php-general Digest 23 Jun 2003 11:46:20 -0000 Issue 2134
Topics (messages 152462 through 152486):
limit on displaying a LONGTEXT filed from MySQL database
152462 by: Artoo
152463 by: Adam i Agnieszka Gasiorowski FNORD
152472 by: Justin French
152486 by: Hugh Bothwell
How do I get the exit code of an external program?
152464 by: Daevid Vincent
152466 by: Don Read
152467 by: Daevid Vincent
152470 by: Lars Torben Wilson
Re: Mod_L33T ANYONE! (Virtual Hosts ) alternative READ if you USE Virtual Hosts
152465 by: Leif K-Brooks
152471 by: John Nichel
Re: Secur32.dll and php_imap.dll
152468 by: Mark
Re: Security conundrum ....
152469 by: Justin French
Getting at $_POST values using a loop
152473 by: Dave Alger
152474 by: Ralph
Re: OOT Payflow Urgent
152475 by: Ralph
SQL injection
152476 by: Sancar Saran
152485 by: David Otton
Passing objects into methods or functions
152477 by: Gerard Samuel
152478 by: Lars Torben Wilson
Curl & NTLM
152479 by: Boaz Yahav
Re: am i doing this right?
152480 by: Marek Kilimajer
how to call php from C?
152481 by: user.lngs.infn.it
cookie problem
152482 by: Huzz
152484 by: David Nicholson
DHCP client web page
152483 by: Daevid Vincent
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi,
How can I start searching for the first space in a string while starting at
say the 150th character? I'm trying to display the first 150 characters of
an article that is stored in a LONGTEXT filed of a MYSQL database, and
should the 150th character be inside a word, I would want to finish
displaying that word.
For example supose the 150th character is the v in the word "privileges" I
would want to finish displaying the word and end with "privileges" rather
then ending with"priv"
thanks
--- End Message ---
--- Begin Message ---
Artoo wrote:
> For example supose the 150th character is the v in the word "privileges" I
> would want to finish displaying the word and end with "privileges" rather
> then ending with"priv"
How about using the SUBSTRING_INDEX function
with delimiter set to ' ' (space). You could select
for example - 25 words - with it, I think.
--
Seks, seksić, seksolatki... news:pl.soc.seks.moderowana
http://hyperreal.info / ALinkA / bOrk! * WiNoNa ) (
http://szatanowskie-ladacznice.0-700.pl foReVeR( * )
Poznaj jej zwiewne kształty... http://www.opera.com 007
--- End Message ---
--- Begin Message ---
Here one way you can do it (untested):
<?
function chopper($str,$chars)
{
while($str{$chars} != ' ' && $chars <= strlen($str))
{
$chars++;
}
$newStr = substr($str,0,$chars);
return $newStr;
}
$originalText = "The quick brown fox jumped over the lazy dog";
echo chopper($originalText,20);
?>
Justin
on 23/06/03 10:41 AM, Artoo ([EMAIL PROTECTED]) wrote:
> Hi,
>
> How can I start searching for the first space in a string while starting at
> say the 150th character? I'm trying to display the first 150 characters of
> an article that is stored in a LONGTEXT filed of a MYSQL database, and
> should the 150th character be inside a word, I would want to finish
> displaying that word.
>
> For example supose the 150th character is the v in the word "privileges" I
> would want to finish displaying the word and end with "privileges" rather
> then ending with"priv"
>
> thanks
>
>
--- End Message ---
--- Begin Message ---
"Artoo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> How can I start searching for the first space in a string while starting
at
> say the 150th character? I'm trying to display the first 150 characters
of
> an article that is stored in a LONGTEXT filed of a MYSQL database, and
> should the 150th character be inside a word, I would want to finish
> displaying that word.
