php-general Digest 11 Mar 2006 10:18:07 -0000 Issue 4009 Topics (messages 231760 through 231781):
Re: highlight_string() 231760 by: Weber Sites LTD Re: Editing an existing pdf? 231761 by: Sam Smith 231765 by: Meron 231771 by: Sam Smith 231774 by: Meron Re: LDAP and Single Sign On MORE THOUGHTS 231762 by: Rick Emery 231763 by: jblanchard.pocket.com 231764 by: Rick Emery 231766 by: jblanchard.pocket.com 231768 by: Rick Emery 231769 by: Jochem Maas 231775 by: Rick Emery 231780 by: Rory Browne Re: Dynamic Form List - how to change values 231767 by: Jochem Maas Displaying documents stored under web root 231770 by: Gerry Danen 231777 by: Chuck Anderson QUARANTINED: Xuvpcx 231772 by: WorkgroupMail Content Filter PDOStatement::execute() Return Values 231773 by: Chris Re: ebay/nusoap example? 231776 by: Paul Reinheimer mktime month 231778 by: Mark Steudel 231779 by: Austin Denyer database connection pool 231781 by: Khai Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: php-general@lists.php.net ----------------------------------------------------------------------
--- Begin Message ---Hi I found an example for this on WeberDev and got it to work pretty good. However, when I started to check, I now have a different issue. Till now, I just highlighted all of the text. Now I take the php code Out, highlight only the php code and put it back in. The problem is that I'm looking for anything between <? And ?> And some of the code examples have <?..... <?xml..... ?>.....?> So what I really take out is <?..... <?xml..... ?> How can I avoid this? thanks -----Original Message----- From: chris smith [mailto:[EMAIL PROTECTED] Sent: Friday, March 10, 2006 1:19 PM To: Weber Sites LTD Cc: php-general@lists.php.net Subject: Re: [PHP] highlight_string() On 3/10/06, Weber Sites LTD <[EMAIL PROTECTED]> wrote: > Hi > > I'm trying to go with your idea but I'm having difficulties with > preg_match_all. > I want the text between <?php and ?>. The use of preg_match_all bellow > only Returns text that is in a single line. If the <php is on one line > and the ?> is A few lines bellow, it does not match. > > preg_match_all('/<\?php(.*?)\?>/i',$text,$CodeArray,PREG_PATTERN_ORDER > ); Try /is it will treat the string as one huge line. > -----Original Message----- > From: Chris [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 07, 2006 3:08 AM > To: Weber Sites LTD > Cc: php-general@lists.php.net > Subject: Re: [PHP] highlight_string() > > Weber Sites LTD wrote: > > I was afraid of that... > > I need to do HTML manipulations on the text that is outside the <??>. > > After I run highlight_string the original text is messed up. > > If I run the manipulations before then they will look like HTML And > > not act as HTML... > > > > Any ideas? > > You could get the php from your page, highlight it and replace it back in: > > preg_replace('%<?(.*)?>%s', 'highlight_string(${1})', $content); > > don't know if that will work straight out for you but that should give > you an idea on how to proceed. > > > Or you could temporarily remove them, do whatever then replace it back in: > > $placeholders = array(); > while(preg_match('%<?(.*)?>%s', $content, $matches)) { > $size = sizeof($placeholders); > $placeholders[$size] = $matches[1]; > $content = str_replace($matches[0], '%%PLACEHOLDER['.$size.']%%', > $content); } > > ... other processing here. > > foreach($placeholders as $i => $text) { > $content = str_replace('%%PLACEHOLDER['.$i.']%%', > highlight_string($text), $content); > } > > > > -----Original Message----- > > From: chris smith [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 06, 2006 11:59 AM > > To: Weber Sites LTD > > Cc: php-general@lists.php.net > > Subject: Re: [PHP] highlight_string() > > > > On 3/6/06, Weber Sites LTD <[EMAIL PROTECTED]> wrote: > > > >>The only way I could work around this was to put empty <??> at the > >>Beginning of the text and now highlight_string() highlights only > >>what Is inside <? ?> > >> > >>You can see an example of the problematic text in the example Area > >>of this page : http://www.weberdev.com/get_example-4345.html > >> > >>Notice the empty <? ?> at the beginning of the example. > >>Without them, all of the example, including the text and HTML Part > >>will be painted by highlight_string(). > >> > >>Is this a bug? > > > > > > No. It will highlight html as well. > > > > You can give the illusion of it not highlighting the html by using: > > > > ini_set('highlight.html', '#000000'); -- Postgresql & php tutorials http://www.designmagick.com/
--- End Message ---
--- Begin Message ---> > I wanted to add texts from an html form to existing pdf. > I was able to create a pdf but not to edit it. > > Please give me guidance how to. FDF is what you're after if I understand this brief post. Google FDF PDF PHP. PHP writes the FDF file which fills out a linked PDF form. Notice I said PDF form.
