php-general Digest 20 Mar 2005 22:12:42 -0000 Issue 3349
Topics (messages 211130 through 211152):
Re: Session IDs - How are they generated?
211130 by: zini10
211133 by: Yannick Warnier
Re: Ensure only one instance of a script is running
211131 by: zini10
Re: class and global
211132 by: Mister Jack
http authentication with safe mode enabled?!
211134 by: Roman Stöckl-Schmidt
211141 by: LacaK
211147 by: Roman Stöckl-Schmidt
[suspicious - maybe spam] detecting a leading hyphen from post data
211135 by: Larry Brown
211137 by: LacaK
pache_request_headers() does not return HTTP Authorization headers
211136 by: LacaK
Re: detecting a leading hyphen from post data
211138 by: LacaK
apache_request_headers() does not return HTTP Authorization headers
211139 by: LacaK
execute methods dynamically
211140 by: Rainer Hahnekamp
211143 by: Rainer Hahnekamp
Re: Memory exhausted message wrong
211142 by: LacaK
mod_ssl + php4-curl interaction problem ... ?
211144 by: Marc G. Fournier
211150 by: Marc G. Fournier
carriage returns using error_log?
211145 by: Kurt Yoder
211149 by: Chris Shiflett
Authorization header is missing from apache_request_headers() array
211146 by: LacaK
Re: is_a() against instanceof
211148 by: Christian Stadler
see anything wrong (xhtml validator)
211151 by: Sebastian
php-not-executing-in-html-file-help
211152 by: vijayaraj nagarajan
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Im Pretty sure it's using Uniqid , its the simplest solution possible ,
about the second question, php doesnot mind if he is being run from
apahce,iis or command line.
Dont count on my answers coz im not really sure.
"Yannick Warnier" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi there,
>
> I'm looking for a good document that describes session ID generation in
> PHP 4.3.6. Does somebody have that at hand?
>
> I couldn't find anything googling it, and nothing in the PHP doc. I
> would like to know what kind of parameters it uses during the
> generation. And also how it is generated in the case of a script
> executed in command line.
>
> Thanks,
>
> Yannick
--- End Message ---
--- Begin Message ---
Le dimanche 20 mars 2005 Ã 13:02 +0200, zini10 a Ãcrit :
> Im Pretty sure it's using Uniqid , its the simplest solution possible ,
> about the second question, php doesnot mind if he is being run from
> apahce,iis or command line.
> Dont count on my answers coz im not really sure.
Thank you. The ID generator is here:
php_session_create_id
(http://cvs.php.net/co.php/php-src/ext/session/session.c)
Thanks to Eric Colinet for his answer on this topic.
Yannick
--- End Message ---
--- Begin Message ---
a more reliable solution:
Write a lock file and update timestamp each minute or so ,(at varous places
around the script)
then in order to check if the script is already runninh, check the
timestamp.
"Jeremiah Fisher" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Test for a lock file when the script starts, and remove it when the script
> ends. This isn't 100% reliable, but it's the typical solution to this
> problem. If the script fails, the lock file may not be removed (ever have
> a Mozilla browser crash and tell you the default profile is locked?), so
> be careful with your error handling!
>
> <?php
>
> // test for lock file
> if ( !$f = fopen( 'lock', 'r')) {
> // touch the lock file
> $f = fopen( 'lock', 'w');
> fwrite( $f, 'lock');
> fclose( $f);
>
> } else {
> // lock file exists; another instance must be running (we hope)
> echo 'Error: An instance of this script is already running!';
> exit( 1);
>
> }
>
>
> /* script stuff */
>
>
> // remove the lock file for the next instance
> unlink( 'lock');
>
>
> ?>
>
> Shaun wrote:
>> Hi,
>>
>> I have a script that inserts data from files uploaded to our server. I
>> need to make sure that only one instance of this script runs at anyone
>> time, can anyone tell me how I can do this?
>>
>> Many thanks
--- End Message ---
--- Begin Message ---
Ok, I've tried with a dummy class :
class dummy {
var $yank;
Function dummy()
{
$this->yank = "test dummy";
}
}
and the problem is exactly the same.
i've done
print_r($dummy);
is works ok outside the function, but inside print_r($dummy) doesn't
return anything, like $dummy wasn't existing, even tough I declared it
to be global... So the class n itself doesn't have anything to do with
it.
