NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2001-07

From: php-general-digest-helplists.php.net
Date: Wed Jul 04 2001 - 23:01:59 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 5 Jul 2001 04:01:59 -0000 Issue 736

Topics (messages 56188 through 56257):

Re: Security of PHP code
        56188 by: Jon Haworth
        56189 by: Christopher Ostmo
        56190 by: Tyrone Mills
        56191 by: james.windward-ca.com
        56192 by: Steve Werby
        56193 by: Arcady Genkin
        56194 by: Sascha Schumann
        56196 by: Delbono
        56197 by: Phil Driscoll
        56198 by: Christopher Ostmo
        56215 by: Christian Reiniger
        56218 by: Ryan
        56235 by: Brian White
        56242 by: Steve Werby
        56256 by: Tiger Quimpo

Re: Protecting from session hijacking
56195 by: Ian Bagley
56199 by: Christopher Ostmo

writing a query that returns similar numbers
        56200 by: zerosumzero.yahoo.com
        56203 by: Chris Anderson
        56209 by: mike cullerton
        56224 by: Matthew Loff

Re: newbie has include path error & new problem
56201 by: Daniel Goldin $E-mail$

Formular problem
56202 by: Tim Taubert
56205 by: Tim Taubert

Execing a command in safe mode
56204 by: Srinivasan Ramakrishnan

Division Problems
56206 by: ReDucTor
56207 by: James Mitchell

php3 and php-4.0.5
56208 by: Ramón Alvarez Rayo
56210 by: Brave Cobra

Removing Invalid Users
        56211 by: Clayton Dukes
        56212 by: Tom Carter
        56239 by: Steve Werby

Want to know what people think of my little script(Great for Personal and Pro Use)
56213 by: ReDucTor

Re: Troubleshooting syntax ?
56214 by: Christian Reiniger

split() function
        56216 by: David A Dickson
        56217 by: ReDucTor
        56221 by: David A Dickson
        56222 by: David A Dickson
        56223 by: Steve Edberg

mssql returnin type date all wrong
56219 by: Christian Dechery

Re: Getting Information from a CGI POST
56220 by: Don Read

Executing UNIX commands with PHP
        56225 by: Tim Taubert
        56227 by: Henrik Hansen
        56228 by: Tim Taubert
        56229 by: Arcady Genkin
        56230 by: Tim Taubert
        56231 by: Matthew Loff
        56234 by: Henrik Hansen

[ANNOUCE] PHPAUCTION 1.0 is out
56226 by: Gianluca Baldo

PHP escapes shell commands for me?
56232 by: Arcady Genkin

MySQL problem
        56233 by: Simon Kimber
        56236 by: Don Read
        56238 by: Simon Kimber

Best way to put text on image
56237 by: Todd Cary
56250 by: Jeff Lewis

checking if checkbox is checked
56240 by: Richard Kurth
56243 by: Steve Werby

Apache, PHP4 amd mySQL with SuSE 7.2
56241 by: Chuck Lalli

Re: iterating over /etc/group
56244 by: teo.gecadsoftware.com
56247 by: Arcady Genkin

Re: Basic multi-dimensional array help
56245 by: Gyozo Papp

Email verification (was: [PHP] Removing Invalid Users)
56246 by: Arcady Genkin
56257 by: Steve Werby

Is it me or my server company?
56248 by: zerosumzero.yahoo.com

Basic fopen() question
        56249 by: JCampbell
        56251 by: ReDucTor
        56252 by: Philip Olson

Recompile PHP-4.0.6 on MandrakeLinux 8.0
56253 by: Roger Johnsen

news.php.net is back.
56254 by: Jim Winstead

Re: mail problem...
56255 by: php

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Yes, I would have thought this would do it:

if (strstr($file, "/usr/local/apache/htdocs/") {
show_source($file);
} else {
echo "File must be in /usr/local/apache/htdocs!";
}

Modify as appropriate.

Have I missed anything, or will this do the trick?

Cheers
Jon

-----Original Message-----
From: Hankley, Chip [mailto:Chip.HankleyGASAI.Com]
Sent: 04 July 2001 16:46
To: PHP Mailingliste
Subject: RE: [PHP] Security of PHP code

OK,

I'm pretty new to PHP, and have been reading this thread, and am just a
little freaked.

If I understand this right, the only way reason we can view the source code
of those pages is that the web server on which the page resides essentially
has a PHP page somewhere on their site that has some variation of:

<?show_source($file);?>

as it's content, right?

While I can see the utility of that for some situations
(teaching...examples, etc.), it seems like a huge potential for security
breaches.

Is it possible to have such a function on your site w/o giving access to ALL
of your documents...

Chip

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Adrian Ciutureanu pressed the little lettered thingies in this order...

> Here is something that happend to me: I forgot to tell Apache that .inc > files must be parsed by PHP. All works fine if you include a .inc file, but > if somebody guess .inc file name, he can see the content of that file! >

If this is a concern, either name your include files with a valid PHP extension (i.e. ".php") or add the following line to an .htaccess file: AddType application/x-httpd-php .inc This will make the web server treat your .inc files as though they were PHP files and the source would be parsed rather than shown when accessed through a web browser.

> > -----Original Message----- > > From: David A Dickson [mailto:daviddicksonlycos.com] > > Sent: 4 iulie 2001 16:43 > > To: php-general > > Subject: [PHP] Security of PHP code > > > > > > Is it possible for others to view the php code for pages I > > have written? I thought I heard someone say before that they > > could write a simple script to accomplish this. If anyone > > knows of any tacticts people might use to attack my code > > please post them hee. > > > > : David A. Dickson > > : daviddicksonlycos.com

Anyone who has access to the server on which your server is hosted can view the source of your site by using the show_source() or highlight_file() functions unless your hosting provider disables those commands.

It doesn't really take a "simple script," just a simple function: <? show_source("/path/to/your/file.php"); ?>

To make matters worse, most hosting providers fail to chroot jail logins (a chroot jailed login cannot traverse the directory structure UP from its own home directory). This common, but poor policy allows anyone with access to the same server as yours to view your files through the shell or even download them by FTP. They may not overwrite your files, but they CAN view them.

There are two solutions if this is an important issue to you: 1) Get a dedicated server. This is kind of spendy, but accomplishes the goal. 2) Only do business with providers that will (even if you have to request it) disable these commands AND chroot jail all logins.

Have fun...

Christopher Ostmo a.k.a. techAppIdeas.com AppIdeas.com Meeting cutting edge dynamic web site needs

For a good time, http://www.AppIdeas.com/

attached mail follows:

I use something that accomplishes the same (displays the source of a file), but doesn't accept the file name as a parameter. The script is also in a directory with a password and is restricted by ip. Not perfect, but alot better.

----- Original Message ----- From: "Hankley, Chip" <Chip.HankleyGASAI.Com> To: "PHP Mailingliste" <php-generallists.php.net> Sent: Wednesday, July 04, 2001 8:45 AM Subject: RE: [PHP] Security of PHP code

> OK, > > I'm pretty new to PHP, and have been reading this thread, and am just a > little freaked. > > If I understand this right, the only way reason we can view the source code > of those pages is that the web server on which the page resides essentially > has a PHP page somewhere on their site that has some variation of: > > <?show_source($file);?> > > as it's content, right? > > While I can see the utility of that for some situations > (teaching...examples, etc.), it seems like a huge potential for security > breaches. > > Is it possible to have such a function on your site w/o giving access to ALL > of your documents... > > Chip > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

> <? > $allowed_path = "/www/sites/mysite/teaching"; > > if (substr($file, 0, str_len($allowed_path)) <> $allowed_path ) > { > die("not allowed!"); > } > else > { > show_source($file); > } > ?>

I've missed part of the discussion, but if my understanding of the issue is correct (accepting a filename and path from a visitor to the site to display through a PHP script), then this solution is probably inadequate...

If the user passes in a string like /www/sites/mysite/teaching/../../../../etc/passwd, the first part of the string will pass your validity test, but the user may still be able to ascend to a place where files you don't wish to share are stored.

