php-general Digest 8 Sep 2002 01:46:44 -0000 Issue 1572
Topics (messages 115599 through 115634):
Array - Match
115599 by: N. Pari Purna Chand
115601 by: Bas Jobsen
115613 by: Jed Verity
Re: How to set the file premission by using CHMOD?
115600 by: Brad Bonkoski
Re: Problem with inserting values into database through php
115602 by: timo stamm
using print instead of echo
115603 by: Kevin Heflin
115612 by: Pekka Saarinen
Re: Sessions with register_globals = off
115604 by: Mauricio Cuenca
Re: \n to <BR> Problem
115605 by: Justin French
Re: Link for downloading?
115606 by: Justin French
115632 by: xdrag
Re: Question about character acces, [] vs {}
115607 by: Justin French
Help! I will even Donate through Paypal, I only want to make a thumbnail of a picture
through php code.
115608 by: Kurtis Harper
115615 by: Manuel Lemos
Re: email with html and images
115609 by: Justin French
contact list re-ordering (php/mySQL CMS design)
115610 by: speedfreak.chello.be
115614 by: . Edwin
Proposal for securing PHP sessions
115611 by: mar tin
115618 by: M1tch
115621 by: Dave at Sinewaves.net
115622 by: Philip J. Newman
115633 by: M1tch
Re: sending email with linefeeds
115616 by: Manuel Lemos
[ANNOUNCE] PHP 4.2.3 released
115617 by: Zeev Suraski
Re: gmdate()
115619 by: timo stamm
Re: Calculating Totals from table columns without a second query to the DB
115620 by: timo stamm
Credit Card Validation
115623 by: Jeff Lewis
115628 by: Manuel Lemos
115629 by: Garrick Linn
115630 by: Manuel Lemos
Warning: Could not execute mail delivery program
115624 by: Noah Spitzer-Williams
115627 by: ∞
How to program very basic chat on PHP?
115625 by: M
115626 by: Philip J. Newman
cmsg cancel <42EOfJ$[EMAIL PROTECTED]>
115631 by: ∞
security documentation
115634 by: Vania Smrkovski
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I have $sub = "abc";
and
$subs[0] = "cde";
$subs[0] = "iyu";
$subs[0] = "abc";
..
..
..
$subs[50] = "xyx";
How to find whether $sub matches with any one of $subs[$i]
I have used a for loop but it is
returning true when $subs[$i] = "xxxxxabc".
/Chandu
-----------------------------------------------
Powered by MihiraMail, Fast secure & reliable
Brought to you by Mihira Net Pvt Ltd.
--- End Message ---
--- Begin Message ---
<?
$sub = "abcd";
$subs[] = "cde";
$subs[] = "iyu";
$subs[] = "abc";
$subs[] = "xyx";
$match=false;
foreach($subs as $value)
{
if($sub==$value){$match=true; break;}
}
if($match) echo 'found!';
else echo 'not found!';
//or better use
//for PHP 4
if(in_array($sub,$subs))echo 'found!';
else echo 'not found!';
//also possible
//for PHP 4 >= 4.0.5 && < 4.2.0
if(is_null(($b=array_search($sub,$subs)))) echo 'not found!';
else echo 'found! In $sub['.$b.']';
//or for PHP 4 >= 4.2.0
if(($b=array_search($sub,$subs))) echo 'found! In $sub['.$b.']';
else echo 'not found!';
?>
--- End Message ---
--- Begin Message ---
Hello Chandu,
You can use in_array(needle, haystack) for this. For example,
if (in_array("abc",$subs)) {item found, do stuff...}
HTH!
Jed
On the threshold of genius, N. Pari Purna Chand wrote:
>
> I have $sub = "abc";
>
> and
>
> $subs[0] = "cde";
> $subs[0] = "iyu";
> $subs[0] = "abc";
> ..
> ..
> ..
> $subs[50] = "xyx";
>
> How to find whether $sub matches with any one of $subs[$i]
> I have used a for loop but it is
> returning true when $subs[$i] = "xxxxxabc".
>
> /Chandu
>
>
> -----------------------------------------------
> Powered by MihiraMail, Fast secure & reliable
> Brought to you by Mihira Net Pvt Ltd.
>
--- End Message ---
--- Begin Message ---
man chown
(change ownership) (i.e. chown my_username:my_groupname <directory>)
-or-
man chmod
(change permissions)(i.e. chmod uga+w <file_name> -or- chown 4777
<file_name>)
-Brad
Bryan wrote:
> Situation:
> I want to create a file to a directory, but the premission denied, how to
> solve this problem by using CHMOD?
>
> Bryan
>
>
>
--- End Message ---
--- Begin Message ---
Hi Olli,
I think the query string is missing an ";"
Timo
--- End Message ---
--- Begin Message ---
the example I have below.. I'm able to get working using the 'echo'
command.
But I would like to know how to format the same using the 'print'
command.
I am familiar with both. but with this one instance I am not sure how
to format the print command correctly to get the same results as the
echo command. Any suggestions would be appreciated.
$variable1[0]="one";
$variable2[0]="two";
$variable3[0]="three";
$variable4[0]="four";
$j=1;
while($j<5){
echo ${"variable"."$j"}[0];
$j++;
}
--- End Message ---
--- Begin Message ---
At 9/7/2002, you wrote:
>the example I have below.. I'm able to get working using the 'echo' command.
