NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2003-01

php-general-digest-help_at_lists.php.net
Date: Fri Jan 10 2003 - 18:16:29 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 11 Jan 2003 00:16:29 -0000 Issue 1815

Topics (messages 131091 through 131209):

Mysql/php database performance question
        131091 by: Simon Dedeyne
        131105 by: Khalid El-Kary
        131107 by: Simon Dedeyne
        131114 by: Matt Schroebel
        131121 by: Maxim Maletsky
        131129 by: Marek Kilimajer
        131137 by: Matt Schroebel
        131141 by: Marek Kilimajer
        131144 by: Matt Schroebel
        131147 by: Marek Kilimajer
        131148 by: Khalid El-Kary
        131179 by: Brent Baisley

Re: Informing a User of an Illegal Character in a post
131092 by: Justin French

Re: Is this possible with php?
        131093 by: Justin French
        131096 by: Danny Shepherd
        131192 by: try.neasys.com

Re: HEEELP...please
        131094 by: Ford, Mike [LSS]
        131152 by: pippo.bellnet.ca
        131154 by: Marek Kilimajer
        131157 by: pippo.bellnet.ca
        131160 by: pippo.bellnet.ca
        131162 by: Marek Kilimajer
        131163 by: - Edwin
        131166 by: pippo.bellnet.ca

Re: About php4-imap package
131095 by: Guille -bisho-

Re: How can I redirect to another php page
131097 by: Ford, Mike [LSS]

Re: Posting data using fsockopen() causes session problem
131098 by: Marek Kilimajer

Re: Medium to Large PHP Application Design
131099 by: Maxim Maletsky
131158 by: David Eisenhart

Re: Converting Excel Spreadsheet to MySQL table ...
        131100 by: David T-G
        131155 by: David Eisenhart
        131202 by: Gurvinder Singh

Re: something annoying about includes/relative paths.
131101 by: David T-G

Structured types
131102 by: ntuser
131104 by: Marek Kilimajer

Re: Too many open files
131103 by: Michael Sims
131115 by: Gerald Timothy Quimpo

NEW MSG>problem switching versions
131106 by: Christian Stalberg

Re: how to make server response to emails
131108 by: See kok Boon
131109 by: See kok Boon

Re: how can I use an external 'template' file and still use PHP variables? [solved]
131110 by: Daevid Vincent

Re: PHP/Oracle Command line Segmentation Fault
131111 by: Christopher Ditty
131120 by: Maxim Maletsky

PHP not executing files in subdirectories
131112 by: Jacob
131124 by: Maxim Maletsky

Re: Sessions and Frames...
        131113 by: Brent Baisley
        131135 by: Marek Kilimajer
        131149 by: Dale Schell

PHP and DB2
        131116 by: Jack Schroeder
        131119 by: Scott Fletcher
        131122 by: Scott Fletcher
        131123 by: Scott Fletcher

Re: fletcher's checksum
131117 by: Scott Fletcher

Encrypt in Javascript and Decrypt in PHP????
        131118 by: Scott Fletcher
        131128 by: Marek Kilimajer
        131130 by: Scott Fletcher
        131178 by: Scott Fletcher
        131180 by: Brent Baisley
        131182 by: Marek Kilimajer
        131183 by: Marek Kilimajer
        131184 by: Scott Fletcher
        131185 by: Scott Fletcher
        131196 by: Scott Fletcher

Re: session_destroy problem
        131125 by: Scott Fletcher
        131133 by: Larry Brown
        131138 by: Scott Fletcher
        131142 by: Tamas Arpad
        131143 by: Scott Fletcher
        131146 by: Larry Brown
        131151 by: Scott Fletcher
        131153 by: Larry Brown

Re: session problem
131126 by: Scott Fletcher

Parsing a directory for specific files
131127 by: Dirk van Lyrop
131198 by: Tommy Jensehaugen

Header information ...
        131131 by: Anders Mellström
        131134 by: Daniel Kushner
        131136 by: Philippe Saladin
        131140 by: Marek Kilimajer

need some javascript code
131132 by: Denis L. Menezes
131194 by: Tommy Jensehaugen

Re: checking status of a HTML checkbox
        131139 by: Larry Brown
        131159 by: - Edwin
        131165 by: Larry Brown

PhP 4.3.0 Relative includes and Apache Alias problems.
131145 by: quak.mydiax.ch

E-mail redirection....?
        131150 by: Michal Stankoviansky
        131167 by: Marek Kilimajer
        131207 by: David Chamberlin
        131208 by: David Chamberlin

Re: Session Expiration?
131156 by: Matt Silva

Re: how to passing two dimension array
131161 by: - Edwin

Installing php4.3.0 on hpux11.00
131164 by: Taylor Lewick

please help! version switching problem
        131168 by: Christian Stalberg
        131170 by: Marek Kilimajer
        131174 by: Christian Stalberg
        131175 by: Marek Kilimajer
        131176 by: Christian Stalberg