A better solution may be to pass the filename through some filter and then concatenate that to your path. For example:

if(preg_match("/[^A-Za-z0-9]/", $file)) { die("Invalid filename."); } else { show_source($path . $file); }

That's an awefully strict way to do it, but that's my personal preference. If you must accept information that contains a path, perhaps just check for '..' in the user input.

Anyways, like I say I could be way off base as far as what the discussion is actually about, and I haven't had near enough coffee this morning, so forgive me if I'm just talking nonsense =)

attached mail follows:

"Jon Haworth" <jhaworthwitanjardine.co.uk> wrote: > Yes, I would have thought this would do it: > > if (strstr($file, "/usr/local/apache/htdocs/") { > show_source($file); > } else { > echo "File must be in /usr/local/apache/htdocs!"; > } > > Modify as appropriate. > > Have I missed anything, or will this do the trick?

Something along those lines will work. Without some kind of limitations built in, the page will be able to load any file that's world-readable so it's a good idea to limit access to certain directories or hardcode the directory you want to give access to.

-- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/

attached mail follows:

"Hankley, Chip" <Chip.HankleyGASAI.Com> writes:

> Is it possible to have such a function on your site w/o giving access to ALL > of your documents...

On top of everything the other users recommended, you can enable safe mode. It will protect you from sloppy programming.

-- 
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

On Wed, 4 Jul 2001, Steve Werby wrote:

> "Jon Haworth" <jhaworthwitanjardine.co.uk> wrote: > > Yes, I would have thought this would do it: > > > > if (strstr($file, "/usr/local/apache/htdocs/") { > > show_source($file); [..] > Something along those lines will work. Without some kind of limitations > built in, the page will be able to load any file that's world-readable so > it's a good idea to limit access to certain directories or hardcode the > directory you want to give access to.

Imagine someone passing in /usr/local/apache/htdocs/../../../../etc/passwd as path..

- Sascha Experience IRCG http://schumann.cx/ http://schumann.cx/ircg

attached mail follows:

Yes, I supposed there could be that eventuality...

I supposed or hoped that wasn't a valid path. > /usr/local/apache/htdocs/../../../../etc/passwd as path..

I'm not very practice of paths... actually

> On Wed, 4 Jul 2001, Steve Werby wrote: > > > "Jon Haworth" <jhaworthwitanjardine.co.uk> wrote: > > > Yes, I would have thought this would do it: > > > > > > if (strstr($file, "/usr/local/apache/htdocs/") { > > > show_source($file); > [..] > > Something along those lines will work. Without some kind of limitations > > built in, the page will be able to load any file that's world-readable so > > it's a good idea to limit access to certain directories or hardcode the > > directory you want to give access to. > > Imagine someone passing in > /usr/local/apache/htdocs/../../../../etc/passwd as path.. > > - Sascha Experience IRCG > http://schumann.cx/ http://schumann.cx/ircg > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

Surely the lesson here is to NEVER NEVER NEVER write PHP code which accepts a filename of any kind as one of its arguments. Yes, it will make some of your code a bit less versatile and more long winded, but you can bet your bottom dollar that someone can find a crafty way around whatever syntax checking you do.

Cheers

-- Phil Driscoll

attached mail follows:

Delbono pressed the little lettered thingies in this order...

> > maybe one could be > > <? > $allowed_path = "/www/sites/mysite/teaching"; > > if (substr($file, 0, str_len($allowed_path)) <> $allowed_path ) > { > die("not allowed!"); > } > else > { > show_source($file); > } > ?> >

The only foolproof method for restricting access is to strip forward slashes. In the above example, I can change the file to: /www/sites/mysite/teaching/../../../../etc/passwd And it will be allowed If you were to do this, however: $allowed_path = "/www/sites/mysite/teaching"; $file = ereg_replace("/","",$file); show_source($allowed_path."/".$file); That would block any attempt to trick the server into going into another directory.

You would have to create separate show_source() calls or separate scripts for each directory that you wish to allow, but nobody will ever get your /etc/passwd file.

Christopher Ostmo a.k.a. techAppIdeas.com AppIdeas.com Meeting cutting edge dynamic web site needs

For a good time, http://www.AppIdeas.com/

attached mail follows:

On Wednesday 04 July 2001 16:12, ReDucTor wrote: > http://sourceforge.net/source.php?page_url=/source.php look at that...

No problem. Have a look at what is done before the show_source () call. That script *is* safe :)

> > It is not how secure PHP is, it is how well YOU protect it. > > For example = make this line show_source($file); then go to your page > > like file.php?file=/etc/passwd and you're freaked!

-- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/)

Pretty cool, the kind of power information technology puts in our hands these days.

- Securityfocus on probing 36000000 hosts for known problems in 3 weeks

attached mail follows:

You guys wouldnt have to worry if you chroot apache and php.. ;] then you cant access anything outside the jail, it works great!

Ryan

attached mail follows:

Possibilities for improving security on a sourec displayer.

1) Maybe you could restrict your source shower to only look at particular types of files - maybe the file has to end in ".php" or ".inc" before it is even considered.

2) Given that something that displays the source needs to read the file, maybe it could just look for some kind of marker that would have to appear within the first N lines of a file, otherwise it would be rejected. For example, every file that could be displayed might need to look like this:

<?php //<<DISPLAYABLE>> ...

At 16:54 4/07/2001 +0100, Jon Haworth wrote: >Yes, I would have thought this would do it: > >if (strstr($file, "/usr/local/apache/htdocs/") { > show_source($file); >} else { > echo "File must be in /usr/local/apache/htdocs!"; >}

------------------------- Brian White Step Two Designs Pty Ltd - SGML, XML & HTML Consultancy Phone: +612-93197901 Web: http://www.steptwo.com.au/ Email: bwhitesteptwo.com.au

attached mail follows:

"Sascha Schumann" <saschaschumann.cx> wrote: > On Wed, 4 Jul 2001, Steve Werby wrote: > > > "Jon Haworth" <jhaworthwitanjardine.co.uk> wrote: > > > Yes, I would have thought this would do it: > > > > > > if (strstr($file, "/usr/local/apache/htdocs/") { > > > show_source($file); > [..] > > Something along those lines will work. Without some kind of limitations > > built in, the page will be able to load any file that's world-readable so > > it's a good idea to limit access to certain directories or hardcode the > > directory you want to give access to. > > Imagine someone passing in > /usr/local/apache/htdocs/../../../../etc/passwd as path..

Excellent point. In addition to hardcoding the path I would do something to ensure that the file requested does not attempt to bypass that directory. I'd probably use a regex to make sure it doesn't include a "/" or if I want to serve files from a deeper directory I'd do a regex or use something like strstr() to see if ".." is within the filename. Personally, I wouldn't make a script that outputed a file on the server or a script's code *and* allowed the user to dictate what file was accessed.

-- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/

attached mail follows:

hello all,

i just recently looked at this thread, so i don't know what's been discussed before today. i thought i'd point everyone at:

http://lwn.net/2001/0704/a/study-in-scarlet.php3

however. just came out yesterday. very relevant.

tiger

-- Gerald Timothy Quimpo tiger

kami.com Entia non sunt multiplicanda praetere necessitatem Mene sakhet ur-seveh

attached mail follows:

One thing which would prevent hijacks from simply guessing SIDS would be to add an md5 hash to the end of a url.... e.g. If a page was:- doit.php?item=4&SID=237478 then append the url with the md5 of the url PLUS a secret key generated at the begining of each session:- i.e. add MD5("doit.php?item=4&SID=237478"."R4WED4TTE3") results in the new url like.... doit.php?item=4&SID=237478&EXTRA=GTW4YGSE52FD234WERW634DG5WE653WEF ...then the browsed to page could easily verify if ANY details of the query string have been changed! This also pretects other info being changed such at in this example 'item'. If a user changed the SID to anything else, even a perfectly valid active session it would result in the EXTRA key no longer being valid! and as they don't have access to the secret key they wouldn't be able to generate a new one! :) Obviously if someone copied the entire url including the extra bit then they would have access! but this solution does have the added benefit of preventing the valid owner of a valid session from changing other bits of the query string! Ian > -----Original Message----- > From: Arcady Genkin [mailto:a.genkinutoronto.ca] > Sent: 04 July 2001 06:52 > To: php-generallists.php.net > Subject: Protecting from session hijacking > > > Is there any real way to protect against possibility of session > hijacking? I thought of checking IP address on subsequent requests, > but apparently this cannot be relied on because of HTTP proxies etc. > Any wizdom on the matter? (I'm already saving the session files in a > directory protected from unwanted eyes.) > -- > Arcady Genkin > i=1; while 1, hilb(i); i=i+1; end >

attached mail follows:

Ian Bagley pressed the little lettered thingies in this order...