>
> For example supose the 150th character is the v in the word "privileges"
I
> would want to finish displaying the word and end with "privileges" rather
> then ending with"priv"
If you want to go to the next space, try
SELECT
@a:= LOCATE(' ', mytext, 150),
IF( @a > 0,
LEFT(mytext, @a ),
mytext
) AS returntext
FROM dbase
If you have some other small set of terminal
characters, you can extend it like
SELECT
@a:= LOCATE(' ', mytext, 150), @a:= IF(@a=0, 1000, @a),
@b:= LOCATE('.', mytext, 150), @b:= IF(@b=0, 1000, @b),
@c:= LOCATE(',', mytext, 150), @c:= IF(@c=0, 1000, @c),
@first:= MIN(@a, @b, @c),
IF( LENGTH(mytext) > 150),
LEFT(mytext,
IF(@first < 1000,
@first,
150
)
),
mytext
) AS returntext
FROM dbase
If you want more flexibility - which I would - I suggest
returning the first 170 characters or so, and truncate
more accurately in PHP.
SELECT
LEFT(mytext, 170) AS returntext
FROM dbase
<?php
function TruncateAfterWord($str, $len) {
if (strlen($str) <= $len)
return $str;
else {
preg_match( "/\A([A-Za-z]*)/", substr($str, $len), $match );
return substr($str, 0, $len) . $match[1];
}
}
?>
--
Hugh Bothwell [EMAIL PROTECTED] Kingston ON Canada
v3.1 GCS/E/AT d- s+: a- C+++ L++>+++$ P+ E- W+++$ N++ K? w++ M PS+
PE++ Y+ PGP+ t-- 5++ !X R+ tv b++++ DI+++ D-(++) G+ e(++) h-- r- y+
--- End Message ---
--- Begin Message ---
I wish to use Ping to test if some IP addresses are up... Now I could run
the command and parse to find various string components like this:
[EMAIL PROTECTED] bin]# ping -n -c 3 -w 2 -q 192.168.1.60
PING 192.168.1.60 (192.168.1.60) from 192.168.1.1 : 56(84) bytes of data.
--- 192.168.1.60 ping statistics ---
2 packets transmitted, 0 received, 100% loss, time 1012ms
[EMAIL PROTECTED] bin]# ping -n -c 3 -w 2 -q 192.168.1.4
PING 192.168.1.4 (192.168.1.4) from 192.168.1.1 : 56(84) bytes of data.
--- 192.168.1.4 ping statistics ---
2 packets transmitted, 2 received, 0% loss, time 999ms
rtt min/avg/max/mdev = 0.322/0.340/0.358/0.018 ms
but it would be much more efficient if I could just use the built in exit
codes that 'ping' provides as per 'man ping':
"If ping does not receive any reply packets at all it will exit with
code 1. If a packet count and deadline are both specified, and fewer
than count packets are received by the time the deadline has arrived,
it will also exit with code 1. On other error it exits with code 2.
Otherwise it exits with code 0. This makes it possible to use the exit
code to see if a host is alive or not."
So it seems to me there needs to be another PHP function like exec(),
shell(), etc. that is the equivillent of the php exit() function but for
external programs. One that simply returns the integer exit code of an
executed shell program...
http://daevid.com
--- End Message ---
--- Begin Message ---
On 23-Jun-2003 Daevid Vincent wrote:
> I wish to use Ping to test if some IP addresses are up... Now I could run
> the command and parse to find various string components like this:
>
<snip>
>
> So it seems to me there needs to be another PHP function like exec(),
> shell(), etc. that is the equivillent of the php exit() function but for
> external programs. One that simply returns the integer exit code of an
> executed shell program...
>
>
exec(), system(), & popen()/pclose() will return exit code.
The manual is your friend.
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
(53kr33t w0rdz: sql table query)
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: Daevid Vincent [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 22, 2003 8:05 PM
To: 'Don Read'
Subject: RE: [PHP] How do I get the exit code of an external program?
> -----Original Message-----
> From: Don Read [mailto:[EMAIL PROTECTED]
> Sent: Sunday, June 22, 2003 7:58 PM
> To: Daevid Vincent
> Cc: PHP Lists
> Subject: Re: [PHP] How do I get the exit code of an external program?
>
>
>
> On 23-Jun-2003 Daevid Vincent wrote:
> > I wish to use Ping to test if some IP addresses are up...