I'm really stuck with this. Is there any incompatibiliy with class and
global declaration ?
btw, I'm using PHP 4.3.10-8
thanks for your help,
On Sat, 19 Mar 2005 20:45:55 +0000, Mister Jack <[EMAIL PROTECTED]> wrote:
> there is no database connection involved here. if I displace the
> $freedb =& new freedbaxs();
> inside the function it's works.
>
> I should give a try with a dummy object. (but the constructor, only
> initialize empty array)
>
> On Sat, 19 Mar 2005 21:17:02 +0200, BAO RuiXian <[EMAIL PROTECTED]> wrote:
> >
> >
> > Evert - Rooftop Solutions wrote:
> >
> > > pooly wrote:
> > >
> > >> I'm trying to use a global object (declared at a upper level), but
> > >> all I got is :
> > >> Call to a member function on a non-object in
> > >> /home/pooly/public_html/templeet/modules/freedb.php on line 16
> > >>
> > Hmm, perhaps your problem is the failed connection to your database. Can
> > you verify this?
> >
> > Best
> >
> > Bao
> >
> > >> part of the code is :
> > >> $freedb =& new freedbaxs();
> > >> Function return_freedb_search($array)
> > >> {
> > >> global $freedb;
> > >> [snip]
> > >> $freedb->freedb_search($txt);
> > >>
> > >>
> > > I don't see an error in this code, perhaps you should give us a bit
> > > more information.
> > >
> > > grt,
> > > Evert
> > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi to you all.
I've been pulling my hair out over this issue and I really hope YOU can
help me. A part of the website that I'm having the problems with should
be password protected (nothing much, just to have a slight notion of it
not being publicly available, so no SSL or other Stuff) so I wrote this
function based on an example from the php manual which does just that.
Problem is that on my ISPs server safe_mode is enabled and so as it says
in the manual:
| As of PHP 4.3.0, in order to prevent someone from writing a script
| which reveals the password for a page that was authenticated through
| a traditional external mechanism, the PHP_AUTH variables will not be
| set if external authentication is enabled for that particular page
| and safe mode is enabled. Regardless, REMOTE_USER can be used to
| identify the externally-authenticated user. So, you can use
| $_SERVER['REMOTE_USER'].
My code looks like this:
function auth($file) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$http_401 = './auth/unauthorized.html';
$realm = 'Intern';
if (!isset($username) || !isset($password)) {
header("WWW-Authenticate: Basic realm=\"$realm\"");
header('HTTP/1.0 401 Unauthorized');
include $http_401;
} else {
if (($username != 'XXXXXXX') && (crypt($password, 'XX')
!=
'XXXXXXXXXXXXX')) {
include $http_401;
} else {
include $file;
}
~ }
}
Now as you can see I'm also checking wether there was no password
entered in contrast to the example from the manual. Of course I could
leave that part out and set
$username = $_SERVER['REMOTE_USER'];
But how the hell am I supposed to check for a correct password if
$_SERVER['PHP_AUTH_PW'] is not set? If safe mode is disabled everything
works just fine (checked on my on box with apache 1.3), so in theory
it's working.
Please help me guys I'd be grateful for any help provided.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPXCen0kyIx7rF68RAmq5AJsHC5HIm4lvnHp3gbOVVR0NcArTkwCgj7y5
8cU2qnxDeeWaDDIeFElroQk=
=F0Wq
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Hello Roman,
yes if safe_mode=on then
Authorization header is hidden from phpinfo() and apache_request_headers(),
but variables $_SERVER["PHP_AUTH_USER"] and "PHP_AUTH_PW"
are set , when Basic authorization is used ! (it works in my configuration
of Apache and PHP)
Problem may be in Apache . When directory (where requested file is) is
protected by Apache authentication, then $_SERVER variables are not set.
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LacaK wrote on 20.03.2005 19:13:
| Hello Roman,
| yes if safe_mode=on then
| Authorization header is hidden from phpinfo() and
apache_request_headers(),
|
| but variables $_SERVER["PHP_AUTH_USER"] and "PHP_AUTH_PW"
| are set , when Basic authorization is used ! (it works in my configuration
| of Apache and PHP)
|
| Problem may be in Apache . When directory (where requested file is) is
| protected by Apache authentication, then $_SERVER variables are not set.