> One thing which would prevent hijacks from simply guessing SIDS would be to > add an md5 hash to the end of a url.... > > e.g. > > If a page was:- doit.php?item=4&SID=237478 > > then append the url with the md5 of the url PLUS a secret key generated at > the begining of each session:- i.e. add > MD5("doit.php?item=4&SID=237478"."R4WED4TTE3") results in the new url > like.... > > doit.php?item=4&SID=237478&EXTRA=GTW4YGSE52FD234WERW634DG5WE653WEF > > ...then the browsed to page could easily verify if ANY details of the query > string have been changed! This also pretects other info being changed such > at in this example 'item'. > > If a user changed the SID to anything else, even a perfectly valid active > session it would result in the EXTRA key no longer being valid! and as they > don't have access to the secret key they wouldn't be able to generate a new > one! :) > > Obviously if someone copied the entire url including the extra bit then > they would have access! but this solution does have the added benefit of > preventing the valid owner of a valid session from changing other bits of > the query string! > > Ian

This thread isn't about "guessing" a session ID, it's about "stealing" a session ID. The same asnwer applies to your response as to the original question.

There was a thread about this just a few days ago, but the answer for *most* applications is an astounding, "NO." Unless you are running the entire transaction through SSL, any packet sniffer on the network can view, steal and use ANYTHING you send over the netowrk (including the value of a session ID that is being sent as a cookie value, the username and password for a telnet session, the username and password for an FTP session, etc). Packet sniffers are incredibly easy to find, get and use (even for "script kiddies"). If your session data is *that* vital, you should consider using SSL.

This is likely to be true as long as HTTP transmissions are stateless.

Christopher Ostmo a.k.a. techAppIdeas.com AppIdeas.com Meeting cutting edge dynamic web site needs

For a good time, http://www.AppIdeas.com/

attached mail follows:

I have a database with numbers in one of the tables I'd like to ask mysql to renturn all numbers with say 10 of mynumber

Sort of like this:

$sql = "SELECT rowid FROM numbers WHERE (mynumer is within 10 of number)";

but I've gotten stuck do I have to do this:

$sql = "SELECT rowid FROM numbers WHERE (((mynumer+10) < number) AND (mynumer-10) > number) )";

it seems kinda wordy ...

Susan

attached mail follows:

Try the LIKE wording in your statement. That should work....I think ----- Original Message ----- From: <zerosumzeroyahoo.com> To: "PHP Mailingliste" <php-generallists.php.net> Sent: Wednesday, July 04, 1979 12:48 PM Subject: [PHP] writing a query that returns similar numbers

> I have a database with numbers in one of the tables I'd like to ask mysql to > renturn all numbers with say 10 of mynumber > > Sort of like this: > > $sql = "SELECT rowid FROM numbers WHERE (mynumer is within 10 of number)"; > > > but I've gotten stuck do I have to do this: > > > $sql = "SELECT rowid FROM numbers WHERE (((mynumer+10) < number) AND > (mynumer-10) > number) )"; > > it seems kinda wordy ... > > Susan > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

select rowid from numbers where number between mynumber-10 and mynumber+10;

on 7/4/79 10:48 AM, zerosumzeroyahoo.com at zerosumzeroyahoo.com wrote:

-- mike cullerton

attached mail follows:

This should work too:

$sql = "SELECT rowid FROM numbers WHERE ABS(number - mynumber) <= 10";

-----Original Message----- From: Chris Anderson [mailto:chrisdersonameritech.net] Sent: Wednesday, July 04, 2001 1:24 PM To: zerosumzeroyahoo.com; PHP Mailingliste Subject: Re: [PHP] writing a query that returns similar numbers

> I have a database with numbers in one of the tables I'd like to ask > mysql to > renturn all numbers with say 10 of mynumber > > Sort of like this: > > $sql = "SELECT rowid FROM numbers WHERE (mynumer is within 10 of > number)"; > > > but I've gotten stuck do I have to do this: > > > $sql = "SELECT rowid FROM numbers WHERE (((mynumer+10) < number) AND > (mynumer-10) > number) )"; > > it seems kinda wordy ... > > Susan > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net To > contact the list administrators, e-mail: php-list-adminlists.php.net >

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Mike,

I do believe you are right. Here are my apache logs for today, after I attempted to connect to localhost:

[Wed Jul 4 09:43:33 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80 [Wed Jul 4 09:43:37 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80 [Wed Jul 4 09:44:05 2001] [crit] (98)Address already in use: make_sock: could not bind to port 80

Thanks again for taking the time to help me chase down this problem.

daniel

-----Original Message----- From: mike cullerton [mailto:michaelccullerton.com] Sent: Tuesday, July 03, 2001 9:55 PM To: dangoldinearthlink.net Subject: Re: [PHP] newbie has include path error & new problem

hey daniel,

i think we're chasing a red herring here, and i'm not sure i remember the original problem... ;)

so, you can't load http://localhost or http://127.0.0.1

correct?

what do your apache error logs say? i'm beginning to think your networking is fine.

mike

on 7/3/01 12:17 PM, Daniel Goldin at dangoldinearthlink.net wrote:

> Here what I get: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 199.34.58.0 * 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 199.34.58.7 0.0.0.0 UG 0 0 0 eth0 > > > If thids doesn't work I will hit the manuals a secomnd time, although I > admit my first time browsing through the extensive documentation on ethernet > devices and network administration had made me a bit flummoxed. > > Anyway, thank you so much for your time. You and others on this list have > been fantastic dealing what has turned into an off-topic problem. > > Best to all, > > daniel

-- mike cullerton

attached mail follows:

hi i have a problem with variables received from a formular.. imagine this is the important part of the form:

<select multiple name="extras"> <option>Cheese</option> <option>Tomatoes</option> <option>Onions</option> </select>

and now.. what does the variable $extras look like? is it an array? don't have any imaginations...

please help

Tim Taubert

--------------------------------------------------------------------- Tim Taubert | timtaubertweb.de | http://www.shogunat.com/rg/ ---------------------------------------------------------------------

attached mail follows:

Thanks a lot Alex!

Tim Taubert

.o] -----Original Message----- .o] From: Alex Piaz [mailto:webmasterglobalmap.com] .o] Sent: Wednesday, July 04, 2001 8:01 PM .o] To: timtaubertweb.de .o] Subject: Re: [PHP] Formular problem .o] .o] .o] At 19:19 4/7/2001 +0200, you wrote: .o] >hi .o] >i have a problem with variables received from a formular.. .o] >imagine this is the important part of the form: .o] > .o] > <select multiple name="extras"> .o] > <option>Cheese</option> .o] > <option>Tomatoes</option> .o] > <option>Onions</option> .o] > </select> .o] > .o] >and now.. what does the variable $extras look like? is it an array? don't .o] >have any imaginations... .o] .o] Hi Tim! .o] .o] If you want to perform a multiple select on a form like yours, you should .o] name it as extras[]. It turns the variable into an array, so you can acess .o] them just calling $extras[0] and so. .o] .o] If you call the form simply "extras", the variable will be a string, not an .o] array. The brackets [] are the point on this subject. .o] .o] Regards .o] .o] .o] Alex Piaz .o] Webmaster .o] Global Map Internet Marketing .o] http://www.globalmap.com .o] "Be cool or be cast out" .o] **************************************************************** .o]

attached mail follows:

Hi,

I need to execute a command on my web host's machine. However they have safe mode enabled.

