php-general Digest 26 May 2002 07:23:25 -0000 Issue 1367
Topics (messages 99255 through 99285):
4.2.1 Vars
99255 by: Kurth Bemis (List Monkey)
99258 by: Jeff Lewis
99260 by: 1LT John W. Holmes
99261 by: Kurth Bemis (List Monkey)
99263 by: 1LT John W. Holmes
Re: Newbie Questionabout variables
99256 by: Al
pconnect
99257 by: Boaz Yahav
Re: PHP script
99259 by: Paul Roberts
NewBie-UPLOADING IMAGE
99262 by: Dani
99264 by: 1LT John W. Holmes
99266 by: Kevin Stone
99272 by: Neil Highley
Re: unexpected T_IF
99265 by: Steve Buehler
UPLOADING IMAGE
99267 by: Dani
99268 by: 1LT John W. Holmes
99269 by: Dani
99270 by: 1LT John W. Holmes
99271 by: Dani
99279 by: Liam MacKenzie
Incompatibility with file-input items
99273 by: Felix Natter
bulletin board question...
99274 by: Anthony Ritter
99276 by: Richard Baskett
99282 by: 1LT John W. Holmes
99283 by: SP
Re: Function Switch($pid) - NEED HELP
99275 by: David Freeman
Extract ZIP archives
99277 by: Kevin Stone
Include (Newbie question)
99278 by: r
99280 by: Kevin Stone
99281 by: 1LT John W. Holmes
inspirational
99284 by: jtjohnston
99285 by: Ray Hunter
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to work.
I know that i need to turn register_globals on in my config, however I know
that there are security problems with this. So bascially I need to know
how to make 500+ scripts work without editing a bunch of files to make it
so that all my get and post vars start with $_POST and $_GET
any ideas?
~kurth
Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
Security is like an arms race; the best attackers will continue to search
for more complicated exploits, so we will too.
Quoted from http://www.openbsd.org/security.html
[EMAIL PROTECTED] | http://kurth.hardcrypto.com
PGP key available - http://kurth.hardcrypto.com/pgp
Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
(http://www.distributed.net)
--- End Message ---
--- Begin Message ---
For now you can add this to the top of your scripts:
$types_to_register = array('GET','POST','COOKIE','SESSION','SERVER');
foreach ($types_to_register as $type) {
$arr = @${'HTTP_' . $type . '_VARS'};
if (@count($arr) > 0) {
extract($arr, EXTR_OVERWRITE);
}
}
Somebody else posted this a few weeks back and it has worked for me until I
can convert everything over...
Jeff
----- Original Message -----
From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 3:23 PM
Subject: [PHP] 4.2.1 Vars
>
> After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to work.
>
> I know that i need to turn register_globals on in my config, however I
know
> that there are security problems with this. So bascially I need to know
> how to make 500+ scripts work without editing a bunch of files to make it
> so that all my get and post vars start with $_POST and $_GET
>
> any ideas?
>
> ~kurth
>
> Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
>
> Security is like an arms race; the best attackers will continue to search
> for more complicated exploits, so we will too.
> Quoted from http://www.openbsd.org/security.html
>
> [EMAIL PROTECTED] | http://kurth.hardcrypto.com
> PGP key available - http://kurth.hardcrypto.com/pgp
>
> Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
> (http://www.distributed.net)
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
--- End Message ---
--- Begin Message ---
Do you know what the security problems are? Do you realise that having
register_globals on or off isn't the security problem, it's how you write
your code? If you're not going to change any of your code, just turn on
register_globals. Changing your code to _POST or _GET and doing nothing else
isn't making it any more secure that using it the way it is with
register_globals on.
---John Holmes...
----- Original Message -----
From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 3:23 PM
Subject: [PHP] 4.2.1 Vars
>
> After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to work.
>
> I know that i need to turn register_globals on in my config, however I
know
> that there are security problems with this. So bascially I need to know
> how to make 500+ scripts work without editing a bunch of files to make it
> so that all my get and post vars start with $_POST and $_GET
>
> any ideas?
>
> ~kurth
>
> Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
>
> Security is like an arms race; the best attackers will continue to search
> for more complicated exploits, so we will too.
> Quoted from http://www.openbsd.org/security.html
>
> [EMAIL PROTECTED] | http://kurth.hardcrypto.com
> PGP key available - http://kurth.hardcrypto.com/pgp
>
> Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
> (http://www.distributed.net)
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
At 04:00 PM 5/25/2002 -0400, 1LT John W. Holmes wrote:
Actually - i don't understand what the docs at PHP are talking about. care
to enlighten me?
~kurth
>Do you know what the security problems are? Do you realise that having
>register_globals on or off isn't the security problem, it's how you write
>your code? If you're not going to change any of your code, just turn on
>register_globals. Changing your code to _POST or _GET and doing nothing else
>isn't making it any more secure that using it the way it is with
>register_globals on.
>
>---John Holmes...
>
>----- Original Message -----
>From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Saturday, May 25, 2002 3:23 PM
>Subject: [PHP] 4.2.1 Vars
>
>
> >
> > After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to work.