Template tutorials?
        131169 by: Chad Day
        131172 by: rush
        131187 by: Bobby Patel

Source Guardian
131171 by: Christopher Ditty

php.ini, mysql, recompiled php
131173 by: Richard Baskett

debug_phpinfo.php
131177 by: Christian Stalberg
131181 by: Marek Kilimajer

COM question
131186 by: jlord2002.libero.it
131188 by: Marek Kilimajer

Why T_error?
131189 by: Stephen

occasional mcrypt problems
        131190 by: Steve Yates
        131199 by: Marek Kilimajer
        131204 by: Steve Yates

permissions
131191 by: Edward Peloke

Re: Using strtotime on 'old' dates.
131193 by: Nathan Fritz

Deleting rows from a table with autoincrement. . .
131195 by: Harris, Alex (OCTO)
131200 by: David Freeman

Here's the sample code for encrypting the login password....
131197 by: Scott Fletcher

Loading Information into an array.
131201 by: Philip J. Newman

Are 2 mysql_query statements psble?
131203 by: WMB
131205 by: Tommy Jensehaugen

Re: email/time question
131206 by: Randy Johnson

Make fil downloadable
131209 by: Stephen

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Hi,

I got a question about using Mysql databases.
I load textdata in VARCHAR colums up to size 50. I have about 5 of those
columns.
The last columns often contain empty cells. (data are wordmeanings, many
words have only a 1 or 2meanings)

What would be faster/better:
- putting everything in a big varchar column (size 5x50) and PHP parsing
them by comma after
fetching

- keeping those 5 columns with a lot of empty cells in the last columns?

Thanks,
Simon

attached mail follows:

the thing that may make difference in performance (as i think) is whether
you make it a fixed -CHAR- or a variable -VARCHAR- it's preferable that you
make separate char columns, so that PHP will not have to explode every
record!

Regards,
Khalid Al-Kary,

>
>Hi,
>
>I got a question about using Mysql databases.
>I load textdata in VARCHAR colums up to size 50. I have about 5 of those
>columns.
>The last columns often contain empty cells. (data are wordmeanings, many
>words have only a 1 or 2meanings)
>
>What would be faster/better:
>- putting everything in a big varchar column (size 5x50) and PHP parsing
>them by comma after
> fetching
>
> or
>
>- keeping those 5 columns with a lot of empty cells in the last columns?
>
>Thanks,
>Simon
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________
The new MSN 8 is here: Try it free* for 2 months
http://join.msn.com/?page=dept/dialup

attached mail follows:

I see what you mean Khalid, but I only retrieve 1 entry at the time, so
exploding wouldn't be the biggest problem I suppose.
Furthermore, if I use char columns, and some of those columns have lots
of empty cells, isn't it a waste of space/lookup-time?

So I think I have to reformulate the question: which is better 5 varchar
columns of size 50 or 1 varchar column of size 250
(regardless of parsing).

Thanks,
Simon

--- the thing that may make difference in performance (as i think) is whether you make it a fixed -CHAR- or a variable -VARCHAR- it's preferable that you make separate char columns, so that PHP will not have to explode every record!

Regards, Khalid Al-Kary,

attached mail follows:

> -----Original Message----- > From: Simon Dedeyne [mailto:Simon.Dedeynepsy.kuleuven.ac.be] > Sent: Friday, January 10, 2003 9:03 AM > To: php-generallists.php.net > Subject: RE: [PHP] Mysql/php database performance question

> So I think I have to reformulate the question: which is > better 5 varchar columns of size 50 or 1 varchar column of size 250 > (regardless of parsing).

You ought to read the mysql manual on that. http://www.mysql.com/doc/en/MyISAM_table_formats.html

Where's the pain? The trade off between char and varchar is speed vs table size. Are just trying to be as fast as possible? If the db is small, I wouldn't worry about it and do what ever way you want (i.e. what's a microsecond or two?) You could try both ways and profile it several thousand times to see if it really matters.

attached mail follows:

"keeping those 5 columns with a lot of empty cells in the last columns" is better as it is means exactly for that. Just don't make it a not null field.