PHP Version 4.0.3pl1 runs as a module on Apache.

From php.ini ; Safe Mode safe_mode = On safe_mode_exec_dir = /etc/php4/execdir

Will a symlink located in safe_mode_exec_dir that points to the actual program be enough, or should the actual program I want to run itself be installed there? I need to confirm this before I make an admin request.

Any other ideas for running a program in safe mode? I only need to return the results of a process execution. I don't need to write to it. As in printing say the output of `ls -al`.

The return code of exec(), system() etc., is 126 with safe mode on. Is 126 a PHP status code or is it returned by Linux? Where can I find a list of error code to error code meaning mapping?

-Srini

-- http://www.sriniram.com http://symonds.net/~sriniram

attached mail follows:

Hey, I made this little script, quiet useful on windows and unix machines, but i have a problem, division isn't returning a float, it just returns 0, would i need to do something like convert $totalsize into a float? <html> <body><?php $SecondsToTimeout = 120; ini_alter(max_execution_time, $SecondsToTimeout); function convert($bytes) { $kbytes = $bytes / 1024; $mbytes = $kbytes / 1024; $gbytes = $mbytes / 1024; $tbytes = $gbytes / 1024;

return $mbyte; } function showdir($dir) { echo "<blockquote>"; $handle = opendir($dir); while (false!==($file = readdir($handle))) { if ($file != "." && $file != "..") { if(is_file($dir."/".$file)){ // Commented out for fixing this error // echo $file." (<i>".filesize($dir."/".$file)." Bytes</i>)(<i>".filetype($dir."/".$file)."</i>)(<i>".fileperms($dir."/".$file)."</i>)<br>\n"; } if(is_dir($dir."/".$file)){ $dirhandle = opendir($dir."/".$file); while(false!==($filetocheck=readdir($dirhandle))){ if(!isset($totalsize)) $totalsize = filesize($dir."/".$file."/".$filetocheck); else $totalsize = $totalsize + filesize($dir."/".$file."/".$filetocheck); } echo $file." (<i>".convert($totalsize)."</i>)<br>\n"; showdir($dir.".".$file); // Put / on unix, and c:/ on windows } } } echo "</blockquote>"; } showdir("/"); ini_restore(max_execution_time); ?></body></html>

attached mail follows:

Found it, I had it returning mbyte not mbytes....arrrg ----- Original Message ----- From: ReDucTor <sjdtmvtpg.com.au> To: <php-generallists.php.net> Sent: Thursday, July 05, 2001 3:43 AM Subject: [PHP] Division Problems

return $mbyte; } function showdir($dir) { echo "<blockquote>"; $handle = opendir($dir); while (false!==($file = readdir($handle)))

if ($file != "." && $file != "..")

if(is_file($dir."/".$file)){ // Commented out for fixing this error // echo $file." (<i>".filesize($dir."/".$file)." Bytes</i>)(<i>".filetype($dir."/".$file)."</i>)(<i>".fileperms($dir."/".$fil e)."</i>)<br>\n"; } if(is_dir($dir."/".$file)){ $dirhandle = opendir($dir."/".$file); while(false!==($filetocheck=readdir($dirhandle))){ if(!isset($totalsize)) $totalsize = filesize($dir."/".$file."/".$filetocheck); else $totalsize = $totalsize + filesize($dir."/".$file."/".$filetocheck); } echo $file." (<i>".convert($totalsize)."</i>)<br>\n"; showdir($dir.".".$file); // Put / on unix, and c:/ on windows } } } echo "</blockquote>"; } showdir("/"); ini_restore(max_execution_time); ?></body></html>

attached mail follows:

I had some sites that uses php3 but i did a upgrade to php-4.0.5, after that my web server doesn´t works with files .php3, how can i make to recognize .php3

please i need your help.

thanks.

Saludos fraternos,

*********************************************************************** Ramón Alvarez Rayo Contacto Tecnico - Telematix Telefono: (505) 2785523 Fax: (505) 2784012 ************************************************************************

attached mail follows:

Depends of course of which server you use. Which one is it?

Brave Cobra ----- Original Message ----- From: "Ramón Alvarez Rayo" <ralvareztmx.com.ni> To: <php-generallists.php.net> Sent: Wednesday, July 04, 2001 8:01 PM Subject: [PHP] php3 and php-4.0.5

I had some sites that uses php3 but i did a upgrade to php-4.0.5, after that my web server doesn´t works with files .php3, how can i make to recognize .php3

please i need your help.

thanks.

Saludos fraternos,

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Howdy folks,

How can I write code that will search the database and check the validity of an email address, and if it's bad, to remove that entry from the database?

Here's a dump one of the tables:

INSERT INTO users VALUES (1,'','username','emailemail.com','','','001.gif','Jul 04, 2001','','title','location','text','',0,0,'','','','field',10,'',0,0,0,'',0, '','Default',4096,0);

ie: if the email field is bad (test using sendmail?) remove that entry from the database.

How can I do this?

TIA!

Clayton Dukes CCNA, CCDA, CCDP, CCNP Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net

attached mail follows:

You can check that the *format* of the address is valid by using regular expressions.. look at the regular expression pages on php.net (especially the users comments.. they do exactly that!)

As for checking whether it is a real email or not.. you can't test this without actually sending them an email (and even then you can't be sure)... if you could check then it would be too nice for spammers! What you can do in addition is to check that the domain is a valid domain (ping?)

HTH,Tom ----- Original Message ----- From: "Clayton Dukes" <cdukescdukes.com> To: <php-generallists.php.net> Sent: Wednesday, July 04, 2001 7:16 PM Subject: [PHP] Removing Invalid Users

> Howdy folks, > > How can I write code that will search the database and check the validity of > an email address, and if it's bad, to remove that entry from the database? > > Here's a dump one of the tables: > > INSERT INTO users VALUES > (1,'','username','emailemail.com','','','001.gif','Jul 04, > 2001','','title','location','text','',0,0,'','','','field',10,'',0,0,0,'',0, > '','Default',4096,0); > > ie: > if the email field is bad (test using sendmail?) > remove that entry from the database. > > How can I do this? > > TIA! > > Clayton Dukes > CCNA, CCDA, CCDP, CCNP > Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

"Clayton Dukes" <cdukescdukes.com> wrote: > How can I write code that will search the database and check the validity of > an email address, and if it's bad, to remove that entry from the database?

Like Tom said, use regex to check the email is of a valid format. A small percentage of servers can be contacted to find whether an email address is valid, but fewer and fewer are allowing this so it's completely unreliable. You can use getmxrr() to see if a DNS MX record exists corresponding to the domain. You'll need explode() to pull out the domain itself from the email address. Unfortunately an email address can be valid without having a valid MX record and also DNS could be unreachable at the exact moment your requesting it. It might be better to bypass getmxrr() and use checkdnsrr() instead to find whether the host exists. Of course this too could be unreachable. If you really want to determine if an email address is valid, a better strategy may be to send an email to the address with a unique string in it that must be mailed back or a unique URL that must be visited. You'd then need a script that's triggered upon receipt of matching emails and changes a flag in your DB record to designate the email address as valid or a script in the webpage that does the same.

-- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/

attached mail follows:

Hey, First off grab the Developer Timer from http://newbienetwork.net/phpcodems.php?as=viewcode&id=7 thats a great little class, then make a .php file and paste the following in

<html> <body><?php include("class.timer.php"); $timer = new timer(viewfiles); $timer->start_timing(); $SecondsToTimeout = 120; $foldertoview = "."; ini_alter(max_execution_time, $SecondsToTimeout); function convert($bytes, $conversion) { $kbytes = $bytes / 1024; $mbytes = $kbytes / 1024; $gbytes = $mbytes / 1024; $tbytes = $gbytes / 1024;

if($conversion == "bytes") return round($bytes,4)." Bytes"; if($conversion == "kbytes") return round($kbytes,3)." Kb"; if($conversion == "mbytes") return round($mbytes,2)." Mb"; if($conversion == "gbytes") return round($gbytes,2)." Gb"; if($conversion == "tbytes") return round($tbytes,3)." Tb"; } function showdir($dir, $mode) { echo "<blockquote>"; $handle = opendir($dir); while (false!==($file = readdir($handle))) { if ($file != "." && $file != "..") { if($mode == 1){ if(is_file($dir."/".$file)){ // Commented out for fixing this error echo $file." (<i>".convert(filesize($dir."/".$file),"mbytes")."</i>)(<i>".filetype($dir."/".$file)."</i>)(<i>".fileperms($dir."/".$file)."</i>)<br>\n"; } } if(is_dir($dir."/".$file)){ $dirhandle = opendir($dir."/".$file); while(false!==($filetocheck=readdir($dirhandle))){ if(!isset($totalsize)) $totalsize = filesize($dir."/".$file."/".$filetocheck); else $totalsize = $totalsize + filesize($dir."/".$file."/".$filetocheck); } if($mode == 1){ echo "<a name=\"".realpath($dir."/".$file)."\"><b>\\".$file."</b></a> (<i>".convert($totalsize,"mbytes")."</i>)<br>\n"; showdir($dir."/".$file, 1); } if($mode == 0){ echo "<a href=\"#".realpath($dir."/".$file)."\"><b>\\".$file."</b></a> (<i>".convert($totalsize,"mbytes")."</i>)<br>\n"; showdir($dir."/".$file, 0); } } } } echo "</blockquote>"; } showdir($foldertoview, 0); ?><br><br><br><br><br><?php showdir($foldertoview, 1); ini_restore(max_execution_time); $timer->stop_timing(); $timer->print_runtime(); ?></body></html>

Now change the $foldertoview to any folder, if you want to know the total of your system, put it as / that should work in unix and windows, hell i tested that on win98 system....its great, every place that wants to know where its space is going should have it, even a little person computer should have it to see whats going where...hehe

Tell me what you think... - James "ReDucTor" Mitchell

attached mail follows:

On Wednesday 04 July 2001 16:58, Kurt Lieber wrote: > That domain name doesn't appear to be valid. Perhaps you meant: > > http://validator.w3.org ?

Um, yes. Why can't the w3c simply have "w3c" as domain name? *sigh*

---- > http://validator.w3c.org/ ---- -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/)

Pretty cool, the kind of power information technology puts in our hands these days.

- Securityfocus on probing 36000000 hosts for known problems in 3 weeks

attached mail follows:

I have a comma separated spreadsheet with one field that contains two dates. the dates are formatted as dd/mm/yy and separated by either '&' or '//' ex:3/12/92&28/1/93 or 3/12/92//28/1/93 Problem: I need to split the field at the '&' or '//' separator but if I do split('[&//]', $field); it splits on the '/' not the '//'. Can I do this in one function call to split() or will I have to do it twice?

--- : David A. Dickson : Web Designer for the offices of Principal and Provost : McGill University : Tel 514-398-2624 | Fax 514-389-8983 : daviddickson

lycos.com

Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/

attached mail follows:

$line = explode("[(&|//)]",$field); should work, or you might have to put //// but thats not \ so you shouldn't need to comment out the slash... ----- Original Message ----- From: David A Dickson <daviddicksonlycos.com> To: php-general <php-generallists.php.net> Sent: Thursday, July 05, 2001 4:37 AM Subject: [PHP] split() function

> I have a comma separated spreadsheet with one field that contains two dates. the dates are formatted as dd/mm/yy and separated by either '&' or '//' ex:3/12/92&28/1/93 or 3/12/92//28/1/93 > Problem: I need to split the field at the '&' or '//' separator but if I do > split('[&//]', $field); > it splits on the '/' not the '//'. > Can I do this in one function call to split() or will I have to do it twice? > --- > : David A. Dickson > : Web Designer for the offices of Principal and Provost > : McGill University > : Tel 514-398-2624 | Fax 514-389-8983 > : daviddicksonlycos.com > > > > > Get 250 color business cards for FREE! > http://businesscards.lycos.com/vp/fastpath/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Thanks for replying ReDucTor but that didn't work either. I tried $line = explode("[(&|//)]", $field); and $line = explode("[(&|////)]", $field); and $line = explode("[(&|\/\/)]", $field); with no success. Any other ideas?

On Thu, 5 Jul 2001 04:50:29 ReDucTor wrote: >$line = explode("[(&|//)]",$field); should work, or you might have to put >//// but thats not \ so you shouldn't need to comment out the slash... >----- Original Message ----- >From: David A Dickson <daviddicksonlycos.com> >To: php-general <php-generallists.php.net> >Sent: Thursday, July 05, 2001 4:37 AM >Subject: [PHP] split() function > > >> I have a comma separated spreadsheet with one field that contains two >dates. the dates are formatted as dd/mm/yy and separated by either '&' or >'//' ex:3/12/92&28/1/93 or 3/12/92//28/1/93 >> Problem: I need to split the field at the '&' or '//' separator but if I >do >> split('[&//]', $field); >> it splits on the '/' not the '//'. >> Can I do this in one function call to split() or will I have to do it >twice?

Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/

--------- End Forwarded Message ---------

Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/

attached mail follows:

Thanks that helped, this is what I used: if (ereg("&", $field)) $line = explode("&", $field); else $line = explode("//", $field);

On Thu, 5 Jul 2001 05:29:11 ReDucTor wrote: ><?php >$line2 = explode("", $field); >for($i = 0; $i < sizeof($line2); $i++){ > if($line2[$i] == "&") > $useand = 1; > else if($line[$i + 1] == "/"){ > if($line[$i] == "/"){ > $useslash = 1; > } > } >} >if($useand == 1) >$line = explode("&", $field); >if($useslash == 1) >$line = explode("//", $field); >?>

Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/

attached mail follows:

You don't need a character class here (signified by [] brackets); you can use

$line = split('&|//', $field);

As you can see, this is identical to ReDucTor's solution, except that the brackets are omitted. Character classes only work for single characters, not multiple character strings like '//'.

- steve

At 3:21 PM -0400 7/4/01, David A Dickson wrote: >Thanks for replying ReDucTor but that didn't work either. I tried >$line = explode("[(&|//)]", $field); and >$line = explode("[(&|////)]", $field); and >$line = explode("[(&|\/\/)]", $field); >with no success. Any other ideas? > >On Thu, 5 Jul 2001 04:50:29 > ReDucTor wrote: >>$line = explode("[(&|//)]",$field); should work, or you might have to put >>//// but thats not \ so you shouldn't need to comment out the slash... >>----- Original Message ----- >>From: David A Dickson <daviddicksonlycos.com> >>To: php-general <php-generallists.php.net> >>Sent: Thursday, July 05, 2001 4:37 AM >>Subject: [PHP] split() function >> >> >>> I have a comma separated spreadsheet with one field that contains two >>dates. the dates are formatted as dd/mm/yy and separated by either '&' or >>'//' ex:3/12/92&28/1/93 or 3/12/92//28/1/93 >>> Problem: I need to split the field at the '&' or '//' separator but if I >>do > >> split('[&//]', $field); >>> it splits on the '/' not the '//'. >>> Can I do this in one function call to split() or will I have to do it >>twice? > > > >Get 250 color business cards for FREE! >http://businesscards.lycos.com/vp/fastpath/ > >--------- End Forwarded Message ---------

-- +------ Factoid: Of the 100 largest economies in the world, 51 are ------+ | Steve Edberg University of California, Davis | | sbedberg

ucdavis.edu Computer Consultant | | http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ | +--- corporations ------ http://www.ips-dc.org/reports/top200text.htm ---+

attached mail follows:

In a script I have a query that gets the time of a desired track. It is in SQL Server table with the smalldatetime type, whihc returns me something that looks like '2001-07-04 12:04:12', but PHP is giving me 'Jul 04 2001 12:04AM'.