> Now I could run
> > the command and parse to find various string components like this:
> >
>
> <snip>
> >
> > So it seems to me there needs to be another PHP function
> like exec(),
> > shell(), etc. that is the equivillent of the php exit()
> function but for
> > external programs. One that simply returns the integer exit
> code of an
> > executed shell program...
> >
> >
>
> exec(), system(), & popen()/pclose() will return exit code.
>
> The manual is your friend.
http://us3.php.net/manual/en/function.exec.php
string exec ( string command [, array output [, int return_var]])
exec() executes the given command, however it does not output anything. It
simply returns the last line from the result of the command.
However, you are correct in that there is the optional parameter that I've
never used before. Thanks for pointing that out...
http://us3.php.net/manual/en/function.system.php
string system ( string command [, int return_var])
system() is just like the C version of the function in that it executes the
given command and outputs the result. If a variable is provided as the
second argument, then the return status code of the executed command will be
written to this variable.
The problem is that system want's to dump the output to the screen!!! I need
a command that will allow me to execute/system the command "silently" and
then *I* can do something based upon the exit code...
function active_nMap()
{
$test = exec("/usr/bin/nmap -sP ".$this->IP);
if ( strstr($test,"1 host up") )
$this->active = true;
else
$this->active = false;
return $this->active;
}
function active_ping()
{
$test = `ping -n -c 1 -w 1 -q $this->IP`;
if ( strstr($test,"100% loss") )
$this->active = false;
else
$this->active = true;
return $this->active;
}
function active_ping_exit()
{
//http://us3.php.net/manual/en/function.system.php
$test = system("ping -n -c 1 -w 1 -q $this->IP", $code);
if ( $code == 0 )
$this->active = true;
else
$this->active = false;
return $this->active;
}
--- End Message ---
--- Begin Message ---
On Sun, 2003-06-22 at 20:19, Daevid Vincent wrote:
[snip]
> http://us3.php.net/manual/en/function.exec.php
> string exec ( string command [, array output [, int return_var]])
> exec() executes the given command, however it does not output anything. It
> simply returns the last line from the result of the command.
>
> However, you are correct in that there is the optional parameter that I've
> never used before. Thanks for pointing that out...
>
> http://us3.php.net/manual/en/function.system.php
> string system ( string command [, int return_var])
> system() is just like the C version of the function in that it executes the
> given command and outputs the result. If a variable is provided as the
> second argument, then the return status code of the executed command will be
> written to this variable.
>
> The problem is that system want's to dump the output to the screen!!! I need
> a command that will allow me to execute/system the command "silently" and
> then *I* can do something based upon the exit code...
No offense, but why not just use exec() and its third argument, as
suggested and as you yourself noted? It does, in fact, do what you are
asking for. You are quite correct that system() is not the function you
want.
Just wondering. :)
Torben
> function active_nMap()
> {
> $test = exec("/usr/bin/nmap -sP ".$this->IP);
> if ( strstr($test,"1 host up") )
> $this->active = true;
> else
> $this->active = false;
>
> return $this->active;
> }
>
> function active_ping()
> {
> $test = `ping -n -c 1 -w 1 -q $this->IP`;
> if ( strstr($test,"100% loss") )
> $this->active = false;
> else
> $this->active = true;
>
> return $this->active;
> }
>
>
> function active_ping_exit()
> {
> //http://us3.php.net/manual/en/function.system.php
> $test = system("ping -n -c 1 -w 1 -q $this->IP", $code);
> if ( $code == 0 )
> $this->active = true;
> else
> $this->active = false;
>
> return $this->active;
> }
>
>
--
Torben Wilson <[EMAIL PROTECTED]> +1.604.709.0506
http://www.thebuttlesschaps.com http://www.inflatableeye.com
http://www.hybrid17.com http://www.themainonmain.com
-----==== Boycott Starbucks! http://www.haidabuckscafe.com ====-----
--- End Message ---
--- Begin Message ---
Mark Clarkstone wrote:
hey everyone do any of you people use mod_l33t? I do it rocks you can have
about 1000 sites on your comp with their own domain & your ram won't even go
down 1mb. its easy to setup & its very cool
email me or post if you want of info
1) This has absolutley nothing to do with PHP.
