NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2002-07

php-general-digest-help_at_lists.php.net
Date: Tue Jul 23 2002 - 08:09:09 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 23 Jul 2002 13:09:09 -0000 Issue 1481

Topics (messages 108995 through 109073):

Looked at documentation, should be fine
108995 by: Dean Ouellette
109000 by: Chris Earle

Re: Formating datevariables...
108996 by: John Holmes

Re: Digit Grouping
108997 by: John Holmes

Re: MySQL - PHP combined log
        108998 by: Dave [Hawk-Systems]
        109045 by: PHPCoder
        109061 by: John Holmes

Re: Traversing an appendable file
108999 by: Chris Earle

Re: does this mean ....
109001 by: Chris Earle

Re: imagecolortransparent()
109002 by: Tom Rogers
109013 by: Tom Rogers

Getting current URL
        109003 by: Sailom
        109006 by: Peter
        109009 by: Sailom

Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
        109004 by: Miguel Cruz
        109019 by: Justin French
        109069 by: Jay Blanchard
        109072 by: Adam Voigt

How to store an image into a mysql database using php language?
109005 by: Rija
109064 by: John Holmes

returning form variables to previous page
109007 by: dan rossi

number of files in a dir vs. performace
        109008 by: eat pasta type fasta
        109012 by: Jason Wong
        109032 by: Michael Sims
        109036 by: Miguel Cruz

Re: Pine config
109010 by: Miguel Cruz

Using fopen()/fread()/fscanf()
        109011 by: Jason Soza
        109025 by: David Robley
        109043 by: Jason Soza
        109044 by: Martin Towell
        109049 by: Jason Soza
        109050 by: Jason Wong
        109055 by: Jason Soza
        109058 by: Jason Wong

Problem with Not displaying HTML if data not found
        109014 by: markbm
        109016 by: Martin Towell
        109020 by: markbm
        109023 by: Martin Towell

redirecting after login
        109015 by: Tim Thorburn
        109018 by: Martin Towell
        109028 by: César Aracena
        109029 by: César Aracena
        109037 by: Miguel Cruz
        109051 by: Tim Thorburn
        109052 by: Peter
        109056 by: David Freeman
        109060 by: John Holmes
        109063 by: Bas Jobsen
        109070 by: Jay Blanchard

Re: Newbie getting close, form submission
109017 by: Justin French

Passing Special Characters In url
        109021 by: Ricky
        109024 by: Martin Towell
        109027 by: Justin French
        109030 by: Miguel Cruz

Re: Comma question
109022 by: Justin French
109031 by: Miguel Cruz

Re: another problem
109026 by: Justin French

Re: Doing an HTML POST using header()
109033 by: Miguel Cruz

Re: HTML E-mails
        109034 by: Miguel Cruz
        109039 by: Manuel Lemos
        109042 by: Miguel Cruz
        109046 by: Manuel Lemos

Re: Inline Images ?
109035 by: Miguel Cruz

Re: Script executing Telnet Shell Command...
109038 by: Miguel Cruz

Re: php security mailing list ...
109040 by: Manuel Lemos

Re: [ANNOUNCE] PHP Security Advisory: Vulnerability in PHP
109041 by: Manuel Lemos

PHP security bug and patch
109047 by: Michal Dvoracek
109048 by: Peter

OO Programming - get practical
        109053 by: Paul Dionne
        109062 by: Javier Montserat
        109071 by: Jay Blanchard

How to add new user to the domain
109054 by: Anan

Re: multiple search
109057 by: JJ Harrison

PHP input and variables dynamic :)
109065 by: Andy Whittlestone

Question to 'DIR'
109066 by: Alexandre M. Stassevitch

Re: [webdevelopersjournal-discuss] php vuln.
109067 by: Neil Highley

Headers already sent (Sometimes)
109068 by: Jacob Dorman

array_rand() and seed
109073 by: Naintara Jain

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

I am running this on php 3.0
I have read every document I could find on the web, and cant figure out
why this form submission is not working.

No errors, just does not sent the e-mail to my account

<?php
If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
  $MailToAddress = emailhere.com;
  $MailSubject = 'Get Involved List';
  }
?>

<?
If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD'])
  if (isset($HTTP_POST_VARS['email'])) {
    $MailFromAddress = $HTTP_POST_VARS['email'];
  } else {
    $MailFromAddress = 'emailhere.com';
  }

  $Message = $HTTP_POST_VARS['Message'];
  if (isset($HTTP_POST_VARS['Header'])) {
     $Message = $HTTP_POST_VARS['Header'] . "\n\n$Message";
  }

  if (isset($HTTP_POST_VARS['Footer'])) {
    $Message .= "\n\n$HTTP_POST_VARS[Footer]";
  }

  mail($MailToAddress, $MailSubject, $Message, $MailFromAddress);
  ?>

attached mail follows:

>>$MailToAddress = emailhere.com;

No quotes around the e-mail address.

>> $Message .= "\n\n$HTTP_POST_VARS[Footer]";
You left out quotes from "Footer"

"Dean Ouellette" <deanouellette.ws> wrote in message
news:00b901c231e6$30300e10$9c89adacyoda...
> I am running this on php 3.0
> I have read every document I could find on the web, and cant figure out
> why this form submission is not working.
>
> No errors, just does not sent the e-mail to my account
>
> <?php
> If ('GET' == $HTTP_SERVER_VARS['REQUEST_METHOD']) {
>>>>>> $MailToAddress = emailhere.com;
> $MailSubject = 'Get Involved List';
> }
> ?>
>
> <?
> If ('POST' == $HTTP_SERVER_VARS['REQUEST_METHOD'])
> if (isset($HTTP_POST_VARS['email'])) {
> $MailFromAddress = $HTTP_POST_VARS['email'];
> } else {
> $MailFromAddress = 'emailhere.com';
> }
>
> $Message = $HTTP_POST_VARS['Message'];
> if (isset($HTTP_POST_VARS['Header'])) {
> $Message = $HTTP_POST_VARS['Header'] . "\n\n$Message";
> }
>
> if (isset($HTTP_POST_VARS['Footer'])) {
>>>>> $Message .= "\n\n$HTTP_POST_VARS[Footer]";
> }
>
> mail($MailToAddress, $MailSubject, $Message, $MailFromAddress);
> ?>
>

attached mail follows:

> I have a column in a mysql table with a timestamp. The value of this
> column
> is for instance:
>
> 20020722185242
>
> How do i change the format on this to "DDMMYYYY" (22072002) in php?

SELECT DATE_FORMAT(date_column,'%d%m%Y') AS Formatted_Date FROM
your_table

There's no need to involve PHP at all...

---John Holmes...

attached mail follows:

> I've got a small question. Does php provide any function to group a
number
> like 3193576 into 3.193.576 ? Just reads easier when the hits for my
> website are being displayed ... Or if php doesn't have a function for
it
> ..
> anybody any good suggestions on how to do it?

number_format()

---John Holmes...

attached mail follows:

<clip>
>>I want to be able to view a single log that contains the following:
<clip>
>
>http://php.net/error_log
>

how about this curve... getting PHP to append a line to the apache log.

Currently we are exporting via fopen clf formatted logs for file uploads (whose
file sizes are not recorded by Apache's logging) then doing a merge of the log
files afterwards...

would much rather pump the clf formatted log sting directly into the appropriate
apache log, but if I am not mistaken, using the above function would require
permissions for user nobody(www, whatever) on the log files, no?

cheers,

Dave

attached mail follows:

Thanks, but all these "methods" require modification of the scripts
already on the server, and it won't ensure any new script being written
by a user on my system to comply.
Are you all saying that there are no logs kept by default of errors
generated on php/mysql pages at all unless specifically coded? Wouldn't
it be possible then in future PHP releases to have a "set_error_logging"
directive in the php.ini file that will automatically run a wrapper
function on all mysql_query() functions to do this kind of thing?

How are people out there managing the scripts/script errors caused by
users on their systems? Or is it a case of "handling the crisis when it
happens"?
You see, as administrator, I need to be able to quickly see who are
coding in such a way as to leave security holes, or even worse, cause
the server to crash due to poor coding. There are almost 1000 individual
php files on my server, and it wouldn't be possible for me to scrutinize
all of them to make sure they are OK.
Are there any admins out there that have policies about scripting
practices on their systems; ie, checking a script from a user before it
is allowed to be uploaded etc?

Thanks

Richard Lynch wrote:

>>Hi, tried this on mysql list, no luck:
>>
>>I want to be able to view a single log that contains the following:
>>
>>IP of user : page_name (PHP only): time/date: MySQL query ( 'select *
>>
>>from xxx' etc.) : error msg from mysql/php if any
>
>>So it's almost a hybrid between apache and mysql with some extra's
>>
>>I'm sure you all should see the benifit of this in troubleshooting and
>>specially keeping track of who does what when it comes to PHP coding on
>>ones server, specially with crappy code that kills the server.
>>
>>Is something like this possible, already there?
>>
>>PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x
>>
>
>http://php.net/error_log
>
>if you can get everybody to use your own function to query the database.
>
>Or, you could use http://php.net/set_error_handler and
>http://php.net/trigger_error and catch all errors thrown by all PHP code.
>
>Actually, to get the PHP page name and line number, set_error_handler is
>probably your best bet.
>

attached mail follows:

I guess I missed the part where you wanted to implement something w/o
changing existing scripts.

There's no easy way to do it right now. You could write a script that'll
run in the background and combine all of the error logs together. You
can turn on error logs for PHP and for MySQL. You'll still have the
problem of identifying which PHP page caused the MySQL error, though...

---John Holmes...