--- End Message ---
--- Begin Message ---Thankyou for the quick reply Sam. Infact I took this option at first but I didnot proceed because creating a pdf form is new to me. And also I donot have the tool. what do you advise me. -- View this message in context: http://www.nabble.com/Editing-an-existing-pdf--t1202479.html#a3339621 Sent from the PHP - General forum at Nabble.com.
--- End Message ---
--- Begin Message ---> > Thankyou for the quick reply Sam. > Infact I took this option at first but I didnot proceed because creating a > pdf form is new to me. > And also I donot have the tool. what do you advise me. I would like to hang out on a yacht off the coast of Saint Tropez where Paris Hilton and her friends stop by most afternoons because they love trying to beat me at strip poker but I'm poor and ugly, what do you advise. Seriously, you need to tools and the education. Get the Acrobat demo for free 30 days. <http://www.adobe.com/products/acrobatpro/tryout.html> There's a companion app called Designer that builds forms.
--- End Message ---
--- Begin Message ---Thank you for replying patiently. No hard feelings but imagination is better than preinformation. Einstein -- View this message in context: http://www.nabble.com/Editing-an-existing-pdf--t1202479.html#a3343684 Sent from the PHP - General forum at Nabble.com.
--- End Message ---
--- Begin Message ---Quoting [EMAIL PROTECTED]:[snip] As far as I can tell you will have to ask the user to login at the web application level again, but you can verify it against your AD via LDAP with the basic stuff from http://www.php.net/ldap [/snip] We are sitting here having a discussion on login techniques and I cam up with a thought...why not have a login script write a cookie that then coulod be read by PHP and compared against the AD via LDAP? Does anyone see any gotcha's with that kind of process?Couldn't I write my own cookie to fool the authentication into thinking I'm somebody else?-- Rick Emery "When once you have tasted flight, you will forever walk the Earth with your eyes turned skyward, for there you have been, and there you will always long to return" -- Leonardo Da Vinci
--- End Message ---
--- Begin Message ---[snip] > We are sitting here having a discussion on login techniques and I cam up > with a thought...why not have a login script write a cookie that then > coulod be read by PHP and compared against the AD via LDAP? Does anyone > see any gotcha's with that kind of process? Couldn't I write my own cookie to fool the authentication into thinking I'm somebody else? [/snip] I suppose that you could do that if you were savvy enough to realize that automatic login to the intranet used a cookie for authentication and you knew how to format the cookie and properly hash a checksum stored in the cookie. The user information stored in the cookie would be verified against the AD via LDAP.