2) I've never heard od mod_ll33t.
3) I wouldn't use anything with that name if you payed me.
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt
to decrypt it will be prosecuted to the full extent of the law.
--- End Message ---
--- Begin Message ---
Leif K-Brooks wrote:
Mark Clarkstone wrote:
hey everyone do any of you people use mod_l33t? I do it rocks you can
have
about 1000 sites on your comp with their own domain & your ram won't
even go
down 1mb. its easy to setup & its very cool
email me or post if you want of info
1) This has absolutley nothing to do with PHP.
2) I've never heard od mod_ll33t.
3) I wouldn't use anything with that name if you payed me.
Not to mention the fact that :
1) Why would I run 1000 sites on one box?
2) The tool may not take extra memory or processor tics, but what
happens when 10 people are surfing each of the 1000 sites?
3) Why use a third party module for something Apache already has built in?
--- End Message ---
--- Begin Message ---
Well, I'm not sure if I did a smart thing, but it appears that
secur32.dll and security.dll are the same file, just differnt
versions. It seems that the file is secur32.dll on all Windows
versions except WinNT (I could be wrong). I simply copied and renamed
security.dll to secur32.dll.
So far so good. I just hope I didn't start a ticking timebomb.
Mark
--- Mark <[EMAIL PROTECTED]> wrote:
> Win NT4.0
> Apache 2.0.45
>
> I've searched the archives and google, but haven't been able to
> quite
> find a solution to this problem. I just upgraded from php4.3.1
> (pre-release version) to php4.3.2. I am now getting the following
> two
> errors, which I'm sure I've gotten and fixed in the past, but can't
> figure out now...
>
> ERROR 1 (An Apache error)
>
> The dynamic link library Secur32.dll could not be found in the
> specified path <path listed out here>
>
> I click OK, and get the following php error:
>
> Unknown() Unable to load dynamic library
> 'c:\winnt\system32\php_imap.dll' The specified module could not be
> found.
>
> Secur32.dll is not on my system, and hasn't been in the past.
> php_imap.dll was copied to c\winnt\system32
>
> php extension dir is c:\winnt\system32 (tried it with
> c:\php\extensions as well).
>
> My apologies - I can't imagine this is a new problem, and I'm sure
> many others have found and solved it. I just can't seem to find it
> logged anywhere.
>
> Mark
>
> =====
> Mark Weinstock
> [EMAIL PROTECTED]
> ***************************************
> You can't demand something as a "right" unless you are willing to
> fight to death to defend everyone else's right to the same thing.
> ***************************************
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
=====
Mark Weinstock
[EMAIL PROTECTED]
***************************************
You can't demand something as a "right" unless you are willing to fight to death to
defend everyone else's right to the same thing.
***************************************
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
--- End Message ---
--- Begin Message ---
Ok, I'm trying to get a grip on what happens here:
1. i visit your site, see a flash movie, which enables me to log-in
2. after i log in, I see a link called "news"
3. I click on it, which pops open a HTML window through javascript, with a
URL like example.com/print_news.php
[At this point, the news page should only be available to authenticated
users, but it isn't -- right?]
The answer appears to be sessions. When you log in, you should be able to
pass a session ID back to the flash movie, along with the user's ckval
(whatever that is), and add a session variable like 'logged_in' to the
session.
When the flash movie uses javascript to pop open the news window, you should
be able to pass the session id as a GET variable in the URL, eg:
example.com/print_news.php?PHPSESSID=xxxxxxxxxxxxxxxxx
print_news.php needs to have this at the top:
<?
session_start();
if($_SESSION['logged_in'])
{
?>
<html>
...
Your news
...
</html>
<?
}
else
{
?>
<html>
...
Sorry, you must be logged in baby!
...
</html>
<?
}
?>
You don't NEED cookies to have session work... it can be done with URLs.
Justin
on 23/06/03 5:18 AM, Miles Thompson ([EMAIL PROTECTED]) wrote:
> This does have to do with PHP, but bear with me.