> -----Original Message-----
> From: PHPCoder [mailto:internetvsa.co.za]
> Sent: Tuesday, July 23, 2002 2:23 AM
> To: Richard Lynch
> Cc: php-general
> Subject: Re: [PHP] Re: MySQL - PHP combined log
>
> Thanks, but all these "methods" require modification of the scripts
> already on the server, and it won't ensure any new script being
written
> by a user on my system to comply.
> Are you all saying that there are no logs kept by default of errors
> generated on php/mysql pages at all unless specifically coded?
Wouldn't
> it be possible then in future PHP releases to have a
"set_error_logging"
> directive in the php.ini file that will automatically run a wrapper
> function on all mysql_query() functions to do this kind of thing?
>
> How are people out there managing the scripts/script errors caused by
> users on their systems? Or is it a case of "handling the crisis when
it
> happens"?
> You see, as administrator, I need to be able to quickly see who are
> coding in such a way as to leave security holes, or even worse, cause
> the server to crash due to poor coding. There are almost 1000
individual
> php files on my server, and it wouldn't be possible for me to
scrutinize
> all of them to make sure they are OK.
> Are there any admins out there that have policies about scripting
> practices on their systems; ie, checking a script from a user before
it
> is allowed to be uploaded etc?
>
> Thanks
>
>
> Richard Lynch wrote:
>
> >>Hi, tried this on mysql list, no luck:
> >>
> >>I want to be able to view a single log that contains the following:
> >>
> >>IP of user : page_name (PHP only): time/date: MySQL query ( 'select
*
> >>
> >>from xxx' etc.) : error msg from mysql/php if any
> >
> >>So it's almost a hybrid between apache and mysql with some extra's
> >>
> >>I'm sure you all should see the benifit of this in troubleshooting
and
> >>specially keeping track of who does what when it comes to PHP coding
on
> >>ones server, specially with crappy code that kills the server.
> >>
> >>Is something like this possible, already there?
> >>
> >>PS, Running RedHat 7.0 with PHP4 and mysql 3.23.x
> >>
> >
> >http://php.net/error_log
> >
> >if you can get everybody to use your own function to query the
database.
> >
> >Or, you could use http://php.net/set_error_handler and
> >http://php.net/trigger_error and catch all errors thrown by all PHP
code.
> >
> >Actually, to get the PHP page name and line number, set_error_handler
is
> >probably your best bet.
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I was thinking it was obvious because otherwise I'd have just been using
that and not even posted about the "a/a+". Using "a" works in the way that
it is supposed to (it starts at the end), but what I wanted was to use
append and then just append to anywhere in the file.

Currently to get that done I use "file(filelocation);" and then just search
that array for what I want. Once I find it I save the key and then
concatenate what I want to that line. Then after I've done that I implode
the array and "w" (write) that. This of course works perfectly, but once
the file starts to get larger, I'm worried that it is going to become slow,
so I was looking for a way to append (which now that I think about it, would
do the same thing, only with less work on my part).

"Richard Lynch" <richphpbootcamp.com> wrote in message
news:php.general-108966news.php.net...
> >Is there any way to fseek (or something to the exact same effect) a file
> >opened with "a" or "a+"?
> >
> >I've tried rewinding and fseeking appendable files, but neither work.
> >
> >Opening up in "r+" gives me part of the desired result, but if where I
want
> >to write is not at the end, it writes over things, which I obviously do
not
> >want.
>
> It may be obvious to you that you don't want that, but it's not to anybody
> else :-)
>
> Use r+ and fseek to the end of the file. You can use PHP's filesize
> (filelength?) function to find out where that is.
>
> I think a+ is only if you are "promising" not to go backwards into the old
> data... Maybe it's for some kind of OS optimization or something...

attached mail follows:

"r+" allows you to read and write... if that's what you wanted (I think it
is). Note that it will write over any data that is behind the location of
the file pointer (so write to the end of the file).

"Peter" <phpvfsa.com.au> wrote in message
news:DPEPKCNEFOKBCNNANCIPEEJCCGAA.phpvfsa.com.au...
>
>
> > -----Original Message-----
> > From: David Robley [mailto:robleydparadise.net.nz]
> > Sent: Tuesday, 23 July 2002 10:41 AM
> > To: php-generallists.php.net
> > Subject: [PHP] Re: does this mean ....
> >
> >
> > In article <DPEPKCNEFOKBCNNANCIPMEINCGAA.phpvfsa.com.au>,
> > phpvfsa.com.au
> > says...
> > > hi all,
> > >
> > > I'm tring to make a script to prompt for a username & then a password
=
> > > for that user onto the actual machine rather than just a web site...
> > >
> > > now i've come across this this line in some documentation
> > >
> > > if ( $File =3D popen( "$useradd_prog $useradd_name", "r" ) )
> > > {
> > > .
> > > .
> > > .
> > > now to my actual question ..
> > >
> > > does that "r" just mean read? and if so should that "r" be a "w" for =
> > > write in order for it to work?
> > >
> > >
> > >
> > > Cheers=20
> > >
> > > Peter=20
> > > "the only dumb question is the one that wasn't asked"=20
> > > =20
> >
> > If you are just checking the name/password against an existing list,
then
> > you only need read. If you want to add something, then you need a
> > different mode.
> >
> > However, I think you may be better off uing fopen, instead of popen, if
> > you are trying to do what I think you are. The documentation for
> > fopen has
> > a comprehensive description of the modes available; note that w is
kindof
> > destructive in the wrong context :-)
> >
> > Cheers
> > --
> > David Robley
> > Temporary Kiwi!
> >
> > Quod subigo farinam
> >
> i'm tring to run the useradd command (under Solaris) to add a user to the
> system so i don't have to continueously remote log in and also make it
> easier for myself to add users to the system(s).. maybe popen isn't the
best
> option for this .. though i don't think fopen will be able to do what i
need
> it to do.. maybe playing around with sockets would be better?
>
>
> Cheers
>
> Peter
> "the only dumb question is the one that wasn't asked"
>
>

attached mail follows:

Hi,

Tuesday, July 23, 2002, 5:16:43 AM, you wrote:

N> "Tom Rogers" <trogerskwikin.com> wrote in message
N> news:16878540805.20020722210409kwikin.com...
>> Hello Nick,
>>
>> Monday, July 22, 2002, 8:47:39 PM, you wrote:
>>
>> N> i get php to allocate a colour then make it transparent using
>> N> imagecolortransparent()
>>
>> N> instead of turning it transparent it becomes black.
>>
>> N> Is it something i'm doing wrong? can anyone help me?
>>
>> N> thanx in advance
>>
>> Post a bit of the code so we can see what you are doing
>>
>> --
>> Tom
>>

N> $im = imagecreate($size, 21);

N> $bgcolour =
N> imagecolorallocate($im,hexdec(substr($table[bg],0,2)),hexdec(substr($table[b
N> g],2,2)),hexdec(substr($table[bg],4,2)));
N> $fontcolour =
N> imagecolorallocate($im,hexdec(substr($table[fg],0,2)),hexdec(substr($table[f
N> g],2,2)),hexdec(substr($table[fg],4,2)));

N> if ($table[bg] == "no") {
N> $trans = imagecolortransparent ($im,$bgcolour);
N> }

It looks like you are using $table[bg] for 2 purposes
if it is 'no' it will not be a true hex value for the background
colour.
Tom

-- Best regards, Tom

attached mail follows:

Hi,

Tuesday, July 23, 2002, 5:16:43 AM, you wrote:

N> "Tom Rogers" <trogerskwikin.com> wrote in message N> news:16878540805.20020722210409kwikin.com... >> Hello Nick, >> >> Monday, July 22, 2002, 8:47:39 PM, you wrote: >> >> N> i get php to allocate a colour then make it transparent using >> N> imagecolortransparent() >> >> N> instead of turning it transparent it becomes black. >> >> N> Is it something i'm doing wrong? can anyone help me? >> >> N> thanx in advance >> >> Post a bit of the code so we can see what you are doing >> >> -- >> Tom >>

N> $im = imagecreate($size, 21);

N> $bgcolour = N> imagecolorallocate($im,hexdec(substr($table[bg],0,2)),hexdec(substr($table[b N> g],2,2)),hexdec(substr($table[bg],4,2))); N> $fontcolour = N> imagecolorallocate($im,hexdec(substr($table[fg],0,2)),hexdec(substr($table[f N> g],2,2)),hexdec(substr($table[fg],4,2)));

N> if ($table[bg] == "no") { N> $trans = imagecolortransparent ($im,$bgcolour); N> }

probably what you need is:

$im = imagecreate($size, 21); if ($table[bg] == "no") { $bgcolour = imagecolorallocate($im,1,1,1); $trans = imagecolortransparent ($im,$bgcolour); } else{ $bgcolour = imagecolorallocate($im,hexdec(substr($table[bg],0,2)),hexdec(substr($table[bg],2,2)),hexdec(substr($table[bg],4,2))); } $fontcolour = imagecolorallocate($im,hexdec(substr($table[fg],0,2)),hexdec(substr($table[fg],2,2)),hexdec(substr($table[fg],4,2)));

-- Best regards, Tom

attached mail follows:

This might be a silly question. Just like the subject, how to get the current URL? I want to make a reload button by making a form and direct user to the current page.

Sailom

attached mail follows:

> -----Original Message----- > From: Sailom [mailto:amorndetcolorado.edu] > Sent: Tuesday, 23 July 2002 12:53 PM > To: php-generallists.php.net > Subject: [PHP] Getting current URL > > > This might be a silly question. > Just like the subject, how to get the current URL? I want to > make a reload > button by making a form and direct user to the current page. > > Sailom

a couple of ways i can think of ..

1 leave the action blank in your form tags eg... <form> or <form name="foo" action="" method="POST">

2 have $PHP_SELF as ur action eg <form name="foo" action="<? $PHP_SELF ?>" method="POST">

cheers

attached mail follows:

Thanks :)

"Peter" <phpvfsa.com.au> wrote in message news:DPEPKCNEFOKBCNNANCIPEEJICGAA.phpvfsa.com.au... > > > > -----Original Message----- > > From: Sailom [mailto:amorndetcolorado.edu] > > Sent: Tuesday, 23 July 2002 12:53 PM > > To: php-generallists.php.net > > Subject: [PHP] Getting current URL > > > > > > This might be a silly question. > > Just like the subject, how to get the current URL? I want to > > make a reload > > button by making a form and direct user to the current page. > > > > Sailom > > a couple of ways i can think of .. > > 1 leave the action blank in your form tags eg... <form> or <form name="foo" > action="" method="POST"> > > 2 have $PHP_SELF as ur action eg <form name="foo" action="<? $PHP_SELF ?>" > method="POST"> > > cheers >

attached mail follows:

On Mon, 22 Jul 2002, Greg Donald wrote: > Not only did I get to re-write all my apps the past few months because of > the new register_globals default that was imposed by `the php group`...

You didn't have to. The choice was given to you, for your own good. If you have very disciplined programmers and a solid auditing process, you can still do just fine with register_globals on.

> Now I get to upgrade my PHP install once a month or so cause of new > security holes.. Yay!

Vastly preferable to the alternative: Brand X, where security holes go unpatched. The PHP group fixed the problem immediately.

> Wasn't this new register_globals setting supposed to enhance security?

Now there's a non-sequitur if ever I saw one. "What do you mean I have to stop running across the freeway? I thought giving up smoking was supposed to enhance my health."

> How would you like to be a sys admin with dozens of machines to upgrade > before you can proceed with anythign else?

I upgraded dozens of machines. It took about 10 minutes total.

miguel

attached mail follows:

Greg,

Your attitude stinks.

