Re: [PHP] An idea...
Martin Towell wrote: > 1. so you're trying to stop people from link straight to your page? > 2. or are you trying to stop them from using your code without > permission (on the same server)? > a. will others be able to see the source code? > i. if so, then what's to stop them from defining the constant > themselves? > ii. if not, this looks like a good way of doing it > I could see how links in the url bar could get spoofed, but I have no idea how a form can. I presented a question maybe last week about $HTTP_POST_VARS security or lack of, and one the replies, got me thinking. I guess what I had in mind is along the lines of #2. What I had in mind was that each install would have a different value for the constant. So will others be able to see the source code, no not unless the webserver becomes compromised... > -Original Message- > From: Gerard Samuel [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 15, 2002 11:31 AM > To: Martin Towell > Cc: PHP > Subject: Re: [PHP] An idea... > > > Quote from the php manual. > "Once a constant is defined, it can never be changed or undefined." > > I figure, since the constant is initialised in the script, it cannot be > changed or undefined, then I can put my trust in it that it comes from > the server and no where else > > Martin Towell wrote: > > > how is that going to increase security? > > > > -Original Message- > > From: Gerard Samuel [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 15, 2002 11:21 AM > > To: php > > Subject: [PHP] An idea... > > > > > > Just want to bounce this idea off you guys/gals. > > Im looking to improve the security of my scripts. Now lets say, I > > initialise the script with a constant in the main config file that all > > the pages access. Then when Im accepting data from a form or maybe even > > a link I could do > > > > if (isset($HTTP_POST_VARS['foo']) && defined("CONSTANT")) { > >process data > > } > > > > Just an idea, what do you think.. > > Thanks > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] An idea...
Quote from the php manual. "Once a constant is defined, it can never be changed or undefined." I figure, since the constant is initialised in the script, it cannot be changed or undefined, then I can put my trust in it that it comes from the server and no where else Martin Towell wrote: > how is that going to increase security? > > -Original Message- > From: Gerard Samuel [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 15, 2002 11:21 AM > To: php > Subject: [PHP] An idea... > > > Just want to bounce this idea off you guys/gals. > Im looking to improve the security of my scripts. Now lets say, I > initialise the script with a constant in the main config file that all > the pages access. Then when Im accepting data from a form or maybe even > a link I could do > > if (isset($HTTP_POST_VARS['foo']) && defined("CONSTANT")) { >process data > } > > Just an idea, what do you think.. > Thanks > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] An idea for a PHP tool
It's also worth noting here that typing a keyword (or maybe it's just function names?) in place of a directory after www.php.net does the same thing. ie, 'www.php.net/extract' takes you to the extract page in the manual. HTH, dm Mike Eheler wrote: >Through suggestions of people here is the code I produced for a bookmark: > >javascript:void(srch=prompt('Function Name?',''));if(srch) >{self.location.href='http://download.php.net/search.php?pattern=' +srch+ >'&show=quickref';}; > >Of course that should all go on one line. That is a good hack for now, >but I still think it would be great to have the PHP site's search bar >kind of in my browser, and it would launch a new window or whatever >(with the drop-down to select function ref/online manual/etc) > >Mike > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] An idea for a PHP tool
Through suggestions of people here is the code I produced for a bookmark: javascript:void(srch=prompt('Function Name?',''));if(srch) {self.location.href='http://download.php.net/search.php?pattern=' +srch+ '&show=quickref';}; Of course that should all go on one line. That is a good hack for now, but I still think it would be great to have the PHP site's search bar kind of in my browser, and it would launch a new window or whatever (with the drop-down to select function ref/online manual/etc) Mike Jason Murray wrote: >>Like google has it's toolbar, why not have a PHP Manual toolbar? That >>would be *great*. Just type in the function name and hit "go" and the >>manual comes up. >> > > You could probably work a bit of javascript magic in a bookmark to > do the same thing. > > I've seen bookmarks that pop up a javascript input window and then > use the input in the resulting URL. So, take the manual query via > javascript input and then append it to the www.php.net url. > > At least, I *think* I have :) > > J > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] An idea for a PHP tool
You can achieve something like this by adding the following to your links bar: javascript:void(srch=prompt('What are you looking for?',''));if(srch){self.location.href='http://php.net/'+srch}; (drag the current url to the links bar, and then right-click and select "properties", then paste the javascript in). Hope that helps.. -- James Cox :: [EMAIL PROTECTED] Please CC me when replying to my messages. Was I helpfull? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ > -Original Message- > From: Jason Murray [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 12:03 AM > To: 'Mike Eheler'; [EMAIL PROTECTED] > Subject: RE: [PHP] An idea for a PHP tool > > > > Like google has it's toolbar, why not have a PHP Manual toolbar? That > > would be *great*. Just type in the function name and hit "go" and the > > manual comes up. > > You could probably work a bit of javascript magic in a bookmark to > do the same thing. > > I've seen bookmarks that pop up a javascript input window and then > use the input in the resulting URL. So, take the manual query via > javascript input and then append it to the www.php.net url. > > At least, I *think* I have :) > > J > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > >
RE: [PHP] An idea for a PHP tool
On Fri, 4 Jan 2002, Jason Murray wrote: > I've seen bookmarks that pop up a javascript input window and then > use the input in the resulting URL. So, take the manual query via > javascript input and then append it to the www.php.net url. There are tips on the php site for making the quick-reference bookmarks, and other widgets, here - http://www.php.net/tips.php ~Chris /"\ \ / September 11, 2001 X We Are All New Yorkers / \ rm -rf /bin/laden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] An idea for a PHP tool
> Like google has it's toolbar, why not have a PHP Manual toolbar? That > would be *great*. Just type in the function name and hit "go" and the > manual comes up. You could probably work a bit of javascript magic in a bookmark to do the same thing. I've seen bookmarks that pop up a javascript input window and then use the input in the resulting URL. So, take the manual query via javascript input and then append it to the www.php.net url. At least, I *think* I have :) J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] An idea
it looks like you're getting your ereg and preg mixed up but try it like this: switch(1){ case ereg("\\.jpg$",$filename): echo "JPEG Image";break; case ereg("\\.gif$",$filename): echo "GIF Image";break; case ereg("\\.zip$",$filename): echo "Compressed File"; break; default: echo "Unkown File Type"; break; } thats maybe a little cleaner than using if/else if's. also be careful on the backslash, you have to escape it in double quotes. On Tue, 19 Jun 2001 18:48:03 -0400, TunkeyMicket ([EMAIL PROTECTED]) wrote: > Humor me, how useful would a Regex switch statement be? > > Like: > > ereg_switch($filename) { > case "/\.jpg$/": > echo "JPEG Image"; break; > case "/\.gif$/"; > echo "GIF Image"; break; > case "/\.zip$/": > echo "Compressed File"; break; > default: > echo "Unkown File Type"; break; > } > > That is just an example of an application of such, I have other >applications that I would like to use it for, but that serves the >best example. I would love to get started on a module project for >something like this, as using IF blocks with PREG_MATCH become >tedious and inefficient. If you know of such a module or would >know how to get started, please repsond with your ideas/input. > > Chris "TunkeyMicket" Watford > > TunkeyMicket Productions > www.tunkeymicket.com >