>
> We're using a Flash movie, which calls various PHP scripts to authenticate
> users & retrieve news articles, to display a daily business digest. As
> Flash's printing capabilities are pathetic, we use JavaScript to popup a
> chromeless window in which runs print_news.php. (This is a small window,
> with selection, resizing, etc. all disabled, and which calls the print
> dialog on load; all that is really visible is its "Close" button.)
>
> It won't be too long before some bright spark realizes that our site could
> be visited and the URL for print_news.php fed in; that person would then
> have free access - not good.
>
> What I planned to do is add authentication to print_news.php, by passing
> the user's ckval (obtained when first authenticated by user_logon.php)
> back to the browser in a session var. That does not work, as Flash
> apparently gobbles the cookie.
>
> The apparent alternative is to call an intermediate script from Flash,
> passing the ckval, and having that script set the session and then redirect
> to print_news.php, using the header( Location: ... ). The problem is that
> opens in the same window, and I need a new one.
>
> I obviously can't pass ckval in the URL, and I don't have any way, that I
> know of, to fake a <form> POST.
>
> Suggestions or nudges in the right direction will be appreciated.
>
> Regards - Miles Thompson
>
--- End Message ---
--- Begin Message ---
Hi all,
This one is causing me a few headaches. How should I be doing this?
On my previous page I've created a series of fields using a loop so that a
field is created like this:
echo "<hr>$fieldname:<input name='Field$n' maxlength='25'>";
On my next page then I've got to try to read these values. I could do this
as $_POST['Field0'], $_POST['Field1'] etc but a loop is what is required.
I've tried getting at the value by:
$a=$_POST['Field$n'];
and
$nb='$'."_POST['Field".$n."']";
$a=$$nb;
And neither works. How should I be doing it?
Thanks in advance for all help.
regards,
Dave
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003
--- End Message ---
--- Begin Message ---
echo "<hr>$fieldname:<input name='FieldName[]' maxlength='25'>";
for ($i=0, $n=sizeof($_POST['FieldName']); $i<$n; $i++){
// do whatever you need to do with each field
echo $_POST['FieldName'][$i];
}
-----Original Message-----
From: Dave Alger [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 22, 2003 9:12 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Getting at $_POST values using a loop
Hi all,
This one is causing me a few headaches. How should I be doing this?
On my previous page I've created a series of fields using a loop so that
a
field is created like this:
echo "<hr>$fieldname:<input name='Field$n' maxlength='25'>";
On my next page then I've got to try to read these values. I could do
this
as $_POST['Field0'], $_POST['Field1'] etc but a loop is what is
required.
I've tried getting at the value by:
$a=$_POST['Field$n'];
and
$nb='$'."_POST['Field".$n."']";
$a=$$nb;
And neither works. How should I be doing it?
Thanks in advance for all help.
regards,
Dave
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I've never done this using CURL however I have done this using socket
connections. If you haven't already you may want to look into this, I'm
sure payflow will allow you to post data using socket connection.
Take a look at:
http://us4.php.net/fsockopen
In the User Contributed Notes look for a post by
info at agriya dot com
02-Feb-2003 12:38
there you will see a script that shows you how to do it.
-----Original Message-----
From: Haseeb Iqbal [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 1:11 PM
To: [EMAIL PROTECTED]
Subject: [PHP] OOT Payflow Urgent
hi all,
i am using curl to post data to the payflow link server.
now here are the questions that i want to ask.
here is the server stats
Linux+ php + mysql + curl + ssl
1) now i want to know if curl is safe to use?
i know about the payflow sdk but i also know that i can execute the sdk
by
exec call and if anyone is loged on the computer at the time of the
transection he/she can view all the data passed to the sdk by simply one
command.(i.e. ps.). as
also don't want to show the user any page from verisign. but when i send
the
data i get back html output. i want some kind of error codes.how can i
achieve this. know there must some way around this problem.
i want to collect all the information on my page send the data to the
payflow link without leaving my site the get back the result from the
transection and show the result to the user.
thanx in advance
Haseeb
--- End Message ---
--- Begin Message ---
Hi,
Is there any way, doc, article, example, idea, suggestion to how to
prevent sql injection on php sites...