PHP is a FREE scripting language. Think about the amount of money you are probably charging hosting clients, or charging in web or programming services, or making in site revenue, or whatever way you 'commercially function' through PHP.

The register globals 'imposition' IS more secure and encourages better coding practices... would you prefer they made the change now, or in 5 years when you have 100's more sites to fix. Better late than later.

If you want something that will never have a bug, never have a security hole, performs perfectly from day 1, never has an upgrade/change, and will never change for the better, you are utterly dreaming!

The difference in this case is that the PHP Group aren't emptying your wallet.

Sorry to hear that you'll have to do some more upgrading, but I'd keep the complaining to yourself -- "you get what you pay for" springs to mind, but in the case of PHP, we get a whole lot more.

Justin French

on 23/07/02 2:55 AM, Greg Donald (gregdestiney.com) wrote:

> Not only did I get to re-write all my apps the past few months because of > the new register_globals default that was imposed by `the php group`... > > Now I get to upgrade my PHP install once a month or so cause of new > security holes.. Yay! > > Wasn't this new register_globals setting supposed to enhance security? > > How would you like to be a sys admin with dozens of machines to upgrade > before you can proceed with anythign else? > > Can anyone say Ruby? >

attached mail follows:

[snip] >Well, trying to updrade on Slackware Linux 8.0 and compiling with the GD >(1.8.4) libraries are giving us some headaches. Some of what seems to be >wrong; ... You're simply looking at the old PHP.

You did stop/start Apache, right?... Cuz the new PHP won't kick in until you do.

If so, almost for sure your installation of the "new" PHP binary is not happening correctly.

Watch carefully when you do "make install" to see where your new copies go. Use "locate modphp.so" or whatever it is to find out where your old copies are. [/snip]

We finally got this right yesterday afternoon, it ended up being, as Richard said, a directories problem. Ah well, live and learn :) The FreeBSD boxes went off without a hitch.

Jay

attached mail follows:

> Who said anything about M$? I don't use their crappy products so I > don't have to deal with their security issues.

I'm the one who brought up Microsoft, I'm saying it's a whole lot better then the alternatives.

> If PHP 4.2 is unsafe then why is it listed at the top of the page for > download? There is not a shread of text saying do not use in production, > no unsafe warnings whatsoever. How am I supposed to magically find the > 'do not use' warnings?

You have to magically find this by reading the messages on this list, not more then a month ago, someone asked was it considered stable for production use, and the answer was no. I was going to type a long rant about how you should test software or atleast wait a while for the kinks to be worked out of new versions instead of running cutting edge, but screw it, I'm not wasting any more time on this.

> It's not about that.. It's about the hell I've already been through with > the new register_globals setting. Then two huge ass security holes > following in the next couple of months after that.

I know, there such bastards for releasing security patches to fix the holes they know about instead of burrying the evidence and denying a hole exists. > If it doesn't bother you the hassles 'the php group' is putting me, you, > and alot of others through then I guess that's just you. I can't > help but get pissed about it. I did not have the time to do these > upgrades, but now I have to make time.

You know your right, the PHP group (god bless them) is out to get you, individually, they intentionally put security holes into the software, so they can go back later and make you patch your "dozens of systems" and make your life a living hell. And it's not just me who doesn't mind upgrading, it's just you who can't handle it.

Adam Voigt adam.voigtcryptocomm.com

attached mail follows:

I want to store image data into mysql table using BLOB but I don't know how to read it after. To record the image, I doesn't have any problem, but to read the file after and to view the image, I can't do anything the variable show only comment like this: memobin24.bin

So how can I do?

This was the script.

Include("connect.inc") ;

$fp = fopen("image/photo.jpg","r") ;

if ($fp) {

$code2 = "" ;

while (!feof($fp)) {

$buffer = fgets($fp, 4096);

$code2 = $code2.$buffer;

}

$code2 = addslashes($code2) ;

$table = 'image' ;

$instruction = mysql_query("INSERT into $table values ('','fichier inage','$code2','') or die("FATAL ERROR") ;

attached mail follows:

There's no reason to store images in a database. It's a waste of time and it's a slower process than just loading it off the disk.

If you still want to know how to do it, search the web. This question is asked every day and there are a couple dozen tutorials out there that'll tell you exactly how to do it.

---John Holmes...

> -----Original Message----- > From: Rija [mailto:rijavatu.com] > Sent: Monday, July 22, 2002 11:03 PM > To: php-generallists.php.net > Subject: [PHP] How to store an image into a mysql database using php > language? > > I want to store image data into mysql table using BLOB but I don't know > how to read it after. To record the image, I doesn't have any problem, but > to read the file after and to view the image, I can't do anything the > variable show only comment like this: memobin24.bin > > So how can I do? > > This was the script. > > <? > > Include("connect.inc") ; > > $fp = fopen("image/photo.jpg","r") ; > > if ($fp) { > > $code2 = "" ; > > while (!feof($fp)) { > > $buffer = fgets($fp, 4096); > > $code2 = $code2.$buffer; > > } > > } > > $code2 = addslashes($code2) ; > > $table = 'image' ; > > $instruction = mysql_query("INSERT into $table values ('','fichier > inage','$code2','') or die("FATAL ERROR") ; > > ?>

attached mail follows:

hi i am trying to implement error handling in a join page, i would like to try and use one page if possible and then go through in steps like ?step=1 etc , i would like to be able to return form variables to the previous step if there is an error, how could i do this ?

attached mail follows:

I'm using mysql to hold references to image files then served on my pages via PHP.

I have typically a set of two files:

thumb and a large original, on occasion there is also a variant inreasing the set to 3 per image

currently I am holding all of the files in 1 directory since the DB can keep track of them, however their number has grown to over 400 at this point

my issue is whether it would be worth it (performance wise) to split them into thumbs and works thus having 200+ files per directory as opposed to so many, I am expecting the number of images to double in the future.

________________________--__-______-______________ eat pasta type fasta

attached mail follows:

On Tuesday 23 July 2002 11:09, eat pasta type fasta wrote: > I'm using mysql to hold references to image files then served on my pages > via PHP. > > I have typically a set of two files: > > thumb and a large original, on occasion there is also a variant inreasing > the set to 3 per image > > currently I am holding all of the files in 1 directory since the DB can > keep track of them, however their number has grown to over 400 at this > point > > my issue is whether it would be worth it (performance wise) to split them > into thumbs and works thus having 200+ files per directory as opposed to > so many, I am expecting the number of images to double in the future.

Nothing to do with PHP and everything to do with the OS. FWIW 20K files in one directory on Linux is slow.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Yow! Are we wet yet? */

attached mail follows:

On Mon, 22 Jul 2002 23:09:12 -0400, you wrote:

>currently I am holding all of the files in 1 directory since the DB can >keep track of them, however their number has grown to over 400 at this >point > >my issue is whether it would be worth it (performance wise) to split them >into thumbs and works thus having 200+ files per directory as opposed to >so many, I am expecting the number of images to double in the future.

As one other poster has mentioned, this is not really a PHP issue, but more of an OS one. IMHO, anytime you are dealing with a group of files that numbers more than say, 200 or so, it's worth it to split them out in seperate directories. I would suggest some sort of one or two level hash, based on the filenames. (Forget just splitting out the thumbnails, because if you really expect the number to double in the future you'll be glad you spent the extra time to put the hash into place.) If your names are sufficiently different, I would suggest hashing the directories based on the first two characters of the filename.

For example, lets say you have two jpgs called:

joejohnson.jpg tomsmith.jpg

Place them in directories like so:

/images/j/o/joejohnson.jpg /images/t/o/tomsmith.jpg

This is similar to how a lot of mail delivery agents can be configured to deliver mail to a host with a lot of different users.

If for some reason the filenames tend to begin with the same characters, then work backward for the hash. For example, I work at a real estate company and the photos for our listings are named off the listing number. Most of the time these numbers are in the same range, so we use the LAST two digits of the number. For example:

2450067.jpg 2450256.jpg

go in

/images/6/7/2450067.jpg /images/5/6/2450256.jpg

Anyway, with a hash you have a definite algorithm to figure out where a file should be placed, and later where it should be retrieved.

HTH...

attached mail follows:

On Mon, 22 Jul 2002, eat pasta type fasta wrote: > currently I am holding all of the files in 1 directory since the DB can > keep track of them, however their number has grown to over 400 at this > point > > my issue is whether it would be worth it (performance wise) to split them > into thumbs and works thus having 200+ files per directory as opposed to > so many, I am expecting the number of images to double in the future.

400 is not very many. Tens of thousands can start to become a problem.

Look at the distribution of your file names and come up with a hashing mechanism. For instance, if your filenames are numbers, create subdirectories 0/ 1/ 2/ 3/ 4/ etc., and place the files based on their final digit.

miguel

attached mail follows:

On Fri, 19 Jul 2002, Michael Hall wrote: > This is sort of off topic, but can anyone tell me why my Pine email client > displays "To: Somebody Or Other" rather than my name "Michael Hall" > whenever I send an email to this list? > > I have attempted to fix this many times but cannot for the life of me > figure out why it is happening.

It's doing this as a favor to you. If it displayed the "From" you'd know less about the message than you know this way.

miguel

attached mail follows:

I think I'm pretty close to getting this right (maybe!), I've been reading through the manual, but can't seem to work it out. I keep getting this error:

[Mon Jul 22 19:03:24 2002] [error] PHP Warning: Supplied argument is not a valid File-Handle resource in index.php on line 66

I'm trying to open a URL, read the contents, then pull out specific info found between specific HTML tags. This is what I have so far:

63| <?php 64| $filename = fopen("http://www.kinyradio.com/juneaunews/latest_juneau_news.html", "r"); 65| $contents = fread($filename, 1000000); 66| while($headlines = fscanf($filename, "<p style=\"padding-left: 45\"><font face=\"Verdana\" size=\"3\"><b>%[a-zA-Z0-9,. ]</b></font>", $headline)) { 67| extract($headlines); 68| print "<a href=\"http://www.kinyradio.com/juneaunews/latest_juneau_news.html\">$headli ne</a><br>"; 69| } 70| fclose($filename); 71| ?>

Any ideas? Any other functions I could try instead of fscanf()?