Why does this happen?

I want the seconds, where are they???

. [ Christian Dechery ] . Webdeveloper Tá Na Mesa! . Listmaster Gaita-L . http://www.tanamesa.com.br

attached mail follows:

On 03-Jul-01 Brad Hubbard wrote: > On Tue, 3 Jul 2001 02:51, Don Read wrote: > >> $pstr='FltNum=2972&page=fi&selectDay=July+02'; >> $fp=openpost('dps2.usairways.com', '/cgi-bin/fi', $pstr); >> >> // i'm not so sure about that selectDay, javascript ain't my thing. > > This is implementation dependant (it's using an array they've created > (monthNames should be defined futher up the page within a <script> tag) so > it > could be anything)

Understood.

> there doesn't appear to be a "+" in there though so it's > more likely selectDay=July02 or selectDay=0702 or selectDay=702. > >

The OP : <script> todayMonth = monthNames[today.getMonth() + 1]; document.write( '<option value=\"' + todayMonth + ' ' + today.getDate() + '\">today</option>');

I expected the todayMonth+ ' ' +

> Cheers, > Brad

-- Don Read dread

texas.net -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it.

attached mail follows:

Hi all, how can i execute a UNIX command like

'newuser "Tim Taubert" tim password'

? and am i able to fetch the results of such commands? Please help.

Tim Taubert

attached mail follows:

"Tim Taubert" <timtaubertweb.de> wrote:

> Hi all, > how can i execute a UNIX command like > > 'newuser "Tim Taubert" tim password'

$output = system("unix_command"); echo "The result was" . $output;

more info at:

www.php.net/system

-- Henrik Hansen

attached mail follows:

Thanks a lot Henrik!

.o] -----Original Message----- .o] From: Henrik Hansen [mailto:hhmailserver.dk] .o] Sent: Wednesday, July 04, 2001 10:26 PM .o] To: php-generallists.php.net .o] Subject: Re: [PHP] Executing UNIX commands with PHP .o] .o] .o] "Tim Taubert" <timtaubertweb.de> wrote: .o] .o] > Hi all, .o] > how can i execute a UNIX command like .o] > .o] > 'newuser "Tim Taubert" tim password' .o] .o] $output = system("unix_command"); .o] echo "The result was" . $output; .o] .o] more info at: .o] .o] www.php.net/system .o] .o] -- .o] Henrik Hansen .o] .o] .o] -- .o] PHP General Mailing List (http://www.php.net/) .o] To unsubscribe, e-mail: php-general-unsubscribelists.php.net .o] For additional commands, e-mail: php-general-helplists.php.net .o] To contact the list administrators, e-mail: php-list-adminlists.php.net .o]

attached mail follows:

"Tim Taubert" <timtaubertweb.de> writes:

> how can i execute a UNIX command like > 'newuser "Tim Taubert" tim password' > ? and am i able to fetch the results of such commands?

Since someone else replied to your question, I'll just mention that running such command may be a really bad idea. If someone runs `ps' at the same time, he'll be able to see the password for user `tim' in clear text.

-- 
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

mh this is bad...

can i do anything else instead of this ?

.o] -----Original Message----- .o] From: Arcady Genkin [mailto:a.genkinutoronto.ca] .o] Sent: Wednesday, July 04, 2001 10:42 PM .o] To: timtaubertweb.de .o] Cc: PHP Mailingliste .o] Subject: Re: [PHP] Executing UNIX commands with PHP .o] .o] .o] "Tim Taubert" <timtaubertweb.de> writes: .o] .o] > how can i execute a UNIX command like .o] > 'newuser "Tim Taubert" tim password' .o] > ? and am i able to fetch the results of such commands? .o] .o] Since someone else replied to your question, I'll just mention that .o] running such command may be a really bad idea. If someone runs `ps' .o] at the same time, he'll be able to see the password for user `tim' in .o] clear text. .o] -- .o] Arcady Genkin .o] i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

You could popen() the command, I believe, and do it interactively...

-----Original Message----- From: Tim Taubert [mailto:timtaubertweb.de] Sent: Wednesday, July 04, 2001 4:47 PM To: PHP Mailingliste Subject: RE: [PHP] Executing UNIX commands with PHP

mh this is bad...

can i do anything else instead of this ?

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

"Tim Taubert" <timtaubertweb.de> wrote:

> mh this is bad... > > can i do anything else instead of this ?

crypt the password before inserting it into the user account?

-- Henrik Hansen

attached mail follows:

It is (finally!) available at http://www.phpauction.org - Everyone interested in helping with the localization project, translating to other languages than english is welcome!

Thanks Gianluca

-- ALBASOFTWARE C/ Mallorca 186 - 3º 1ª 08036 Barcelona (Spain) Tel. +34 93454009 - +34 934549324 Fax. +34 934541979

ICQ 47323154

webmaster

albasoftware.com http://www.albasoftware.com http://www.phpauction.org http://www.gianlucabaldo.com

attached mail follows:

PHP version 4.0.5 under: SunOS 5.8 Generic_108528-07 sun4u sparc SUNW,Ultra-Enterprise magic_quotes_gpc = On magic_quotes_runtime = Off

It appears that PHP by default escapes arguments of any commands passed to exec() and friends (passthru(), popen()). As a result I am not able to pass an argument consisting of two tokens, separated by space, as one argument.

Is this intended behavior? Is this inflicted by some option in php.ini? I have another server running FreeBSD with virtually identical php.ini file, and it doesn't exhibit such misbehavior.

Many thanks for any ideas,

-- 
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

Hi All,

Does anyone know if this can be done with one query?

I have to create a chart based on info in two tables that are four tables apart.

Here are the relevant tables and just the most relevant fields...

accident_report - ID - weekending (this is a YYYY-MM-DD format date) - (and others)

accident_data - ID - accident_report_id - (and others)

accident_cause (a lookup table) - ID - accident_data_id - cause_id

cause (a list of possible causes of accidents ie. "falling object" or "electric shock" - ID - Description

I need to list all the causes with the number of times each has occurred, even if it's zero times... they don't need to be listed in any particular order...

Cheers

Simon Kimber

attached mail follows:

On 04-Jul-01 Simon Kimber wrote: > Hi All, > > Does anyone know if this can be done with one query? > > I have to create a chart based on info in two tables that are four tables > apart. > > Here are the relevant tables and just the most relevant fields... > > accident_report > - ID > - weekending (this is a YYYY-MM-DD format date) > - (and others) > > accident_data > - ID > - accident_report_id > - (and others) > > accident_cause (a lookup table) > - ID > - accident_data_id > - cause_id > > cause (a list of possible causes of accidents ie. "falling object" or > "electric shock" > - ID > - Description > > > I need to list all the causes with the number of times each has occurred, > even if it's zero times... they don't need to be listed in any particular > order... >

"select cause.ID, count(*) as cnt from ... WHERE ... group by cause.ID";

Regards,

-- Don Read dread

texas.net -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it.

attached mail follows:

Sorry!!! I'm stupid! I forgot to mention that the list of causes has to be for a specified accident_report.weekending

Cheers

Simon

> -----Original Message----- > From: Don Read [mailto:dreadtexas.net] > Sent: 04 July 2001 23:21 > To: Simon Kimber > Cc: php-generallists.php.net > Subject: RE: [PHP] MySQL problem > > > > On 04-Jul-01 Simon Kimber wrote: > > Hi All, > > > > Does anyone know if this can be done with one query? > > > > I have to create a chart based on info in two tables that are > four tables > > apart. > > > > Here are the relevant tables and just the most relevant fields... > > > > accident_report > > - ID > > - weekending (this is a YYYY-MM-DD format date) > > - (and others) > > > > accident_data > > - ID > > - accident_report_id > > - (and others) > > > > accident_cause (a lookup table) > > - ID > > - accident_data_id > > - cause_id > > > > cause (a list of possible causes of accidents ie. "falling object" or > > "electric shock" > > - ID > > - Description > > > > > > I need to list all the causes with the number of times each has > occurred, > > even if it's zero times... they don't need to be listed in any > particular > > order... > > > > "select cause.ID, count(*) as cnt from ... > WHERE ... > group by cause.ID"; > > Regards, > -- > Don Read dreadtexas.net > -- It's always darkest before the dawn. So if you are going to > steal the neighbor's newspaper, that's the time to do it. >

attached mail follows:

If I have a JPEG image, what is the best way to put text or another image at a certain place using the gd library?