Thanks
--- End Message ---
--- Begin Message ---
On Mon, 23 Jun 2003 08:59:56 +0300, you wrote:
>Is there any way, doc, article, example, idea, suggestion to how to
>prevent sql injection on php sites...
It's really not that hard to do.
Rule 1: Never trust the client
This means validating all data that comes from the client - make sure that
integers are really integers, dates are really dates and in the correct
range, etc etc. Never rely on Javascript alone to do this. But this is just
good practice - you should be doing this kind of server-side validation
already.
Most importantly, escape any client-generated data before passing to your
database. Eg use mysql_real_escape_string() for MySQL.
In addition, your PHP scripts should be connecting to the database as a user
with minimal permissions - eg they shouldn't have permission to delete data,
drop tables, etc. unless they really need it.
--- End Message ---
--- Begin Message ---
Im trying to pass an object into functions and class methods, and for some
reason, Im unable to access the object's methods.
When I var_dump() the object, its a valid object with the function or
class method.
When I check via get_class_methods, all the methods are there, from
within the function or class method.
I tried passing by reference, and the regular "copied" way.
I end up with the error ->
Fatal error: Call to undefined function: display_thumbnails() in ......
I can access the object's variables, but not it's methods
Maybe because Im tired, but if anyone experienced this before, I'd
greatly appreciate any feed back on this.
Thanks
----------------
class class
{
var $_tpl;
var $gal_tpl = array();
function gallery_class(&$tpl)
{
if (is_object( $tpl ))
{
$this->_tpl = $tpl;
}
}
}
?>
--- End Message ---
--- Begin Message ---
On Sun, 2003-06-22 at 23:20, Gerard Samuel wrote:
> Im trying to pass an object into functions and class methods, and for some
> reason, Im unable to access the object's methods.
> When I var_dump() the object, its a valid object with the function or
> class method.
> When I check via get_class_methods, all the methods are there, from
> within the function or class method.
> I tried passing by reference, and the regular "copied" way.
> I end up with the error ->
> Fatal error: Call to undefined function: display_thumbnails() in ......
> I can access the object's variables, but not it's methods
>
> Maybe because Im tired, but if anyone experienced this before, I'd
> greatly appreciate any feed back on this.
> Thanks
Hi there,
Besides the fact that my PHP (4.3.2) gives a parse error if I try to
name a class 'class' ;), the only thing that is missing here is the '&'
where you assign the passed object reference to $this->_tpl. Give that
a shot.
Hope this helps,
Torben
> ----------------
>
> class class
> {
> var $_tpl;
> var $gal_tpl = array();
>
> function gallery_class(&$tpl)
> {
> if (is_object( $tpl ))
> {
> $this->_tpl = $tpl;
> }
> }
> }
>
> ?>
--
Torben Wilson <[EMAIL PROTECTED]> +1.604.709.0506
http://www.thebuttlesschaps.com http://www.inflatableeye.com
http://www.hybrid17.com http://www.themainonmain.com
-----==== Boycott Starbucks! http://www.haidabuckscafe.com ====-----
--- End Message ---
--- Begin Message ---
Does anyone have a code snippet that connects to a remote server using
NTML
and gets the HTML source?
Sincerely
berber
Visit http://www.weberdev.com/ Today!!!
To see where PHP might take you tomorrow.
--- End Message ---
--- Begin Message ---
First, you don't need to set the $seat array over and over in the for
loop, put
$seat = array('A1', ...
before the loop, it will make your page faster.
If you mean by secure that $_SESSION will contain only one of those 240
seats, then no, the user can type in anything and you just take it. You
need to check if in_array($_REQUEST['seat'],$seat).
And if you mean a seat can be taken only by one customer, then you need
to check it against some storage, preferably against sql db.
Jay Fitzgerald wrote:
This is the code I have that is on step 4 of an event registration
system i am working on...