> >
> > I know that i need to turn register_globals on in my config, however I
>know
> > that there are security problems with this. So bascially I need to know
> > how to make 500+ scripts work without editing a bunch of files to make it
> > so that all my get and post vars start with $_POST and $_GET
> >
> > any ideas?
> >
> > ~kurth
> >
> > Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
> >
> > Security is like an arms race; the best attackers will continue to search
> > for more complicated exploits, so we will too.
> > Quoted from http://www.openbsd.org/security.html
> >
> > [EMAIL PROTECTED] | http://kurth.hardcrypto.com
> > PGP key available - http://kurth.hardcrypto.com/pgp
> >
> > Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
> > (http://www.distributed.net)
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
"Jedi Business, Go back to your drinks" - Anakin Skywalker, AOTC
[EMAIL PROTECTED] | http://kurth.hardcrypto.com
PGP key available - http://kurth.hardcrypto.com/pgp
--- End Message ---
--- Begin Message ---
Sure. The idea you have to understand is that nothing from the user can be
trusted. When you are expecting a number and they enter a letter, it may
mess things up and you have to be prepared for that.
With register_globals OFF in your php.ini file, all of the user input is
present in the _GET, _POST, _REQUEST, or _COOKIE array. With
register_globals ON, then the variables are registered as regular variables.
If you have a URL like page.php?id=1, then with them OFF, you have to use
$_GET["id"] to get the value of one, with them ON, you can just use $id.
Neither one is better than the other b/c the user can still just alter the
URL and send a different value. The same is true for cookie and post data,
the user can easily alter that and send whatever kind of data they want. You
have to make sure it's what you think it will be.
One example is say you do a database call to check a username and password.
If they are good, you set an $Authorized variable to 'YES'. Further in the
page, you do if($Authorized == 'YES') { show_good_stuff(); }. Now, with
register_globals ON, the user can easily type in a url like
page.php?Authorized=YES and they are in whether the query passes or not.
With register_globals OFF, the user cannot create a $Authorized variable. If
they try to pass it in the URL, it'll become $_GET["Authorized"], not
$Authorized. Now, this doesn't mean that ON or OFF is better than the other,
it's how you program. You can easily leave register_globals ON and just make
sure you set a value for $Authorized in your script (don't assume it's
value), like before you ever check the username and password, say
$Authorized = FALSE; That way even if the user tries to alter the URL, you
just set it to false regardless, and you're script will be fine.
Hopefully that is clear. If you have any questions let me know. There are
plenty of articles written about this, do a search on google for some or
search the archives. The thing to remember is not to trust any user input
and make sure you know where your variables are coming from.
---John Holmes...
----- Original Message -----
From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 4:07 PM
Subject: Re: [PHP] 4.2.1 Vars
> At 04:00 PM 5/25/2002 -0400, 1LT John W. Holmes wrote:
>
> Actually - i don't understand what the docs at PHP are talking about.
care
> to enlighten me?
>
> ~kurth
>
> >Do you know what the security problems are? Do you realise that having
> >register_globals on or off isn't the security problem, it's how you write
> >your code? If you're not going to change any of your code, just turn on
> >register_globals. Changing your code to _POST or _GET and doing nothing
else
> >isn't making it any more secure that using it the way it is with
> >register_globals on.
> >
> >---John Holmes...
> >
> >----- Original Message -----
> >From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Saturday, May 25, 2002 3:23 PM
> >Subject: [PHP] 4.2.1 Vars
> >
> >
> > >
> > > After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to
work.
> > >
> > > I know that i need to turn register_globals on in my config, however I
> >know
> > > that there are security problems with this. So bascially I need to
know
> > > how to make 500+ scripts work without editing a bunch of files to make
it
> > > so that all my get and post vars start with $_POST and $_GET
> > >
> > > any ideas?
> > >
> > > ~kurth
> > >
> > > Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone
Computer
> > >
> > > Security is like an arms race; the best attackers will continue to
search
> > > for more complicated exploits, so we will too.
> > > Quoted from http://www.openbsd.org/security.html
> > >
> > > [EMAIL PROTECTED] | http://kurth.hardcrypto.com
> > > PGP key available - http://kurth.hardcrypto.com/pgp
> > >
> > > Fight Weak Encryption! Donate your wasted CPU cycles to
Distributed.net
> > > (http://www.distributed.net)
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
>
>
> Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
>
> "Jedi Business, Go back to your drinks" - Anakin Skywalker, AOTC
>
> [EMAIL PROTECTED] | http://kurth.hardcrypto.com
> PGP key available - http://kurth.hardcrypto.com/pgp
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
I got it now, thanks a lot. For some reason Mozilla won't let me post to the
newsgroup.
I've used your answer, and another one, and have already made a simple php
script to test the variable and echo "passed" or "failed"
I'm modifying a php application and the admin file is named "index.php"
[yes that's right] and access to it is not protected.
The application is not very critical and there is no particularly sensitive
material in the DB. So, I set the .htaccess file to default to the user's
file and thought I'd make access to the "index.php" a little secure with a
password. I've seen other applications with this technique.
Thanks again,
Al..........
"Al" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> I hope this posting is not a duplicate. I originally posted it yesterday,
> but it doesn't show on the newsgroup for me.