>But I would like to know how to format the same using the 'print' command.
>I am familiar with both. but with this one instance I am not sure how to
>format the print command correctly to get the same results as the echo
>command. Any suggestions would be appreciated.
>
> $variable1[0]="one";
> $variable2[0]="two";
> $variable3[0]="three";
> $variable4[0]="four";
>
> $j=1;
> while($j<5){
> echo ${"variable"."$j"}[0];
> $j++;
> }
Hi,
I don't get it, it works identically with echo and with print, doesn't it?
$variable1[0]="one";
$variable2[0]="two";
$variable3[0]="three";
$variable4[0]="four";
$j=1;
while($j<5){
print ${"variable"."$j"}[0];
$j++;
}
If you get kicks from odd coding styles you might also use eval :)
$variable1[0]="one";
$variable2[0]="two";
$variable3[0]="three";
$variable4[0]="four";
$j=1;
while($j<5){
eval("print \"\$variable" . $j . "[0]<br>\";");
$j++;
}
-------------------------
Pekka Saarinen
http://photography-on-the.net
-------------------------
--- End Message ---
--- Begin Message ---
Sessions are now being registered, but I have a problem unregistering them.
This is the code that I'm using to test it:
--------kill.php--------
session_start();
print("ID = ".$_SESSION['id']); //The value is printed
print("PERMISOS = ".$_SESSION['permisos']); //The value is printed
unset($_SESSION['id']);
unset($_SESSION['permisos']);
print("ID = ".$_SESSION['id']); //The value is NOT printed
print("PERMISOS = ".$_SESSION['permisos']); //The value is NOT printed
-------kill.php---------
If the page is reloaded, the result is exactly the same.
But if I keep reloading the page $_SESSION['id'] and $_SESSION['permisos']
have the same value. Is there any other way to unregister session variables
???
Thank you very much.
_____________________
Mauricio Cuenca
----- Original Message -----
From: "Daniel Guerrier" <[EMAIL PROTECTED]>
To: "Mauricio Cuenca" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, September 06, 2002 2:11 PM
Subject: Re: [PHP] Sessions with register_globals = off
> Here you go
>
> http://www.zend.com/manual/function.session-is-registered.php
--- End Message ---
--- Begin Message ---
on 07/09/02 1:51 AM, N. Pari Purna Chand ([EMAIL PROTECTED])
wrote:
> $newstr = ereg_replace ("\n", "<BR>", $newstr);
Instead, I think you'd have to escape the slash: "\\n"... but it's
irrelevant, because there's a function that does this for you:
$newstr = nl2br($newstr);
Also, you should try to use str_replace('was', 'is', $str), because it's
less resource intensive than ereg*
Justin
--- End Message ---
--- Begin Message ---
http://www.zend.com/zend/trick/tricks-august-2001.php
the stuff he does with mime types and headers is all relevant to what you
want to do...
Justin
on 07/09/02 1:56 AM, Alex Shi ([EMAIL PROTECTED]) wrote:
> Thanks for your reply! Still have another question: How to use
> header() to generate download link?
>
> Alex
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: "Alex Shi" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, September 06, 2002 7:27 AM
> Subject: Re: [PHP] Link for downloading?
>
>
>> Question 1:
>> I think this has to do with how you attribute your file extensions in
>> httpd.conf (Apache thing, not PHP), so check out the docs on apache.org
>>
>> Question 2:
>> I woudl tend to believe it depends what kind of link it is...
>> is it and HTTP downlaod site (which would use the windows "save file as"
>> dialog, or is it a link to an FTP site, which may use your local FTP
>> software...
>>
>> HTH
>> -Brad
>>
>>> Hello,
>>>
>>> How to create a link that when click it will lauch file downloading at
>>> client's end.
>>>
>>> And another question which might be biased from this topic, but
>>> still related with the subject of this message: why some downloading
>>> link will lauch a ftp client such as NetAnts or Download Accelerator
>>> while other link will start a Window's builtin download window?
>>>
>>> Alex
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>
>>
>>
>>
>>
--- End Message ---
--- Begin Message ---
try this:
<?php
... ...
$filename = "test";
header("Cache-Control: no-cache, must-revalidate");
header("Content-type:".$mime_type);
header("Content-Disposition:filename=".$filename.".doc");
echo "hello, world!";
?>
----- Original Message -----
From: "Justin French" <[EMAIL PROTECTED]>
To: "Alex Shi" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, September 07, 2002 11:45 PM
Subject: Re: [PHP] Link for downloading?
> http://www.zend.com/zend/trick/tricks-august-2001.php
>
> the stuff he does with mime types and headers is all relevant to what you
> want to do...
>
> Justin
>
>
> on 07/09/02 1:56 AM, Alex Shi ([EMAIL PROTECTED]) wrote:
>
> > Thanks for your reply! Still have another question: How to use
> > header() to generate download link?
> >
> > Alex
> >
> > ----- Original Message -----
> > From: <[EMAIL PROTECTED]>
> > To: "Alex Shi" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Friday, September 06, 2002 7:27 AM
> > Subject: Re: [PHP] Link for downloading?
> >
> >
> >> Question 1:
> >> I think this has to do with how you attribute your file extensions in
> >> httpd.conf (Apache thing, not PHP), so check out the docs on apache.org
> >>
> >> Question 2:
> >> I woudl tend to believe it depends what kind of link it is...