TIA, Jason Soza

attached mail follows:

In article <JNEPLIKJKFFIIBCBFMJFEEGGCCAA.soljagci.net>, soljagci.net says... > I think I'm pretty close to getting this right (maybe!), I've been reading > through the manual, but can't seem to work it out. I keep getting this > error: > > [Mon Jul 22 19:03:24 2002] [error] PHP Warning: Supplied argument is not a > valid File-Handle resource in index.php on line 66 > > I'm trying to open a URL, read the contents, then pull out specific info > found between specific HTML tags. This is what I have so far: > > 63| <?php > 64| $filename = > fopen("http://www.kinyradio.com/juneaunews/latest_juneau_news.html", "r"); > 65| $contents = fread($filename, 1000000); > 66| while($headlines = fscanf($filename, "<p style=\"padding-left: > 45\"><font face=\"Verdana\" size=\"3\"><b>%[a-zA-Z0-9,. ]</b></font>", > $headline)) { > 67| extract($headlines); > 68| print "<a > href=\"http://www.kinyradio.com/juneaunews/latest_juneau_news.html\">$headli > ne</a><br>"; > 69| } > 70| fclose($filename); > 71| ?> > > Any ideas? Any other functions I could try instead of fscanf()?

That error indicates that fopen failed to open the requested file. Given that the URL works fine in a browser, is it possible that your php is not configured to do remote fopen? Check the setting of allow_url_fopen in phpinfo()

It is a good idea to test the result of such calls before trying to use the result:

fopen('Whatever') or exit('Couldn't get it, Boss!');

if(fopen('whatever') { do good things; }else{ bleat vigorously; }

Cheers

-- David Robley Temporary Kiwi!

Quod subigo farinam

attached mail follows:

I'm fairly certain that fopen() is working fine - I can echo "$contents"; and it works great, but it displays the entire page that I fetched. I just want certain parts of the page and unfortunately, fscanf() doesn't seem to think $contents or $filename are valid. Just more info on this, I tried replacing fscanf($filename,...) with fscanf($contents,...) and got the same result.

Thanks, Jason Soza

-----Original Message----- From: David Robley [mailto:robleydparadise.net.nz] Sent: Monday, July 22, 2002 8:37 PM To: php-generallists.php.net Subject: [PHP] Re: Using fopen()/fread()/fscanf()

It is a good idea to test the result of such calls before trying to use the result:

fopen('Whatever') or exit('Couldn't get it, Boss!');

if(fopen('whatever') { do good things; }else{ bleat vigorously; }

Cheers

-- David Robley Temporary Kiwi!

Quod subigo farinam

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I'm thinking that you need to remove the: $contents = fread($filename, 1000000); line. This is probably making the file pointer point to the end of the file.

-----Original Message----- From: Jason Soza [mailto:soljagci.net] Sent: Tuesday, July 23, 2002 4:17 PM To: David Robley; php-generallists.php.net Subject: RE: [PHP] Re: Using fopen()/fread()/fscanf()

Thanks, Jason Soza

-----Original Message----- From: David Robley [mailto:robleydparadise.net.nz] Sent: Monday, July 22, 2002 8:37 PM To: php-generallists.php.net Subject: [PHP] Re: Using fopen()/fread()/fscanf()

It is a good idea to test the result of such calls before trying to use the result:

fopen('Whatever') or exit('Couldn't get it, Boss!');

if(fopen('whatever') { do good things; }else{ bleat vigorously; }

Cheers

-- David Robley Temporary Kiwi!

Quod subigo farinam

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Okay, I removed that line and I no longer get the invalid File-Handle resource error, but I also don't get anything useful. Maybe my fscanf() line needs some work? With this new code, if I print_r($headlines); I get 229 of these: Array ( [0] => )

Code: $filename = fopen("http://www.kinyradio.com/juneaunews/latest_juneau_news.html", "r");

while($headlines = fscanf($filename, "<p style=\"padding-left: 45\"><font face=\"Verdana\" size=\"3\"><b>%[a-zA-Z0-9,. ]</b></font>")) { print_r($headlines); } fclose($filename);

What the fscanf() code -should- be doing, or at least what I intend for it to do, is grab everything between <p style="padding-left: 45...><b> and </b></font> - is my code structured for that?

-----Original Message----- From: Martin Towell [mailto:martin.towellworld.net] Sent: Monday, July 22, 2002 10:16 PM To: 'Jason Soza'; David Robley; php-generallists.php.net Subject: RE: [PHP] Re: Using fopen()/fread()/fscanf()

I'm thinking that you need to remove the: $contents = fread($filename, 1000000); line. This is probably making the file pointer point to the end of the file.

-----Original Message----- From: Jason Soza [mailto:soljagci.net] Sent: Tuesday, July 23, 2002 4:17 PM To: David Robley; php-generallists.php.net Subject: RE: [PHP] Re: Using fopen()/fread()/fscanf()

Thanks, Jason Soza

attached mail follows:

On Tuesday 23 July 2002 14:16, Jason Soza wrote: > I'm fairly certain that fopen() is working fine - I can echo "$contents"; > and it works great, but it displays the entire page that I fetched. I just > want certain parts of the page and unfortunately, fscanf() doesn't seem to > think $contents or $filename are valid. Just more info on this, I tried > replacing fscanf($filename,...) with fscanf($contents,...) and got the same > result.

Not sure why you're using fscanf() and why it doesn't work. I would use preg_match() on $contents.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Communications satellite used by the military for star wars. */

attached mail follows:

Alright, I see that this is probably the way to go, but I'm dying here. I have this:

$filename = fopen("http://www.kinyradio.com/juneaunews/latest_juneau_news.html", "r"); $contents = fread($filename, 1000000); preg_match_all("|<font face=\"Verdana\" size=\"3\"><b>+[-a-zA-Z0-9,. ]+|i", $contents, $out); print_r($out);

And it returns this:

Array ( [0] => Array ( [0] => Injured hiker [1] => Toy guns looked real enough [2] => U-S Forest Service Chief visiting [3] => Millions in compensation divided up [4] => Alaska Air [5] => One car [6] => Services [7] => Talkeetna ) [1] => Array ( [0] => Injured hiker [1] => Toy guns looked real enough [2] => U-S Forest Service Chief visiting [3] => Millions in compensation divided up [4] => Alaska Air [5] => One car [6] => Services [7] => Talkeetna ) )

This is definitely progress, but the headlines are truncated. I have a feeling this has something to do with linebreaks, but I don't know how to account for those. For example, $out[0][0] should read "Injured hiker rescued on Mt. Juneau" and $out[0][2] should end with "...Alaska for the first time".

The manual entries for preg_match and preg_match_all pretty much assume you have a working knowledge of reg expressions, which I don't, and a google search turned up a bunch of pages, none of which I could understand enough to be of help. So, any pointers would be appreciated. Thanks!

Jason Soza

-----Original Message----- From: Jason Wong [mailto:php-generalgremlins.com.hk] Sent: Monday, July 22, 2002 11:01 PM To: php-generallists.php.net Subject: Re: [PHP] Re: Using fopen()/fread()/fscanf()

Not sure why you're using fscanf() and why it doesn't work. I would use preg_match() on $contents.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* Communications satellite used by the military for star wars. */

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

On Tuesday 23 July 2002 15:38, Jason Soza wrote: > Alright, I see that this is probably the way to go, but I'm dying here. I > have this: > > $filename = > fopen("http://www.kinyradio.com/juneaunews/latest_juneau_news.html", "r"); > $contents = fread($filename, 1000000); > preg_match_all("|<font face=\"Verdana\" size=\"3\"><b>+[-a-zA-Z0-9,. > ]+|i", $contents, $out); > print_r($out);

Assuming that the <font> and <b> tags are closed and you want everything in between then try this:

preg_match_all("|<font face=\"Verdana\" size=\"3\"><b>(.*)</b></font>|i", $contents, $out);

> The manual entries for preg_match and preg_match_all pretty much assume you > have a working knowledge of reg expressions, which I don't, and a google > search turned up a bunch of pages, none of which I could understand enough > to be of help. So, any pointers would be appreciated. Thanks!

You want to read up on "Pattern Modifiers" and "Pattern Syntax", that's where all the regex black magic is explained.

-- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development *

/* He's dead, Jim. -- McCoy, "The Devil in the Dark", stardate 3196.1 */

attached mail follows:

I am trying to develop a page that, in certain places, I only want it to display the <TR> and <TD>s if data is found for a given field. For example, if I only have an image for the first floorplan of a house, I do NOT have an image for the second floorplan of a house, then show the first floorplan image only.....skip over that next row because the field in the db is empty.

The problem that I'm having is that the syntax that I've been using to define "empty" in the db field does not always work. The code reads:

if ($result[FLRPLAN_2]<>" ") { printf ("<tr>"); printf ("<td colspan=3 bgcolor=#F0F8FF>"); printf ("<font size=5> <b>Second Floor Plan:<b> </td></font>") ;

printf ("</tr>") ; printf ("<tr>"); printf ("<td colspan=3 >") ; echo "<img src='http://www.website.com/index_files/main_files/$planid/" . mysql_result($result, 0,'FLRPLAN_2')."'>'"; printf (" </td>") ; printf ("</tr> "); };

if ($result[FLRPLAN_3]<>" ") {; printf ("<tr>"); printf ("<td colspan=3 bgcolor=#F0F8FF><font size=5> <b>Third Floor Plan:<b> "); printf ("</td></font> "); printf ("</tr> "); printf ("<tr> "); printf ("<td colspan=3 >"); echo "<img src='http://www.website.com/index_files/main_files/$planid/" . mysql_result($result, 0,'FLRPLAN_3')."'>'"; printf ("</td> "); printf ("</tr> "); };

I have tried:

1. if ($result[FLRPLAN_3]<>" ") {; 2. if ($result[FLRPLAN_3]<>"") {; 3. if ($result[FLRPLAN_3]<>'') {; 4. if ($result[FLRPLAN_3]<>' ') {; 5. if ($result[FLRPLAN_3]<>NULL) {;

and none seem to work correctly (i.e. blank field in db, but HTML row shows up with missing image......or image is in db, but no HTML row shows up. If it helps, each of the "image" fields are varchar(125)....basically I just have the name of the image file, and then a pointer to the web server directory structure....

Any ideas would be greatly appreciated. Thanks.

Mark

attached mail follows:

what about if (strlen($result["FLRPLAN_3"]) > 0)

-----Original Message----- From: markbm [mailto:markbmhotmail.com] Sent: Tuesday, July 23, 2002 2:02 PM To: php-generallists.php.net Subject: [PHP] Problem with Not displaying HTML if data not found

The problem that I'm having is that the syntax that I've been using to define "empty" in the db field does not always work. The code reads:

if ($result[FLRPLAN_2]<>" ") { printf ("<tr>"); printf ("<td colspan=3 bgcolor=#F0F8FF>"); printf ("<font size=5> <b>Second Floor Plan:<b> </td></font>") ;

I have tried:

1. if ($result[FLRPLAN_3]<>" ") {; 2. if ($result[FLRPLAN_3]<>"") {; 3. if ($result[FLRPLAN_3]<>'') {; 4. if ($result[FLRPLAN_3]<>' ') {; 5. if ($result[FLRPLAN_3]<>NULL) {;

Any ideas would be greatly appreciated. Thanks.