>
> Apparently you can set a variable as part of a URL statement. For
example:
> www.company.com/index.php?admin=password.
>
> Where "password" might be a simple variable to test as a rudimentary
> authorization password.
>
> I can't find anything like this on the php website or manual.
>
> Can someone point me in the right direction?
>
> Thanks....
>
>
--- End Message ---
--- Begin Message ---
Hi
When working with pconnect. Can it be that each http process of apache will have more
than
one sql connection open at a time?
I'm working with pconnect and seeing about double the number of established sql
connections
than the established http processes.
any ideas?
Sincerely
berber
Visit http://www.weberdev.com Today!!!
To see where PHP might take you tomorrow.
--- End Message ---
--- Begin Message ---
how about using the FTP functions that php has, look it up in the man, i haven't used
it.
Paul Roberts
[EMAIL PROTECTED]
++++++++++++++++++++++++
----- Original Message -----
From: "Chris Hewitt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 3:33 PM
Subject: Re: [PHP] PHP script
> Ryan,
>
> I may be missing something as I have not been monitoring this thread,
> but why not use ftp? It allows the file transfer and chmod. Perhaps its
> not available on the server that you need it to be, but its the normal
> way of putting web pages onto a server.
>
> HTH
> Chris
>
> SP wrote:
>
> >I'm not an expert but that doesn't sound like it's
> >possible. I mean if you could upload files and
> >chmod them on a remote server you would have some
> >serious security issues. The only thing I can
> >think of is you could upload files to your remote
> >datebase.
> >
> >
> >
> >-----Original Message-----
> >From: r [mailto:[EMAIL PROTECTED]]
> >Sent: May 25, 2002 7:00 AM
> >To: [EMAIL PROTECTED]
> >Subject: [PHP] PHP script
> >
> >
> > Hi Guys,
> >
> > I need a PHP script that will allow me to
> >upload/download chmod files etc
> >on
> > a remote server...
> > I know there are loads of these scripts out there
> >but being a newbie to PHP
> > I really dont know which one is good...
> > can you recomend any? coming from Java I love PHP
> >so would appreciate if
> >you
> > would recomend only a php script and not
> >perl,servlet,asp etc.
> > Another problem is my webserver is something like
> > /wtn/cgi-bin/www/
> >
> > all cgi scripts will have to be put in the
> >cgi-bin directory of course but
> > must be called like this
> >mysite.com/cgibin/script.pl
> >
> > the php script should allow me access to this
> >directory too!
> >
> > ANY ideas or recomendations will be deeply
> >appreciated esp from John
> >Holmes,
> > Jason Wong, Miguel Cruz coz you guys are really
> >brainy and have helped me
> >in
> > the past so I know your advise is supurb.
> > I would tip my hat to you, but dont wear
> >one...;-)
> >
> > Cheers,
> > -Ryan A.
> >
> >
> >
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit:
> >http://www.php.net/unsub.php
> >
> >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
Hi,
I want to upload image file into a folder in webserver using HTML form.
What function do I use fo this purpose?
Thank you,
Dani
--- End Message ---
--- Begin Message ---
Try the RTFM() function. It will do exactly what you want.
http://www.php.net/manual/en/features.file-upload.php
---John Homes...
----- Original Message -----
From: "Dani" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 6:57 PM
Subject: [PHP] NewBie-UPLOADING IMAGE
> Hi,
>
> I want to upload image file into a folder in webserver using HTML form.
> What function do I use fo this purpose?
>
> Thank you,
>
> Dani
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
This is a rather broad question you're asking. I would suggest starting at
the online documentation on www.php.net. Handeling file uploads:
http://www.php.net/manual/en/features.file-upload.php
Post back here if you have any trouble understanding any of this stuff.
-Kevin
----- Original Message -----
From: "Dani" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 4:57 PM
Subject: [PHP] NewBie-UPLOADING IMAGE
> Hi,
>
> I want to upload image file into a folder in webserver using HTML form.
> What function do I use fo this purpose?
>
> Thank you,
>
> Dani
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
MWAHAHAHAHAH!
[EMAIL PROTECTED]
-------------------------------------------------------
"Life must be lived as play."
- Plato (427 - 347 BC)
----- Original Message -----
From: "1LT John W. Holmes" <[EMAIL PROTECTED]>
To: "Dani" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 9:20 PM
Subject: Re: [PHP] NewBie-UPLOADING IMAGE
> Try the RTFM() function. It will do exactly what you want.
>
> http://www.php.net/manual/en/features.file-upload.php
>
> ---John Homes...
>
> ----- Original Message -----
> From: "Dani" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, May 25, 2002 6:57 PM
> Subject: [PHP] NewBie-UPLOADING IMAGE
>
>
> > Hi,
> >
> > I want to upload image file into a folder in webserver using HTML form.
> > What function do I use fo this purpose?
> >
> > Thank you,
> >
> > Dani
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
put a ; at the end of line 31 and see if it still gives you the error.
Steve
At 10:33 AM 5/25/2002 +0100, you wrote:
>Hmm, can anyone explain why I'm getting this error?