> >> is it and HTTP downlaod site (which would use the windows "save file as"
> >> dialog, or is it a link to an FTP site, which may use your local FTP
> >> software...
> >>
> >> HTH
> >> -Brad
> >>
> >>> Hello,
> >>>
> >>> How to create a link that when click it will lauch file downloading at
> >>> client's end.
> >>>
> >>> And another question which might be biased from this topic, but
> >>> still related with the subject of this message: why some downloading
> >>> link will lauch a ftp client such as NetAnts or Download Accelerator
> >>> while other link will start a Window's builtin download window?
> >>>
> >>> Alex
> >>>
> >>> --
> >>> PHP General Mailing List (http://www.php.net/)
> >>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>
> >>
> >>
> >>
> >>
> >>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Somewhere in an article or the manual it *strongly* advises using in {} not
[] for access of a certain character in a string.
Justin
on 07/09/02 5:34 AM, Robert Cummings ([EMAIL PROTECTED]) wrote:
>
> Some time ago i wrote some code where I used the now deprecated
> form of accessing characters in a string $string[x]... Would there
> be much of a performance gain for me to go take the time to update
> the code to the newer $string{x} style?
>
> Cheers,
> Rob.
--- End Message ---
--- Begin Message ---
Hi Gang,
I am serious, I will send a donation (small- I am not a rich man :o) )
through PayPal, if someone is kind enough to help me out. What I need it
to create a thumbnail of an uploaded picture. I am not fussy on how the PHP
script accomplishes this as long as it works. I tried running Imagemagick
(convert after the file is uploaded) through an exec command with no luck.
I would like to have two files in the folder where the image is uploated :
image.jpg and imagethumbnail.jpg (I want to creat thumbnails on the fly of
pictures users upload). I am running IIS 5, If this is part of my problem I
am willing to change to apache. I am sure this is a simple process since it
is done all the time. If there are otherways to create a thumbnail I am
willing to try that as well. I just can not seem to run the convert.exe
through a PHP file :o(
Is it not possible to run an external progrman (convert.exe) through php
code?
What I am looking for is some detailed instruction on how to go about this,
I have found bits and pieces but there are too many holes in the information
I have so far.
Again Thanks in advance to any help anyone can provide
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/2002
--- End Message ---
--- Begin Message ---
Hello,
On 09/07/2002 12:55 PM, Kurtis Harper wrote:
> I am serious, I will send a donation (small- I am not a rich man :o) )
> through PayPal, if someone is kind enough to help me out. What I need it
> to create a thumbnail of an uploaded picture. I am not fussy on how the PHP
> script accomplishes this as long as it works. I tried running Imagemagick
> (convert after the file is uploaded) through an exec command with no luck.
> I would like to have two files in the folder where the image is uploated :
> image.jpg and imagethumbnail.jpg (I want to creat thumbnails on the fly of
> pictures users upload). I am running IIS 5, If this is part of my problem I
> am willing to change to apache. I am sure this is a simple process since it
> is done all the time. If there are otherways to create a thumbnail I am
> willing to try that as well. I just can not seem to run the convert.exe
> through a PHP file :o(
> Is it not possible to run an external progrman (convert.exe) through php
> code?
> What I am looking for is some detailed instruction on how to go about this,
> I have found bits and pieces but there are too many holes in the information
> I have so far.
Here you may find several classes for that purpose just the way you
want, ie, just using PHP code:
http://www.phpclasses.org/browse.html/class/11.html
--
Regards,
Manuel Lemos
--- End Message ---
--- Begin Message ---
I'd start by having a look at Manuel's class at phpclasses.org... called
mimeMial or something...
Justin
on 07/09/02 9:32 AM, josh ([EMAIL PROTECTED]) wrote:
> Hey all
>
> I have seen many tutorials on sending HTML email, and sending email with
> attachments, but have found nothing on sending HTML email with the images
> for the html attached.
>
> Anyone familiar with doing this?
>
> Thanks,
> Josh
>
--- End Message ---
--- Begin Message ---
Dear guru's,
Hit a problem while developing a CMS with php/mySQL. Part of this is a
contact list and this works ok (add/edit/delete with
insert/update/delete queries). Now the client has requested a new
feature: ability to change the order in which the contacts are being
presented in the public part of this CMS (don't ask me why). I've added
a field 'show_pos' to the contacts table and am able to change its value
when I edit an existing record or add a new one. What I can't wrap my
head around at the moment is how one deals with updating 'show_pos' for
the OTHER records (while editing/deleting present record (WHERE
id='$id')? Could anyone give me some pointers as to how this could be
done in php and/or SQL (preferable). I sure hope anyone understands what
I mean ...
Cheers!
newbie@a_loss
--- End Message ---
--- Begin Message ---
I'm not sure if what you mean is something like this:
Say, you have a table with 2 columns (1) "id" and (2) "contact". And your
table is populated in this way:
id contact
1 a
2 b
3 c
4 d
5 e
And, let's say that your "id" is auto_incremented. Also, the contacts are
shown ORDER BY "id" DESC. So, each time you add a new one, it shows up on
the top of the list. So, what if you want a contact to show up between "id"
3 and 4?
