Re: [PHP] Fwd: Is it possible???
On Mon, Jun 24, 2013 at 06:17:33PM +0200, Maciek Sokolewicz wrote: Please please please please don't do this! 1) You did not answer the question, nor giving any related information. 2) This was debug-output. I see not point in optimizing. 3) print is language construct, just as is echo 4) the argument to print is converted to string anyways, so ... 5) the quotes around a single variable allows fast adding helping text while debugging; so it was on purpose You are not the only one that has a coding style for a reason. So back to topic: I guess the case-sensitive variables were the most helpfull hint for the thread-starter? If not please send a complete example of your code. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Thread-Hijacking (was: Re: [PHP] Fwd: Is it possible???)
Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: Please please please please don't do this! Please Please Please Do Not Hijack Threads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Thread-Hijacking (was: Re: [PHP] Fwd: Is it possible???)
On 25 June 2013 10:02, Tamara Temple tamouse.li...@gmail.com wrote: Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: Please please please please don't do this! Please Please Please Do Not Hijack Threads. Hijacking would be starting a completely different discussion in the same thread. This wasn't a discussion-starter, rather a warning ;) - Tul
Re: [PHP] Fwd: Is it possible???
On 24 Jun 2013, at 13:02, Karl-Arne Gjersøyen karlar...@gmail.com wrote: Error in my last post This is corrected: $item_amount_in_store = 223; $update_amount = 7; $item_amount_in_Store += $update_amount; It show the result = 227 and not 230. Why is this happen? Something else is going on to give you 227, but variable names are case sensitive which is why you're not getting what you expect. ?php $item_amount_in_store = 223; $update_amount = 7; $item_amount_in_Store += $update_amount; var_dump($item_amount_in_store); var_dump($item_amount_in_Store); ? Output: int(223) int(7) -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- Forwarded message -- From: Karl-Arne Gjersøyen karlar...@gmail.com Date: 2013/6/24 Subject: Is it possible??? To: PHP Mailinglist php-general@lists.php.net $item_amount_in_store = 223; $update_amount = 7; $update_item_amount_in_store += $update_amount; $update_amoint_in_store is now 227; Why? That should be 230! Karl -- Hjemmeside: http://www.karl-arne.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Is it possible???
You should give a complete programm so we can run exactly the same you do, like this: ?php $item_amount_in_store = 223; print ($item_amount_in_store); $update_amount = 7; $item_amount_in_store += $update_amount; print ( + $update_amount = $item_amount_in_store ); ? which gives this result: 223 + 7 = 230 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Is it possible???
variables are case-sensitive. $item_amount_in_store is different from $item_amount_in_Store 1st variable contains all lowercase characters, while the 2nd one contains S uppercase character. happy coding sachin On Mon, Jun 24, 2013 at 5:32 PM, Karl-Arne Gjersøyen karlar...@gmail.comwrote: Error in my last post This is corrected: $item_amount_in_store = 223; $update_amount = 7; $item_amount_in_Store += $update_amount; It show the result = 227 and not 230. Why is this happen? Karl -- Forwarded message -- From: Karl-Arne Gjersøyen karlar...@gmail.com Date: 2013/6/24 Subject: Is it possible??? To: PHP Mailinglist php-general@lists.php.net $item_amount_in_store = 223; $update_amount = 7; $update_item_amount_in_store += $update_amount; $update_amoint_in_store is now 227; Why? That should be 230! Karl -- Hjemmeside: http://www.karl-arne.name/
Re: [PHP] Fwd: Is it possible???
On 24-6-2013 14:27, n...@nobswolf.info wrote: You should give a complete programm so we can run exactly the same you do, like this: ?php $item_amount_in_store = 223; print ($item_amount_in_store); Please please please please don't do this! First of all, I don't know why you would use the print *function* when you can also use the echo language construct (better and faster). But that's not that important; it's not bad to use it, just imo a bit ugly (pet peeve ;)). But more importantly: $variable is completely and utterly useless. You're basically creating a string, interpolating a variable in it, and adding no more content. This is effectively the same as saying: print(.$var.) Does that look right to you? To me it looks... wrong... Why not just a simple: echo $var; or print($var) if you really must. And if you really really must cast the variable to a string, you can always use the explicit: (string) $var $update_amount = 7; $item_amount_in_store += $update_amount; print ( + $update_amount = $item_amount_in_store ); ? which gives this result: 223 + 7 = 230 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Is it possible???
Amen! Am 24.06.2013 18:17, schrieb Maciek Sokolewicz: On 24-6-2013 14:27, n...@nobswolf.info wrote: You should give a complete programm so we can run exactly the same you do, like this: ?php $item_amount_in_store = 223; print ($item_amount_in_store); Please please please please don't do this! First of all, I don't know why you would use the print *function* when you can also use the echo language construct (better and faster). But that's not that important; it's not bad to use it, just imo a bit ugly (pet peeve ;)). But more importantly: $variable is completely and utterly useless. You're basically creating a string, interpolating a variable in it, and adding no more content. This is effectively the same as saying: print(.$var.) Does that look right to you? To me it looks... wrong... Why not just a simple: echo $var; or print($var) if you really must. And if you really really must cast the variable to a string, you can always use the explicit: (string) $var $update_amount = 7; $item_amount_in_store += $update_amount; print ( + $update_amount = $item_amount_in_store ); ? which gives this result: 223 + 7 = 230 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Is it possible???
Am 24.06.2013 18:17, schrieb Maciek Sokolewicz: On 24-6-2013 14:27, n...@nobswolf.info wrote: You should give a complete programm so we can run exactly the same you do, like this: ?php $item_amount_in_store = 223; print ($item_amount_in_store); Please please please please don't do this! First of all, I don't know why you would use the print *function* when you can also use the echo language construct (better and faster). But read and learn http://de2.php.net/manual/en/function.print.php print is not actually a real function (it is a language construct) -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [PHP] How is this possible???? (addslashes)
On Thu, 17 Feb 2011 07:50:45 +0700, Daniel Brown paras...@gmail.com wrote: No offense, but are you kidding me? The host disables phpinfo() for security reasons, but keeps 4.4.4 running? Talk about running, Paul run away from them. Fast. AND they have a condition (this reported) that could cause (fail to prevent) SQL injection! Legacy configurations remain when ISPs don't want to force customers to do the code changes that might be necessary to upgrade It runs. I'd rather not do the changes necessary to go to PHP5 now. But I cannot add an edit HTML via forms feature to the administration until this is resolved. I want to get to the bottom of this. PLEASE!! ANYONE ??? HOW COULD THIS POSSIBLY HAPPEN. They must have something messed up in the PHP configuration. What is it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible???? (addslashes)
On Feb 16, 2011 7:07 PM, Paul S pau...@roadrunner.com wrote: Can anyone please tell me how the addslashes output (note = Everyone''s a card on the \earth) in the following example is possible. It is addslashes output but this result is consistent with the output from post when runtime is set: 1): a single quote is inserted before a single quote and nothing is added before or \. php: ... --- ?php //error_reporting(E_ALL); echo 'display_errors = ' . ini_get('display_errors') . br; echo 'register_globals = ' . ini_get('register_globals') . br; echo 'magic_quotes_gpc = ' . ini_get('magic_quotes_gpc') . br; echo 'get_magic_quotes_gpc = ' . get_magic_quotes_gpc() . br; echo 'get_magic_quotes_runtime = ' . get_magic_quotes_runtime() . br; echo brbr; echo br; echo 'Current PHP version: ' . phpversion(); echo brbr; ? ?php $note = Everyone's a card on the \earth; echo br$notebr; $note = addslashes($note); echo brnote = $notebr; ? ?php phpinfo(); ? - output: display_errors = 1 register_globals = 1 magic_quotes_gpc = 1 get_magic_quotes_gpc = 1 get_magic_quotes_runtime = 1 Current PHP version: 4.4.4 No offense, but are you kidding me? The host disables phpinfo() for security reasons, but keeps 4.4.4 running? Talk about running, Paul run away from them. Fast. Everyone's a card on the \earth note = Everyone''s a card on the \earth Warning: phpinfo() has been disabled for security reasons in --- -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Is it possible to create a global namespace alias?
On Tue, Oct 5, 2010 at 8:41 AM, Matt Palermo palermom...@gmail.com wrote: I'm assuming there is no way to make a global alias. Can anyone confirm/deny this? I reread the documentation on namespaces, and from what I can tell this is no way to do it. Each file maintains its own active namespace *at compile time*. This means you can't even get around it with eval() or including another script to set it. I can't say I'm positive someone won't find a way around it, but short of an extension I don't see one. David
Re: [PHP] How is this possible?