>
>Parse error: parse error, unexpected T_IF in
>/usr/local/htdocs/san.loc/upload-img.php on line 34
>
>Code reads:
>
>11:#--if form submitted then process file upload
>12:if($HTTP_POST_VARS['ttl']) {
>13:
>14: #--check if there is already a picture called this
>15: include $DOCUMENT_ROOT . 'incs/db.php';
>16: @mysql_select_db("infoNav") or die("unable to connect to table");
>17: $qry = "SELECT ttl FROM imgLst WHERE site =
>$HTTP_SESSION_VARS[site_no] AND ttl = '$HTTP_POST_VARS[ttl]';";
>18: $imgTst = MYSQL_QUERY($qry);
>19:
>20: if(mysql_numrows($imgTst) < 1) {
>21:
>22: #-- check file type
>23: $ulf = $HTTP_POST_FILES['uplfile']['type'];
>24: if($ulf == 'image/pjpeg' || $ulf == 'image/gif') {
>25:
>26: #-- get ext
>27: ($ulf == 'image/pjpeg') ? $ext = '.jpg' : $ext = '.gif';
>28:
>29: #-- create unique filename
>30: $flNme = '\/imgs\/user-imgs\/' . time() . $REMOTE_HOST . $ext;
>31: $FulflNme = $DOCUMENT_ROOT . $flNme
>32:
>33: #-- check file is realy uploaded for security then copy to store folder
>34: if (is_uploaded_file($HTTP_POST_FILES['uplfile'])) {
>
>Thanks
>
>Zac
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
--- End Message ---
--- Begin Message ---
What's wrong with my code?
<?php
if($file)
{
print("file name :$file_name<P>\n");
if (copy($file,"http://sarjito/img/";))
{
print("file uploaded");
}
unlink($file);
}
?>
Any advise is welcome.
Thanks,
Dani
--- End Message ---
--- Begin Message ---
Give a destination file name, not just the directory. You don't have to
unlink($file), it's done automatically when the script ends.
---John Holmes...
----- Original Message -----
From: "Dani" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 7:58 PM
Subject: [PHP] UPLOADING IMAGE
> What's wrong with my code?
>
> <?php
> if($file)
> {
> print("file name :$file_name<P>\n");
> if (copy($file,"http://sarjito/img/";))
> {
> print("file uploaded");
> }
> unlink($file);
> }
> ?>
>
> Any advise is welcome.
>
> Thanks,
> Dani
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
I have tried to use the filename but it's still not working.
here is the whole code I've got:
****** First file called 'upload.php'
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<form name="form1" method="post" ENCTYPE="multipart/form-data"
action="uploadfile.php">
<table width="50%" border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="21%">File</td>
<td width="79%">
<input type="FILE" name="file">
</td>
</tr>
<tr>
<td width="21%">
<input type="submit" name="Submit" value="Submit">
</td>
<td width="79%"> </td>
</tr>
</table>
</form>
</body>
</html>
******second file called 'uploadfile.php'
<?php
if($file)
{
echo "file name :",$file_name,"<P>\n";
copy($file,"D:/graphic_practise/$file_name");
print("file uploaded");
}
?>
thanks
--- End Message ---
--- Begin Message ---
HOW IS IT NOT WORKING? Are you getting an error? Is your hard drive being
erased? Do you get little electrical shocks from the wires tied into your
braces when you hit enter and upload a file over 10k that has blue and
yellow within it but not part of the border????
Info, man...provide it.
---John Holmes...
----- Original Message -----
From: "Dani" <[EMAIL PROTECTED]>
To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, May 25, 2002 8:24 PM
Subject: Re: [PHP] UPLOADING IMAGE
> I have tried to use the filename but it's still not working.
>
> here is the whole code I've got:
>
> ****** First file called 'upload.php'
> <html>
> <head>
> <title>Untitled Document</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> </head>
>
> <body bgcolor="#FFFFFF" text="#000000">
> <form name="form1" method="post" ENCTYPE="multipart/form-data"
> action="uploadfile.php">
> <table width="50%" border="0" cellspacing="0" cellpadding="1">
> <tr>
> <td width="21%">File</td>
> <td width="79%">
> <input type="FILE" name="file">
> </td>
> </tr>
> <tr>
> <td width="21%">
> <input type="submit" name="Submit" value="Submit">
> </td>
> <td width="79%"> </td>
> </tr>
> </table>
> </form>
> </body>
> </html>
>
> ******second file called 'uploadfile.php'
> <?php
> if($file)
> {
> echo "file name :",$file_name,"<P>\n";
> copy($file,"D:/graphic_practise/$file_name");
>
> print("file uploaded");
> }
> ?>
>
> thanks
>
--- End Message ---
--- Begin Message ---
Thanks for replying
Sorry about not providing the info ....
well... when I hit submit button, it goes to the 'uploadfile.php' page, but it
doesn't print anything at all. I check in my folder and the file is not copied
either.
thanks,
Dani
"1LT John W. Holmes" wrote:
> HOW IS IT NOT WORKING? Are you getting an error? Is your hard drive being
> erased? Do you get little electrical shocks from the wires tied into your
> braces when you hit enter and upload a file over 10k that has blue and
> yellow within it but not part of the border????
>
> Info, man...provide it.
>
> ---John Holmes...