Todd

-- Todd Cary Ariste Software todd

aristesoftware.com

attached mail follows:

Todd,

I'm not sure if you can write text to an existing image as I add to a new one but here is the code I use...

$updateTime = date("F d, Y - h:ia"); $text = "New Movie Reviews hyrum.net ".$updateTime;

$image = ImageCreate(500, 70); $bg = ImageColorAllocate($image, 255, 255, 255); $blue = ImageColorAllocate($image, 0, 0, 255); $black = ImageColorAllocate($image, 0, 0, 0); $himage= ImageCreateFromPNG("/home/hyrum/public_html/images/topics/hyrum.png"); ImageRectangle($image, 0, 0, 500, 70, $white); ImageCopy($image, $himage, 410, 5, 1, 1, 89, 64); ImageString($image, 4, 0, 0, $text, $blue); ImageString($image, 3, 0, 20, $title1, $black); ImageString($image, 3, 0, 35, $title2, $black); ImageString($image, 3, 0, 50, $title3, $black);

ImagePNG($image, "signature.png"); ImageDestroy($image);

So you could create a new image and copy your jpg to the new canvas or (and preferably) someone will know if you can add text to an already existing image...

Jeff

> -----Original Message----- > From: Todd Cary [mailto:toddaristesoftware.com] > Sent: Wednesday, July 04, 2001 6:30 PM > To: php-generallists.php.net > Subject: [PHP] Best way to put text on image > > > If I have a JPEG image, what is the best way to put text or another > image at a certain place using the gd library? > > Todd > > -- > Todd Cary > Ariste Software > toddaristesoftware.com > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > > >

attached mail follows:

I have 5 checkbox's in a form that I what to make sure at least one of the checkbox is checked.

I am checking for blank field buy doing this below How can I check for at least one of the above check boxes is checked if ($name == "") { $name_err = " <font color=red>Please enter your name!</font><br> ";

$send = "no"; }

Best regards, Richard mailto:rkurthpacifier.com

attached mail follows:

"Richard Kurth" <rkurthpacifier.com> wrote: > I have 5 checkbox's in a form that I what to make sure at least one of > the checkbox is checked. > > <input type='checkbox' name='interest' value='basic'> > <input type='checkbox' name='interest3' value='Internet access '> > <input type='checkbox' name='interest1' value='pro'> > <input type='checkbox' name='interest4' value='domain name'> > <input type='checkbox' name='interest2' value='platinum'>

if ( $interest == 'basic' || $interest3 == 'Internet access' || ... $interest2 == 'platinum' ) { echo "At least one was checked."; }

Ignoring the first input box you could also use a loop since the field names are sequential. You could also handle the first field, by starting $i at 0 and only appending $i if it's greater than 0, but I don't want to clutter the code. The code below assumes the fields aren't preset to values other than those listed above.

for ( $i = 1; $i < 4; $i++ ) { $field = 'interest' . $i; if ( ! empty( $$field ) ) { $flag = TRUE; } }

if ( $flag == TRUE ) { echo "At least one was checked."; }

-- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/

attached mail follows:

I am a newbie attempting to get Apache working with PHP 4 and MySQL on 7.2. All three are installed, Apache is running, it says that the PHP module is installed and I can manually log into mysql.

From http://localhost: Operating system: [ SuSE Linux 7.2 (i386) ] Host: [ linux.local, Kernel: 2.4.4-4GB (i686) ]

Webserver version: [ Apache/1.3.19 (Unix) (SuSE/Linux) ]

Installed modules: [ PHP4 module ] [ Apache perl module (mod_perl) ] [ Apache DAV module (mod_dav) ] [ Apache Python module (mod_python) ]

My first problem, when I try to load a php file (ie http://localhost/phpinfo.php) Koqueror shows the Open With dialog window. It does not seem to be recognizing php as a valid extension.

My http.conf file has the following AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps

AddType application/x-tar .tgz

What else can I do ? Is there a HOWTO for SuSE on this ? Everything I have seen is for other distros which use Apachectl for instance, not applicable to SuSE and I don't yet understand enough about what I am doing to translate.

Thanks

Chuck

attached mail follows:

Hi Arcady! On Wed, 04 Jul 2001, Arcady Genkin wrote:

> Does PHP provide no high-level means of iterating over the UNIX > /etc/group file, a la getgrent() C function? The task is to figure > out all groups that a user is in on a system with PHP in _safe mode_ > (hence, cannot read from /etc/group directly). > Am I overlooking something? > system ("/usr/bin/id $user -G");

-- teodor

attached mail follows:

teogecadsoftware.com writes:

> On Wed, 04 Jul 2001, Arcady Genkin wrote: > > > Does PHP provide no high-level means of iterating over the UNIX > > /etc/group file, a la getgrent() C function? The task is to figure > > out all groups that a user is in on a system with PHP in _safe mode_ > > (hence, cannot read from /etc/group directly). > > Am I overlooking something? > > > system ("/usr/bin/id $user -G");

Thanks, but this would not work in safe mode.

I solved the problem by having a cron job making a local copy of /etc/group once in a while; my script then goes through it line by line to extract the groups. But this is a hack...

I could, of course, install `id' in the safe_mode_exec_dir, but the sys admin is rather reluctant to have too many executables in there, and I understand him. I just wish that PHP had a posix_getgrent() function. Maybe I should file a feature request... I'll go do that now.

-- 
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

Hello,

did you try printing it with either var_dump() or print_r() function? What result did you get?

----- Original Message ----- From: "Jeff Gannaway" <webmastercactusgraphics.com> To: <php-generallists.php.net> Sent: 2001. július 3. 14:05 Subject: [PHP] Basic multi-dimensional array help

I've got input fields in a form that look like: <INPUT TYPE=HIDDEN NAME=Person[0] VALUE=Jeff> <INPUT TYPE=CHECKBOX NAME=Info[0][] VALUE=Apples> <INPUT TYPE=CHECKBOX NAME=Info[0][] VALUE=Oranges> <INPUT TYPE=CHECKBOX NAME=Info[0][] VALUE=Peaches> <INPUT TYPE=CHECKBOX NAME=Info[0][] VALUE=Pears>

The next script processes all this into a database. Here are the results I get from various commands:

sizeof($Info): 2 sizeof($Info[0]): 4 print $Info[0][0]: Array[0]

Any help? Jeff Gannaway

___________________________________________________________

SUMMER ART PRINT SALE at www.PopStreet.com Save an additional 10% off art print orders of $50 or more. Type in coupon code jemc when checking out. ___________________________________________________________

Find the right art print for your home. * Search by artist, color, art style and subject. * Preview the art prints against your wall color. * Specializing in contemporary, abstract and African American art. * Every day discounts on thousands of fine art prints.

PopStreet.com is your avenue to art.

http://www.popstreet.com ___________________________________________________________ Coupon may be redeemed from June 27 through July 31, 2001.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

"Steve Werby" <steve-listsbefriend.com> writes:

> "Clayton Dukes" <cdukescdukes.com> wrote: > > How can I write code that will search the database and check the > > validity > of an email address, and if it's bad, to remove that > > entry from the database? > > Like Tom said, use regex to check the email is of a valid format. A small > percentage of servers can be contacted to find whether an email address is > valid, but fewer and fewer are allowing this so it's completely unreliable.