2009/10/28 tedd t...@sperling.com: Hi gang: http://php.net/manual/en/security.globals.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
I don't do this personally, but you can probably get your script working by doing something like this: foreach( $_GET as $k = $v ) $$k = $v; You would put that at the top of your page, but be aware that it allows other people to set variables on your page (just like register globals does). If you want to do basic sanitization to your incoming values, such as trimming them, you can do something like this too: foreach( $_GET as $k = $v ) $$k = trim( $v ); None of this is best practices, FYI. Adam. On Wed, Oct 28, 2009 at 10:29 AM, David Otton phpm...@jawbone.freeserve.co.uk wrote: 2009/10/28 tedd t...@sperling.com: Hi gang: http://php.net/manual/en/security.globals.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Adam Randall http://www.xaren.net AIM: blitz574 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
On Wed, Oct 28, 2009 at 1:27 PM, tedd t...@sperling.com wrote: Hi gang: I am reviewing some old code (circa 2003) where the programmer had one script call another and placed variable values in the URL, like so: a href=user_edit.php?user_id=5223action=edit That seems innocent enough. However, in the called script (i.e., user_edit.php) there are no: $user_id = $_GET['user_id']; $action = $_GET['action']; statements to populate the variables, yet the variables get populated with the values sent!?! How did he do that? Incidentally, he did have in the .htaccess file the statement: php_flag register_globals 1 So I figure that Globals have something to do with it, but I never use Globals. And if I print_r $GLOBALS, I find that user_id and action are listed (many times), but I don't see how that works. Furthermore, something got changed and the entire script no longer works. So I'm in a quandary to figure this out -- any ideas, suggestions, references? Thanks, tedd That's exactly what register_globals does. It's analogous to prepending your scripts with this: ?php extract($_GET); extract($_POST); extract($_COOKIE); extract($_SESSION); ? (The order would be determined by the ini directive variables_order) Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
On Wed, 2009-10-28 at 13:47 -0400, Andrew Ballard wrote: On Wed, Oct 28, 2009 at 1:27 PM, tedd t...@sperling.com wrote: Hi gang: I am reviewing some old code (circa 2003) where the programmer had one script call another and placed variable values in the URL, like so: a href=user_edit.php?user_id=5223action=edit That seems innocent enough. However, in the called script (i.e., user_edit.php) there are no: $user_id = $_GET['user_id']; $action = $_GET['action']; statements to populate the variables, yet the variables get populated with the values sent!?! How did he do that? Incidentally, he did have in the .htaccess file the statement: php_flag register_globals 1 So I figure that Globals have something to do with it, but I never use Globals. And if I print_r $GLOBALS, I find that user_id and action are listed (many times), but I don't see how that works. Furthermore, something got changed and the entire script no longer works. So I'm in a quandary to figure this out -- any ideas, suggestions, references? Thanks, tedd That's exactly what register_globals does. It's analogous to prepending your scripts with this: ?php extract($_GET); extract($_POST); extract($_COOKIE); extract($_SESSION); ? (The order would be determined by the ini directive variables_order) Andrew Register globals is evil; somewhere between M$ and the chocolate that are always left over in the Xmas tin that nobody likes. Best bet is to try and steer the system away from it's dependency on this old directive. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] How is this possible? [Solved]
To all: I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Many thanks for all input and suggestions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How is this possible? [Solved]
From: tedd I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Just keep in mind that register_globals is deprecated and will be going away in a future release of PHP. You might want to start thinking about a strategy to update those files before that happens. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible? [Solved]
Bob McConnell wrote: From: tedd I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Just keep in mind that register_globals is deprecated and will be going away in a future release of PHP. You might want to start thinking about a strategy to update those files before that happens. Bob McConnell I don't think his problem was register_globals, I think it was the other problem of globals... namely variable naming collision causing value clobber. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible? [Solved]
At 2:48 PM -0400 10/28/09, Robert Cummings wrote: Bob McConnell wrote: From: tedd I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Just keep in mind that register_globals is deprecated and will be going away in a future release of PHP. You might want to start thinking about a strategy to update those files before that happens. Bob McConnell I don't think his problem was register_globals, I think it was the other problem of globals... namely variable naming collision causing value clobber. Cheers, Rob. Rob: You were exactly right -- it was a collision. Now, if I can only find out why header(location:..); stopped working. Sometimes old code presents a lot of problems to solve. Thanks, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible? [Solved]
tedd wrote: At 2:48 PM -0400 10/28/09, Robert Cummings wrote: Bob McConnell wrote: From: tedd I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Just keep in mind that register_globals is deprecated and will be going away in a future release of PHP. You might want to start thinking about a strategy to update those files before that happens. Bob McConnell I don't think his problem was register_globals, I think it was the other problem of globals... namely variable naming collision causing value clobber. Cheers, Rob. Rob: You were exactly right -- it was a collision. Now, if I can only find out why header(location:..); stopped working. Sometimes old code presents a lot of problems to solve. Thanks, tedd I would use headers_sent() to find out if the headers have been sent before calling header() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
On Sun, Jun 21, 2009 at 6:17 PM, James McLean james.mcl...@gmail.comwrote: On Mon, Jun 22, 2009 at 9:40 AM, Nathan Nobbequickshif...@gmail.com wrote: On Sun, Jun 21, 2009 at 5:56 PM, James McLean james.mcl...@gmail.com wrote: did you take a look at the size of the cache you created ? Yes. Tried multiple segments and single, with cache size values between 128mb and 256mb. Also tried with stat on and off. also, arent you planning to cache php opcodes, so if you load up the page, index.html, i would expect to see a bunch of php files mentioned in the apc cache.. Well, index.html wouldn't be cached because it's not parsed by the PHP engine. But yes, if it were index.php for example each compiled PHP file is then cached in the opcode cache - include files and everything. This is how it works on every other APC installation i've tried :) This installation is not doing that, even though this is the default behaviour. if apc has support for output caching, ive not yet used it so im not sure how much i could help there (sort of sounds like youre shooting for output caching the way you describe things above). No, i'm not looking for output caching. Apologies if my original email was poorly worded. maybe you could dump out your ini settings for apc and share them here? No need. they're all default as reccomended by PHP and APC. hmm, 2 other thoughts i have.. . long shot, but do you have apc.php installed on a diff domain than the moodle app (not sure but i suspect apc.php only shows cached values for the domain in which its currently running (i know this is something eaccelerator does). . as a test, perhaps setup a simple test site, w/ 2 files, apc.php and one index.php file on this rhel box. if things are working (index.php cached w/ apc.php), it would seem something goofy is going on indside the moodle app. -nathan
Re: [PHP] Problems with APC, possible cache-corruption?
On Tue, Jun 23, 2009 at 6:17 AM, Nathan Nobbequickshif...@gmail.com wrote: hmm, 2 other thoughts i have.. . long shot, but do you have apc.php installed on a diff domain than the moodle app (not sure but i suspect apc.php only shows cached values for the domain in which its currently running (i know this is something eaccelerator does). No. Same domain. . as a test, perhaps setup a simple test site, w/ 2 files, apc.php and one index.php file on this rhel box. if things are working (index.php cached w/ apc.php), it would seem something goofy is going on indside the moodle app. The RHEL box works flawlessly, as has almost every other APC install i've ever done. I simply used it as an example that Moodle likely wasn't at fault, and I have since further proved this by grepping the source - it isn't setting any of it's own apc filters as suggested before. On the APC install that is not working correctly, when I switch between my info.php and apc.php files - the counter on the cached file (apc.php) resets, and info.php is not cached. That was all outlined in the original email. I guess this is not a common issue, no one seems to have experienced it before.. Cheers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
On Sun, Jun 21, 2009 at 5:56 PM, James McLean james.mcl...@gmail.comwrote: (Resend from around 1 week ago, because of no responses) Hi All, Over the weekend I setup a test of APC intending to benchmark a Moodle installation with various APC settings to see how well I could get it to perform. I successfully installed Moodle 1.9 and 2.0 under Apache 2.2.3 (installed via apt on Ubuntu 9.04), and with PHP 5.2.9 compiled from source. I should note, that Ubuntu had an older version of PHP installed from apt with Suhosin hardened PHP built in. Moodle 2.0 required at least PHP 5.2.8, so I uninstalled the original PHP module before compiling and installing the 5.2.9. No issues there; PHP worked well and performance was (mostly) acceptable. Progressed onto installing APC, firstly by downloading the APC 3.1.2 source from PECL and following the usual 'phpize, configure, make, make install' process which worked as expected, stop and start Apache and APC was present in my phpinfo();. I started with the reccomended PHP config exept with error_display turned on and E_ALL | E_STRICT enabled, and also the reccomended APC config also. I copied the 'apc.php' from the source tree to my webroot and changed the password as suggested. The issue arose when I attempted to benchmark my Moodle install with 'ab' (I realise it only downloads the single page, but it's good enough for what I need for now though) and the result was no different to before I had installed APC. View the apc.php page, and the only page cached is apc.php itself.. Certainly not what I've witnessed in the past. Then what would happen was if I viewed my seperate info.php page containing simply the opening PHP tag and a single line with phpinfo(); in the file - the cache would appear to reset, and it would firstly not load the info.php into the cache, it would reset the counter on the apc.php file back to 0. Through all of this, there was no errors displayed on the screen and no errors listed in the Apache error log either. Increased the Apache log level up to Debug, and no related information was displayed. Moodle itself worked as expected with no errors, and on a seperate RHEL installation I have Moodle working with APC and it is caching all it's files as expected. At this point, I thought it may be an issue with the module I compiled myself. I backed up the module, and allowed PECL to install the module, it installed 3.0.19. Restarted Apache and verified the version was as PECL had built and installed. This had no effect, and yeilded the same behaviour. I'm stumped as to what the issue could be, however I did see this issue of APC not caching files on an installation of Red Hat Enterprise Linux in the past - however at the time we assumed it was an issue with the framework we were using and due to time constraints simply ran without APC and didn't investigate further. Has anyone seen this issue in the past and perhaps even rectified it? Any information would be appreciated. did you take a look at the size of the cache you created ? also, arent you planning to cache php opcodes, so if you load up the page, index.html, i would expect to see a bunch of php files mentioned in the apc cache.. if apc has support for output caching, ive not yet used it so im not sure how much i could help there (sort of sounds like youre shooting for output caching the way you describe things above). maybe you could dump out your ini settings for apc and share them here? -nathan
Re: [PHP] Problems with APC, possible cache-corruption?