Mark

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

When I changed this line, it still gives me the same problem. My db field is a varchar(125)...could that have anything to do with it? Basically, the first time, without data in the field...it works fine and the <TR> is not displayed, but when I add data back into the field, nothing changes...its like it does not recognize that something is back in the field. I did a commit on the db each time, and cleared the browser cache, etc.

Mark

"Martin Towell" <martin.towellworld.net> wrote in message news:6416776FCC55D511BC4E0090274EFEF5034CFB9DEXCHANGE... > what about > if (strlen($result["FLRPLAN_3"]) > 0) > > > > -----Original Message----- > From: markbm [mailto:markbmhotmail.com] > Sent: Tuesday, July 23, 2002 2:02 PM > To: php-generallists.php.net > Subject: [PHP] Problem with Not displaying HTML if data not found > > > I am trying to develop a page that, in certain places, I only want it to > display the <TR> and <TD>s if data is found for a given field. For example, > if I only have an image for the first floorplan of a house, I do NOT have > an image for the second floorplan of a house, then show the first floorplan > image only.....skip over that next row because the field in the db is empty. > > The problem that I'm having is that the syntax that I've been using to > define "empty" in the db field does not always work. The code reads: > > if ($result[FLRPLAN_2]<>" ") { > printf ("<tr>"); > printf ("<td colspan=3 bgcolor=#F0F8FF>"); > printf ("<font size=5> <b>Second Floor Plan:<b> > </td></font>") ; > > printf ("</tr>") ; > printf ("<tr>"); > printf ("<td colspan=3 >") ; > echo "<img > src='http://www.website.com/index_files/main_files/$planid/" . > mysql_result($result, 0,'FLRPLAN_2')."'>'"; > printf (" </td>") ; > printf ("</tr> "); > }; > > > > if ($result[FLRPLAN_3]<>" ") {; > printf ("<tr>"); > printf ("<td colspan=3 bgcolor=#F0F8FF><font size=5> > <b>Third Floor Plan:<b> "); > printf ("</td></font> "); > printf ("</tr> "); > printf ("<tr> "); > printf ("<td colspan=3 >"); > echo "<img > src='http://www.website.com/index_files/main_files/$planid/" . > mysql_result($result, 0,'FLRPLAN_3')."'>'"; > printf ("</td> "); > printf ("</tr> "); > }; > > > I have tried: > > 1. if ($result[FLRPLAN_3]<>" ") {; > 2. if ($result[FLRPLAN_3]<>"") {; > 3. if ($result[FLRPLAN_3]<>'') {; > 4. if ($result[FLRPLAN_3]<>' ') {; > 5. if ($result[FLRPLAN_3]<>NULL) {; > > and none seem to work correctly (i.e. blank field in db, but HTML row shows > up with missing image......or image is in db, but no HTML row shows up. If > it helps, each of the "image" fields are varchar(125)....basically I just > have the name of the image file, and then a pointer to the web server > directory structure.... > > Any ideas would be greatly appreciated. Thanks. > > Mark > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

it's the mysql_result()... try this...

echo "<img src='http://www.website.com/index_files/main_files/$planid/" . $result["FLRPLAN_2"] . "'>'";

mysql_result($result, 0,'FLRPLAN_2') ^----------- you're always looking at the first row

rf: http://www.php.net/manual/en/function.mysql-result.php

-----Original Message----- From: markbm [mailto:markbmhotmail.com] Sent: Tuesday, July 23, 2002 2:29 PM To: php-generallists.php.net Subject: Re: [PHP] Problem with Not displaying HTML if data not found

Mark

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Hi,

A site I'm working on requires a login screen where various individuals will log into the site and add information for their various departments. Rather than setup a different script for each department, I was hoping to create one script that would either accept or deny a login based on the username/password stored in a database, then based on the username/password - redirect the individuals browser to a URL.

I've got the login part working perfectly, and I can turn the URL into a link on the page, but I'd rather have the script just automatically forward the person to the page they're login gives them access to.

I've tried using header(), but since the redirection takes place about mid-script, it doesn't work. I've also tried using <meta> tag redirects, but those don't seem to accept the PHP/MySQL combo.

Any ideas?

Thanks -Tim

attached mail follows:

using header() should work if you don't output anything before it. If you can restructure your code so that you can remove any output until after the header(), then that'd be the way to go.

You said the meta refresh didn't work - did you get the syntax right? Since I don't use it much, it's one of those tags that takes me ages to get the syntax right (I could chuck it into a code repository somewhere, but I'm too lazy to do that...)

Failing the above two methods, you could put a hidden form that gets auto-submitted when the page loads

HTH Martin

-----Original Message----- From: Tim Thorburn [mailto:immortalnwconx.net] Sent: Tuesday, July 23, 2002 2:00 PM To: php-generallists.php.net Subject: [PHP] redirecting after login

Hi,

I've tried using header(), but since the redirection takes place about mid-script, it doesn't work. I've also tried using <meta> tag redirects, but those don't seem to accept the PHP/MySQL combo.

Any ideas?

Thanks -Tim

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Hi. Since I haven't used meta tags for years now (don't like them:) I can't help you there, but instead, here's a typical login/redirect PHP page of mine. As you can see, it doesn't matter if the login form is at the bottom of the page, or even if it's after an included header file as long the form points to $PHP_SELF:

session_start();

if ($username && $pass) { $db_conn = mysql_connect("localhost", "admin", "password");

mysql_select_db("db_name", $db_conn);

$query = "SELECT * FROM table_name WHERE username = '$username' AND password = password('$pass')";

$result = mysql_query($query, $db_conn);

if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); if ($row['devlevel'] == '2') { $valid_admin = $row['devfirst']; session_register("valid_admin"); header("Location: ../admin/index.php"); exit; } else if ($row['devlevel'] == '1') { $valid_user = $row['devid']; session_register("valid_user"); header("Location: index.php"); exit; } else { header("Location: ../jumpto.php?fetch=devent"); exit; } } else { header("Location: ../jumpto.php?fetch=devent"); exit; } } else { header("Location: ../jumpto.php?fetch=devent"); exit; }

Like this, I can diferenciate the users by fetching the "devlevel" number from the same DB that the user was authenticated from.

HTH, C.

> -----Original Message----- > From: Tim Thorburn [mailto:immortalnwconx.net] > Sent: Tuesday, July 23, 2002 1:00 AM > To: php-generallists.php.net > Subject: [PHP] redirecting after login > > Hi, > > A site I'm working on requires a login screen where various individuals > will log into the site and add information for their various > departments. Rather than setup a different script for each department, I > was hoping to create one script that would either accept or deny a login > based on the username/password stored in a database, then based on the > username/password - redirect the individuals browser to a URL. > > I've got the login part working perfectly, and I can turn the URL into a > link on the page, but I'd rather have the script just automatically > forward > the person to the page they're login gives them access to. > > I've tried using header(), but since the redirection takes place about > mid-script, it doesn't work. I've also tried using <meta> tag redirects, > but those don't seem to accept the PHP/MySQL combo. > > Any ideas? > > Thanks > -Tim > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

I forgot to tell you: This snippet is supposed to go at the very top of the login page (right after the <? Tag). Like this, you can easily modify whatever login method you are using... just remember to add that extra "LEVEL" field to your user's database and/or modify the snippet accordingly.

Cheers, C.

> -----Original Message----- > From: César Aracena [mailto:icaamicaam.com.ar] > Sent: Tuesday, July 23, 2002 1:45 AM > To: 'Tim Thorburn'; php-generallists.php.net > Subject: RE: [PHP] redirecting after login > > Hi. Since I haven't used meta tags for years now (don't like them:) I > can't help you there, but instead, here's a typical login/redirect PHP > page of mine. As you can see, it doesn't matter if the login form is at > the bottom of the page, or even if it's after an included header file as > long the form points to $PHP_SELF: > > session_start(); > > if ($username && $pass) > { > $db_conn = mysql_connect("localhost", "admin", "password"); > > mysql_select_db("db_name", $db_conn); > > $query = "SELECT * FROM table_name WHERE username = '$username' > AND password = password('$pass')"; > > $result = mysql_query($query, $db_conn); > > if (mysql_num_rows($result) > 0) > { > $row = mysql_fetch_array($result); > if ($row['devlevel'] == '2') > { > $valid_admin = $row['devfirst']; > session_register("valid_admin"); > header("Location: ../admin/index.php"); > exit; > } > else if ($row['devlevel'] == '1') > { > $valid_user = $row['devid']; > session_register("valid_user"); > header("Location: index.php"); > exit; > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > > Like this, I can diferenciate the users by fetching the "devlevel" > number from the same DB that the user was authenticated from. > > HTH, C. > > > > -----Original Message----- > > From: Tim Thorburn [mailto:immortalnwconx.net] > > Sent: Tuesday, July 23, 2002 1:00 AM > > To: php-generallists.php.net > > Subject: [PHP] redirecting after login > > > > Hi, > > > > A site I'm working on requires a login screen where various > individuals > > will log into the site and add information for their various > > departments. Rather than setup a different script for each > department, I > > was hoping to create one script that would either accept or deny a > login > > based on the username/password stored in a database, then based on the > > username/password - redirect the individuals browser to a URL. > > > > I've got the login part working perfectly, and I can turn the URL into > a > > link on the page, but I'd rather have the script just automatically > > forward > > the person to the page they're login gives them access to. > > > > I've tried using header(), but since the redirection takes place about > > mid-script, it doesn't work. I've also tried using <meta> tag > redirects, > > but those don't seem to accept the PHP/MySQL combo. > > > > Any ideas? > > > > Thanks > > -Tim > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

On Mon, 22 Jul 2002, Tim Thorburn wrote: > A site I'm working on requires a login screen where various individuals > will log into the site and add information for their various > departments. Rather than setup a different script for each department, I > was hoping to create one script that would either accept or deny a login > based on the username/password stored in a database, then based on the > username/password - redirect the individuals browser to a URL. > > I've got the login part working perfectly, and I can turn the URL into a > link on the page, but I'd rather have the script just automatically forward > the person to the page they're login gives them access to. > > I've tried using header(), but since the redirection takes place about > mid-script, it doesn't work. I've also tried using <meta> tag redirects, > but those don't seem to accept the PHP/MySQL combo.

Once they've been redirected, can they just bookmark the resulting page and never have to log in again?

miguel

attached mail follows:

> >Once they've been redirected, can they just bookmark the resulting page >and never have to log in again?