I have no idea what to do to deal with this. There is only one .htaccess
file, which is in the top-level directory of my account with my ISP. And
I've even put
AuthType None
in there, but it doesn't change anything.
The fact that the uid of the script is appended to the realm specified
shouldn't require any changes in the code, or should it?
I really don't have any more ideas of what to do. What is probably
important is that apparently my ISP upgraded his version of PHP to
4.3.10 which is now CGI instead of a module.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPd3bn0kyIx7rF68RAn5/AKCQp3rI6EckIfs+XPj4/afpNQ80uwCeNqc8
mQBLBwxXqnrHfNKKktQep9E=
=wqmo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
I know this is pretty petty, but it is a sunday and I'm missing this for
some reason...
I'm trying to detect a leading hyphen in an element of an array. I've
been using strpos to find strings and if getting 1 as the result, I know
it was at the beginning of the string. However, "-", "\-", nor "/^-/"
give me a hit? Could someone throw me a bone here?
Larry
--- End Message ---
--- Begin Message ---
try use :
if (strpos($string,"-")==0) //first char is index 0 not 1 !
or
if (strpos($string,"-")!==false) //find anywhere in string
--- End Message ---
--- Begin Message ---
if safe_mode=on
so there is no possibilty to validate HTTP Digest Authorization ...
--- End Message ---
--- Begin Message ---
sorry correct is :
if (strpos($string,"-")===0) //3*= exact match, first char is index 0 not 1
!
--- End Message ---
--- Begin Message ---
if safe_mode=on
so there is no possibilty to validate HTTP Digest Authorization ...
--- End Message ---
--- Begin Message ---
Hello everybody,
I want to write a method in version 4 that executes a method of an object.
As parameter the classname and the methodname is passed:
function executeMethod($classname, $methodname) {
$object = new $classname();
$object->$methodname();
}
This does not work. What am I doing wrong?
Greetings,
-Rainer Hahnekamp
--- End Message ---
--- Begin Message ---
Sorry my fault. It's working of course.
Am Sun, 20 Mar 2005 18:47:20 +0100 schrieb Rainer Hahnekamp:
> Hello everybody,
>
> I want to write a method in version 4 that executes a method of an object.
> As parameter the classname and the methodname is passed:
>
> function executeMethod($classname, $methodname) {
> $object = new $classname();
> $object->$methodname();
> }
>
> This does not work. What am I doing wrong?
>
> Greetings,
> -Rainer Hahnekamp
--- End Message ---
--- Begin Message ---
Only try
--- End Message ---
--- Begin Message ---
Just upgraded curl on our FreeBSD servers to curl-7.13.1_1, and now
whenever I try and enable both curl.so in extensions.php *and* mod_ssl,
the apache server crashes ... disable one or the other fixes the issue ...
I've rebuilt php4-curl itself, as well as the apache, and nothing seems to
correct for it ...
Does anyone know of a problem with php4-curl + curl 7.1.3.1, and/or a fix?
Thanks ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664
--- End Message ---
--- Begin Message ---
As a follow up to this, I just installed curl 7.12.3_2, to see if going
back a version would fix the problem, and it does ... apache with curl
enabled now works again beside SSL ...
Not sure where the bug is, but the newer version of curl appears to have a
problem with php4-curl ...
On Sun, 20 Mar 2005, Marc G. Fournier wrote:
Just upgraded curl on our FreeBSD servers to curl-7.13.1_1, and now whenever
I try and enable both curl.so in extensions.php *and* mod_ssl, the apache
server crashes ... disable one or the other fixes the issue ...
I've rebuilt php4-curl itself, as well as the apache, and nothing seems to
correct for it ...
Does anyone know of a problem with php4-curl + curl 7.1.3.1, and/or a fix?
Thanks ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [EMAIL PROTECTED] Yahoo!: yscrappy ICQ: 7615664
--- End Message ---
--- Begin Message ---
Is there any way to tell error_log to keep the newline characters? I am
outputting error messages to the error log so I can look at detailed
status information at the time of the error. However, if I put \n in
the error message, it is treated literally by error_log and I see "\n"
in the log message.