On Mon, Jun 22, 2009 at 9:40 AM, Nathan Nobbequickshif...@gmail.com wrote: On Sun, Jun 21, 2009 at 5:56 PM, James McLean james.mcl...@gmail.com wrote: did you take a look at the size of the cache you created ? Yes. Tried multiple segments and single, with cache size values between 128mb and 256mb. Also tried with stat on and off. also, arent you planning to cache php opcodes, so if you load up the page, index.html, i would expect to see a bunch of php files mentioned in the apc cache.. Well, index.html wouldn't be cached because it's not parsed by the PHP engine. But yes, if it were index.php for example each compiled PHP file is then cached in the opcode cache - include files and everything. This is how it works on every other APC installation i've tried :) This installation is not doing that, even though this is the default behaviour. if apc has support for output caching, ive not yet used it so im not sure how much i could help there (sort of sounds like youre shooting for output caching the way you describe things above). No, i'm not looking for output caching. Apologies if my original email was poorly worded. maybe you could dump out your ini settings for apc and share them here? No need. they're all default as reccomended by PHP and APC. Thanks, James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
Can you do a phpinfo(); and tell us the value of the setting apc.filters (or every apc.* if you can)? Just curious, but I've seen apps set that setting to avoid APC opcode caching. Jonathan On Sun, Jun 21, 2009 at 8:56 PM, James McLeanjames.mcl...@gmail.com wrote: (Resend from around 1 week ago, because of no responses) Hi All, Over the weekend I setup a test of APC intending to benchmark a Moodle installation with various APC settings to see how well I could get it to perform. I successfully installed Moodle 1.9 and 2.0 under Apache 2.2.3 (installed via apt on Ubuntu 9.04), and with PHP 5.2.9 compiled from source. I should note, that Ubuntu had an older version of PHP installed from apt with Suhosin hardened PHP built in. Moodle 2.0 required at least PHP 5.2.8, so I uninstalled the original PHP module before compiling and installing the 5.2.9. No issues there; PHP worked well and performance was (mostly) acceptable. Progressed onto installing APC, firstly by downloading the APC 3.1.2 source from PECL and following the usual 'phpize, configure, make, make install' process which worked as expected, stop and start Apache and APC was present in my phpinfo();. I started with the reccomended PHP config exept with error_display turned on and E_ALL | E_STRICT enabled, and also the reccomended APC config also. I copied the 'apc.php' from the source tree to my webroot and changed the password as suggested. The issue arose when I attempted to benchmark my Moodle install with 'ab' (I realise it only downloads the single page, but it's good enough for what I need for now though) and the result was no different to before I had installed APC. View the apc.php page, and the only page cached is apc.php itself.. Certainly not what I've witnessed in the past. Then what would happen was if I viewed my seperate info.php page containing simply the opening PHP tag and a single line with phpinfo(); in the file - the cache would appear to reset, and it would firstly not load the info.php into the cache, it would reset the counter on the apc.php file back to 0. Through all of this, there was no errors displayed on the screen and no errors listed in the Apache error log either. Increased the Apache log level up to Debug, and no related information was displayed. Moodle itself worked as expected with no errors, and on a seperate RHEL installation I have Moodle working with APC and it is caching all it's files as expected. At this point, I thought it may be an issue with the module I compiled myself. I backed up the module, and allowed PECL to install the module, it installed 3.0.19. Restarted Apache and verified the version was as PECL had built and installed. This had no effect, and yeilded the same behaviour. I'm stumped as to what the issue could be, however I did see this issue of APC not caching files on an installation of Red Hat Enterprise Linux in the past - however at the time we assumed it was an issue with the framework we were using and due to time constraints simply ran without APC and didn't investigate further. Has anyone seen this issue in the past and perhaps even rectified it? Any information would be appreciated. Cheers, James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problems with APC, possible cache-corruption?
On Mon, Jun 22, 2009 at 10:02 AM, Jonathan Tapicertapi...@gmail.com wrote: Can you do a phpinfo(); and tell us the value of the setting apc.filters (or every apc.* if you can)? Just curious, but I've seen apps set that setting to avoid APC opcode caching. Certainly, however it will have to wait until I am home and have access to that machine again. Though I'm not sure that would be the case as APC is caching all Moodle files on my development server here. That being said I'll grep the codebase anyway to see if it's setting any filters. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Is this possible with php
(Re-sending as I accidentally sent my original post directly to Al) Al wrote: Mace Eliason wrote: I really don't think this is possible from what I know of php, but I thought I would as the experts. Is it possible to have php create directories and move files on a local machine. I have created a web portal for a client and now they would like it to upload files to an server, no a problem. But they would like it to also move temp files on the users computer to new directories and then upload the file to the server with no user interation other than clicking go. I have thought of doing this in vb or c# but I have done very little with these languages, and php just rocks. php can only do things on its server and send stuff for rendering to the client. It also sounds like a MAJOR security issue to me. I sure don't want a 3rd party web site moving files around on MY system... Regards, Ozz. signature.asc Description: OpenPGP digital signature
Re: [PHP] Re: Is this possible with php
PHP can do this, but you'd need it set up on each of the client computers and periodically run to check the temp folder and perform the upload. That's what any other application that can do similar does. Cheers, Rob. On Mon, 2006-03-06 at 15:30, João Cândido de Souza Neto wrote: PHP don't do this. The user must select a file to upload and then the PHP can work with this. PHP has no access to local files, think with me, how can PHP discover which machine in internet he has to access to get files. Mace Eliason wrote: Hi, I really don't think this is possible from what I know of php, but I thought I would as the experts. Is it possible to have php create directories and move files on a local machine. I have created a web portal for a client and now they would like it to upload files to an server, no a problem. But they would like it to also move temp files on the users computer to new directories and then upload the file to the server with no user interation other than clicking go. I have thought of doing this in vb or c# but I have done very little with these languages, and php just rocks. Thanks Scandog -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Is this possible with php
Ok, but you're telling that the client will be doing upload to server. Not the server doing a dounload from client. I was understood as a wrong way. I'm sorry. Robert Cummings wrote: PHP can do this, but you'd need it set up on each of the client computers and periodically run to check the temp folder and perform the upload. That's what any other application that can do similar does. Cheers, Rob. On Mon, 2006-03-06 at 15:30, João Cândido de Souza Neto wrote: PHP don't do this. The user must select a file to upload and then the PHP can work with this. PHP has no access to local files, think with me, how can PHP discover which machine in internet he has to access to get files. Mace Eliason wrote: Hi, I really don't think this is possible from what I know of php, but I thought I would as the experts. Is it possible to have php create directories and move files on a local machine. I have created a web portal for a client and now they would like it to upload files to an server, no a problem. But they would like it to also move temp files on the users computer to new directories and then upload the file to the server with no user interation other than clicking go. I have thought of doing this in vb or c# but I have done very little with these languages, and php just rocks. Thanks Scandog -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Is this possible with php
Yeah, you can't do the local computer file moving and all that with the same script as your server side component, but if you'd rather not learn C# or another language like that, but you're comfortable with PHP, I'd highly recommend checking out Winbinder (http://www.winbinder.com). Assuming your clients are all windows machines. PHP is very powerful, it's just cumbersome to get a non-tech person to use a typically shell oriented language to do things on the client's machine. Winbinder provides a merging of PHP and Windows' native API. Takes a little getting used to at first, but works great. -TG = = = Original message = = = PHP can do this, but you'd need it set up on each of the client computers and periodically run to check the temp folder and perform the upload. That's what any other application that can do similar does. Cheers, Rob. On Mon, 2006-03-06 at 15:30, Jo~o C~ndido de Souza Neto wrote: PHP don't do this. The user must select a file to upload and then the PHP can work with this. PHP has no access to local files, think with me, how can PHP discover which machine in internet he has to access to get files. Mace Eliason wrote: Hi, I really don't think this is possible from what I know of php, but I thought I would as the experts. Is it possible to have php create directories and move files on a local machine. I have created a web portal for a client and now they would like it to upload files to an server, no a problem. But they would like it to also move temp files on the users computer to new directories and then upload the file to the server with no user interation other than clicking go. I have thought of doing this in vb or c# but I have done very little with these languages, and php just rocks. Thanks Scandog ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this even possible?
Tony Di Croce wrote: Is it even possible to connect to a postgres server (thats running on linux) from a windows CLI php script? I'm seeing a pg_connect() error... FATAL: no pg_hba.conf entry for host 192.168.1.100 Any ideas? The easiest way to get PG up and running on a Windows system is cygwin. Or at least that's my opinion... YMMV -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-generalw=2 STFM | http://www.php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHPsubmitform=Find+search+plugins -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this even possible?
On Mon, 24 Jan 2005 10:28:09 -0500, Jason Barnett [EMAIL PROTECTED] wrote: Tony Di Croce wrote: Is it even possible to connect to a postgres server (thats running on linux) from a windows CLI php script? Yup. I'm seeing a pg_connect() error... FATAL: no pg_hba.conf entry for host 192.168.1.100 So edit your pg_hba.conf and add an entry. The easiest way to get PG up and running on a Windows system is cygwin. Or at least that's my opinion... YMMV The 8.0 beta installed for me just fine with no cygwin. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is this even possible?
-Original Message- From: Tony Di Croce [mailto:[EMAIL PROTECTED] Sent: 22 January 2005 23:21 To: php-general@lists.php.net Subject: [PHP] Is this even possible? Is it even possible to connect to a postgres server (thats running on linux) from a windows CLI php script? I'm seeing a pg_connect() error... FATAL: no pg_hba.conf entry for host 192.168.1.100 Any ideas? You will need to install the client libraries, as you would for any database - you will need to go to the Postgres web-site for details of how to do that. HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this even possible?