Well, what I'd do is (1) NOT auto_increment the "id" field and (2)
"manually" increment the "id" by, say, 10 or 100. In other words, my table
would probably look something like this:
id contact
100 a
200 b
300 c
400 d
500 e
So, if I want to make one contact show up between 300 and 400, I'll just add
the contact with an "id" of, say, 350. This way, I wouldn't even need a
"show_pos" field. Besides, I wouldn't even bother changing the "show_pos"
for the other records. :)
Of course, there must be a "more elegant" way of doing this. (Actually, I'm
not really sure if I really understand your problem... Still, HTH...)
- E
> Dear guru's,
>
> Hit a problem while developing a CMS with php/mySQL. Part of this is a
> contact list and this works ok (add/edit/delete with
> insert/update/delete queries). Now the client has requested a new
> feature: ability to change the order in which the contacts are being
> presented in the public part of this CMS (don't ask me why). I've added
> a field 'show_pos' to the contacts table and am able to change its value
> when I edit an existing record or add a new one. What I can't wrap my
> head around at the moment is how one deals with updating 'show_pos' for
> the OTHER records (while editing/deleting present record (WHERE
> id='$id')? Could anyone give me some pointers as to how this could be
> done in php and/or SQL (preferable). I sure hope anyone understands what
> I mean ...
>
> Cheers!
>
> newbie@a_loss
>
--- End Message ---
--- Begin Message ---
Dear all:
Until I read the article "PHP Session security"
(http://www.webkreator.com/php/configuration/php-session-security.html)
I haven't noticed how insecure PHP Sessions are.
Basically there're 2 problems:
*) It's possible to hijack a session if you know the
SID (session id)
1) If you're on a shared server (cheap webhosting)
other users can get the SIDs by doing "ls /tmp/sess_*"
(/tmp/ is defined on session.save_path on the config
file, so it may be different).
2) When a user clicks on an external link, the
browser sends the REFERER url and sometimes it
contains the SID (if session.use_trans_sid is enabled)
PHP offers a security measure: with
session.referer_check it will reject SIDs comming from
other referers, but the referer url can be easily
forged.
*) Users can read session data from the session files,
which are owned by the server process (every user
which has an account on the webserver can read server
owned files)
(If you're intrested in the subject I would recommend
to read full the article:
http://www.webkreator.com/php/configuration/php-session-security.html)
I have developed some functions to avoid this
problems. They replace the standard session functions
(using session_set_save_handler), so you only have to
include the file at the beggining of your script and
(afaik) you're safe :)
This is the idea:
Apart from the session cookie, I set another one (with
the same name and the string '_sec' appended). On this
cookie I set a random KEY.
The name of the file which contains the session data
is the md5 hash of the SID and the KEY together. This
turns impossible to guess the session id by looking at
the filenames.
To hide the data inside the file, the serialized
string is crypted using the KEY as password, so nobody
can see the content of your user's sessions.
You can find the code here:
http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt
Im looking for suggestions to make it 100% compatible
with the standard session functions, and I would like
to hear some thougts about the idea
Martin Sarsale
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
--- End Message ---
--- Begin Message ---
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Also, I built it using database (using my own session functions in
savehandler), that stores the ip as well.
This prevents people snooping.
Still not 100% secure I imagine, but much better.
Andy
"Mar Tin" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Dear all:
>
> Until I read the article "PHP Session security"
> (http://www.webkreator.com/php/configuration/php-session-security.html)
> I haven't noticed how insecure PHP Sessions are.
>
>
>
> Basically there're 2 problems:
>
> *) It's possible to hijack a session if you know the
> SID (session id)
>
> 1) If you're on a shared server (cheap webhosting)
> other users can get the SIDs by doing "ls /tmp/sess_*"
> (/tmp/ is defined on session.save_path on the config
> file, so it may be different).
>
> 2) When a user clicks on an external link, the
> browser sends the REFERER url and sometimes it
> contains the SID (if session.use_trans_sid is enabled)
>
> PHP offers a security measure: with
> session.referer_check it will reject SIDs comming from
> other referers, but the referer url can be easily
> forged.
>
> *) Users can read session data from the session files,
> which are owned by the server process (every user
> which has an account on the webserver can read server
> owned files)
>
> (If you're intrested in the subject I would recommend
> to read full the article:
> http://www.webkreator.com/php/configuration/php-session-security.html)
>
> I have developed some functions to avoid this
> problems. They replace the standard session functions
> (using session_set_save_handler), so you only have to
> include the file at the beggining of your script and
> (afaik) you're safe :)
>
> This is the idea:
>
> Apart from the session cookie, I set another one (with
> the same name and the string '_sec' appended). On this
> cookie I set a random KEY.
> The name of the file which contains the session data
> is the md5 hash of the SID and the KEY together. This
> turns impossible to guess the session id by looking at
> the filenames.
>
> To hide the data inside the file, the serialized
> string is crypted using the KEY as password, so nobody
> can see the content of your user's sessions.
>
> You can find the code here:
> http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt
>
> Im looking for suggestions to make it 100% compatible
> with the standard session functions, and I would like
> to hear some thougts about the idea
>
> Martin Sarsale
> [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
--- End Message ---
--- Begin Message ---
You're going to be shutting out a lot of AOL users (bah! who needs em! ;p)
if you do that, as AOL changes a user's IP address about as often as you
read the word "the"...