--- End Message ---
--- Begin Message ---Quoting [EMAIL PROTECTED]:[snip] Couldn't I write my own cookie to fool the authentication into thinking I'm somebody else? [/snip] I suppose that you could do that if you were savvy enough to realize that automatic login to the intranet used a cookie for authentication and you knew how to format the cookie and properly hash a checksum stored in the cookie. The user information stored in the cookie would be verified against the AD via LDAP.First, let me apologize for having to take it to a basic level. I'll admit that I'm fairly new to web development, but this is something I could *really* use at work and I want to make sure I understand (just to set the stage, we use Windows/Active Directory/MS SQL Server at work, but have decided that future applications will be written in PHP run on Linux/Apache).So I have a login script that sets a cookie when the user logs in. Then I have an application written in PHP that reads the cookie for authentication purposes.What would I store in the cookie? Would the username be sufficient (since the cookie was set, we can assume that it was already authenticated through AD, right), or is there something more I can add to the cookie to make the process more secure?Which leads back to my original question; what would keep me from setting a cookie with, say, my manager's username, fooling the PHP application into thinking I'm her?I can't help but feel like I'm missing something. Thanks, Rick
--- End Message ---
--- Begin Message ---[snip] First, let me apologize for having to take it to a basic level. I'll admit that I'm fairly new to web development, but this is something I could *really* use at work and I want to make sure I understand (just to set the stage, we use Windows/Active Directory/MS SQL Server at work, but have decided that future applications will be written in PHP run on Linux/Apache). So I have a login script that sets a cookie when the user logs in. Then I have an application written in PHP that reads the cookie for authentication purposes. What would I store in the cookie? Would the username be sufficient (since the cookie was set, we can assume that it was already authenticated through AD, right), or is there something more I can add to the cookie to make the process more secure? Which leads back to my original question; what would keep me from setting a cookie with, say, my manager's username, fooling the PHP application into thinking I'm her? [/snip] You could just store a username, since they have already authenticated, but a cookie with just a username would be easy to duplicate. My current thought is to hash a checksum of some sort and storing that in the cookie as well. That way you avoid the username only problem. I do not want to store the users password in any format in the cookie. I am thinking that the login script will cause a cookie to be written (via PHP) with a base64 encoded (http://www.php.net/manual/en/function.base64-encode.php) string or some other hash method. Then that string could be decoded when the user accesses the intranet site and compared against whatever criteria you deem necessary. I have not tested this though. It is on my task list for next week though. :) So, you could set a cookie with your manager's name, but it wouldn't work. You would also have to know how to encode a string properly for storage in the cookie. Read http://www.php.net/manual/en/function.setcookie.php for more information on cookies.
--- End Message ---
--- Begin Message ---Quoting [EMAIL PROTECTED]:You could just store a username, since they have already authenticated, but a cookie with just a username would be easy to duplicate. My current thought is to hash a checksum of some sort and storing that in the cookie as well. That way you avoid the username only problem. I do not want to store the users password in any format in the cookie. I am thinking that the login script will cause a cookie to be written (via PHP) with a base64 encoded (http://www.php.net/manual/en/function.base64-encode.php) string or some other hash method. Then that string could be decoded when the user accesses the intranet site and compared against whatever criteria you deem necessary.Okay, I'm following all of this. So I could take, say, the username reversed and encode it, then decode it in the PHP application, and be safe as long as nobody ever figures out what I'm encoding and how I'm encoding it. What would be great would be if the value that gets encoded could somehow be dynamic (like the current time, or even a randomly generated string). But then how would the PHP script know what the decoded value is supposed to be? Hmmm...something to think about.I have not tested this though. It is on my task list for next week though. :)Let us know how it goes! Thanks, Rick
--- End Message ---