On Sunday 23 January 2005 07:20, Tony Di Croce wrote: Is it even possible to connect to a postgres server (thats running on linux) from a windows CLI php script? Yes. I'm seeing a pg_connect() error... FATAL: no pg_hba.conf entry for host 192.168.1.100 Exactly. So put the appropriate entry in pg_hba.conf. Any ideas? Hop over to the postgresql site and consult the manual. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Are server classes possible?
I have used Turck MMCache in the past to store results in shared memory with an specific TTL. Also you could use Cache_Lite in PEAR. Hope it helps, Adrian Madrid Jed R. Brubaker wrote: I am thinking like JavaBeans. Here is what I have going on: I have a series of rather database intensive queries that I would like some class to cache and provide access for page loads. I don't care how the information is stored, but I am trying to minimize the database call down to only once an hour at the most. The trick is that I just want the data - like a quazi-db table in memory... Is there something like that I should look at? Somewhere in PEAR? Thank you in advance! -- Adrian Madrid HyperX Inc. Mobile: 801.815.1870 Office: 801.566.0670 [EMAIL PROTECTED] www.hyperxmedia.com 9000 S. 45 W. Sandy, UT 84070 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] objects - is that possible at runtime in php4 or php5 ?
Alawi Albaity wrote: I want to create and defined variables of an object in runtime , is that possible ? I can do that with arrays but I want the access it as variable from obbject it self and not like member of an array are defined on object before I load it ! What about trying it before asking? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
[snip] I am working on securing an application that uses CDSSO (Cross Domain Single Sign On). I am trying to reproduce the CSRF (Cross Site Request Forgery) attack (using img/ TAG) in I.E. 6.01, but am unable to do so. However the attack works on Mozilla and other older browsers. My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg? [/snip] You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI - This is (or use to be) a PHP list -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Perhaps the question could be asked another way and be more on topic. Is there a fix in I.E. 6.01 that would interfere with PHP being able to generate different mime types on the fly, like .png or .jpg Thanks, Warren Vail -Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: Monday, August 16, 2004 10:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? [snip] I am working on securing an application that uses CDSSO (Cross Domain Single Sign On). I am trying to reproduce the CSRF (Cross Site Request Forgery) attack (using img/ TAG) in I.E. 6.01, but am unable to do so. However the attack works on Mozilla and other older browsers. My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg? [/snip] You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI - This is (or use to be) a PHP list -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? WOT
[snip] Perhaps the question could be asked another way and be more on topic. Is there a fix in I.E. 6.01 that would interfere with PHP being able to generate different mime types on the fly, like .png or .jpg [/snip] a. But that wasn't what he asked. 2. Top-posting === bad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- Jay Blanchard [EMAIL PROTECTED] wrote: You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI - This is (or use to be) a PHP list I won't defend cross-posting, but I think CSRF is very on-topic. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Jay Blanchard wrote: FYI - This is (or use to be) a PHP list If I have a web server running php, how do I change the oil in my car? -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg? This seems highly unlikely. Can you show us the code you're using to test? Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? WOT
--- Jay Blanchard [EMAIL PROTECTED] wrote: [snip] Perhaps the question could be asked another way and be more on topic. Is there a fix in I.E. 6.01 that would interfere with PHP being able to generate different mime types on the fly, like .png or .jpg [/snip] a. But that wasn't what he asked. Actually, that's exactly what he asked, just rephrased. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Thanks Chris, Yup I think my posting is very on-topic. The application that I am working on is written in PHP. And I m sure all PHP developers check their applications for CSRF vulnerability, in various browsers (including I.E. ). As a PHP/Java developer, I would be interested to know what I.E. is doing in their browsers to prevent CSRF attacks. I m not trying to start a browser war here. Regards, Saqib Ali http://validate.sf.net DocBook XML - XHTML / PDF Convertor Chris Shiflett [EMAIL PROTECTED] No Phone Info Available 08/16/2004 11:17 AM Please respond to [EMAIL PROTECTED] To Jay Blanchard [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- Jay Blanchard [EMAIL PROTECTED] wrote: You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI - This is (or use to be) a PHP list I won't defend cross-posting, but I think CSRF is very on-topic. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
[snip] Yup I think my posting is very on-topic. The application that I am working on is written in PHP. [/snip] Thanks for stating that in your original post.
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Hello Chris, I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 downloads.seagate.com Chris Shiflett [EMAIL PROTECTED] No Phone Info Available 08/16/2004 11:24 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- [EMAIL PROTECTED] wrote: My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg? This seems highly unlikely. Can you show us the code you're using to test? Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: And I m sure all PHP developers check their applications for CSRF vulnerability, in various browsers (including I.E. ). I speak about CSRF in many of the talks I give, and I think you'd be surprised by how many people haven't even heard of it. As a PHP/Java developer, I would be interested to know what I.E. is doing in their browsers to prevent CSRF attacks. I m not trying to start a browser war here. Well, to be fair, even if it is true that IE does not request a URL referenced in an img tag unless the file extension matches a known image type, this isn't a complete or even optimal solution to the problem. Also, as Web developers, we can't assume that 100% of users are using this specific browser anyway, and that's the only way that it could eliminate the need to be mindful of CSRF attacks when we're writing our PHP code. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 The best information would be if you can capture the exact HTTP transactions involved. For example, using something like ethereal, capture the request and response for Mozilla, and then do the same for IE 6.01 SP1. Short of that, you could create a URL specifically made for testing this. You can create a PHP file called csrf.php and another called csrf.png. Make .png files be interepreted as PHP (just for the purposes of this test), and then you can log a lot of useful information in your test scripts. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
-Original Message- Jay Blanchard wrote: FYI - This is (or use to be) a PHP list If I have a web server running php, how do I change the oil in my car? Have you tried the OilChange class from PHPClasses.org? ;) -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
What if you add a random seed to the URL? img src=http://slashdot.org/my/logout?fluff=?php echo rand(1,200);? height=1 width=1 -Original Message- Hello Chris, I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
-Original Message- The best information would be if you can capture the exact HTTP transactions involved. For example, using something like ethereal, capture the request and response for Mozilla, and then do the same for IE 6.01 SP1. Short of that, you could create a URL specifically made for testing this. You can create a PHP file called csrf.php and another called csrf.png. Make .png files be interepreted as PHP (just for the purposes of this test), and then you can log a lot of useful information in your test scripts. Wouldn't it work to just make the script spit out a mime type header and a small (1x1) image when it's done to satisfy the browser's mime type requirements? -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- Ed Lazor [EMAIL PROTECTED] wrote: Wouldn't it work to just make the script spit out a mime type header and a small (1x1) image when it's done to satisfy the browser's mime type requirements? Definitely, but most CSRF attacks are meant to spoof a request from the legitimate user to some Web site where he/she already has privilege. Thus, the receiving site is usually as much the victim as the user. I'm not sure if that makes any sense... :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
-Original Message- Definitely, but most CSRF attacks are meant to spoof a request from the legitimate user to some Web site where he/she already has privilege. Thus, the receiving site is usually as much the victim as the user. I'm not sure if that makes any sense... :-) It does =) -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Why is so important if Internet Explorer allows URLS of images where the file name is only .jpg, .png, or .gif? A url can be something like: http://www.site.com/script.php/image.jpg?logout=true Internet Explorer might think that the file is a .jpg and that script.php is a directory but only the target web server knows which is the program. Or a PHP code might be contained in a image.jpg file. Teddy Teddy - Original Message - From: Chris Shiflett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Jay Blanchard [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, August 16, 2004 9:52 PM Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- [EMAIL PROTECTED] wrote: And I m sure all PHP developers check their applications for CSRF vulnerability, in various browsers (including I.E. ). I speak about CSRF in many of the talks I give, and I think you'd be surprised by how many people haven't even heard of it. As a PHP/Java developer, I would be interested to know what I.E. is doing in their browsers to prevent CSRF attacks. I m not trying to start a browser war here. Well, to be fair, even if it is true that IE does not request a URL referenced in an img tag unless the file extension matches a known image type, this isn't a complete or even optimal solution to the problem. Also, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Hello, I m not saying the I.E. completely fixed the CSRF attacks, by only allowing .jpg .gif .png files. But it might be one possible way to minimize CSRF attack, just like using POST vs GET can help minimize the chances of that attack. BTW, using POST instead of GET does NOT guarantee that an CSRF attack will not work, either. Thanks. Saqib Ali http://validate.sf.net XHTML/DocBook XML Validator and Transformer Octavian Rasnita [EMAIL PROTECTED] No Phone Info Available 08/16/2004 12:57 PM To [EMAIL PROTECTED], [EMAIL PROTECTED] cc Jay Blanchard [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Why is so important if Internet Explorer allows URLS of images where the file name is only .jpg, .png, or .gif? A url can be something like: http://www.site.com/script.php/image.jpg?logout=true Internet Explorer might think that the file is a .jpg and that script.php is a directory but only the target web server knows which is the program. Or a PHP code might be contained in a image.jpg file. Teddy Teddy - Original Message - From: Chris Shiflett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Jay Blanchard [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, August 16, 2004 9:52 PM Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- [EMAIL PROTECTED] wrote: And I m sure all PHP developers check their applications for CSRF vulnerability, in various browsers (including I.E. ). I speak about CSRF in many of the talks I give, and I think you'd be surprised by how many people haven't even heard of it. As a PHP/Java developer, I would be interested to know what I.E. is doing in their browsers to prevent CSRF attacks. I m not trying to start a browser war here. Well, to be fair, even if it is true that IE does not request a URL referenced in an img tag unless the file extension matches a known image type, this isn't a complete or even optimal solution to the problem. Also, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Hello Chris, Upon your suggestion, I used a sniffer to sniff traffic for the web app that I am working on. To my surprise, the data captured during the sniff for both browsers was exactly the same. Which mean my theory of limiting the img/ TAG to .gif .jpeg .png is NOT true. So now I am completely clueless as to why this particular attacks works in Mozilla but not in IE. Any ideas? Thanks. Saqib Ali http://validate.sf.net XHTML/DocBook XML Validator and Transformer Chris Shiflett [EMAIL PROTECTED] No Phone Info Available 08/16/2004 11:55 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED], [EMAIL PROTECTED] cc [EMAIL PROTECTED], [EMAIL PROTECTED] Subject Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- [EMAIL PROTECTED] wrote: I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 The best information would be if you can capture the exact HTTP transactions involved. For example, using something like ethereal, capture the request and response for Mozilla, and then do the same for IE 6.01 SP1. Short of that, you could create a URL specifically made for testing this. You can create a PHP file called csrf.php and another called csrf.png. Make .png files be interepreted as PHP (just for the purposes of this test), and then you can log a lot of useful information in your test scripts. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- Octavian Rasnita [EMAIL PROTECTED] wrote: Why is so important if Internet Explorer allows URLS of images where the file name is only .jpg, .png, or .gif? A url can be something like: http://www.site.com/script.php/image.jpg?logout=true This is definitely true, but as I mentionde in a previous reply, the point of most CSRF attacks is to spoof a request from a trusted user to another Web site. Thus, both the user and the other Web site are the victims. Most Web sites don't have pages that use the .png extension. The attacker isn't the receiving site; he/she is the person launching the attack that causes the spoofed request. For more information, since I fear my brief description is inadequate, you can see these resources: http://shiflett.org/articles/foiling-cross-site-attacks http://shiflett.org/talks/oscon2004/foiling-cross-site-attacks http://shiflett.org/php-security.pdf Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: Upon your suggestion, I used a sniffer to sniff traffic for the web app that I am working on. To my surprise, the data captured during the sniff for both browsers was exactly the same. Can you elaborate or post the exact requests sent from each browser? I'm assuming the User-Agent header was different, at the very least, so I question what exactly means in this case. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Hello Curt, Yes, the /. system depends on cookies to keep the user logged in. However a CSRF attack is NOT trying to access a third party cookie. The web browser make the same GET request whether it is using img/ TAG or the user clicking on a link. So in either case the cookies are in the context of the website to which the cookies belong. Maybe Chris can correct me, if I am wrong here. Thanks. Saqib Ali http://validate.sf.net XHTML/DocBook XML Validator and Transformer Curt Zirzow [EMAIL PROTECTED] No Phone Info Available 08/16/2004 02:40 PM To [EMAIL PROTECTED] cc Subject Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? * Thus wrote [EMAIL PROTECTED]: Hello Chris, I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 I'm not sure how the /. logout system works, but my guess is that they rely on cookies to do this. Since that is a different site than from the originating file, those cookies would be considered third party. I know in IE you can disable third party cookie access. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
* Thus wrote [EMAIL PROTECTED]: Hello Chris, I can't share the exact code ;) , but here is something very similar: img src=http://slashdot.org/my/logout; height=1 width=1 If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 I'm not sure how the /. logout system works, but my guess is that they rely on cookies to do this. Since that is a different site than from the originating file, those cookies would be considered third party. I know in IE you can disable third party cookie access. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
-Original Message- So now I am completely clueless as to why this particular attacks works in Mozilla but not in IE. Could you describe the problem again and give full detail? I think we need to better model the problem in order to present a more effective solution. The link below goes to a page I found that describes CSRF a little differently than what Chris was presenting - to give a different perspective on things. http://www.squarefree.com/securitytips/web-developers.html -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Hello Ed, To give some details: I am unable to re-produce a CSRF attack when the victim is using a I.E. 6.01 SP1 (all patches applied). However the attack works in Mozilla and other older browsers. I can't give you the exact code for attack (for security reasons), but it is similar to the following: If you insert the following HTML code in any web page residing at any domain, it will cause you to be logged out of /. if you previously logged in the /. system: img src=http://slashdot.org/my/logout; height=1 width=1 This type of attack makes use of CSRF. Try to insert the above HTML line a web page of your choice, and then load the web page. If you are using Mozilla, it will log you off from /. However in the latest build of I.E. it doesn't work, whereas it should work. Thanks. Saqib Ali http://validate.sf.net XHTML/DocBook XML Validator and Transformer Ed Lazor [EMAIL PROTECTED] No Phone Info Available 08/16/2004 02:26 PM To [EMAIL PROTECTED] cc Subject RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? -Original Message- So now I am completely clueless as to why this particular attacks works in Mozilla but not in IE. Could you describe the problem again and give full detail? I think we need to better model the problem in order to present a more effective solution. The link below goes to a page I found that describes CSRF a little differently than what Chris was presenting - to give a different perspective on things. http://www.squarefree.com/securitytips/web-developers.html -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: Hello Curt, Yes, the /. system depends on cookies to keep the user logged in. However a CSRF attack is NOT trying to access a third party cookie. The web browser make the same GET request whether it is using img/ TAG or the user clicking on a link. So in either case the cookies are in the context of the website to which the cookies belong. Maybe Chris can correct me, if I am wrong here. Well, you're not really wrong, but I think I can clarify what Curt was trying to say, and then he can correct me if I'm wrong. :-) When a browser makes a request for an embedded resource (an image is just one example), it is identical to the request it would make if the user were to browse to that same URL manually. I think we're all in agreement here. Thus, the same cookies would be included in this request. What Curt is suggesting, I believe, is that your version of IE might behave differently, by default. It might not include cookies in requests for embedded resources when those resources are located at a different domain (thus his mention of third-party cookies). For example, if you're at http://example.org/, and it has an image from http://slashdot.org/, the browser won't include it's slashdot.org cookies when making the request to Slashdot. This is an option for most browsers, but it has never been the default behavior for any, to my knowledge. Maybe that helps clarify something... :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- Curt Zirzow [EMAIL PROTECTED] wrote: I'm not sure how the /. logout system works, but my guess is that they rely on cookies to do this. Since that is a different site than from the originating file, those cookies would be considered third party. I know in IE you can disable third party cookie access. Good call, Curt. :-) You can disable this in other Web clients as well, but I don't think it's the default behavior for anything. Perhaps this particular version of IE does not send cookies in requests for embedded resources? This does seem like a plus. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- Ed Lazor [EMAIL PROTECTED] wrote: The link below goes to a page I found that describes CSRF a little differently than what Chris was presenting - to give a different perspective on things. http://www.squarefree.com/securitytips/web-developers.html It doesn't seem to be different, actually. It just fails to elaborate much at all. For a non-Chris description of CSRF, you can always have a look at the original description: http://www.tux.org/~peterw/csrf.txt This is at least a little more complete. I think CSRF is a bit difficult for someone to grasp at first, especially within a few sentences. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
--- [EMAIL PROTECTED] wrote: To give some details: I am unable to re-produce a CSRF attack when the victim is using a I.E. 6.01 SP1 (all patches applied). However the attack works in Mozilla and other older browsers. I can't give you the exact code for attack (for security reasons), but it is similar to the following: If you insert the following HTML code in any web page residing at any domain, it will cause you to be logged out of /. if you previously logged in the /. system: img src=http://slashdot.org/my/logout; height=1 width=1 This type of attack makes use of CSRF. Try to insert the above HTML line a web page of your choice, and then load the web page. If you are using Mozilla, it will log you off from /. However in the latest build of I.E. it doesn't work, whereas it should work. Very nice description of what you've been observing. I still find it impossible to believe that the HTTP requests for http://slashdot.org/my/logout sent from Mozilla and IE are identical. :-) Can you show us the exact requests that you logged? Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
I was able to confirm / reproduce what you're experiencing. I was also able to confirm that toggling IE 6's acceptance of 3rd party cookies changes the behavior. Create an HTML on your local machine with the following line: img src=http://www.atfantasy.com/test/image_status.php; It'll load an image that says the cookie is not set. Next, open a new browser and go to http://www.atfantasy.com/test/index.php It'll set the cookie. Now go back and reload the first browser. It says the cookie is still not set. Go into IE's Privacy options and set IE to accept 3rd party cookies. Do another refresh in the first browser and the image will display saying the cookie is set. The test index also has other options for setting the cookie, unsetting the cookie, and displaying the image directly (not through your local page). I think all of this confirms what Curt was saying. If IE has access to third party cookies disabled, the local page may refer to a script elsewhere, but it won't pass cookies back and forth. Squarefree.com's article (http://www.squarefree.com/securitytips/web-developers.html) recommends a few solutions. -Ed -Original Message- I am unable to re-produce a CSRF attack when the victim is using a I.E. 6.01 SP1 (all patches applied). However the attack works in Mozilla and other older browsers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
-Original Message- However a CSRF attack is NOT trying to access a third party cookie. The web browser make the same GET request whether it is using img/ TAG or the user clicking on a link. So in either case the cookies are in the context of the website to which the cookies belong. I think Curt was correct actually. Hopefully the test I sent earlier can confirm or at least cross-reference this. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
Thanks Curt, Chris and Ed, It is indeed the disabling of third-party cookies that is causing this behaviour in I.E. :) So thanks all the help :) Thanks. Saqib Ali http://validate.sf.net XHTML/DocBook XML Validator and Transformer Ed Lazor [EMAIL PROTECTED] No Phone Info Available 08/16/2004 04:57 PM To [EMAIL PROTECTED], [EMAIL PROTECTED] cc [EMAIL PROTECTED] Subject RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? -Original Message- However a CSRF attack is NOT trying to access a third party cookie. The web browser make the same GET request whether it is using img/ TAG or the user clicking on a link. So in either case the cookies are in the context of the website to which the cookies belong. I think Curt was correct actually. Hopefully the test I sent earlier can confirm or at least cross-reference this. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] page design and possible conflict??