Dave
-----Original Message-----
From: M1tch [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 07, 2002 12:05 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Proposal for securing PHP sessions
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Also, I built it using database (using my own session functions in
savehandler), that stores the ip as well.
This prevents people snooping.
Still not 100% secure I imagine, but much better.
Andy
"Mar Tin" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Dear all:
>
> Until I read the article "PHP Session security"
> (http://www.webkreator.com/php/configuration/php-session-security.html)
> I haven't noticed how insecure PHP Sessions are.
>
>
>
> Basically there're 2 problems:
>
> *) It's possible to hijack a session if you know the
> SID (session id)
>
> 1) If you're on a shared server (cheap webhosting)
> other users can get the SIDs by doing "ls /tmp/sess_*"
> (/tmp/ is defined on session.save_path on the config
> file, so it may be different).
>
> 2) When a user clicks on an external link, the
> browser sends the REFERER url and sometimes it
> contains the SID (if session.use_trans_sid is enabled)
>
> PHP offers a security measure: with
> session.referer_check it will reject SIDs comming from
> other referers, but the referer url can be easily
> forged.
>
> *) Users can read session data from the session files,
> which are owned by the server process (every user
> which has an account on the webserver can read server
> owned files)
>
> (If you're intrested in the subject I would recommend
> to read full the article:
> http://www.webkreator.com/php/configuration/php-session-security.html)
>
> I have developed some functions to avoid this
> problems. They replace the standard session functions
> (using session_set_save_handler), so you only have to
> include the file at the beggining of your script and
> (afaik) you're safe :)
>
> This is the idea:
>
> Apart from the session cookie, I set another one (with
> the same name and the string '_sec' appended). On this
> cookie I set a random KEY.
> The name of the file which contains the session data
> is the md5 hash of the SID and the KEY together. This
> turns impossible to guess the session id by looking at
> the filenames.
>
> To hide the data inside the file, the serialized
> string is crypted using the KEY as password, so nobody
> can see the content of your user's sessions.
>
> You can find the code here:
> http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt
>
> Im looking for suggestions to make it 100% compatible
> with the standard session functions, and I would like
> to hear some thougts about the idea
>
> Martin Sarsale
> [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
You could use a SUB NET (o; to block a group of users ie 202.*.*.* would
kill most of New Zealand and Oz
----- Original Message -----
From: "Dave at Sinewaves.net" <[EMAIL PROTECTED]>
To: "PHPlist" <[EMAIL PROTECTED]>; "M1tch" <[EMAIL PROTECTED]>
Sent: Sunday, September 08, 2002 8:34 AM
Subject: RE: [PHP] Re: Proposal for securing PHP sessions
> You're going to be shutting out a lot of AOL users (bah! who needs em! ;p)
> if you do that, as AOL changes a user's IP address about as often as you
> read the word "the"...
>
> Dave
>
>
> -----Original Message-----
> From: M1tch [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 07, 2002 12:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Proposal for securing PHP sessions
>
>
> Why not just use IP?
> I created a nice system, whereby if your IP is changed (or someone is
> hacking your session), the session is destroyed, and the user must log in.
> Does not add much overhead either.
>
> Also, I built it using database (using my own session functions in
> savehandler), that stores the ip as well.
> This prevents people snooping.
>
> Still not 100% secure I imagine, but much better.
>
> Andy
>
> "Mar Tin" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >
> > Dear all:
> >
> > Until I read the article "PHP Session security"
> > (http://www.webkreator.com/php/configuration/php-session-security.html)
> > I haven't noticed how insecure PHP Sessions are.
> >
> >
> >
> > Basically there're 2 problems:
> >
> > *) It's possible to hijack a session if you know the
> > SID (session id)
> >
> > 1) If you're on a shared server (cheap webhosting)
> > other users can get the SIDs by doing "ls /tmp/sess_*"
> > (/tmp/ is defined on session.save_path on the config
> > file, so it may be different).
> >
> > 2) When a user clicks on an external link, the
> > browser sends the REFERER url and sometimes it
> > contains the SID (if session.use_trans_sid is enabled)
> >
> > PHP offers a security measure: with
> > session.referer_check it will reject SIDs comming from
> > other referers, but the referer url can be easily
> > forged.
> >
> > *) Users can read session data from the session files,
> > which are owned by the server process (every user
> > which has an account on the webserver can read server
> > owned files)
> >
> > (If you're intrested in the subject I would recommend
> > to read full the article:
> > http://www.webkreator.com/php/configuration/php-session-security.html)
> >
> > I have developed some functions to avoid this
> > problems. They replace the standard session functions
> > (using session_set_save_handler), so you only have to
> > include the file at the beggining of your script and
> > (afaik) you're safe :)
> >
> > This is the idea:
> >
> > Apart from the session cookie, I set another one (with
> > the same name and the string '_sec' appended). On this
> > cookie I set a random KEY.
> > The name of the file which contains the session data
> > is the md5 hash of the SID and the KEY together. This
> > turns impossible to guess the session id by looking at
> > the filenames.
> >
> > To hide the data inside the file, the serialized
> > string is crypted using the KEY as password, so nobody
> > can see the content of your user's sessions.
> >
> > You can find the code here:
> > http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt
> >
> > Im looking for suggestions to make it 100% compatible
> > with the standard session functions, and I would like
> > to hear some thougts about the idea
> >
> > Martin Sarsale
> > [EMAIL PROTECTED]
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Finance - Get real-time stock quotes
> > http://finance.yahoo.com
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Does it change the IP address while the user is connected? I didn't think
that was possible...
