formats from the same XML file. It seems that in this case (exporting from XML to PDF), you need to first convert the XML to a XSL-FO format (using XSLT) and then convert that XSL-FO format into PDF, and the only way to do that last step at the moment seems to be to use Apache's FOP project, which requires Java and a server-side component that you are unlikely to be authorized to install on a low-cost hosting server. Does anybody have a good insight on all this and could tell me what's wrong and why there seems to be a missing link between XML and PDF...? Thanks in advance, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION LOST!
Le jeudi 10 mai 2007 à 15:24 +0200, Oliver Block a écrit : Am Donnerstag, 10. Mai 2007 08:59 schrieb Sascha Braun: but after a little time, the session is just lost. That doesn't say anything to me. Could you be more verbose on what you mean by the sessin is lost? :-) I get that too and it's the best description I could give in one sentence. Basically, the session array $_SESSION is emptied. Without notice, warning or error. Just emptied. I tried to track it down with xdebug as well but it's really just loosing it. I will try to work on this problem this week, and basically looking at the last hundreds of posts about sessions in this list, I would narrow it down to the following possible problems and solutions: 1) Unsynched: It is possible that client and server do not share the same notion of time, which is stored in the session cookies, so the session would be expired sooner than expected. A way to test if this is the problem is to set the cookie lifetime to one year or more, and see if it improves anything. However, if this was the problem, timeouts would tend to happen after a definite period of time, not after a random period like I have and like Sascha seems to have as well 2) Mutex 1: The problem might be due to concurrent (or almost) uses of the session, either with AJAX code or with frames, which might mean that the sessions are not complete when accessed, or access is prevented by a blocking write operation on the session file. This should only happen in the context of concurrent requests, and the only possible improvement might be to use session_write_close() as soon as a session use is finished, or to use mutex-aware session handler functions. I wonder if, in this case, the session should really be lost and emptied... maybe a write still allows a read to work... 3) Mutex 2: When using alternative session handlers, these session handlers might not be mutex-aware, so a concurrent access prevents data from being written before it is read. Make sure your session handling code is mutex-aware (apparently there is some code documented in the user comments of the PHP online doc). I hope this helps. I'll try to come back and report if any of these solutions has worked for me. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5.2 + IE 7 = HTTP 304 in login procedure [SOLVED]
The problem wasn't quite there. The 304 response was correct and didn't really cause a problem in IE7. In fact, the problem was somewhere else. As mentioned by someone in the PHP doc comments (http://be.php.net/manual/en/ref.session.php#64125 ), IE is the only one to reject urls of the likes of http://example_demo.littleweb.com/ because of the _ character. This means that basically IE will display the site without a problem, but will not register any cookie, and of course will not mention it, so it makes it all much easier to detect. The fact that FF and Opera get a session each does not help at all in finding the problem. Changing the URL to http://exampledemo.littleweb.com/ will work perfectly. Yannick Le dimanche 11 mars 2007 à 23:01 +, Yannick Warnier a écrit : Hello, One of my clients is currently having a problem when logging into one of my site. Investigating further (because it works with Firefox with his login/pass from my machine), it appears the problem is caused for an obscure reason when IE7 requests the page and obviously does a conditional GET, which only loads what's necessary for this login to proceed when the page has been updated since last time. The returned HTTP header is 304: Not modified, which is not returned with other browsers (others get a 200 header). This is true for PHP pages as well as included CSS files, which triggers the question of having any link to PHP at all... I've looked on Google quite a bit, and if I have found people having the same kind of problems, they generally report it along with the fact that they use incorrectly the header('HTTP/1.1 ...'); or header('Status: ...'); function, so the fix is generally a change of these. However, my application doesn't set any of these headers from inside the PHP code. Before I start getting into the whole Apache2 config (which I'm not to good at) and try a lot of funny things in a bid to discover one element that would cause this, I'd like to know... Does anybody know the problem and have already found a fix? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP 5.2 + IE 7 = HTTP 304 in login procedure
Hello, One of my clients is currently having a problem when logging into one of my site. Investigating further (because it works with Firefox with his login/pass from my machine), it appears the problem is caused for an obscure reason when IE7 requests the page and obviously does a conditional GET, which only loads what's necessary for this login to proceed when the page has been updated since last time. The returned HTTP header is 304: Not modified, which is not returned with other browsers (others get a 200 header). This is true for PHP pages as well as included CSS files, which triggers the question of having any link to PHP at all... I've looked on Google quite a bit, and if I have found people having the same kind of problems, they generally report it along with the fact that they use incorrectly the header('HTTP/1.1 ...'); or header('Status: ...'); function, so the fix is generally a change of these. However, my application doesn't set any of these headers from inside the PHP code. Before I start getting into the whole Apache2 config (which I'm not to good at) and try a lot of funny things in a bid to discover one element that would cause this, I'd like to know... Does anybody know the problem and have already found a fix? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FTP
Le samedi 07 octobre 2006 à 20:50 -0300, Raphael Martins a écrit : Hi, When I send files via FTP, the file size is limited to the php.ini max upload value? Thank you! No, unless you handle the FTP server with a PHP script. php.ini only limits the size of files handled by PHP (generally via HTTP), so it should not affect FTP (unless your FTP server is in PHP). Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Separate PHP Code From HTML || Pros Cons?