[code page=step4.php]
ini_set("display_errors", "1");
ini_set ('error_reporting', E_ALL);
session_start ();
$ip = $_SERVER['REMOTE_ADDR'];
$fullhost = gethostbyaddr($ip);
$host = preg_replace("/^[^.]+./", "*.", $fullhost);
$_SESSION['host'] = $fullhost;
$_SESSION['ip'] = $ip;
$_SESSION['eventid'] = $_SESSION['eventid'];
$_SESSION['age'] = $_SESSION['age'];
$_SESSION['terms'] = $_SESSION['terms'];
$_SESSION['team'] = $_REQUEST['team'];
for($i = 0; $i <= 239; $i++):
$seat = array('A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9',
'A10', 'A11', 'A12', 'A13', 'A14', 'A15', 'A16', 'A17', 'A18', 'A19',
'A20', 'B21', 'B22', 'B23', 'B24', 'B25', 'B26', 'B27', 'B28', 'B29',
'B30', 'B31', 'B32', 'B33', 'B34', 'B35', 'B36', 'B37', 'B38', 'B39',
'B40', 'C41', 'C42', 'C43', 'C44', 'C45', 'C46', 'C47', 'C48', 'C49',
'C50', 'C51', 'C52', 'C53', 'C54', 'C55', 'C56', 'C57', 'C58', 'C59',
'C60', 'D61', 'D62', 'D63', 'D64', 'D65', 'D66', 'D67', 'D68', 'D69',
'D70', 'D71', 'D72', 'D73', 'D74', 'D75', 'D76', 'D77', 'D78', 'D79',
'D80', 'D81', 'D82', 'D83', 'D84', 'D85', 'D86', 'D87', 'D88', 'D89',
'D90', 'E91', 'E92', 'E93', 'E94', 'E95', 'E96', 'E97', 'E98', 'E99',
'E100', 'E101', 'E102', 'E103', 'E104', 'E105', 'E106', 'E107', 'E108',
'E109', 'E110', 'F111', 'F112', 'F113', 'F114', 'F115', 'F116', 'F117',
'F118', 'F119', 'F120', 'G121', 'G122', 'G123', 'G124', 'G125', 'G126',
'G127', 'G128', 'G129', 'G130', 'H131', 'H132', 'H133', 'H134', 'H135',
'H136', 'H137', 'H138', 'H139', 'H140', 'H141', 'H142', 'H143', 'H144',
'H145', 'H146', 'H147', 'H148', 'H149', 'H150', 'I151', 'I152', 'I153',
'I154', 'I155', 'I156', 'I157', 'I158', 'I159', 'I160', 'I161', 'I162',
'I163', 'I164', 'I165', 'I166', 'I167', 'I168', 'I169', 'I170', 'I171',
'I172', 'I173', 'I174', 'I175', 'I176', 'I177', 'I178', 'I179', 'I180',
'J181', 'J182', 'J183', 'J184', 'J185', 'J186', 'J187', 'J188', 'J189',
'J190', 'J191', 'J192', 'J193', 'J194', 'J195', 'J196', 'J197', 'J198',
'J199', 'J200', 'K201', 'K202', 'K203', 'K204', 'K205', 'K206', 'K207',
'K208', 'K209', 'K210', 'K211', 'K212', 'K213', 'K214', 'K215', 'K216',
'K217', 'K218', 'K219', 'K220', 'L221', 'L222', 'L223', 'L224', 'L225',
'L226', 'L227', 'L228', 'L229', 'L230', 'L231', 'L232', 'L233', 'L234',
'L235', 'L236', 'L237', 'L238', 'L239', 'L240');
echo "<A HREF=\"step5.php?seat=$seat[$i]\">$seat[$i]</A><BR>";
endfor;
[/end code]
Now - all of that works perfect and it displays seperate lines with
links to each $seat in the browser....even when I click on the link and
goto step 5, it "seems" as though it is working correctly...
[code page=step5.php]
session_start ();
$_SESSION['seat'] = $_REQUEST['seat'];
echo "$_SESSION[seat]";
[/end code]
My question is - is my session working correctly? am I doing what I need
to be doing in order to keep the seats secure so that noone can just
type the seat number in the location bar and get to register their seat?
The reson I ask this is because the only way I know to test sessions is
to close out my browser completely, reopen it and try going to the page
I am testing...HOWEVER, when I do that in this situation, I am still
allowed to change the actual seat number in my location bar....this is
what I do NOT want...