I only use sessions to store username/password and other limited variables,
it's only if they log off and back in again that's they have to log out, and
separate cookies automatically handle the login there- so it's pretty
seamless.
Anyone know about server farms? I vaguely remember reading that you should
only use the first three portions of an IP address (e.g. 123.12.123) to be
sufficient for a server farm.
"Dave At Sinewaves.Net" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You're going to be shutting out a lot of AOL users (bah! who needs em! ;p)
> if you do that, as AOL changes a user's IP address about as often as you
> read the word "the"...
>
> Dave
>
>
> -----Original Message-----
> From: M1tch [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 07, 2002 12:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Proposal for securing PHP sessions
>
>
> Why not just use IP?
> I created a nice system, whereby if your IP is changed (or someone is
> hacking your session), the session is destroyed, and the user must log in.
> Does not add much overhead either.
>
> Also, I built it using database (using my own session functions in
> savehandler), that stores the ip as well.
> This prevents people snooping.
>
> Still not 100% secure I imagine, but much better.
>
> Andy
>
> "Mar Tin" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >
> > Dear all:
> >
> > Until I read the article "PHP Session security"
> > (http://www.webkreator.com/php/configuration/php-session-security.html)
> > I haven't noticed how insecure PHP Sessions are.
> >
> >
> >
> > Basically there're 2 problems:
> >
> > *) It's possible to hijack a session if you know the
> > SID (session id)
> >
> > 1) If you're on a shared server (cheap webhosting)
> > other users can get the SIDs by doing "ls /tmp/sess_*"
> > (/tmp/ is defined on session.save_path on the config
> > file, so it may be different).
> >
> > 2) When a user clicks on an external link, the
> > browser sends the REFERER url and sometimes it
> > contains the SID (if session.use_trans_sid is enabled)
> >
> > PHP offers a security measure: with
> > session.referer_check it will reject SIDs comming from
> > other referers, but the referer url can be easily
> > forged.
> >
> > *) Users can read session data from the session files,
> > which are owned by the server process (every user
> > which has an account on the webserver can read server
> > owned files)
> >
> > (If you're intrested in the subject I would recommend
> > to read full the article:
> > http://www.webkreator.com/php/configuration/php-session-security.html)
> >
> > I have developed some functions to avoid this
> > problems. They replace the standard session functions
> > (using session_set_save_handler), so you only have to
> > include the file at the beggining of your script and
> > (afaik) you're safe :)
> >
> > This is the idea:
> >
> > Apart from the session cookie, I set another one (with
> > the same name and the string '_sec' appended). On this
> > cookie I set a random KEY.
> > The name of the file which contains the session data
> > is the md5 hash of the SID and the KEY together. This
> > turns impossible to guess the session id by looking at
> > the filenames.
> >
> > To hide the data inside the file, the serialized
> > string is crypted using the KEY as password, so nobody
> > can see the content of your user's sessions.
> >
> > You can find the code here:
> > http://www.n3rds.com.ar/files/docs/php_sessions/sess_handler.txt
> >
> > Im looking for suggestions to make it 100% compatible
> > with the standard session functions, and I would like
> > to hear some thougts about the idea
> >
> > Martin Sarsale
> > [EMAIL PROTECTED]
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Finance - Get real-time stock quotes
> > http://finance.yahoo.com
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Hello,
On 09/06/2002 12:10 PM, Kai Hinkelmann wrote:
> Hi,
>
> we are sending plain-text-emails from php not using the mail-command but
> with port-operations. Everything works fine BUT outlook 2000 eats the
> linefeeds. We tried several things: copying the header from an original
> (functional) email from outlook, sending with \n or \r\n to seperate
> header-info and so on... nothing works.
>
> All email-clients show the mails correct - outlook 2000 doesn't. Since other
> mails are shown correct, there MUST be a way, but we don't know, which.
>
> Who can help?
You may want to try this class that deals with line feeds properly
according to the sending method.
http://www.phpclasses.org/mimemessage
It supports sending via mail() or SMTP which work under Windows, and
sendmail and qmail that work only under Unix/Linux.
--
Regards,
Manuel Lemos
--- End Message ---
--- Begin Message ---
PHP 4.2.3 has been released. It is a maintenance release and includes a
large number of fixes for the previous 4.2.2 version. 4.2.3 is a
recommended upgrade for all users of PHP, and particularly Windows users.