--
Kurt Yoder
http://yoderhome.com
--- End Message ---
--- Begin Message ---
Kurt Yoder wrote:
Is there any way to tell error_log to keep the newline characters? I am
outputting error messages to the error log so I can look at detailed
status information at the time of the error. However, if I put \n in the
error message, it is treated literally by error_log and I see "\n" in
the log message.
Try using double quotes instead of single quotes.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--- End Message ---
--- Begin Message ---
Hello,
When I try to use "HTTP Digest Authorization" using code like :
Header( "HTTP/1.0 401 Unauthorized");
Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\",
opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\"");
browser returns in HTTP request Authorization header like this one :
Digest username="lacak", realm="www.myrealm.com", qop="auth",
algorithm="MD5", uri="/devel/phpinfo.php",
nonce="5e8ac9b033001458fc5380d8a88325a2", nc=00000004,
cnonce="c9495e4af19fa6b08eb045f32e6ced79",
response="fbd8f86b45334202b2cac380f29d9706"
When PHP runs as apache module with safe_mode=off
I can read this header using apache_request_headers() function
But when safe_mode=On,
then apache_request_headers() returns no Authorization (this is documented
behavior)
Is this bug or exists other way how access Authorization header ?
Can anyone help ?
How to report this to php developers, to fix this problem ?
Thank you
LacaK.
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason Barnett schrieb:
> Nice suggestion! But I wonder... would it perhaps be better to use the
> && operator instead of the AND operator? That way in case you are
> trying to do an assignment PHP won't bother to check instanceof if the
> class_exists() fails.
>
> if (class_exists($class) && $cls instanceof $class)
> {
>
> }
mmh ... instanceof isn't listed at
http://www.php.net/manual/en/language.operators.php#language.operators.precedence
so I'm not 100% sure. But neither
php -r "var_dump(class_exists('foobar') AND $a instanceof foobar);"
nor
php -r "var_dump(class_exists('foobar') AND ($a instanceof foobar));"
triggered an error on the commandline. So I guess, both && and AND
should work.
Regards,
Christian Stadler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPeVQ9250Hcbf/3IRAg6rAJ96A/iBzkDU1X3cCOFWo/waV1y3ywCfSbIF
S4JU3lo66WnPw5y8q3qMVSU=
=bRQK
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
it seems the xhtml validator is throwing an error with:
------------------------------------------------------
Line 530, column 12: value of attribute "id" invalid: "1" cannot start a
name
<div id=" 1 79" style="display: none;">
------------------------------------------------------
Here is the code:
$outnews = "
<div class=\"fade\" style=\"padding-top : 5px; padding-bottom : 5px\">
<b>continues »</b> <a href=\"/shownews/".$news['id']."\"
onclick=\"return hidetoggle('".$news[id]."');\"
onmouseover=\"window.status='".$news['status']."'; return true;\"
onmouseout=\"window.status=''; return true;\"><b>" .
stripslashes($news['morelink']) . " (" . $count . " more
words)</b></a></div>
<div id=\"".$news['id']."\" style=\"display: none;\">
<div class=\"newsleft\">" . $news['moretext'] . "</div></div>";
for some odd reason the validator is showing a space before the $news['id']
in the <div> id tag, even though the actual news ID is fine and there are no
spaces in the raw xhtml code above.. maybe im blind ..
i'd really like to get rid of the \" escapes and just use single quotes, but
i would guess i have to escape the javascript single quotes?
--- End Message ---
--- Begin Message ---
hi friends
i am struggling to solve this problem for the past one
week...kindly help me..
my apache runs perfectly...
this code gives a perfect output in the browser...
file name: hi.html
<html><body>
hihihi
</body></html>
but this code doesnot give any output in the
browser...
file name: hi.html
<html><body>
<?php echo "hihihi"; ?>
</body></html>
but, the same file with the php code in it...could be
executed in the command line, using php... where i am
getting the expected output...
i tested to c if my apache doesnt recognise php ...
this code runs perfectly...in the browser...
<?php echo "hihihi"; ?>
if saved as hi.php file...
the same code saved as .html, is not giving any output
in the browser...
kindly help me to figure out this problem...
thanks
vijayaraj nagarajan
graduate student
the university of southern mississippi
MS - USA
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--- End Message ---