dont know what his deal is but ok will close this idea now i guess.. - Original Message - From: Miles Thompson [EMAIL PROTECTED] To: Andy B [EMAIL PROTECTED] Sent: Thursday, April 08, 2004 7:41 AM Subject: Re: [PHP] page design and possible conflict?? You're right, ot out of range. Seems to be an issue of taste and control. Could this be because the person in charge is confusing CSS borders with padding? MT At 07:19 AM 4/8/2004 -0400, you wrote: hi.. this might be sort of ot and out of the range of the list but i had a site design question: is it an absolute no no to put inset borders 3px wide around EVERY table on the section of the site?? im trying to make an attempt at making the site have some sort of layout standards and that happen to be one of the new changes (my part) the site owner liked.. i didnt think there was any huge rule for that as long as everybody could still use the page... possible conflict: the main person doing the site doesnt like it when there are borders around any table at all and i was already told by him not to do that or my stuff wont get added?? even though i was paid before i finished the work *stress* dont know what to do... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] page design and possible conflict??
ok Am Donnerstag, 8. April 2004 14:45 schrieb Andy B: dont know what his deal is but ok will close this idea now i guess.. - Original Message - From: Miles Thompson [EMAIL PROTECTED] To: Andy B [EMAIL PROTECTED] Sent: Thursday, April 08, 2004 7:41 AM Subject: Re: [PHP] page design and possible conflict?? You're right, ot out of range. Seems to be an issue of taste and control. Could this be because the person in charge is confusing CSS borders with padding? MT At 07:19 AM 4/8/2004 -0400, you wrote: hi.. this might be sort of ot and out of the range of the list but i had a site design question: is it an absolute no no to put inset borders 3px wide around EVERY table on the section of the site?? im trying to make an attempt at making the site have some sort of layout standards and that happen to be one of the new changes (my part) the site owner liked.. i didnt think there was any huge rule for that as long as everybody could still use the page... possible conflict: the main person doing the site doesnt like it when there are borders around any table at all and i was already told by him not to do that or my stuff wont get added?? even though i was paid before i finished the work *stress* dont know what to do... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] page design and possible conflict??
Rather than doing something soley to comply with a standard you must sell your client on the idea or not do it, they are the ones that ultimately must live with the decision and be happy with it. As a programmer it is your job to make sure they have all the information and the pro's and cons of each solution, after that point let your client hash it out, providing additional information as needed. If you really like the way it looks provide a mockup of the front page with the changes you are suggesting and one without the changes and explain the benefits of your changes. At the end of the day after all information has been considered and a decision has been made you are there to do what the client wants you to do, not what you think or believe is best. Who do you report to, the main site guy or the site owner? If you report to the site owner your responsibility is to him, likewise if you report to the person doing the site it is to him. A lot of times the maintenance person feels like they should have got the programming job and are very resesntful and hard to work with, if possible you should try to build a good working relationship with him and stroke his ego a bit as the owner probably selected him for some reason and he might have a say about future jobs and at the least know other people in the business and positive advertising is always good. Jason -Original Message- From: Andy B [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 5:20 AM To: [EMAIL PROTECTED] Subject: [PHP] page design and possible conflict?? hi.. this might be sort of ot and out of the range of the list but i had a site design question: is it an absolute no no to put inset borders 3px wide around EVERY table on the section of the site?? im trying to make an attempt at making the site have some sort of layout standards and that happen to be one of the new changes (my part) the site owner liked.. i didnt think there was any huge rule for that as long as everybody could still use the page... possible conflict: the main person doing the site doesnt like it when there are borders around any table at all and i was already told by him not to do that or my stuff wont get added?? even though i was paid before i finished the work *stress* dont know what to do... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
The work-around is to create the directory outside of your web application from your regular account. Or if you are allowed to run cgi scripts and these are set up via cgiwrapper or suExec to run as your own user id, use this to create the directory. Once created with the right owner, you can manipulate it from your regular Apache-embedded PHP scripts. Thank you! I'm definitely filing this solution for later use. Meanwhile, I went back to trying the FTP_MKDIR method and found why that didnt work. I realized when accessing the website via ftp that the system path was different than the one displayed online. IE: my script path was shown as /home/virtual/site... while in my ftp client I was seeing /var/www/html... Changing my path references to the later one fixed everything...so far! Thanks for the help :) -s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
On Saturday 28 February 2004 22:47, raisinlove wrote: Hi, I'm having trouble understanding why I can create and delete directories with my script via mkdir and rmdir, but not simply being able to read them with opendir or readdir? Are you saying that you can create a directory using mkdir() and then subsequently cannot read that directory using opendir()? For example, when I attempt to access these directories with opendir, I get this error message: Warning: opendir(): SAFE MODE Restriction in effect. The script whose uid is 789 is not allowed to access... What directory are you trying to read? Safe Mode is on as I am hosted on a shared server and cannot change this. Surely there's a work-around for this? Surely if there is a work-around then safe mode would not be doing its job properly? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* War is an equal opportunity destroyer. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
This is normal. You are allowed to create the directory because the directory you are creating it in is owned by the same user id that owns the script calling mkdir(). However, since your web server runs as some other user the owner of the newly created dir will be that user and not your own so you subsequently cannot manipulate that directory. Same problem with safe mode and file uploads. ISP's are generally better off using open_basedir instead of safe-mode for this very reason. -Rasmus On Sat, 28 Feb 2004, raisinlove wrote: Hi, I'm having trouble understanding why I can create and delete directories with my script via mkdir and rmdir, but not simply being able to read them with opendir or readdir? For example, when I attempt to access these directories with opendir, I get this error message: Warning: opendir(): SAFE MODE Restriction in effect. The script whose uid is 789 is not allowed to access... Safe Mode is on as I am hosted on a shared server and cannot change this. Surely there's a work-around for this? Any helpfull input would appreciated Thanks, -s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
Rasmus Lerdorf wrote: This is normal. You are allowed to create the directory because the directory you are creating it in is owned by the same user id that owns the script calling mkdir(). However, since your web server runs as some other user the owner of the newly created dir will be that user and not your own so you subsequently cannot manipulate that directory. Same problem with safe mode and file uploads. ISP's are generally better off using open_basedir instead of safe-mode for this very reason. I see, so there's no way around this then. I'll inquire to my host why open_basedir couldnt be used instead of safe-mode. There's goes my plan of FTP-less website management :( thanks -steph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
Surely if there is a work-around then safe mode would not be doing its job properly? Well this was part of the purpose of my post, before Rasmus explained it, I didn't understand why I couldnt access a directory I had created. I was hoping for a function which would achieve the same purpose but wouldn't be affected by safe-mode. I've seen many other workaround solutions to other problems caused by the safe-mode setting. Unfortunatly this doesnt seem to be such a case. -s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mkdir and rmdir possible but not readdir and opendir???
On Sat, 28 Feb 2004, raisinlove wrote: Surely if there is a work-around then safe mode would not be doing its job properly? Well this was part of the purpose of my post, before Rasmus explained it, I didn't understand why I couldnt access a directory I had created. I was hoping for a function which would achieve the same purpose but wouldn't be affected by safe-mode. I've seen many other workaround solutions to other problems caused by the safe-mode setting. Unfortunatly this doesnt seem to be such a case. The work-around is to create the directory outside of your web application from your regular account. Or if you are allowed to run cgi scripts and these are set up via cgiwrapper or suExec to run as your own user id, use this to create the directory. Once created with the right owner, you can manipulate it from your regular Apache-embedded PHP scripts. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php5 and possible oop features/questions
On Mon, Oct 06, 2003 at 12:36:49PM +0200, Tit Black Petric wrote: : : Not really what i was getting at dude, i dont see how defining a class : variable will let me define a method outside of a given class, or to : dynamically extend/implement other classes inside a general one? Why the desire to define a method outside of a class definition besides the primary reason of syntactical sugar? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP 5 Usage: Possible Bug?