Full list of changes:
- Enabled strcoll() on win32. (Markus)
- Fixed possible ASCII control char injection in mail(). (Stefan Esser)
- Fixed a potential crash bug in import_request_variables() (Zeev)
- Fixed several problems with directory functions on Windows. (Steph)
- Fixed xbithack bug in Apache module. (Rasmus)
- Fixed a bug that prevented touch() from working on various platforms. (Steph)
- Fixed ob_gzhandler()'s handling of requests that do have the Accept-Encoding
header, but do not allow compression. (Zeev)
- Fixed several bugs in the multithreaded version that could cause random parse
errors, especially on machines with multiple CPUs. (Zeev, Zend Engine)
- Fixed a build problem in bcmath. (Alan)
- Fixed several bzip2 issues. (Andrei, kalowsky)
- Fixed several COM issues. (Harald)
- Various exif fixes. (Marcus)
- Fixed domxml_xslt_process() and domxml_get_element_by_id() and several
other issues in DOMXML. (Christian)
- Fixed DOMXML crash on removing previously created attributes. (Christian)
- Fixed crash when converting $GLOBALS to an object. (Zeev, Zend Engine)
- Fixed ImageCreateFromGD2Part() (Jani)
- Fixed a build issue in the IMAP extension under IRIX. (kalowsky)
- Fixed a bug in imap_last_error() (Jani)
- Various mbstring fixes. (Yasuo, Rui)
- Fixed a build problem in the mcal extension. (Jani)
- Made MySQL rollback open transactions when the request ends. (Georg)
- Fixed a crash in the shutdown order of the ODBC module. (kalowsky)
- Fixed PCRE build problems. ([EMAIL PROTECTED])
- Fixed a crash in pg_lo_write() (Yasuo)
- Fixed posix_isatty() and posix_ttyname(). (Markus)
- Fixed accidental pg_lo_import() API change. (Yasuo)
- Fixed ereg_replace() crash when the backreference number was greater than the
number of captured subpatterns. ([EMAIL PROTECTED])
- Fixed array_rand() on thread-safe platforms such as Windows. (Edin)
- Report the right exit code after a call to exit(). (Edin)
Shana tova,
Zeev
--
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Huh? I think date() will return different values, but gmdate()
will not, since it returns GM time.
Lallous,
maybe it is something about summertime/wintertime?
Timo
Am Freitag den, 6. September 2002, um 16:36, schrieb Naintara Jain:
> lets say,
>
> ServerOne has TimeZone GMT+2
> ServerTwo has TimeZone GMT+3
>
> the gmdate() will return diff values for the same timestamp.
> essentially there will be a diff of 1 hour in the return values
> from these
> two servers.
>
> -Naintara
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:php-general-
> [EMAIL PROTECTED]
> t]On Behalf Of lallous
> Sent: Friday, September 06, 2002 8:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] gmdate()
>
>
> I don't own the server, and the server is probably set up
> correctly as it is
> a web hosting server.
>
> anyway, how should that RedHat 6 server be set up ?
>
> Elias
> "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> The server needs to be set up correctly - it needs to know what time
>> zone it is in and if the BIOS time is GMT or local.
>>
>> lallous wrote:
>>
>>> Isn't the gmdate() supposed to return the same value when run
>>> from two
>>> different timezones?
>>>
>>>
>>> I run it on GMT+2 system and EDT system, and I get 1 hour difference,
>>>
>>> please advise.
>>>
>>> Elias
>>>
>>>
>>>
>>>
>>>
>>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Hi Jay,
MySQL deserves some more respect. It's language is quite potent.
Have you had a look on COUNT()? It is suited well for... well,
counting.
I would like to be able to sum up a collumns values already in
MySQL. The following query will sum up all values of the column
'id':
SELECT @idsum:=(IFNULL(@idsum, id)+id), id FROM yourtable;
Now a question to the PHP/MySQL experienced: Why does this type
of query not work in combination with PHP? I am using query
above as $query and do the following standard procedure:
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
echo join(", ", $row) . "<br>";
};
But MySQLs variable seems to be reset for each row. Is there any
other access method on a query that can cope with it properly?
Timo
Am Freitag den, 6. September 2002, um 17:32, schrieb Jay Blanchard:
> [thinking out loud]
> For small result sets where I am looking for column totals I
> generally issue
> 2 queries to the database, one for the data and one for the totals.
> This
> works fine, but for some things the database returns 100's or 1000's of
> records. To make this easier to use I "page" the records, showing an
> appropriate number of records for each page. The records for each page
> returned like so (normal);
>
> while($row = mysql_fetch_object($result)){
> print("<td>" . $row->value . "</td>\n");
> print("<td>" . $row->another_value . "</td>\n");
> }
>
> The PHB would now like a "totals per page" and a "grand
> totals". Easy enough
> with 3 queries each time the page is called, one for the
> records, one for
> the page totals, (using proper LIMIT queries) and one for the
> grand totals,
> but awfully inefficient and intensive.
>
> I suppose I could do something like this;
>
> while($row = mysql_fetch_object($result)){
> print("<td>" . $row->value . "</td>\n");
> print("<td>" . $row->another_value . "</td>\n");
> $value1 = $value1 + $row->value;
> $value2 = $value2 + $row->another_value;
> }
> [/thinking out loud]
>
> In the process of typing this out I of course realized that
> this would work
> very well. Even if the database contains NULL values they are
> treated as
> zero. This gets me back to 2 queries, one of which only has to
> be issued
> once (the one for the grand totals, the results can be held in
> variables and
> echo'd or printed as needed). It also seems to be very efficient as the
> $value variables will only be doing a one time math operation each time
> through the while loop. For smaller results sets all on one
> page the same
> type of operation could be used for the grand totals as well,
> working the
> whole report down to a single query. I use a lot of crosstab
> queries where
> totals are needed along the bottom or right side, you can only
> do one within
> the original query. The other totals are left to another
> query ... usually.