Le samedi 07 octobre 2006 à 17:24 -0400, sit1way a écrit : Hey all. Hi Noah, I've built a simple, yet effective PHP based CMS, one that I use in all sites I develop. [...] I've often heard the mantra, separate code from HTML, but it seems ridiculous at times to include tiny HTML snippets that can easily be echoed out, or stored in a variable. That mantra generally helps not getting your code and your graphics messed up. It is only a good suggestion, so you do whatever you want with it. It's like object oriented programming... it's a good suggestion and it proves very useful most of the time, but it's for you to judge if it is useful in your case, and most of the time you cannot judge perfectly without trying it. Smarty goes to the extreme in separating code from HTML, but looking at their templating system, I wonder what's the point? Is it the end of the world if you've got a few choice if, then, else statements in your HTML templates? Smarty goes to the extreme because it is *just* a templating engine. You can still use PHP code in Smarty templates by using specific tags, but for trying it I think it makes sense to prepare everything *outside* the display script. The display script can then be given to work on to a web designer without him messing everything up. It also helps not getting into one display script that will handle 5 different types of display depending on the conditions. One display script should really display one kind of data in a specific format. If you want to change the format, it makes sense to change the display script. I'm thinking of creating a bunch of include files based on request type in my CMS Admin Center; e.g. include classes/admin/news/add.php, where add, update, or delete is the request type. This cleans up my PHP processing pages quite a bit (don't have all the if add, do X, elseif update, do Y, etc. logic to comb through). You can also use the same code base (by playing with Apache VirtualHost's) and only change the config file and templates location, rather than the opposite. Up to you again. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FTP
Le dimanche 08 octobre 2006 à 08:05 -0300, Raphael Martins a écrit : I will be sending files over my php script... One client asked me for a project where he allow clients to send some large files (like 50mb)...I thought that FTP (via PHP) will allow that. Today he just give the FTP server user and password to his clients, but he is worried about the security (of course!). Is there a better way? I was thinking in split the files in several .RAR volumes... (actually, the client will send his .RAR files instead of a 50mb file), and use remote scripting to upload each file separatly. Any Ideas? There is a PECL SSH library which allows file transfers over SSH (using PHP). I have received some reports that it's not completely stable though, but I don't know more about it. You might want to contact Sara Golemon (the packager) on the PECL-dev mailing list if you manage to get into stability problems... See http://pecl.php.net/package/ssh2 for more details. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PEAR::DB and PDO
Hi there, I will soon need to include a database abstraction layer in my company's software and I am looking for the best choice to make. The software is promoted as working with PHP4, so I wouldn't use PDO, although I see that a PHP4 implementation of PDO exists [1] and I could use this one (any comments on that are appreciated). So basically I'm left with PEAR::DB (or PEAR::MDB2) [2] and ADOdb [3]. I have found a comparison [4] but it doesn't sound too objective. What I'd really like to know is: - does PDO come from PEAR::DB? - does ADOdb really add value in comparison with PEAR::DB? Any suggestion welcome, thank you so much, Yannick [1] http://www.phpclasses.org/browse/package/2572.html [2] http://pear.php.net/package/MDB2 [3] http://adodb.sourceforge.net/ [4] http://phplens.com/phpeverywhere/node/view/39 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Big files management
Hi there, I'm trying to deal with big files (over 4GB) with PHP4.3.9 ans PHP4.4 but obviously it's not really possible. Is there a library somewhere that allows elementary operations on these kinds of files by, for example, using the operating systems commands (Linux in this case)? Or any other solution? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Big files management