>
> ----- Original Message -----
> From: "Dani" <[EMAIL PROTECTED]>
> To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Saturday, May 25, 2002 8:24 PM
> Subject: Re: [PHP] UPLOADING IMAGE
>
> > I have tried to use the filename but it's still not working.
> >
> > here is the whole code I've got:
> >
> > ****** First file called 'upload.php'
> > <html>
> > <head>
> > <title>Untitled Document</title>
> > <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> > </head>
> >
> > <body bgcolor="#FFFFFF" text="#000000">
> > <form name="form1" method="post" ENCTYPE="multipart/form-data"
> > action="uploadfile.php">
> > <table width="50%" border="0" cellspacing="0" cellpadding="1">
> > <tr>
> > <td width="21%">File</td>
> > <td width="79%">
> > <input type="FILE" name="file">
> > </td>
> > </tr>
> > <tr>
> > <td width="21%">
> > <input type="submit" name="Submit" value="Submit">
> > </td>
> > <td width="79%"> </td>
> > </tr>
> > </table>
> > </form>
> > </body>
> > </html>
> >
> > ******second file called 'uploadfile.php'
> > <?php
> > if($file)
> > {
> > echo "file name :",$file_name,"<P>\n";
> > copy($file,"D:/graphic_practise/$file_name");
> >
> > print("file uploaded");
> > }
> > ?>
> >
> > thanks
> >
--- End Message ---
--- Begin Message ---
http://www.zend.com/zend/spotlight/uploading.php
Who's server are you trying this on mate? Yours or mine?
----- Original Message -----
From: "Dani" <[EMAIL PROTECTED]>
To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, May 26, 2002 10:38 AM
Subject: Re: [PHP] UPLOADING IMAGE
> Thanks for replying
>
> Sorry about not providing the info ....
>
> well... when I hit submit button, it goes to the 'uploadfile.php' page,
but it
> doesn't print anything at all. I check in my folder and the file is not
copied
> either.
>
> thanks,
> Dani
>
> "1LT John W. Holmes" wrote:
>
> > HOW IS IT NOT WORKING? Are you getting an error? Is your hard drive
being
> > erased? Do you get little electrical shocks from the wires tied into
your
> > braces when you hit enter and upload a file over 10k that has blue and
> > yellow within it but not part of the border????
> >
> > Info, man...provide it.
> >
> > ---John Holmes...
> >
> > ----- Original Message -----
> > From: "Dani" <[EMAIL PROTECTED]>
> > To: "1LT John W. Holmes" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Saturday, May 25, 2002 8:24 PM
> > Subject: Re: [PHP] UPLOADING IMAGE
> >
> > > I have tried to use the filename but it's still not working.
> > >
> > > here is the whole code I've got:
> > >
> > > ****** First file called 'upload.php'
> > > <html>
> > > <head>
> > > <title>Untitled Document</title>
> > > <meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
> > > </head>
> > >
> > > <body bgcolor="#FFFFFF" text="#000000">
> > > <form name="form1" method="post" ENCTYPE="multipart/form-data"
> > > action="uploadfile.php">
> > > <table width="50%" border="0" cellspacing="0" cellpadding="1">
> > > <tr>
> > > <td width="21%">File</td>
> > > <td width="79%">
> > > <input type="FILE" name="file">
> > > </td>
> > > </tr>
> > > <tr>
> > > <td width="21%">
> > > <input type="submit" name="Submit" value="Submit">
> > > </td>
> > > <td width="79%"> </td>
> > > </tr>
> > > </table>
> > > </form>
> > > </body>
> > > </html>
> > >
> > > ******second file called 'uploadfile.php'
> > > <?php
> > > if($file)
> > > {
> > > echo "file name :",$file_name,"<P>\n";
> > > copy($file,"D:/graphic_practise/$file_name");
> > >
> > > print("file uploaded");
> > > }
> > > ?>
> > >
> > > thanks
> > >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
hi,
in a php-script someone else wrote I found
'<input type="file" name="photo[]" accept="image/jpeg">':
echo " <tr>\n";
echo " <td width=\"130\" height=\"30\"></td>\n";
echo " <td width=\"370\" height=\"30\"><input type=\"file\" name=\"photo[]\"
accept=\"image/jpeg\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width=\"130\" height=\"30\"></td>\n";
echo " <td width=\"370\" height=\"30\"><input type=\"file\" name=\"photo[]\"
accept=\"image/jpeg\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width=\"130\" height=\"30\"></td>\n";
echo " <td width=\"370\" height=\"30\"><input type=\"file\" name=\"photo[]\"
accept=\"image/jpeg\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width=\"130\" height=\"30\"></td>\n";
echo " <td width=\"370\" height=\"30\"><input type=\"file\" name=\"photo[]\"
accept=\"image/jpeg\"></td>\n";
echo " </tr>\n";
and this is the code which is run by the form's action-attribute
(same script as above):
for( $i = 0; $i < count( $photo ); $i++ )
{
if( $photo[ $i ] != "" && $photo[ $i ] != "none" )
{
if( $photo_size[ $i ] > 500000 ) error( "Ungültige Fotogröße" );
if($photo_type[ $i ] == "image/pjpeg" || $photo_type[ $i ] == "image/jpeg")
$newphoto[] = $photo[ $i ];
else
error( "Ungültiger Dateityp, bitte wählen Sie JPEG " );
}
}
(you can find the complete file here:
http://home.t-online.de/~fam.natter/list.php)
Now the problem is that the above code only works with php 4.0.6 and
not with php 4.0.0: php 4.0.0 puts the type and name and
temporary-file information in the $image array while 4.0.6 puts it in
$image_type and $image (both use $image_size). See the example output
below for more information.