Actually, yes - after a couple hours of playing around with the login and finally getting the Meta tags to work for me, I found that if the person were to simply type in the URL of the protected page, they would have full access. Right now I'm playing with sessions and global sessions to try and correct this problem. Although its not working as well as I had hoped.

Basically the plan is for all users to goto Page 1 - the login page, and then be re-directed to their proper destination - Page 2. But, if a clever bad person were to simply type in the URL to Page 2 they could have access to the database and run amuck. So I added a line checking to see if the session from Page 1 is registered, if not, goto Page 1. That part works - what doesn't work is after they login to Page 1, the redirect sends them to Page 2 and right back to Page 1 because the global session isn't staying registered.

Since its 2am I'm quitting for the nite ... but maybe some friendly European people awake at this hour might have an idea on this one? Or even friendly caffeine addicts on the side of the pond :P

Thanks -Tim

attached mail follows:

why don't u do something like

if (!username) { you can not access this page } else { //page content }

that's a quick fix but might be all you need to do..

> -----Original Message----- > From: Tim Thorburn [mailto:immortalnwconx.net] > Sent: Tuesday, 23 July 2002 5:01 PM > To: php-generallists.php.net > Subject: Re: [PHP] redirecting after login > > > > > > >Once they've been redirected, can they just bookmark the resulting page > >and never have to log in again? > > > Actually, yes - after a couple hours of playing around with the login and > finally getting the Meta tags to work for me, I found that if the person > were to simply type in the URL of the protected page, they would > have full > access. Right now I'm playing with sessions and global sessions > to try and > correct this problem. Although its not working as well as I had hoped. > > Basically the plan is for all users to goto Page 1 - the login page, and > then be re-directed to their proper destination - Page 2. But, > if a clever > bad person were to simply type in the URL to Page 2 they could > have access > to the database and run amuck. So I added a line checking to see if the > session from Page 1 is registered, if not, goto Page 1. That > part works - > what doesn't work is after they login to Page 1, the redirect > sends them to > Page 2 and right back to Page 1 because the global session isn't staying > registered. > > Since its 2am I'm quitting for the nite ... but maybe some friendly > European people awake at this hour might have an idea on this > one? Or even > friendly caffeine addicts on the side of the pond :P > > Thanks > -Tim > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > >

attached mail follows:

> what doesn't work is after they login to Page 1, the > redirect sends them to > Page 2 and right back to Page 1 because the global session > isn't staying > registered.

Are you putting session_start() at the top of each page where you want to be able to use the session stuff you've set?

CYA, Dave

attached mail follows:

> why don't u do something like > > if (!username) > { you can not access this page > } > else > { > //page content > } > > ? > > that's a quick fix but might be all you need to do..

Umm...I hope register_globals is off...

www.yourdomain.com/yourpage.php?username=a_bad_user

---John Holmes...

attached mail follows:

> Umm...I hope register_globals is off... And if not. <form action="http://www.yourdomain.com/yourpage.php" method="post"> <input type="text" name="username"> <input type="submit"> </form> Can be used from every server to login..... Op dinsdag 23 juli 2002 12:42, schreef John Holmes: > > why don't u do something like > > > > if (!username) > > { you can not access this page > > } > > else > > { > > //page content > > } > > > > ? > > > > that's a quick fix but might be all you need to do.. > > Umm...I hope register_globals is off... > > www.yourdomain.com/yourpage.php?username=a_bad_user > > ---John Holmes...

attached mail follows:

[snip] A site I'm working on requires a login screen where various individuals will log into the site and add information for their various departments. Rather than setup a different script for each department, I was hoping to create one script that would either accept or deny a login based on the username/password stored in a database, then based on the username/password - redirect the individuals browser to a URL. [/snip]

You need to take the script below and place it into a seperate file with NO OTHER INFORMATION. Your form action should state that this script is the action and method should be POST. Modify this script for access levels and redirect pages. <?

//connect to and select database if(!($dbconnect = mysql_pconnect("127.0.0.1", "user", "password"))){ print("Failed to connect to database!\n"); exit(); } if(!mysql_select_db("database", $dbconnect)){ print("Failed to select database!\n"); exit(); }

//query to compare user to database //user uses email addy in this instance $quser = "SELECT email, password, accesslevel "; $quser .= "FROM tblUser "; $quser .= "WHERE email = '$email' "; $quser .= "AND password = '$password' ";

if(!($dbresult = mysql_query($quser, $dbconnect))){ print("MySQL reports: " . mysql_error() . "\n"); exit(); }

//start session session_start(); //set session variables so that they can be compared on latter pages //preeventing a person from going directly to a page without being //logged in session_register("emailid"); session_register("level");

$dbuser = mysql_fetch_object($dbresult); $emailid = $dbuser->email; $level = $dbuser->accesslevel; //

//send the user to a page based on their user level

switch($level) { case "level1": header("Location: level1.php"); exit; break; case "level2": header("Location: level2.php"); exit; break; case "level3": header("Location: level.php"); exit; break; case "level4": header("Location: level4.php"); exit; break; case "level5": header("Location: level5.php"); exit; break; default: header("Location: loginfail.php"); exit; }

HTH!

Jay

attached mail follows:

I pointed this out to you in my original post:

you mail() call should be:

mail($MailToAddress, $MailSubject, $Message, "From: $MailFromAddress");

not:

mail("$MailToAddress", "$MailSubject", "$Message", "From: $MailFromAddress");

In other words, I don't think you should wrap plain $vars in double quotes... it may be the cause of the problem, or it may just slow down PHP a little when not needed.

For debugging, instead of sending the mail(), just do this:

echo "To: {$MailToAddress}<BR />\n"; echo "Subject: {$MailSubject}<BR />\n"; echo "Message: {$Message}<BR />\n"; echo "From: {$MailFromAddress}<BR />\n";

In otherwords, you should be looking to see if each $var you're sending to the mail() function IS WHAT YOU EXPECT, once you're sure they're correct, THEN you can pipe them back into a mail() call, and test.

Possibly mail() is not working on the server at all. A great way to test that would be to create a SEPARATE SCRIPT which just has this:

<? $to = 'memy.com'; $sub = 'really simple test'; $msg = 'testing, testing\n\ntestingtesting'; $header = 'From: memy.com';

mail($to, $sub, $msg, $header); ?>

The reason for creating a separate script is to ensure that you're only testing the mail() function, not anything else.

You could also try turning your error reporting on to a higher level, which may indicate the bug.

Justin

on 22/07/02 11:42 PM, Dean Ouellette (deanouellette.ws) wrote:

> I am a complete newbie, search the web for examples right now and use > them. > > The host has php 3.0 > > Having problems with for submission > Right now, no error messages, but does not actually send the email. > Ideas? > > <? > $MailToAddress = "emailmyaddress.com"; > > $MailSubject = "Get Involved List"; > > if (!$MailFromAddress) > > { > $MailFromAddress = "$email"; > } > > $Header = ""; > $Footer = ""; > ?> > > <? > > if (!is_array($HTTP_POST_VARS)) > > return; > > reset($HTTP_POST_VARS); > > while(list($key, $val) = each($HTTP_POST_VARS)) > > { > $GLOBALS[$key] = $val; > > $val=stripslashes($val); > > $Message .= "$key = $val\n"; > } > > if ($Header) > { > $Message = $Header."\n\n".$Message; > } > > if ($Footer) > > { > $Message .= "\n\n".$Footer; > } > > mail( "$MailToAddress", "$MailSubject", "$Message", "From: > $MailFromAddress"); > > ?> >

attached mail follows:

Hi,

I am having problems passing variables in a url specifically when there is an & sign. Any suggestions?

Rick

attached mail follows:

I think the proper way of sending an ampersand is to use &

-----Original Message----- From: Ricky [mailto:adminprospectin.ca] Sent: Tuesday, July 23, 2002 2:30 PM To: php-generallists.php.net Subject: [PHP] Passing Special Characters In url

Hi,

I am having problems passing variables in a url specifically when there is an & sign. Any suggestions?

Rick

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

If I want to pass something with &'s in it (commonly a query string i want to use later), I base64_encode() it, then base64_decode() it later when needed.

Cheers,

Justin

on 23/07/02 2:29 PM, Ricky (adminprospectin.ca) wrote:

> Hi, > > I am having problems passing variables in a url specifically when there is > an & sign. Any suggestions? > > Rick > >

attached mail follows:

On Tue, 23 Jul 2002, Ricky wrote: > I am having problems passing variables in a url specifically when there is > an & sign. Any suggestions?

There is a special function just for you.

http://php.net/urlencode

miguel

attached mail follows:

on 23/07/02 8:34 AM, B i g D o g (bigdogventicon.com) wrote:

> What does the "," and "{}" do in this type of statement? > > Example: echo "<tr><td>{$strName}</td></tr>", htmlspecialchars( $teststr );

Not sure about the comma, but the {braces} are easy. They help separate the $vars from other stuff in the string.

Example:

<? $string = " something "; echo "This will$somethingprobably not work"; echo "This will{$something}probably not work"; ?>

It's a good habbit to get into, and has saved my arse on a few occasions, although the above example isn't a good one.

Justin

attached mail follows:

On Mon, 22 Jul 2002, B i g D o g wrote: > I figured that the comma was to concatenate but is was wondering if the > parser handled it different.

The comma isn't actually for concatenation. The net effect is the same in this case, but a very different thing is happening.

echo "hello " , "there";

Here 'echo' is printing two separate arguments. First it is printing "hello " and then it is printing "there".

echo "hello " . "there";

Here the strings are concatenated to form a single string ("hello there") and then this is processed by echo which prints it out.

The effects are the same, as I said, but it's important to realize why they're very different ways of getting that effect.

miguel

attached mail follows:

I would have started with a search on php.net for "hex" which would have showed you two functions, and numerous other links that i'm not going to read.

dechex() and hexdec() seem to do it for numbers, and i'm sure you'll find what you need with some more looking.

Justin French

on 23/07/02 6:02 PM, Georgie Casey (webmasterfilmfind.tv) wrote:

> well, i solved the last problem on my own but now i need help on my new one > :-) > > how do you convert text to hexadecimal with PHP? > > -- > Regards, > Georgie Casey > webmasterfilmfind.tv > > *************************** > http://www.filmfind.tv > Online Film Production Directory > *************************** > >

attached mail follows:

On Mon, 22 Jul 2002, Francis wrote: > I'm trying to redirect to another website but doing a post to that website > at the same time. (ie POST rather than a GET (eg: header("Location: > www.anothersite.com/index.php?page=22"); ) > > How do you do an HTML post using the header() whats the syntax? I just cant > find it anywhere.