Le mercredi 26 juillet 2006 à 12:27 +0200, Jochem Maas a écrit : Yannick Warnier wrote: Hi there, I'm trying to deal with big files (over 4GB) with PHP4.3.9 ans PHP4.4 but obviously it's not really possible. no, we're not quite at the 4GB-flash-header-files-for-webpages stage of internet evolution ;-) Is there a library somewhere that allows elementary operations on these kinds of files by, for example, using the operating systems commands (Linux in this case)? exec(), system(), shel__exec(), the backtick operators ? I meant some class or library that already deals with parsing the results from the commands you might use on the system, like exec(ls -lh) with a parsing to get the file size directly and so on. No need to reinvent the wheel, is there? Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mnogosearch extension - not working with php 4.4.2
Hello guys, I'm hesitating on how to formulate this. I'm a newbie when it comes to PHP extensions/modules development, but I have a problem which forces me to go into source code for the mnogosearch extension (mnogosearch is an open-source search engine). The extension (version 1.96) has not been worked on since January 2005 and is unlikely to get any attention in the coming months from its authors, but upgrading PHP from 3.3.10 to 4.4.2 has broken it, and I am trying to figure out why. I have had a look at the PHP 4 changelog (http://www.php.net/ChangeLog-4.php) to see if I could spot anything obvious, but as I said I'm a newbie and don't exactly know what to look for. From the type of errors (very unclear and undetailed) that I get, my first guess would be that one function declaration in php_mnogo.c or php_mnogo.h would not be recognized anymore (because it used a funny declaration?). The php_mnogo.c and php_mnogo.h are located in this file: http://www.mnogosearch.org/Download/php/mnogosearch-php-extension-1.96.tar.gz (site is down at the moment but should be back up soon I guess) Could someone give me some advice on what to look for? (or have a look at these C files and tell me what's wrong - but I wouldn't dare asking) The files look very simple (just a few declarations, around 3000 lines :-) in all - including a lot of empty lines). Anyway, I would be glad for any kind of help you could provide me with around this. I suppose it would be easier if I could bring the difference to only one PHP version (like between 3.4.1 and 3.4.0) but I am afraid I don't have enough machines to screw up changing PHP versions all the time to try it. Also, if my guess is right that it would be a declaration not working anymore, I guess code changes related to extensions would have all been done in 4.0.0... Thank you, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP6 Roadmap
Hello, Is a roadmap for PHP6 already available somewhere? I've been looking for it on php.net and zend.com but haven't found anything yet, apart a few posts on the improvement of namespaces and unicode. Thank you, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Output files encoding
Hi guys, For a reason that I don't really understand, my PHP install outputs file in UTF-8 by default. I would like to output files in ISO-8859-1 in certain cases. How do I do that? I have tried changing default_charset to iso-8859-1 with an ini_set() call, but it doesn't help. I also looked at the doc for fopen() and fwrite() (the functions I am using to write my file) and to the mbstring module, but it looks like nothing is really coded to allow me to do this. Help! :-) Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Output files encoding
Le lundi 24 octobre 2005 à 14:37 +0100, Yannick Warnier a écrit : Hi guys, For a reason that I don't really understand, my PHP install outputs file in UTF-8 by default. I would like to output files in ISO-8859-1 in certain cases. How do I do that? I have tried changing default_charset to iso-8859-1 with an ini_set() call, but it doesn't help. I also looked at the doc for fopen() and fwrite() (the functions I am using to write my file) and to the mbstring module, but it looks like nothing is really coded to allow me to do this. For some reason now I could write a fully ISO-8859-1 file, so I can guess I had been missing something. If someone has an explanation or a document on how the files created by PHP are encoded, I would be very glad. Thanks. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Session IDs - How are they generated?
Le dimanche 20 mars 2005 13:02 +0200, zini10 a crit : Im Pretty sure it's using Uniqid , its the simplest solution possible , about the second question, php doesnot mind if he is being run from apahce,iis or command line. Dont count on my answers coz im not really sure. Thank you. The ID generator is here: php_session_create_id (http://cvs.php.net/co.php/php-src/ext/session/session.c) Thanks to Eric Colinet for his answer on this topic. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session IDs - How are they generated?