Here is a small test-case:
============ test_files.html ===============
<html>
<head><title>Test</title></head>
<body>
<form action="test_files.php" method="post" enctype="multipart/form-data">
<input type="file" name="image[]" accept="image/jpeg">
<input type="file" name="image[]" accept="image/jpeg">
<input type="submit" value="submit">
</form>
</body>
</html>
============================================
============ test_files.php ================
<?php
if (!isset ($image)) {
echo "<b>Missing Parameter in test_file.php!</b>";
exit;
}
if (isset ($image_type))
echo "<b>image_type is set !</b><br>";
if (isset ($image_size))
echo "<b>image_size is set !</b><br>";
for ($i = 0; $i < count ($image); $i++)
{
echo "<b>image[$i]='" . $image[$i] . "'<b>\n";
}
?>
============================================
Here is the output with two different versions of php when I select
two jpeg images (northbeach.jpg and Water01.jpg):
This is the output with php 4.0.6:
image_type is set !
image_size is set !
image[0]='/tmp/phpvRpXFA' image[1]='/tmp/phpfvgzMk'
This is the output with php 4.0.0:
image_size is set !
image[0]='northbeach.jpg' image[1]='image/jpeg' image[2]='/tmp/phpZApBAO'
image[3]='Water01.jpg' image[4]='image/jpeg' image[5]='/tmp/phpC3YeVs'
So how can I use this input-file array (image[] in the example)
portably ?
BTW: how can I get access to /tmp/phpZApBAO (I need to create
thumbnails from the images) ? On some servers this seems to create
permission-problems (but I cannot change the configuration of the
server).
--
Felix Natter
--- End Message ---
--- Begin Message ---
To all,
On a bulletin board (non-usenet) within a website, is it possible to change
the color or size of the type - or add a link from a word that the user has
posted?
For example, John Doe posts:
"Man, it's hot out here today!"
Where John changes the default font color - which is black - of the word
"hot" - *to red* - and then links "today" with a URL to another site like
weather.com
If so, how would this be accomplished?
Any thoughts?
Thank you.
Tony Ritter
--- End Message ---
--- Begin Message ---
Well with phpBB2 you can use html if the administrator allows it, if not you
can use phpBB tags. Things like:
Man, it's [color=red]hot[/color] out here
[url=http://www.weather.com]today[/url]!
All boards are different though so you'll need to read your documentation on
that board to figure out how to do it.. If it supports stuff like that :)
Cheers!
Rick
"Some people come into our lives and quickly go, others stay for awhile,
leaving foot-prints on our hearts and we are never quite the same" - Unknown
> From: "Anthony Ritter" <[EMAIL PROTECTED]>
> Date: Sat, 25 May 2002 19:39:10 -0500
> To: [EMAIL PROTECTED]
> Subject: [PHP] bulletin board question...
>
> To all,
> On a bulletin board (non-usenet) within a website, is it possible to change
> the color or size of the type - or add a link from a word that the user has
> posted?
>
> For example, John Doe posts:
>
> "Man, it's hot out here today!"
>
> Where John changes the default font color - which is black - of the word
> "hot" - *to red* - and then links "today" with a URL to another site like
> weather.com
>
> If so, how would this be accomplished?
> Any thoughts?
>
> Thank you.
> Tony Ritter
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Any number of ways you can do it. You can have the user enter in valid
HTML and just display it as such. Or you can use a markup language like
most BB.
Something like [b] for bold, [color=red] text [/color] to change colors,
etc.
PHP then looks through the post and replaces those tags with the HTML
equivalent.
---John Holmes...
> -----Original Message-----
> From: Anthony Ritter [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 25, 2002 8:39 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] bulletin board question...
>
> To all,
> On a bulletin board (non-usenet) within a website, is it possible to
> change
> the color or size of the type - or add a link from a word that the
user
> has
> posted?
>
> For example, John Doe posts:
>
> "Man, it's hot out here today!"
>
> Where John changes the default font color - which is black - of the
word
> "hot" - *to red* - and then links "today" with a URL to another site
like
> weather.com
>
> If so, how would this be accomplished?
> Any thoughts?
>
> Thank you.
> Tony Ritter
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
You can make up your own tags by just adding more
things to be parsed.