I have read and read and read online and every place I have looked says
the same stuff that the way I have it above should be secure, but
apparently it is not...
TIA,
Jay
--- End Message ---
--- Begin Message ---
Hello,
I have a working C program that runs like a cgi
by sending back a web page. I would like include in it
some authentication code by checking
$au = $_SESSION['AuthenticatedUser']
previously set up by a php script.I don't like to recode
all in php because I expect a nasty performace slowdown.
Can I call session_start() and so on from my C program?
Any example code?
Many thanks for replies, bye
user(at)lngs(dot)infn(dot)it
========================================================
--- End Message ---
--- Begin Message ---
I am using the following codes to create cookie and validate login, but some
members can't login, I checked their username and password is correct..
function docookie($id, $username, $passwd,$fname, $lname,
$suspended,$rememberme) {
$info = base64_encode("$id:$username:$passwd:$fname:$lname:$suspended");
if($rememberme)
{
setcookie("user",$info, time()+15552000,"/","domain.com");
}
else
{
setcookie("user",$info);
}
}
function cookiedecode($user) {
global $cookie, $prefix;
dbconnect();
$user = base64_decode($userinfo);
$cookie = explode(":", $userinfo);
$result = mysql_query("select passwd from profile where
username='$cookie[1]'");
list($pass) = mysql_fetch_row($result);
if ($cookie[2] == $pass && $pass != "") {
return $cookie;
} else {
unset($user);
unset($cookie);
}
}
what i am i doing wrong??
They're sending email from hotmail account sop i am assuming their browser
supports cookie..
please help... many thanks in advance
huzz
--- End Message ---
--- Begin Message ---
Hello,
This is a reply to an e-mail that you wrote on Mon, 23 Jun 2003 at 10:18,
lines prefixed by '>' were originally written by you.
> I am using the following codes to create cookie and validate login,
> but some
> members can't login, I checked their username and password is
> correct..
> $info =
> base64_encode("$id:$username:$passwd:$fname:$lname:$suspended");
I haven't read all of your code but the first thing I can think to check
is... do any of your usernames or passwords have : characters in them?
if they do you will have to adjust your code to account for this.
David.
--
phpmachine :: The quick and easy to use service providing you with
professionally developed PHP scripts :: http://www.phpmachine.com/
Professional Web Development by David Nicholson
http://www.djnicholson.com/
QuizSender.com - How well do your friends actually know you?
http://www.quizsender.com/
(developed entirely in PHP)
--- End Message ---
--- Begin Message ---
Okay, my dhcp client web page is pretty much done...
http://daevid.com/examples/dhcp/
The .tgz file is linked at the bottom if you want it.
This was also an extreme amount of work just to simply see the active leases
and 'client-hostname' associated with an IP/MAC?! Seems to me there should
have been a tool included with dhcpd that does this at the command line.
*sigh*
Much thanks to Lars Torben Wilson for the dhcpd.leases parser.
---------
What I don't understand is why my dhcpd.leases file doesn't have an entry
for my notebook (10.10.10.69) yet I specifically put this entry in
/etc/dhcpd.conf
host orinoco.daevid.com {
hardware ethernet 00:02:2D:3C:7C:FB;
fixed-address 10.10.10.69;
}
So I do get assigned the IP and everything works from a network standpoint,
but why doesn't the /var/lib/dhcp/dhcpd.leases file have an entry that
should look something like:
lease 10.10.10.69 {
starts 1 2003/06/23 08:40:11;
ends 1 2003/06/23 08:50:11;
binding state active;
next binding state free;
hardware ethernet 00:02:2D:3C:7C:FB;
client-hostname "locutus";
}
Yet I don't. :( In fact, it seems that ANY devices that I assign an IP using
the MAC (such as TiVo, Replay, other servers), don't have entries in the
dhcpd.leases file?! Why is that? Is this a bug or by design?
I'm running a RedHat 8.0 system with the following RPMs:
dhcpcd-1.3.22pl1-7
dhcp-3.0pl1-26
--- End Message ---