-Original Message- From: [-^-!-%- [mailto:[EMAIL PROTECTED] Sent: 31 July 2003 05:46 I came across the following inconsistency between PHP 4 and PHP 5 Build 2195(Jul 24 2003 20:10:21). The error makes sense. I am just curious about the version inconsistency. Is this due to a change in PHP 5 (as part of the class enhancements) or is it an oversight? For my information, please advise. ==Example== I can initiate a class before it is defined in version 4, but not in 5. Yes, this is a design change between PHP4 and PHP5. Just get used to defining all your classes before you instantiate them. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
ASP merely outputs HTML. His table is basic HTML dynamically rendered perhaps by an ASP component. This is also trivial to do in PHP. Cheers, Rob. On Sun, 2003-07-27 at 18:38, Ryan A wrote: Hi, I am trying to get my data into a very similar layout as this: http://hostfilter.com/ComparePlan.asp?IntVal1=389IntVal2=546IntVal3=605 see the table with the plans...how is he getting that in one table? what kind of logic is that? the best I can do is for each column I have to use another table (nested tables) but he has somehow managed to get all in one... is this a special ASP thing? This is my implemption of it: http://bestwebhosters.com/compare.php?id%5B%5D=1id%5B%5D=2id%5B%5D=4id%5B %5D=5id%5B%5D=13type=1 Its much slower, because it uses more tables and nested tables...but its in php :-) I just cant understand it...any ideas? Cheers, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- .-. | Worlds of Carnage - http://www.wocmud.org | :-: | Come visit a world of myth and legend where | | fantastical creatures come to life and the | | stuff of nightmares grasp for your soul.| `-' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
* Thus wrote Ryan A ([EMAIL PROTECTED]): Hi, I am trying to get my data into a very similar layout as this: http://hostfilter.com/ComparePlan.asp?IntVal1=389IntVal2=546IntVal3=605 see the table with the plans...how is he getting that in one table? what kind of logic is that? the best I can do is for each column I have to use another table (nested tables) but he has somehow managed to get all in one... is this a special ASP thing? Nothing special html wise. This is my implemption of it: http://bestwebhosters.com/compare.php?id%5B%5D=1id%5B%5D=2id%5B%5D=4id%5B %5D=5id%5B%5D=13type=1 I get an notice and and error when I go there: Notice: Undefined variable: p5 in /home/bestweb/public_html/compare.php on line 65 Query failed, ryan queryYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by plan_id' at line 1 I just cant understand it...any ideas? There are different ways you can do this it could help to know what kind of data structure you have. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
Hi, Thanks for replying. You say: Nothing special html wise. then can you tell me how its done? The content is dynamic being pulled from the database..how do i get it in one table in that layout? There are different ways you can do this it could help to know what kind of data structure you have. Heres the link again, you can see the datastructure (hopefully) http://bestwebhosters.com/compare.php?id%5B%5D=1id%5B%5D=2id%5B%5D=4id%5B %5D=5id%5B%5D=13type=1 Kindly reply, -Ryan * Thus wrote Ryan A ([EMAIL PROTECTED]): Hi, I am trying to get my data into a very similar layout as this: http://hostfilter.com/ComparePlan.asp?IntVal1=389IntVal2=546IntVal3=605 see the table with the plans...how is he getting that in one table? what kind of logic is that? the best I can do is for each column I have to use another table (nested tables) but he has somehow managed to get all in one... is this a special ASP thing? Nothing special html wise. This is my implemption of it: http://bestwebhosters.com/compare.php?id%5B%5D=1id%5B%5D=2id%5B%5D=4id%5B %5D=5id%5B%5D=13type=1 I get an notice and and error when I go there: Notice: Undefined variable: p5 in /home/bestweb/public_html/compare.php on line 65 Query failed, ryan queryYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by plan_id' at line 1 I just cant understand it...any ideas? There are different ways you can do this it could help to know what kind of data structure you have. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
* Thus wrote Ryan A ([EMAIL PROTECTED]): Hi, Thanks for replying. You say: Nothing special html wise. then can you tell me how its done? The content is dynamic being pulled from the database..how do i get it in one table in that layout? There are different ways you can do this it could help to know what kind of data structure you have. Heres the link again, you can see the datastructure (hopefully) http://bestwebhosters.com/compare.php?id%5B%5D=1id%5B%5D=2id%5B%5D=4id%5B %5D=5id%5B%5D=13type=1 I had to add a p5=1 to the thing to make it work. What I was wondering about structure was do you have the data set up with a many to many relationship? or is it just one big table where you have all the attributes set for the one company? Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
You say: Nothing special html wise. then can you tell me how its done? there's some nice simple CSS behind it to give the nice border and colour changes, but yes, nothing special HTML wise. it's a simple table The content is dynamic being pulled from the database..how do i get it in one table in that layout? the best way is gonna be to put all your db content into an array and then sort through it from there. if you use an associative array, you can put each table row together... display[setupfee][] = $result[0][0]; display[setupfee][] = $result[0][1]; display[monthlyfee][] = $result[1][0]; display[monthlyfee][] = $result[1][1]; ... and so on. not sure if i'm explaining this very well, or with the greatest syntax, but hopefully you get the idea... -skate- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
Hi, Thanks for replying. no probs... I have not worked with arrays much other than simple arrays like the $_get or $_post and the database ones...can you give me a another emample on how to do this please? like how to put my db into an array and then call each part sorry, i'm probably not the best person to give a full working example. my code works for me, but it's a little sloppy. check the php manual. look-up associative arrays. lets see if i can't give you a quick example tho... ? $n = 0; $result = mysql_query( SELECT id, title, text, date FROM news ORDER BY date DESC ); while ($rows = mysql_fetch_array($result)) { if( $rows == ){ continue; } extract( $rows ); ///extract our result into variables named after our fields $content[id][$n] = $id; $content[title][$n] = $title; $content[text][$n] = $text; $content[date][$n] = $date; $n++; //increment our number for next time... } //this next bit is sloppy coz i'm just gonna make it up for an example print table for( $c=0; $c4; $c++ ) //4 coz there's 4 key fields { //print the id's print tr; print tdID/td; for( $i=0; $i$n; $i++ ) print td.$content[id][$i]./td; print /tr; //print the titles print tr; print tdTITLE/td; for( $i=0; $i$n; $i++ ) print td.$content[title][$i]./td; print /tr; //print the text print tr; print tdTEXT/td; for( $i=0; $i$n; $i++ ) print td.$content[text][$i]./td; print /tr; //print the date print tr; print tdDATE/td; for( $i=0; $i$n; $i++ ) print td.$content[date][$i]./td; print /tr; } print /table; ? like i said, this isn't the most glamorous way of doing it, and you really should look this all up in the manual before trying it out. but if you run this code (and you have a db to back it up) you should get a table with the format i think your after... Thanks, -Ryan no probs, hope my sloppy code helps you a little ;) -skate- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
Hey, Thanks again. It should take me around an hour or two just to figure out what you wrote...:-D I guess i have to hit the manual quite a bit. Thanks, -Ryan Hi, Thanks for replying. no probs... I have not worked with arrays much other than simple arrays like the $_get or $_post and the database ones...can you give me a another emample on how to do this please? like how to put my db into an array and then call each part sorry, i'm probably not the best person to give a full working example. my code works for me, but it's a little sloppy. check the php manual. look-up associative arrays. lets see if i can't give you a quick example tho... ? $n = 0; $result = mysql_query( SELECT id, title, text, date FROM news ORDER BY date DESC ); while ($rows = mysql_fetch_array($result)) { if( $rows == ){ continue; } extract( $rows ); ///extract our result into variables named after our fields $content[id][$n] = $id; $content[title][$n] = $title; $content[text][$n] = $text; $content[date][$n] = $date; $n++; //increment our number for next time... } //this next bit is sloppy coz i'm just gonna make it up for an example print table for( $c=0; $c4; $c++ ) //4 coz there's 4 key fields { //print the id's print tr; print tdID/td; for( $i=0; $i$n; $i++ ) print td.$content[id][$i]./td; print /tr; //print the titles print tr; print tdTITLE/td; for( $i=0; $i$n; $i++ ) print td.$content[title][$i]./td; print /tr; //print the text print tr; print tdTEXT/td; for( $i=0; $i$n; $i++ ) print td.$content[text][$i]./td; print /tr; //print the date print tr; print tdDATE/td; for( $i=0; $i$n; $i++ ) print td.$content[date][$i]./td; print /tr; } print /table; ? like i said, this isn't the most glamorous way of doing it, and you really should look this all up in the manual before trying it out. but if you run this code (and you have a db to back it up) you should get a table with the format i think your after... Thanks, -Ryan no probs, hope my sloppy code helps you a little ;) -skate- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible?