EXAMPLE:
$text = "Look at [b]this[/b] website ...";
echo $text;
custom_tags($text);
echo $text;
function custom_tags($text)
{
/* converts special tags into the html counterpart
* [b]text[/b] - bold text
* [i]text[/i] - italicise text
* [EMAIL PROTECTED] - automatically converts to
mailto: link
* [link=http://www.yahoo.com]text[/link]
*
* [list]
* [*] text
* [*] text
* [/list]
*
* [color=value]text to colour[/color] - colourize
some text
* [colour=value]text to colour[/colour] -
colourize some text
* [font=value]text[/font] - value is a class
defined in css file*/
$text = htmlentities($text);
$text =
eregi_replace("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z](
[-.]?[0-9a-z])*\\.[a-z]{2,3}", "<a
href=\"mailto:\\0\";>\\0</a>",$text);
$text =
preg_replace("/\[link=(\S+?)\](.*?)\[\/link\]/is",
"<a href=\"\\1\">\\2</a>",$text);
$text = preg_replace("/\[i\](.*?)\[\/i\]/is",
"<i>\\1</i>",$text);
$text = preg_replace("/\[b\](.*?)\[\/b\]/is",
"<b>\\1</b>",$text);
$text =
preg_replace("/\[list\](\n)?/i","<ul>",$text);
$text =
preg_replace("/\[\/list\](\n)?/i","</ul>",$text);
$text = preg_replace("/\[\*\](.*?)$/ism",
"<li>\\1</li>",$text);
$text =
preg_replace("/\[color=(.*?)\](.*?)\[\/color\]/is"
, "<font color=\"\\1\">\\2</font>",$text);
$text =
preg_replace("/\[colour=(.*?)\](.*?)\[\/colour\]/i
s", "<font color=\"\\1\">\\2</font>",$text);
$text =
preg_replace("/\[font=(.*?)\](.*?)\[\/font\]/is",
"<font class=\"\\1\">\\2</font>",$text);
return nl2br($text);
}
-----Original Message-----
From: Anthony Ritter
[mailto:[EMAIL PROTECTED]]
Sent: May 25, 2002 8:39 PM
To: [EMAIL PROTECTED]
Subject: [PHP] bulletin board question...
To all,
On a bulletin board (non-usenet) within a website,
is it possible to change
the color or size of the type - or add a link from
a word that the user has
posted?
For example, John Doe posts:
"Man, it's hot out here today!"
Where John changes the default font color - which
is black - of the word
"hot" - *to red* - and then links "today" with a
URL to another site like
weather.com
If so, how would this be accomplished?
Any thoughts?
Thank you.
Tony Ritter
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
> I have a script that switches.
> switch($pid)
> {
> case 1:
> break;
>
> case 2:
> break;
> }
>
> Now I'm doing a check in case 1 and if everything goes well,
> i want to switch directly to case 2 while the script is runny.
>
> How would i do that ???
In the specific case above you could do something like this in your case
1 -
case 1:
if (some test)
{
test sucessful - on to case 2
} else {
break;
}
That will fall through from case 1 to case 2 depending on the success of
a check.
CYA, Dave
--- End Message ---
--- Begin Message ---
Hello Nurse! (and php gurus)..
I'm building an online file exchange that will allow users to share custom 3D files
for a game that I'm involved in. I'd like to offer my users the oportunity to upload
multiple files at once by allowing them to ZIP them all together and upload just the
one file. Then I'd expand the ZIP archive, extract the files, and store them
individually on the server based on certain properties (which I already look for to
validate the files being uploaded individually).
I did my homework, found plenty of references and example code, a few classes. Still
a bit stumped though. The PHP docs refer to ZZIPLIB as the solution. Unfortunately
webhost does not have ZZIPLIB installed. And of course I don't have access to the PHP
config files... just my standard web account. Is ZZIPLIB something that I can use by
including it into my script? Or does it need to be compiled into PHP? If so then is
there another way that I can expand, extract and create ZIP files on the server?
I found one ZIP class on ZEND.com. http://www.zend.com/codex.php?id=696&single=1 It
looks like it should work but since it won't expand ZIP archives it's only half useful
to me.
Finally a friend of mine briefly eluded to the 'zip' and 'unzip' operations of UNIX.
Problem is I don't know anything about Unix commands and searching for
guides/tutorials revealed plenty of generic, but little useful information. Is this a
possibility? If so what would the unix command be to expand and create ZIP archives?
How would I tie that into my PHP script using the system() function?
Well.. hopefully you get the gist of what I'm trying to do. Other than my basic
knowlege in PHP I'm starting from scratch here, so just about anything you can tell me
will be useful.
Much Thanks,
Kevin Stone
[EMAIL PROTECTED]
or [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Hey,
I have just being going through the manual (windows version) and am a bit
confused about "include",
If I want the scope to affect the whole page I do this right:
(example page)
<html>
<body>
<?php
include blah.php
?>
some html
<?php
use some functions to call blah.php
?>
is this correct?
and my second question is if I am including a html file will that file need
to have a <html><head><body> etc etc
or you must have the <html><head>etc only in one file?
Since am confused about this and it comes straight from the RTFM()
function.....any help appreciated. :-)
Cheers,
-Ryan.
--- End Message ---
--- Begin Message ---
No, not exactly. The idea behind the include() function in PHP is to append
and execute code to the currently running script. This is great for
organizing your code into more easier to manage chunks. PHP will attempt to
parse and execute the included file as a PHP file regardless of the file
extension. So you can do this for example...