You can't.

If you want to do a post, either construct the request yourself, use one of the many free classes created to do so, or use the cURL library.

miguel

attached mail follows:

On Sun, 21 Jul 2002, Richard Lynch wrote: > Actually, though, when my clients insist on HTML email, I just tell > them: "No. If you want that feature, you'll have to hire somebody else > to do it. I've already explained why." I don't think I've lost a > single client that way -- Every one of them has re-considered my advice, > and outright refusal, and decided maybe I *do* know what the hell I'm > talking about. YMMV.

I agree with everything you say. Furthermore, I think that when I'm being paid for my expertise, I have a specific responsibility to stop people from doing stupid things, even if they do happen to really want them. There is no honor - and in the long term, no future - in casting aside my better judgment because I once read that "the customer is always right."

miguel

attached mail follows:

Hello,

On 07/23/2002 02:40 AM, Miguel Cruz wrote: > On Sun, 21 Jul 2002, Richard Lynch wrote: > >>Actually, though, when my clients insist on HTML email, I just tell >>them: "No. If you want that feature, you'll have to hire somebody else >>to do it. I've already explained why." I don't think I've lost a >>single client that way -- Every one of them has re-considered my advice, >>and outright refusal, and decided maybe I *do* know what the hell I'm >>talking about. YMMV. > > > I agree with everything you say. Furthermore, I think that when I'm being > paid for my expertise, I have a specific responsibility to stop people > from doing stupid things, even if they do happen to really want them. > There is no honor - and in the long term, no future - in casting aside my > better judgment because I once read that "the customer is always right."

It is good when you can discourage your customers to use a certain wide spread technology for good reasons and still get paid for that.

Anyway, would you object to develop a system for a customer where it is needed to send messages to clients that do not oppose to receive messages in HTML? If so, why?

Regards, Manuel Lemos

attached mail follows:

On Tue, 23 Jul 2002, Manuel Lemos wrote: > On 07/23/2002 02:40 AM, Miguel Cruz wrote: >> On Sun, 21 Jul 2002, Richard Lynch wrote: >>> Actually, though, when my clients insist on HTML email, I just >>> tell them: "No. If you want that feature, you'll have to hire >>> somebody else to do it. I've already explained why." I don't think >>> I've lost a single client that way -- Every one of >>> them has re-considered my advice, and outright >>> refusal, and decided maybe I *do* know what the hell I'm talking about. >>> YMMV. >> >> I agree with everything you say. Furthermore, I think that >> when I'm being paid for my expertise, I have a specific responsibility >> to stop people from doing stupid things, even if they do happen to >> really want them. There is no honor - and in the long term, no >> future - in casting aside my better judgment because I once read that >> "the customer is always right." > > It is good when you can discourage your customers to use a certain wide > spread technology for good reasons and still get paid for that. > > Anyway, would you object to develop a system for a customer where it is > needed to send messages to clients that do not oppose to receive > messages in HTML? If so, why?

I have never had a customer say "We have three people, and I personally installed their email client, and I want to develop a web-based system for sending mail to them."

What I have heard quite a lot is "We have a growing list of clients and I would like to send mail to all of them." This customer is not served by having a system that sends confusing scrambled-looking messages to their clients. Better everyone has a slightly blander experience than 10% of the users be permanently alienated.

If they have a way to definitively determine that users are consistently using HTML-capable MUAs, that's excellent, and I would not discourage them from sending HTML-formatted messages to those users.

miguel

attached mail follows:

Hello,

On 07/23/2002 03:14 AM, Miguel Cruz wrote: >>Anyway, would you object to develop a system for a customer where it is >>needed to send messages to clients that do not oppose to receive >>messages in HTML? If so, why? > > > I have never had a customer say "We have three people, and I personally > installed their email client, and I want to develop a web-based system for > sending mail to them."

Odd! Haven't you ever had a customer that had a site and wanted to send a newsletters to site users that voluntarily subscribe to it? If you had, wouldn't you find reasonable that many users may prefer HTML messages where the actual documents can be presented in richer forms than in plain text?

> What I have heard quite a lot is "We have a growing list of clients and I > would like to send mail to all of them." This customer is not served by > having a system that sends confusing scrambled-looking messages to their > clients. Better everyone has a slightly blander experience than 10% of > the users be permanently alienated.

Ok, but wouldn't is be more reasonable if you proposed a system that would let the customers decide wether they would get messages in HTML or text?

> If they have a way to definitively determine that users are consistently > using HTML-capable MUAs, that's excellent, and I would not discourage them > from sending HTML-formatted messages to those users.

One obvious way is asking the users which format they prefer.

Regards, Manuel Lemos

attached mail follows:

On Sun, 21 Jul 2002, Roberto Ramírez wrote: > Is there a way to display an image withouth sending the headers first?

You have to send the header - that's how the browser knows what sort of image it is.

> I'm trying to display an inline image... but when I try it just only > send the raw image data... > > I've thinking that I need to save an image first to disk and then > display the image later...

That's not necessary.

if ($_GET['displayimage'] == 1) { header('Content-Type: image.gif'); // output image data exit; }

// rest of page goes here echo "<p>Hi there. Here is an image: <img src='{$_SERVER['PHP_SELF']}?displayimage=1'></p>";

miguel

attached mail follows:

On Mon, 22 Jul 2002, Kondwani Spike Mkandawire wrote: > I am trying to execute a Script running a telnet command > testing through a range of IP connections... > Here goes: > > <? > $str = "123.456.789."; > $count = 0; > > while ($count < 999){ > $runTheScriptCommand... > } > ?> > > What I want to stick into the while loop is if connection > was successful, break... Is there a way I can check whether > telnet connection was successful on each step through the > loop or do I have to restructure my program and try > connecting to a port via fsockopen... By the way > does anyone know what port number telnet connects to...

Telnet is port 23, and the protocol is more complicated than you might think. Perhaps you could look into using 'expect' (a unix utility) to control your telnet session. That might bring you less heartache in the long run.

miguel

attached mail follows:

Hello,

On 07/22/2002 08:07 PM, Dario Bahena Tapia wrote: > Hi ... > > I want to be warned about php security issues, I couldn't find > an exact match in the mailing list names ... which one do you > recommend me?

http://www.phpadvisory.com/ is what you are looking for.

Regards, Manuel Lemos

attached mail follows:

Hello,

On 07/22/2002 08:50 PM, Richard Lynch wrote: >>Not being an expert in php..i couldnt understand the vulnerability. >>Can someone shed some light here. > > > Very short explanation: > > Upgrade. > Now!

Downgrading can also be a good option. New versions have new bugs, despite that also fix old bugs. This security advisory that the flaw did not exist in old versions.

Anyway, always test everything before you update, wether it is upgrading or downgrading.

Regards, Manuel Lemos

attached mail follows:

Hello,

when applying patch on version 4.2.1 then in phpinfo(); is still PHP Version 4.2.1 but SERVER_SOFTWARE: Apache/1.3.26 (Unix) PHP/4.2.2 mod_ssl/2.8.9 OpenSSL/0.9.6d-beta1

Regards, Michal Dvoracek michal.dvoracekcapitol.cz Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech Republic tel.: ++420 2 3337 1117, fax: ++420 2 3337 1112

attached mail follows:

restart apache

> -----Original Message----- > From: Michal Dvoracek [mailto:michal.dvoracekcapitol.cz] > Sent: Tuesday, 23 July 2002 4:34 PM > To: Jason Soza > Cc: php-generallists.php.net > Subject: [PHP] PHP security bug and patch > > > Hello, > > when applying patch on version 4.2.1 then in phpinfo(); is still PHP > Version 4.2.1 but SERVER_SOFTWARE: Apache/1.3.26 (Unix) PHP/4.2.2 > mod_ssl/2.8.9 OpenSSL/0.9.6d-beta1 > > Regards, > Michal Dvoracek michal.dvoracekcapitol.cz > Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech Republic > tel.: ++420 2 3337 1117, fax: ++420 2 3337 1112 > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > >

attached mail follows:

Hey all,

I want to point something out to aspiring authors. The truth is, that few books and web pages out there show examples using OO methods. For example, the book I use as my primary reference has one chapter on OO PHP and that is it. The rest of the examples in the book are in regular functions. And the one example they give is used to create a web page, with the Title , KeyWords, Styles, Header, Menu... as the objects.

So, I guess my point is that if people want to encourage use of OO programming, they need to use more examples in their books instead of what is "easy." Otherwise, if the reader doesn't "get" the one example, they don't have other examples to try. Furthermore, one cannot encourage people to think about how they can program using OO methods if they don't use such methods in their teaching of the subject matter.

My 2 cents.

Paul

attached mail follows:

For a really good overview of the OO programming read "Thinking in Java" by Bruce Eckel. What you learn can then easily be applied to your coding practices in PHP.

The author has made the book available for free from his site

www.mindview.com

_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com

attached mail follows:

[snip] For a really good overview of the OO programming read "Thinking in Java" by Bruce Eckel. What you learn can then easily be applied to your coding practices in PHP.

The author has made the book available for free from his site

www.mindview.com [/snip]

Try http://www.mindview.net

HTH!

Jay

attached mail follows:

Hello,

Any one please let me know how to use PHP to add new user to a domain for using mail (sendmail). And also any funtions to check the availibility of a domain name.

Regards, Anan

attached mail follows:

After executing the exact script I get the following (rough)error:

Warning: Undefined offset: 1 in :/Inetpub/co2_busters_mk2

The script(Which is being executed about 25m away) soon cause my computer to fill up up it's memory(96mb used to about 256) That is why I couldn't give you the message(IE crashed).

It is looping forever for some reason(I've never filled a client's computer that fast before!)

How can I fix it?

Or if you cant tell me what does the error mean?

--
JJ Harrison
webmastertececo.com
www.tececo.com
"Richard Lynch" <richphpbootcamp.com> wrote in message
news:php.general-108972news.php.net...
> >My question is what can I do if someone searches for php script for
search?
> >
> >I would want to use OR in my SQL statment. The problem is how do I write
the
> >query so that it will detect the number of words sent then put enough ORs
> >and LIKE '%$search[1]% in?
>
> The LIKE operator will cheerfully return 1 or 0, which you can "add up",
or
> in your case, "weight and add up" in your SELECT:
>
> $query = "select 0 ";
> # The 0 is a kind of 'yeast' to start off our summation of matches.
>
> $words = explode(' ', $search);
>
> while (list(,$word) = $words){
>   $word = trim($word);
>   if ($word){
>     $query .= " + article_keyword.weight * article_keyword.keyword like
> '%$word%' ";
>   }
> }
>
> $query .= " as score ";
> $query .= " from article_keyword, article_data ";
> $query .= " where score > 0 ";
> $query .= "   and article_data.aid = article_keyword.aid ";
> $query .= " order by score desc ";
>
> echo $query, "<BR>\n";
>
> --
> Like Music?  http://l-i-e.com/artists.htm
>

attached mail follows:

I've been developing a simple (protecting nuclear secrets it aint) login / authentication class library.