>
> This should be a lesson to us all, we all try to over-compicate
> the issue
> sometimes. Usually a look at the
> docs/manual/FAQ/other-text-intensive-method-of-delivering-information
> will
> deliver the solution to a problem while some thought slowed to
> a reasonable
> speed (such as me typing out the problem above) will also allow natural
> logic to occur, producing a solution. Break down the process
> into managable
> portions, solving each portion before moving on to the next.
>
> Challenge; Can this be made as simple for rows too?
>
> Peace and I HTH someone else!
>
> Jay
>
> Hard work has a future payoff. Laziness pays off NOW.
>
> *****************************************************
> * Texas PHP Developers Conf Spring 2003 *
> * T Bar M Resort & Conference Center *
> * New Braunfels, Texas *
> * Contact [EMAIL PROTECTED] *
> * *
> * Want to present a paper or workshop? Contact now! *
> *****************************************************
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
I know it's been posted here several times and I've looked through the archives but I
just need something very simple for this. I have a form that already takes in user
information but now before accepting the information, I'd like to pass the credit card
information to a function and return true or false.
Is anyone using something like this that is simple?
Jeff
--- End Message ---
--- Begin Message ---
Hello,
On 09/07/2002 06:03 PM, Jeff Lewis wrote:
> I know it's been posted here several times and I've looked through the archives but
>I just need something very simple for this. I have a form that already takes in user
>information but now before accepting the information, I'd like to pass the credit
>card information to a function and return true or false.
>
> Is anyone using something like this that is simple?
This class does exactly what you ask. It generates Javascript code for
client side validation and the class itself can validate on the server
side. See the sample output pages.
--
Regards,
Manuel Lemos
--- End Message ---
--- Begin Message ---
Check out http://www.analysisandsolutions.com/code/ccvs-ph.htm
At 05:03 PM 9/7/2002 -0400, Jeff Lewis wrote:
>I know it's been posted here several times and I've looked through the
>archives but I just need something very simple for this. I have a form
>that already takes in user information but now before accepting the
>information, I'd like to pass the credit card information to a function
>and return true or false.
>
>Is anyone using something like this that is simple?
>
>Jeff
--- End Message ---
--- Begin Message ---
Hello,
On 09/07/2002 06:03 PM, Jeff Lewis wrote:
>> I know it's been posted here several times and I've looked through the
>> archives but I just need something very simple for this. I have a form
>> that already takes in user information but now before accepting the
>> information, I'd like to pass the credit card information to a
>> function and return true or false.
>>
>> Is anyone using something like this that is simple?
>
>
> This class does exactly what you ask. It generates Javascript code for
> client side validation and the class itself can validate on the server
> side. See the sample output pages.
Oops, the class is here:
http://www.phpclasses.org/formsgeneration
--
Regards,
Manuel Lemos
--- End Message ---
--- Begin Message ---
PHP Warning: Could not execute mail delivery program in /htdocs/...
Any suggestions on how to fix this?
- Noah
--- End Message ---
--- Begin Message ---
==> [EMAIL PROTECTED] (Noah Spitzer-Williams) 的文章中提到:
> PHP Warning: Could not execute mail delivery program in /htdocs/...
> Any suggestions on how to fix this?
> - Noah
check your php.ini file.
if should be safe_mode = Off....
--
�[m�[1;32m* Origin: LastLoveSongBBS (lls.twbbs.org) From: localhost.localdomai �[m
--- End Message ---
--- Begin Message ---
Hello, this question is about dynamic communication between browsers.
I have a site to meet people (PHP/Mysql).These people have their
profiles and pictures stored into the site.
I would like to make some kind of chat (very single chat), so when
people log into system, I can trace their nicknames and list all active
users onto some table.
When someone wants talk to any other listed person, he just click on
nick name, and some window will open on the other people browser's. This
way, a single chat between two users could be stablished easily.
Is this possible to program just using PHP?. I cant figure here how to
control remotely the other user's browse (open chat window for instance)
using only PHP.
Thanks for any help
Mig
--- End Message ---
--- Begin Message ---
You could create a scema, or module that is called with each page load, that
checks for messages when the user is logged in. So when the message is
stored into the databace, when the user loads the anypage while logged in it
checks for new messages, and if the user has messages then the window pops
up and the user can eather reply etc etc
Phil
----- Original Message -----
From: "M" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 08, 2002 10:09 AM
Subject: [PHP] How to program very basic chat on PHP?
> Hello, this question is about dynamic communication between browsers.
>
> I have a site to meet people (PHP/Mysql).These people have their
> profiles and pictures stored into the site.
> I would like to make some kind of chat (very single chat), so when
> people log into system, I can trace their nicknames and list all active
> users onto some table.
>
> When someone wants talk to any other listed person, he just click on
> nick name, and some window will open on the other people browser's. This
> way, a single chat between two users could be stablished easily.
>
> Is this possible to program just using PHP?. I cant figure here how to
> control remotely the other user's browse (open chat window for instance)
> using only PHP.
>
> Thanks for any help
>
> Mig
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Re: Warning: Could not execute mail delivery …
--- End Message ---
--- Begin Message ---
Can someone please tell me specifically who can answer if
http://www.php.net/manual/en/security.php is based on the most recent PHP
4.2.3? Or are there new bits of information that have not been added to this
chapter, yet?
Vania
_________________________
Vania Smrkovski
Internet Design and Programming
[EMAIL PROTECTED]
http://pandorasdream.com/
http://webdesign.pandorasdream.com/
--- End Message ---