-- myhtml.html --
<div align="center">Hello <?echo $var;?></div>
------------------
-- myphp.php --
$var = "World";
<?include("myhtml.html")?>
-----------------
This will print out "Hello World". So that answers two questions with one
stone (err.. yah). include() is a function not a method. And you don't
need the <html> tag to display included html. The browser will
automatically assume an html header upon any textual output unless otherwise
specified.
Check out the manual for more information.
http://www.php.net/manual/en/function.include.php
Hope this helps
-Kevin
----- Original Message -----
From: "r" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 26, 2002 5:11 AM
Subject: [PHP] Include (Newbie question)
> Hey,
> I have just being going through the manual (windows version) and am a bit
> confused about "include",
> If I want the scope to affect the whole page I do this right:
>
> (example page)
> <html>
> <body>
> <?php
> include blah.php
> ?>
> some html
> <?php
> use some functions to call blah.php
> ?>
> is this correct?
>
> and my second question is if I am including a html file will that file
need
> to have a <html><head><body> etc etc
> or you must have the <html><head>etc only in one file?
>
> Since am confused about this and it comes straight from the RTFM()
> function.....any help appreciated. :-)
>
> Cheers,
> -Ryan.
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
Also note that if you want PHP in your included()'d file, you have to
put <? and ?> around the PHP. When you include() a file, PHP starts off
reading it in HTML mode.
Include() just takes the included file and sticks it into the original
file. The variable scope in an included file is the same as the spot
where the include() was called.
You really only want to call <html> once in your script. So if it's in
an include()'d file, that's fine. If you calling an included()'d file
from the middle of your script, the include()'d file doesn't have to
have <html>, etc...just valid code.
Take this example. You can use an include file to format a row for a
table.
##include.php##
<tr><td align="center" bgcolor="blue">$data</td></tr>
##main.php##
<table border="1">
<?
for($data=0;$data<100;$data++)
{ include("include.php"); }
?>
</table>
That'll make 100 table rows for you.
Include files are good for function declarations and separating pieces
of your HTML apart to easily manage it.
---John Holmes...
> -----Original Message-----
> From: Kevin Stone [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 25, 2002 8:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Include (Newbie question)
>
> No, not exactly. The idea behind the include() function in PHP is to
> append
> and execute code to the currently running script. This is great for
> organizing your code into more easier to manage chunks. PHP will
attempt
> to
> parse and execute the included file as a PHP file regardless of the
file
> extension. So you can do this for example...
>
> -- myhtml.html --
> <div align="center">Hello <?echo $var;?></div>
> ------------------
>
> -- myphp.php --
> $var = "World";
> <?include("myhtml.html")?>
> -----------------
>
> This will print out "Hello World". So that answers two questions with
one
> stone (err.. yah). include() is a function not a method. And you
don't
> need the <html> tag to display included html. The browser will
> automatically assume an html header upon any textual output unless
> otherwise
> specified.
>
> Check out the manual for more information.
> http://www.php.net/manual/en/function.include.php
>
> Hope this helps
> -Kevin
>
> ----- Original Message -----
> From: "r" < >
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, May 26, 2002 5:11 AM
> Subject: [PHP] Include (Newbie question)
>
>
> > Hey,
> > I have just being going through the manual (windows version) and am
a
> bit
> > confused about "include",
> > If I want the scope to affect the whole page I do this right:
> >
> > (example page)
> > <html>
> > <body>
> > <?php
> > include blah.php
> > ?>
> > some html
> > <?php
> > use some functions to call blah.php
> > ?>
> > is this correct?
> >
> > and my second question is if I am including a html file will that
file
> need
> > to have a <html><head><body> etc etc
> > or you must have the <html><head>etc only in one file?
> >
> > Since am confused about this and it comes straight from the RTFM()
> > function.....any help appreciated. :-)
> >
> > Cheers,
> > -Ryan.
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I want to detect the url my .php lies in.
This is over kill and BS:
$myurlvar = "http://".$SERVER_NAME.parse($SCRIPT_NAME);
How do I get "http://foo.com/dir1/dir2/dir3/";.
There seems to be nothing in phpinfo() that will give me a full url to
play with.
Flame me if you will, but I browsed TFM and found nothing inspirational.
Looked at phpinfo() too and got discouraged.
I need a full url.
John
--- End Message ---
--- Begin Message ---
Why don't you try something like this...do a system call to pwd and
strip out the portion of the url that you know is the upper directory.
Then you can exchange that for the http://www.site.com/ and then add
the additional directories to the end and call the script name...there
might not be a function that does all this, however, you can try to work
around it....
Thanks,
Ray Hunter
-----Original Message-----
From: jtjohnston [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 25, 2002 11:39 PM
To: [EMAIL PROTECTED]
Subject: [PHP] inspirational
I want to detect the url my .php lies in.
This is over kill and BS:
$myurlvar = "http://".$SERVER_NAME.parse($SCRIPT_NAME);
How do I get "http://foo.com/dir1/dir2/dir3/";.
There seems to be nothing in phpinfo() that will give me a full url to
play with.
Flame me if you will, but I browsed TFM and found nothing inspirational.
Looked at phpinfo() too and got discouraged.
I need a full url.
John
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