* Thus wrote Ryan A ([EMAIL PROTECTED]): Hi, Thanks for replying. You say: Nothing special html wise. then can you tell me how its done? The basic logic is like this: table foreach option_of_hosting_service tr tdname_of_service/td foreach hosting_company_service tdhosting_value_of_service/td /tr /table Now how you fetch your data is where it gets a little tricky. I can't really help you there cause I'm not sure how you store the data for the hosting services. HTH at least a little. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] generate all permutations possible? (twist)
OK. I would probably still go with a counting approach. abc can be represented as 012, so, for all 4-character permutations of abc, you could count in base 3 from 0 to (base 3), and then do zero padding and string substitutions to output as - The only problems I can think of: converting to/from base 3 (you might be able to write a simple algorithm for this) handling large bases base16 could be tricky. Also, googling for permutation algorithm comes back with lots of results. Most are in C++, but conversion to PHP may be trivial. It looks like some are using loops where one character or position is swapped with another each time. (That is basically a counting algorithm.) you could just stick your alphabet into an array, and then do the counting by stepping through the array, with carry... Do you know how to count for any base? It's not hard, but I doubt I can explain it concisely... If you can do that, you can solve this problem easily. if not, see the accepted answer at http://www.experts-exchange.com/Programming/Programming_Languages/Cplusplus/Q_10352883.html and convert to PHP. It looks like the STRVector is similar to a standard PHP array. Note this is a stateful algorithm that only outputs a few results at a time; you could modify it to output all results. Be careful how you store the output, as it will get VERY big very quickly. Barry Gould At 05:28 PM 4/3/2003, you wrote: Hi guys, I appreciate your taking interest, but as I wrote, I am looking for a permutation algorithm, not specifically for all the hex colors. That was simply an example of a usage. Put another way, I want a function that I can do: echo generatePerms(abc,4); and it will return aaab aaac aaba aabb aabc and so on It is for some mathematical RD. Thanks, michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] generate all permutations possible? (twist)
just count from 0 to FF in HEX or count from 0 to 16777216 and print each output in HEX I'm sure there's a function for outputting a number in hex. of course, displaying 16million numbers to the browser will be time consuming, to say the least. :P Barry At 03:59 PM 4/3/2003, you wrote: Hi Folks, I'm struggling with a permutation problem. I want to take a set of characters (for example 012345678ABCDEF) and generate all permutations of length N, allowing characters to be repeated. For example, I could use this algorithm to generate all HTML hex colors by passing: generatePermutations(012345678ABCDEF,6) Granted, this example would output some 16,777,215 items, but it would be a handy thing. Note that I could get these color values by running from 0 to FF in hex, but I am looking for something more general so I can play with anagrams, etc. I have seen some algorithms that generate permutations, but I don't want all permutations of 012345678ABCDEF, I just want all 6-digit permutations. I have searched all over for algorithms, and have beat my head against it, but it is just escaping me. Can anyone help? thanks, michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] generate all permutations possible? (twist)
I'm sure there's a function for outputting a number in hex. $number = 1234; Printf(Hexadecimal number: 0x%X, $number); Output: Hexadecimal number: 0x4D2 John -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- John Coggeshall john at coggeshall dot org http://www.coggeshall.org/ -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] generate all permutations possible? (twist)
Hi guys, I appreciate your taking interest, but as I wrote, I am looking for a permutation algorithm, not specifically for all the hex colors. That was simply an example of a usage. Put another way, I want a function that I can do: echo generatePerms(abc,4); and it will return aaab aaac aaba aabb aabc and so on It is for some mathematical RD. Thanks, michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] generate all permutations possible? (twist)
Try this (minimal testing, un-optimized): function permutations($letters,$num){ $last = str_repeat($letters{0},$num); $result = array(); while($last != str_repeat(lastchar($letters),$num)){ $result[] = $last; $last = char_add($letters,$last,$num-1); } $result[] = $last; return $result; } function char_add($digits,$string,$char){ if($string{$char} lastchar($digits)){ $string{$char} = $digits{strpos($digits,$string{$char})+1}; return $string; }else{ $string = changeall($string,$digits{0},$char); return char_add($digits,$string,$char-1); } } function lastchar($string){ return $string{strlen($string)-1}; } function changeall($string,$char,$start = 0,$end = 0){ if($end == 0) $end = strlen($string)-1; for($i=$start;$i=$end;$i++){ $string{$i} = $char; } return $string; } michael geary wrote: Hi Folks, I'm struggling with a permutation problem. I want to take a set of characters (for example 012345678ABCDEF) and generate all permutations of length N, allowing characters to be repeated. For example, I could use this algorithm to generate all HTML hex colors by passing: generatePermutations(012345678ABCDEF,6) Granted, this example would output some 16,777,215 items, but it would be a handy thing. Note that I could get these color values by running from 0 to FF in hex, but I am looking for something more general so I can play with anagrams, etc. I have seen some algorithms that generate permutations, but I don't want all permutations of 012345678ABCDEF, I just want all 6-digit permutations. I have searched all over for algorithms, and have beat my head against it, but it is just escaping me. Can anyone help? thanks, michael -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] generate all permutations possible? (solved!)
beautiful! This seems to do the trick. Thanks very much! -michael On Thursday, April 3, 2003, at 07:45 PM, Leif K-Brooks wrote: Try this (minimal testing, un-optimized): function permutations($letters,$num){ $last = str_repeat($letters{0},$num); $result = array(); while($last != str_repeat(lastchar($letters),$num)){ $result[] = $last; $last = char_add($letters,$last,$num-1); } $result[] = $last; return $result; } function char_add($digits,$string,$char){ if($string{$char} lastchar($digits)){ $string{$char} = $digits{strpos($digits,$string{$char})+1}; return $string; }else{ $string = changeall($string,$digits{0},$char); return char_add($digits,$string,$char-1); } } function lastchar($string){ return $string{strlen($string)-1}; } function changeall($string,$char,$start = 0,$end = 0){ if($end == 0) $end = strlen($string)-1; for($i=$start;$i=$end;$i++){ $string{$i} = $char; } return $string; } michael geary wrote: Hi Folks, I'm struggling with a permutation problem. I want to take a set of characters (for example 012345678ABCDEF) and generate all permutations of length N, allowing characters to be repeated. For example, I could use this algorithm to generate all HTML hex colors by passing: generatePermutations(012345678ABCDEF,6) Granted, this example would output some 16,777,215 items, but it would be a handy thing. Note that I could get these color values by running from 0 to FF in hex, but I am looking for something more general so I can play with anagrams, etc. I have seen some algorithms that generate permutations, but I don't want all permutations of 012345678ABCDEF, I just want all 6-digit permutations. I have searched all over for algorithms, and have beat my head against it, but it is just escaping me. Can anyone help? thanks, michael -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is this not possible?
I'd say you've already determined the simplest way to do it. When the page is generated by PHP, have it insert the necessary data into appropriate places in a javascript function. When a user clicks the 'recharge' button, they are prompted for the amount they wish to use to recharge, and then are shown another javascript pop-up confirming the changes. The javascript function then refreshes the calling page, with the appropriate values, using one of the functions Ernest mentioned. When you say it can take sometime for this page load at times, do you mean that all page requests take a while sometimes, or simply that page because of the amount of data it shows, and certain processing that needs to be done in order to display that page? If it's the latter, then you could redirect the user to a much simpler page for the purposes of recharging their card, and do away with javascript completely (which means you don't have to worry about people disabling javascript). -Mark - Original message - From: Jeff Bluemel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Mon, 18 Nov 2002 17:24:52 -0700 Subject: Re: [PHP] is this not possible? here's the URL if case somebody decides to look at it; http://obi-wan.domintcom.com user: guest pass: domintcom go to customer service, prepaid pin, and then look up 3077876962 - activate, deactivate, and recharge this is for customer service of prepaid phone cards. now - when I reload this page to refresh the information sometimes it can really take awhile. I need to somehow get the information from the user on how much to recharge the pin for. now, before I refresh the page I need to get how much the user wants to recharge, process the recharge, and then refresh the page that all of this started on. I thought it would be the simplest if I could somehow use javascript to prompt the user for a value, confirm if the user wants to recharge x pin for $xx.xx, recharge the pin, and then refresh the calling page so it now reflects the new balance. I don't want to refresh original page until this is all done because it can take sometime for this page load at times. is everybody lost now? Ernest E Vogelsinger [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 22:39 18.11.2002, Jeff Bluemel spoke out and said: [snip] I'm been ignored on this question for 4-5 days now. even if it is not possible could somebody please verify this? is it possible to pass a variable from javascript directly to php WITHOUT using either a link, or a form submit to pass the variables? I've gotten a work around to call an image that's actually a php file, but run my script, and then return an image file. is this the only way? [snip] Generally spoken, yes - the browser needs to pass the data back to the server somehow. What are you really up to? Do you want to transmit data to the server without the user clicking on a link or a button? You can always use JavaScript to submit a form (even a hidden-only form), or to reload the document with the same or a different URL. URL-Reload: document.location.href = url; Form submit: document.forms[formname].submit(); -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is this not possible?
That, or an iframe. You can't pass variables on the same request, though. Jeff Bluemel wrote: I'm been ignored on this question for 4-5 days now. even if it is not possible could somebody please verify this? is it possible to pass a variable from javascript directly to php WITHOUT using either a link, or a form submit to pass the variables? I've gotten a work around to call an image that's actually a php file, but run my script, and then return an image file. is this the only way? -- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is this not possible?
No... Javascript need to send that data back to the server and how are you going to do that? You will have to use a form or a link or some method to send it to the server. Now you can use php to write your javascript code that can be used to link to a php file that can be run on the client side which will then access the server... but you are really talking about to things here server-side (php) and client-side (javascript)... On Mon, 2002-11-18 at 14:39, Jeff Bluemel wrote: I'm been ignored on this question for 4-5 days now. even if it is not possible could somebody please verify this? is it possible to pass a variable from javascript directly to php WITHOUT using either a link, or a form submit to pass the variables? I've gotten a work around to call an image that's actually a php file, but run my script, and then return an image file. is this the only way? -- .: B i g D o g :. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is this not possible?
- Original Message - From: Jeff Bluemel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 19, 2002 8:39 AM Subject: [PHP] is this not possible? I'm been ignored on this question for 4-5 days now. even if it is not possible could somebody please verify this? is it possible to pass a variable from javascript directly to php WITHOUT using either a link, or a form submit to pass the variables? I've gotten a work around to call an image that's actually a php file, but run my script, and then return an image file. Try Header refresh or some java applet to send javascript variable without user click something. is this the only way? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is this not possible?
At 22:39 18.11.2002, Jeff Bluemel spoke out and said: [snip] I'm been ignored on this question for 4-5 days now. even if it is not possible could somebody please verify this? is it possible to pass a variable from javascript directly to php WITHOUT using either a link, or a form submit to pass the variables? I've gotten a work around to call an image that's actually a php file, but run my script, and then return an image file. is this the only way? [snip] Generally spoken, yes - the browser needs to pass the data back to the server somehow. What are you really up to? Do you want to transmit data to the server without the user clicking on a link or a button? You can always use JavaScript to submit a form (even a hidden-only form), or to reload the document with the same or a different URL. URL-Reload: document.location.href = url; Form submit: document.forms[formname].submit(); -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/