There's a nifty little open source program called `vrfy' which does nice things about email veryfication. Finding it is left as an exercise to the interested (I found it in FreeBSD's ports). Excerpt from the man page:

NAME vrfy - Verify electronic mail addresses

SYNTAX vrfy [options] [-v] address [host] vrfy [options] [-v] -f [file] [host] vrfy [options] [-v] -p domain vrfy [options] [-v] -T domain [name]

DESCRIPTION vrfy is a tool to verify electronic mail addresses. The only required parameter is the address to be verified. The actual verification will be carried out at the remote machine where mail to the given address would normally be delivered. This may be a mail exchange host and not the final destination host. If an explicit host is given as the second argument on the command line, the specified address is verified at that machine.

The output of the program shows whether or not the address can be handled at the contacted host. Error messages will be printed if the address is invalid. If the address is recognized, the output shows the remote host's notion of the (possibly translated) address. If it represents a local user at that host, additional information about the user may be displayed.

Note that if the address is accepted by the contacted host, but this is not the final destination host, one still cannot be sure that the address represents a valid recipient.

It is a handy tool to verify local mail addresses. If you have set up a .forward file, you can verify your own address to check that the forwarding is done properly. If you specify an arbitrary name, you can check whether this resolves to any valid recipients.

-- 
Arcady Genkin
i=1; while 1, hilb(i); i=i+1; end

attached mail follows:

> "Steve Werby" <steve-listsbefriend.com> writes: > > Like Tom said, use regex to check the email is of a valid format. A small > > percentage of servers can be contacted to find whether an email address is > > valid, but fewer and fewer are allowing this so it's completely unreliable.

"Arcady Genkin" <a.genkinutoronto.ca> wrote: > There's a nifty little open source program called `vrfy' which does > nice things about email veryfication. Finding it is left as an

It is a cool tool, but like I said in my email most servers won't allow you to test email address validity. It's possible using the command VRFY or the even more dangerous EXPN to determine whether an email address is valid or in the case of EXPN to expand an alias to return a list of all recipients. It's a good idea to disable these commands on the server so spammers can't easily determine valid email addresses, malicious folks can't get a list of all of your employee email addresses and hackers can't determine valid usernames to attack the server with. FYI, in sendmail both commands can be disabled by making sure PrivacyOptions is set as follows:

PrivacyOptions=noexpn novrfy

Or you can set them to the following which goes a little further:

PrivacyOptions=goaway

So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-(

-- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/

attached mail follows:

Okay I'm trying to use fopen() to open a file just uploaded via a form. like this:

echo "<br>parsing uploaded file . . ."; $path = fopen($form_data, "r");

echo "<br>opeing a path . . ."; $thesize = filesize($form_data);

echo "<br>getting size . . ."; $tmpdata = fread($path, $thesize);

echo "<br>reading data . . ."; $data = addslashes($tmpdata);

but I get this error:

parsing uploaded file . . . Warning: SAFE MODE Restriction in effect. The script whose uid is 10294 is not allowed to access /tmp/phpxyqF2z owned by uid 0 in /usr/local/plesk/apache/vhosts/futurebird.com/httpdocs/mapbuild2/displaymap. php3 on line 34

Is there some kind of safe mode that keeps fopen() from looking at the tempoary directory where the uploaded file is stored?

The other error:

Warning: fopen("/tmp/phpxyqF2z","r") - Success in /usr/local/plesk/apache/vhosts/futurebird.com/httpdocs/mapbuild2/displaymap. php3 on line 34

When it says "Success" what is it talking about?

Is there a way around this? Maybe since I'm on a vitual server I need to include a more full path?

I'm deeply confused.

Susan

attached mail follows:

I had an example of a function to open a file and read its contents into an array. It worked so that each line of the file was one element of the array. I can't find my example, nor can I get it to work the way I'd like. Any help?

=- Jonathan Campbell ( healsdatayahoo.com )

Mid days haze and I'm still not awake I got everything going but my bills are still late Funnier than hell and I think it's a blast Life's like a laugh when you got no money

Lyrics from "Average Day" by Aztek Trip ( http://www.aztektrip.com )

attached mail follows:

file() http://php.net/file ----- Original Message ----- From: JCampbell <jonenter.net> To: <php-generallists.php.net> Sent: Thursday, July 05, 2001 10:48 AM Subject: [PHP] Basic fopen() question

> I had an example of a function to open a file and read its contents into an > array. It worked so that each line of the file was one element of the array. > I can't find my example, nor can I get it to work the way I'd like. Any > help? > > > =- > Jonathan Campbell ( healsdatayahoo.com ) > > Mid days haze and I'm still not awake > I got everything going but my bills are still late > Funnier than hell and I think it's a blast > Life's like a laugh when you got no money > > Lyrics from "Average Day" by Aztek Trip ( http://www.aztektrip.com ) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Normally when I'm looking for a function I start at a given spot, for example, you've found yourself here :

http://www.php.net/manual/en/function.fopen.php

From there, a good place to go is the given section, which in this case is here :

http://www.php.net/manual/en/ref.filesystem.php

Which contains a long list of file related a functions with brief descriptions. Within the list is :

file Reads entire file into an array

Granted it's a fairly long list, but through time the names and functions become remembered, and quicker and quicker they'll be found.

http://www.php.net/manual/en/function.file.php

regards, philip

On Wed, 4 Jul 2001, JCampbell wrote:

attached mail follows:

How do you (re)compile PHP on Mandrake??? I need it to be a module in Apache, but --with-apache gives me the error cannot find httpd.h ( the file is not on the system)

PHP works fine the way it sits, but I need mssql support and attempted to upgrade to 4.0.6 with dbx support.. but have no luck.

Roger

attached mail follows:

it is running some custom news server software, so drop me a line if you notice it acting strangely with your favorite news reader.

(the server software will be released soonish. keep an eye on http://news.php.net/ for an announcement.)

the article numbers have all changed relative to the old news server, so you may need to flush your .newsrc to get things back in order. (the posts from the old php3 mailing list have been broken out into a 'new' php.version3 group, and are no longer lumped in with the php.general group.)

jim

attached mail follows:

I have see my php.ini and i fill with my stmp server in my network.... but still i can't... which stmp server should i add it. in my network, there are smtp server....but i not the server....

note : i have add to php.ini my smtp server is mail.pesat.net.id but still not working... can any one help me...?

----- Original Message ----- From: Ivan Balazs <ibalazssch.bme.hu> To: php <php_aminghotmail.com> Cc: Php Mailing List <php-generallists.php.net> Sent: Wednesday, July 04, 2001 6:52 PM Subject: Re: [PHP] mail problem...

> Hi! > > It seems to be a php-specific problem. Check your php config file (in php4 > it is php.ini). There you should find a line related to the smtp server. > Fill it with its correct content. > > Balazs > > On Wed, 4 Jul 2001, php wrote: > > > hai... > > > > I have install php and i want to create email direct.... > > > > but when i run my php...but i get error message > > > > Warning: Failed to Connect in e:/learn/php/mail.php on line 24 > > email failed > > > > or i need to add object mail in php.... > > anyone help me with this... > > > > my code like this... > > ============================================================================ ===== > > > > > > > > <html> > > <head> > > <title>Update User</title> > > </head> > > <body> > > > > > > <?php > > > > $applicant = "Hendra"; > > $company = "PT. Sistem Intergra Indonesia"; > > $phone = "324592"; > > > > $to= "amg_landhotmail.com"; > > $subjek = "Testing php script"; > > $header ="\nForm: hrd.co.id\n"; > > $body = "\nName : " .quotemeta($application). > > "\nCompany : " .quotemeta($company). > > "\phone : " .quotemeta($phone); > > > > $success = mail($to, $subjek, $body, $header); > > > > if ($success) > > { > > echo("email has been send"); > > }else > > { > > echo("email failed"); > > > > } > > > > ?> > > > > </body> > > </html> > > > > ============================================================================ ==== > > > > > >

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]