This code is designed to -

1. check unname & password are completed 2. check uname & password contain only permitted chars (a-z,1-9) 3. match user against dbase user table 4. generate a unique session token 5. store session token in dbase 6. set client side session cookie

I've attached the code here in the hope that it may be of use to some of you. I also welcome any feedback regarding problems / security shortcomings or ways it can be improved.

Happy Coding...

Notes -

-- dbase is postgres (dbase stuff should probably should be abstracted to make the code platform independant)

-- password encyrption is done using CRYPT_STD_DES rather than md5 because of legacy data (passwords in current dbase are crypted like this)

Here's the code...

begin index.html >>

<?php

include("./lib/doLogin.inc");

end index.html

begin doLogin.inc >>

<?php

/* App Name Here ------------------------------------------- doLogin.inc ** login validation / user authentication ** */

// dbase class include("./lib/db.inc"); // log class //include("./lib/log.inc");

$uname = $_POST['uname']; $pass = $_POST['pass'];

// if login form submitted do authentication if ((isset($uname)) && (isset($pass))) { $doLogin = new doLogin($uname,$pass); } else { displayLogin(); }

/// -----------------------------------------------------

class doLogin {

function doLogin($uname,$pass) {

$this->uname = $uname; $this->pass = $pass; $this->cookieName = "cookieName";

$this->authUser(); }

// validate & authenticate function authUser(){

// check that both uname & password are complete $this->loginDataComplete();

// check uname & pass contain only valid chars $this->validateLogin();

// create dbase object $db = new db();

// encrypt password $cryptedpass = crypt($this->pass,"CRYPT_STD_DES");

// select user & password from dbase $userQuery = pg_exec($db->db, "select oid, adminuser from user where username = '$this->uname' and pass = '$cryptedpass'");

if (pg_NumRows($userQuery) != 1) { $this->halt(); } else { $user_oid = pg_Result($userQuery, 0, "oid"); $this->adminUsr = pg_Result($userQuery, 0, "adminuser");

// generate unique md5 crypted session token $this->createSessionID();

// write session token 2 user table $resultSessid = pg_Exec($db->db, "update user set sessid = '$this->session_id' where oid = $user_oid");

// set session cookie $this->setSessionCookie();

// authentication complete // redirect 2 welcome page here } }

// check uname & password are not empty function loginDataComplete(){ if ((!isset($uname)) || (!isset($pass))) { $this->halt; } else { return; } }

// do login char validation function validateLogin() { if ( (!$isValidUname = $this->validateChars($this->uname)) || (!$isValidPass = $this->validateChars($this->pass)) ) { //$this->halt(); } else { return; } }

// validates login against permitted chars function validateChars($what){ $isValid = (ereg("^([A-Za-z0-9_]*)$", $what)) ? true : false; return $isValid; }

// create unique md5 encrypted session token function createSessionID() { srand((double)microtime()*1000000); $this->session_id = md5(uniqid(rand())); return; }

// set cookie with encrypted session token function setSessionCookie(){ $issetCookie = setcookie($this->cookieName, $this->session_id, time()+7200); /* expire in 1 hour */ if (!$issetCookie == 1) { $this->halt(); } else { return; } }

// record logon attempt 2 in log function recordLogin(){ $log = new log; $log->record(); }

// halt && display errors function halt() { // authentication failed display login form displayLogin(); // write login attempt to log here // call 2 optional error msg handler here }

} // end authentication class -----------------------------------------------

// login presentation template function displayLogin() {

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

</head>

<table cellpadding="0" cellspacing="0" border="0"> <tr><td colspan="2"><img src="images/1pix.gif" height="30" border="0"></td></tr> <tr><td colspan="2" align="center"><img src="images/nav.gif" border="0"></td></tr> <tr><td colspan="2"><img src="images/1pix.gif" height="30" border="0"></td></tr> <tr><td colspan="2" align="right"><img src="images/brand.gif" border="0"></td></tr> <tr><td colspan="2"><img src="images/1pix.gif" height="30" border="0"></td></tr> <tr><td colspan="2" class=text align="center"><img src="images/temp_nav.gif" border="0"></td></tr> <tr> <td width="345"><img src="images/1pix.gif" width="345" border="0"></td> <td width="345" align="right" valign="top"> <table cellpadding="0" cellspacing="6" border="0"> <tr><td colspan="2"><img src="images/1pix.gif" height="10" border="0"></td></tr> <tr><td width="345" colspan="2"><div class="textTitle">Please enter your Username & Password</div></td></tr> <tr><td colspan="2"><img src="images/1pix.gif" height="10" border="0"></td></tr> <form enctype="multipart/form-data" action="./index.html" method="POST" name="loginForm" onsubmit="return doLogin(this)" style="margin:0px; padding:0px;"> <tr> <td width="72" class="text">username</td> <td width="273"><input type="text" name="uname" class="loginForm" tabindex="1"></td> </tr> <tr> <td class="text">password</td> <td><input type="Password" name="pass" class="loginForm"></td> </tr> <tr><td colspan="2"><img src="images/1pix.gif" height="2" border="0"></td></tr> <tr> <td></td> <td><input type="image" src="images/login.gif" name="doLogin" border="0" alt="Click Here to Login..." style="cursor: hand;"></td></tr> </tr> </form> <tr><td colspan="2"><img src="images/1pix.gif" height="10" border="0"></td></tr> <tr> <td width="320" colspan="2"> <div class="textTitle">warning:</div> <div class="text" align="justify">warning message and legal stuff here</div> </td> </tr> </table> </td> </tr> </table>

</div>

</body>

<script> <!--

if (document.forms[0][0].value != '') { document.forms[0][1].focus(); } else { document.forms[0][0].focus(); }

// --> </script> </html>

<?php

} // end display login

END doLogin.inc //

_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com

attached mail follows:

BlankI'm trying to create input boxes on the fly by using php variables:

PHP:

<INPUT TYPE = "HIDDEN" NAME = "status[<?=$i?>]" value = "<?=$status[$i]?>">

so that will create:

then i'm trying to set the value to something else using:

onclick = "document.all['tree'].status[<?=$i?>].value='expand';

tree is the name of the form.

which is giving an output of:

onclick = "document.all['tree'].status[1].value='expand';

but i'm getting a an error on page dialog saying:

'document.all.tree.status.0 is null or not an object'

any ideas :)

basically i'm trying to create an IE and netscape friendly tree control which is all dynamically created using an array passed.

Thanks

Andy

attached mail follows:

It´s a silly question, but how can I create a directory on web?

attached mail follows:

From another list

neilhighleyfreeuk.com ------------------------------------------------------- "Life must be lived as play." - Plato (427 - 347 BC) ----- Original Message ----- From: "John Best" <john.bestsimplytrading.com> To: "Web Developer's Journal - Discuss" <webdevelopersjournal-discusslists.webdevelopersjournal.com> Sent: Tuesday, July 23, 2002 12:01 PM Subject: [webdevelopersjournal-discuss] php vuln.

Have you all heard about the new vulnerability in PHP's reading of POST'd forms. http://www.theregister.co.uk/content/55/26316.html

Thought it might be important for some of you.

JB.

(there is a patch or something out, the workaround is to switch of the parsing of POST'd forms, which is probably not an option for some people)

-----Original Message----- From: Ian C. Purdie [mailto:ianpurdieintegritynet.com.au] Sent: 23 July 2002 08:58 To: Web Developer's Journal - Discuss Subject: [webdevelopersjournal-discuss] Re: Nigerian Bank Scams

Scott Merker wrote:

> So He's off scot free and they can't even complain about him because of > libel/slander laws. and we wonder how we ended up with crooked CEO's

Yep, this is at "chicken little" level but your views still hold.

This is TRUE... a club which was formed around 1946 and, with interests toward 'returned servicemen'. Actaully became a very successful club by 1960 and motored on in a big way...

A lifetime of effort (including my Dad's) to be destroyed by... As Scott said...

> So He's off scot free and they can't even complain about him because of > libel/slander laws. and we wonder how we ended up with crooked CEO's > Ian

Like this list? Check out our online Web Development Discussion Group, which lets you browse past posts. %5e37571.ee7b24b">http://forums.internet.com/WebX?13%5e37571.ee7b24b ________________________________________________________________________

You are currently subscribed to webdevelopersjournal-discuss as: john.bestsimplytrading.com To unsubscribe send a blank email to %%email.unsub%%

--------------------------------------------------------

The contents of this e-mail are confidential to the ordinary user of the e-mail address to which it was addressed, or in the case of an incorrectly addressed e-mail message, the intended recipient. No-one else may copy, use, disseminate or forward all or any part of it in any form.

Although this email, including any attachments, is believed to be free of any virus, or other defect which might affect any computer or IT system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free, and no responsibility is accepted for any loss or damage arising in any way from its use.

The views expressed in this e-mail are those of the sender and not necessarily the employees company.

If you receive this e-mail in error please accept our apology. If this is the case we would be obliged if you would contact the sender and then delete the e-mail.

--------------------------------------------------------

You are currently subscribed to webdevelopersjournal-discuss as: neilhighleyfreeuk.com To unsubscribe send a blank email to leave-webdevelopersjournal-discuss-169457Glists.webdevelopersjournal.com

attached mail follows:

Im getting Warnings about headers being already sent. But not on my local web server

Im sending the headers (to try and make the page not cache) before anything is echoed to the browser. I set the error reporting to E_ALL at the top of the script, turning error reporting off suppresses the warnings.

local server Win XP(Windows NT 5.1 build 2600), Apache/2.0.39, PHP 4.2.1 running as a module using a patched Apache 2.0 Filter

other server: Linux, Apache/1.3.24, PHP 4.1.2

with my local server there are no errors (even on E_ALL). I can also send a refresh header after html output.

thanks in advance, Jake

attached mail follows:

Using Win2K Professional Server, IIS PHP Version 4.2.1

mt_getrandmax() returned 2147483647 I have an array of 26 characters. I want three random values from the array, I use the following: $rand_al = array_rand ($arralpha, 3);

I get the same characters each and every time. The way I am handling it right now is generating random values using mt_rand(0,25) and using those random values as the index of the array to retrieve the value of.

Any ideas on this?

Thanks. Naintara

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]