--- Begin Message ---Rick Emery wrote:Quoting [EMAIL PROTECTED]:You could just store a username, since they have already authenticated, but a cookie with just a username would be easy to duplicate. My current thought is to hash a checksum of some sort and storing that in the cookie as well. That way you avoid the username only problem. I do not want to store the users password in any format in the cookie. I am thinking that the login script will cause a cookie to be written (via PHP) with a base64 encoded (http://www.php.net/manual/en/function.base64-encode.php) string or some other hash method. Then that string could be decoded when the user accesses the intranet site and compared against whatever criteria you deem necessary.Okay, I'm following all of this. So I could take, say, the username reversed and encode it, then decode it in the PHP application, and beI wouldn't do it like that.... instead stick the username in the cookie in plaintext and as a oneway encoded hash (the hash creation could make use of a fixed, secret prefix string [amongst other things) to make it secure] - then to check the cookie you take the plain text name perform the same hash creation routine on it and compared the results of that with the encoded hash that was sent in the cookie - if they match the cookie could be considered valid and untampered. the basic jist being don't use two way encryption, use a oneway hash like sha1().safe as long as nobody ever figures out what I'm encoding and how I'm encoding it. What would be great would be if the value that gets encoded could somehow be dynamic (like the current time, or even a randomly generated string). But then how would the PHP script know what the decoded value is supposed to be? Hmmm...something to think about.well you can stick it in the session ... but like I said decoding is an unnecessary step it seems to me (given that you can achieve the validation using a oneway encryption method)I have not tested this though. It is on my task list for next week though. :)Let us know how it goes! Thanks, Rick
--- End Message ---
--- Begin Message ---Quoting Jochem Maas <[EMAIL PROTECTED]>:Rick Emery wrote:Okay, I'm following all of this. So I could take, say, the username reversed and encode it, then decode it in the PHP application, and beI wouldn't do it like that.... instead stick the username in the cookie in plaintext and as a oneway encoded hash (the hash creation could make use of a fixed, secret prefix string [amongst other things) to make it secure] - then to check the cookie you take the plain text name perform the same hash creation routine on it and compared the results of that with the encoded hash that was sent in the cookie - if they match the cookie could be considered valid and untampered. the basic jist being don't use two way encryption, use a oneway hash like sha1().Okay. I don't know enough about encoding/encryption to discuss the merits either way, but I'll go along with your suggestion.So to carry through on my thought, the "secret prefix" would have to be constant. I'd like to find a way to make it variable (and random, even; I'm working under the assumption that at least one of our users would be smart enough to write a cookie to masquerade as another user).I have an idea, but I have little experience with Active Directory or LDAP, and I think I'm venturing into the space of "off-topic". I wonder if it would be possible (probably after modifying the schema) to write a value into the user's account in Active Directory/LDAP. The login script could generate a random string to prefix the username, hash it, write the random value into the user's LDAP record, and write the cookie. The PHP app on the other side could get the value from the user's LDAP record and then do the comparison. That way, each user would have a different "secret prefix", and it would be different each time that user logged in.Thoughts?well you can stick it in the session ... but like I said decoding is an unnecessary step it seems to me (given that you can achieve the validation using a oneway encryption method)Wouldn't the session expire on completion of the login script? If I opened a browser to run an application on our Intranet, wouldn't that create a different session? Again, I may be missing something.Thanks for the discussion; I'm really enjoying it. Rick
--- End Message ---
--- Begin Message ---I've got a bit lost on this, but assuming that we are talking about an intranet enviornment, with windows/IE6 clients, and apache servers, then personally: I would check logins based on a valid session. If the user doesn't have a session they aren't logged in. Store the username in the session variable. PHP session variables are AFAIK designed to be hard to detect and fake. Any code that is run under a http:// website ( as opposed to an ssl or https:// one ), reads the session(ie does not write to it). Any authentication should be done using a script accessed over https, protected by mod_auth_kerb. The http:// script would be accessed by the person when they first access the protected site. The protected site would detect that the user is not logged in, and redirect them to the authentication site(which is behind mod_auth_kerb, and https), which would create the session, and redirect the user back, to the page where they originally tried to access.
--- End Message ---
--- Begin Message ---tedd wrote:Pat: I would suggest changing to:http://.../chkout.php?imagename=NATURE-1.jpg&count=6&continue=Continue+Checkout,$newqty = $_GET['count']; $imagename = $_GET['imagename']; Also, to see what you are actually "getting" try: echo ("<br/>"); echo ("<pre>"); echo ("GET info:\n"); print_r($_GET); echo("</pre>");You might also want to consider taking care of undefined variables -- here's a reference:http://www.weberdev.com/get_example-3823.html HTH's teddOk, this works for one item, but my shopping cart may have (hopefully) dozens of items in it. How do I refer to each new quantity changes for each new row in the table? I was hoping that by making the qty field a name of the image, I would be able to match the new qty up with the right image quickly, but that won't work, obviously.How can I change multiple items in a list (or all) when the list is dynamically created? My approach may be wrong -- suggestions?Pat:You can add numerous items to the url. I don't remember the total number of characters that's allowed, but it's considerable.if your running Apache the default max length of the url is 8K - this can be upped but you have to recompile Apache. the HTTP spec itself doesn't stipulate a limit to the length... in general though anything over 512 bytes (outside of CMS tools) is discouraged...If you reach the limit, but might consider reducing the number of characters in your variables, such as: "NATURE-1.jpg" could be n1 where you had a look-up table or you knew what the cryptic code was to make the transformation.Or you could continue on a course like you were with n1=6 where you know that n1 stands for "NATURE-1.jpg" and the value contained therein is the value for that image.There's lot's of ways to do this.As for it being dynamically created, that shouldn't present a problem either -- just treat the url as a string and add ampersands (&) between "variables and their value" pairs.HTH's tedd
--- End Message ---
--- Begin Message ---Adrian, I use something like this: <?php if ( $is_member) // global var set during login { include("/home/belowdocroot/project_a/memberprofile.php"); // or whatever your page is } else { echo "Sorry, members only. Please login or register."; header("location:/members/login.php" ); } HTH Gerry http://groups.yahoo.com/group/php_and_mysql/ On 3/10/06, Adrian Bruce <[EMAIL PROTECTED]> wrote: > > Hi > > After some advice (surprise!) > > I currently store restricted documents beneath the web root so they are > not accessible via the URL, when a valid user wishes to view a document > i copy it to a temporary folder above the root and load it in a new > page. the only way i can then manage to delete the copy is > automatically deleting all temp files when any user goes to the log out > page. > > This is obviously not a very good way of doing this but unless i can > establish when a user is no longer viewing the doc then i dont know when > to delete it. I was wandering how others deal with these problems like > this >
--- End Message ---
--- Begin Message ---Adrian Bruce wrote:I deliver restricted PDFs that are kept *above* the web root without using a temporary file. Why do you need to create a temporary file? I use headers and readfile.Hi After some advice (surprise!)I currently store restricted documents beneath the web root so they are not accessible via the URL, when a valid user wishes to view a document i copy it to a temporary folder above the root and load it in a new page. the only way i can then manage to delete the copy is automatically deleting all temp files when any user goes to the log out page.This is obviously not a very good way of doing this but unless i can establish when a user is no longer viewing the doc then i dont know when to delete it. I was wandering how others deal with these problems like thisany advice appreciated greatly Ade-- ***************************** Chuck Anderson • Boulder, CO http://www.CycleTourist.com Integrity is obvious. The lack of it is common. *****************************
--- End Message ---
--- Begin Message ---The message "Xuvpcx" from MAILER-DAEMON, sent on 3/10/2006 09:42 was quarantined because it contained either an executable file, a batch file or a screen saver file. All of these types of attachments are considered security risks. Please consult your mail administrator who can release the message. This message was checked by MailScan for WorkgroupMail. www.workgroupmail.com
--- End Message ---
--- Begin Message ---Under what circumstances does PDOStatement::execute() return false? It seems to always return true. Thanks, Chris
--- End Message ---
--- Begin Message ---I tried to get the eBay API working with nusoap for quite a while, but eventually gave up and wrote my own code from scratch. There is a pear project that deals with eBay if you're more interested in using a prefab solution than coding your own from scratch. paul On 3/8/06, jon <[EMAIL PROTECTED]> wrote: > Howdy... > > I don't suppose that any of you would happen to have an example of how > to use the ebay API with nusoap? > > I've done plenty o' projects with nusoap, but working with the ebay api > has me stumped. I don't really even know how to get started, > coding-wise. (I've setup all the developer tokens and whatnot, so that's > all good.) > > Thanks a lot, > > -- jon > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Paul Reinheimer Zend Certified Engineer
--- End Message ---
--- Begin Message ---Im a little confused on the number I should use for the month: Take the following: echo date('Ymd', mktime(0, 0, 0, 3, 0, date("Y")) ); I expected it to output: 20060331 But instead it outputs 20060228. In the examples for january in the php manual I get december instead of january. Is there a server config or any ideas what I am doing wrong? Thanks, Mark
--- End Message ---
--- Begin Message ---Mark Steudel wrote: > Im a little confused on the number I should use for the month: > > Take the following: > > echo date('Ymd', mktime(0, 0, 0, 3, 0, date("Y")) ); > > I expected it to output: 20060331 > > But instead it outputs 20060228. Correct. You are asking it for the zeroth day of March, which is the last day of February. Regards, Ozz.signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Hello,My name is Khai. I am new to PHP. I am well versed with mod_perl and apache. With mod_perl, I can use Apache::DBI to cache database connections. Is there a module for PHP that does the same thing ?Thank you, Khai
--- End Message ---