Hi there, I'm looking for a good document that describes session ID generation in PHP 4.3.6. Does somebody have that at hand? I couldn't find anything googling it, and nothing in the PHP doc. I would like to know what kind of parameters it uses during the generation. And also how it is generated in the case of a script executed in command line. Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] server compatibilty
Le jeudi 03 mars 2005 à 10:48 +0530, Prateek Tambi a écrit : I got php installed on my pc my web server is apache tomcat 4.0 or something will it support php or not how can i detect that... in the installation readme file there is support for apache 1.3.x and apache 2.0.x if its not supported than what can i do Hi Prateek, Following what you are saying you are running Apache 1.3 or 2.0 (or both) with Tomcat. To run PHP, a good way would be to install the PHP module that is relevant to the Apache server version you are using. The way to do that depends on your computer's operating system. Do you know what it is? Windows? Linux Mandrake? Linux Suse? ...? The best way to try and see if PHP is already installed is to write a PHP script, put it in your web root folder (depends on the operating system again) and try to load the page in a web server. For example, write: ?php phpinfo(); ? into the info.php file, put in in your web root and try to load it. If you see nothing but blank, then it failed (which doesn't mean PHP is not installed, but if it is you still need to configure it). Please read the installation doc on www.php.net to sort it out. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] smtp server
Le jeu 16/12/2004 à 14:43, Pablo D Marotta a écrit : Hi there.. I´m trying to use the mail function but I have a problem. I´m working in a LAN with more or less 30 pcs, that places inside a huge network, and I just can´t use the enterprise smtp server. How can i set a valid smtp server? You can use PEAR::Mail class to send e-mails via an external SMTP server (an account you have elsewhere), provided your smtp call isn't stopped by any firewall. Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form executes differently in IE than in FireFox?
Le mer 03/11/2004 à 09:55, Murray @ PlanetThoughtful a écrit : Hi All, Hi, and sympathy about the 12 lines signature :-) However, only the test part of your script (the if(isset($_POST['recid']))... ) was needed. I'm a little confused by a problem I'm experiencing with a form that is being processed differently between IE and FireFox. For some reason, when a new record on my form is submitted to the code below, it gets processed as though it were an edit operation when executed via Internet Explorer, but executes as an insert when via FireFox. On the form, 'recid' is a hidden field that is populated from the query string. If recid has a value, the assumption is made that the operation is an edit. If recid has no value, then the assumption is made that the operation is an insert. What might occur is that IE fills the value with a blank. Which is probably what you put in your form anyway. So I would say there are two ways to solve the problem. 1) change your isset($_POST['recid']) with a !empty($_POST['recid']) which is equivalent to if(isset($_POST['recid']) ($_POST['recid'] != )) 2) do not output any input type=hidden name=recid if the value isn't defined. I bet you probably have something like this at the moment (when there is no value): input type=hidden name=recid value= Which would explain why IE sets it as defined but empty. If this doesn't work, I probably can't help you. Yannick PS: you might be interested in the web developer extension for Firefox and it's Display Form Details function. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for a good free IDE supporting PHP
Le mer 03/11/2004 à 11:36, Do Minh Hieu, Mr a écrit : Hi all, I'm new at PHP. Hi and welcome. I am looking for a good free IDE supporting PHP; and the way to configure the IDE so that I can see the results in IDE. As mentionned just a few days before you arrived, IDEs are a matter of tastes and you can find a full list here: http://www.thelinuxconsultancy.co.uk/phpeditors/ Welcome again, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form executes differently in IE than in FireFox?
Le mer 03/11/2004 à 09:55, Murray @ PlanetThoughtful a écrit : Hi All, Hi, and sympathy about the 12 lines signature :-) However, only the test part of your script (the if(isset($_POST['recid']))... ) was needed. I'm a little confused by a problem I'm experiencing with a form that is being processed differently between IE and FireFox. For some reason, when a new record on my form is submitted to the code below, it gets processed as though it were an edit operation when executed via Internet Explorer, but executes as an insert when via FireFox. On the form, 'recid' is a hidden field that is populated from the query string. If recid has a value, the assumption is made that the operation is an edit. If recid has no value, then the assumption is made that the operation is an insert. What might occur is that IE fills the value with a blank. Which is probably what you put in your form anyway. So I would say there are two ways to solve the problem. 1) change your isset($_POST['recid']) with a !empty($_POST['recid']) which is equivalent to if(isset($_POST['recid']) ($_POST['recid'] != )) 2) do not output any input type=hidden name=recid if the value isn't defined. I bet you probably have something like this at the moment (when there is no value): input type=hidden name=recid value= Which would explain why IE sets it as defined but empty. If this doesn't work, I probably can't help you. Yannick PS: you might be interested in the web developer extension for Firefox and it's Display Form Details function. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php