--
Maxim Maletsky
maximphp.net
"Khalid El-Kary" <khalid_karyhotmail.com> wrote... :
> the thing that may make difference in performance (as i think) is whether 
> you make it a fixed -CHAR- or a variable -VARCHAR- it's preferable that you 
> make separate char columns, so that PHP will not have to explode every 
> record!
> 
> Regards,
> Khalid Al-Kary,
> 
> 
> >
> >Hi,
> >
> >I got a question about using Mysql databases.
> >I load textdata in VARCHAR colums up to size 50. I have about 5 of those
> >columns.
> >The last columns often contain empty cells. (data are wordmeanings, many
> >words have only a 1 or 2meanings)
> >
> >What would be faster/better:
> >- putting everything in a big varchar column (size 5x50) and PHP parsing
> >them by comma after
> >   fetching
> >
> >  or
> >
> >- keeping those 5 columns with a lot of empty cells in the last columns?
> >
> >Thanks,
> >Simon
> >
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> _________________________________________________________________
> The new MSN 8 is here: Try it free* for 2 months 
> http://join.msn.com/?page=dept/dialup
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

char of greater size than 3 is converted to varchar anyways

>Where's the pain? The trade off between char and varchar is speed vs >table size. Are just trying to be as fast as possible? If the db is >small, I wouldn't worry about it and do what ever way you want (i.e. >what's a microsecond or two?) You could try both ways and profile it >several thousand times to see if it really matters. > > >

attached mail follows:

> -----Original Message----- > From: Marek Kilimajer [mailto:kilimajerwebglobe.sk] > Sent: Friday, January 10, 2003 11:04 AM > To: Matt Schroebel > Cc: Simon Dedeyne; php-generallists.php.net > Subject: Re: [PHP] Mysql/php database performance question >

> > char of greater size than 3 is converted to varchar anyways

Are you sure? I've been reading up on this stuff over the last few days, and my understanding is that char is stored fixed width with trailing spaces padding the string to the length specified in the schema, whereas varchar is stored is strlen(rtrim(column))+1. So a column char(45) will always take 45 bytes of space, while varchar(45) will vary from 1 to 46 bytes of space.

The first way makes locating a row in the db fast (as long as all columns are fixed width [No blob, text, or varchar columns]) since it's simple math, whereas the latter way saves space but makes MYSQLs finding a row a little harder (since the offset varies) and thus a bit slower. I have always been using varchar and have been considering changing to char.

http://www.mysql.com/documentation/mysql/bychapter/manual_Reference.html #CHAR

attached mail follows:

Sure, just tried it (32-bit platform, might be >7 for 64-bits). I have a feeling it is somewhere in the manual.

Matt Schroebel wrote:

>>-----Original Message----- >>From: Marek Kilimajer [mailto:kilimajerwebglobe.sk] >>Sent: Friday, January 10, 2003 11:04 AM >>To: Matt Schroebel >>Cc: Simon Dedeyne; php-generallists.php.net >>Subject: Re: [PHP] Mysql/php database performance question >> >> >> > > > >>char of greater size than 3 is converted to varchar anyways >> >> > >Are you sure? I've been reading up on this stuff over the last few >days, and my understanding is that char is stored fixed width with >trailing spaces padding the string to the length specified in the >schema, whereas varchar is stored is strlen(rtrim(column))+1. So a >column char(45) will always take 45 bytes of space, while varchar(45) >will vary from 1 to 46 bytes of space. > >The first way makes locating a row in the db fast (as long as all >columns are fixed width [No blob, text, or varchar columns]) since it's >simple math, whereas the latter way saves space but makes MYSQLs finding >a row a little harder (since the offset varies) and thus a bit slower. >I have always been using varchar and have been considering changing to >char. > >http://www.mysql.com/documentation/mysql/bychapter/manual_Reference.html >#CHAR > > >

attached mail follows:

> -----Original Message----- > From: Marek Kilimajer [mailto:kilimajerwebglobe.sk] > Sent: Friday, January 10, 2003 11:45 AM > To: Matt Schroebel > Cc: Simon Dedeyne; php-generallists.php.net > Subject: Re: [PHP] Mysql/php database performance question > > > Sure, just tried it (32-bit platform, might be >7 for 64-bits). > I have a feeling it is somewhere in the manual.

How'd you try it?

I created a 1 column 42 char record in phpMyAdmin. Everytime I add a row, regardless of size the dataspace increases by 42.

With a second table, with 1 column varchar(42), each 4-5 char insert resulted in 20 bytes of space (must be some minimum overhead), and a full 42 resulted in 44 bytes of dataspace used.

I'm curious here, as it seems the trade off is speed of access with char [and the overhead of removing trailing spaces on each retrieval] vs storage size in varchar [and it's improved strip right spaces on storage only happening once]. That's what the man page I pointed to last time said. There are some examples of truncating data to 4 bytes on that page but no mention of storing char as varchar.

attached mail follows:

seems to be a little bit more complicated:

CREATE TABLE `aa` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `aaa` CHAR( 50 ) NOT NULL , `bbb` CHAR( 50 ) NOT NULL );

both aaa and bbb are char now

CREATE TABLE `aaa` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `aaa` CHAR( 50 ) NOT NULL , `bbb` VARCHAR( 255 ) NOT NULL );

aaa will be varchar anyway

CREATE TABLE `aaa` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `aaa` CHAR( 50 ) NOT NULL , );

aaa is char

ALTER TABLE `aaa` ADD `bbb` VARCHAR( 250 ) NOT NULL ;

aaa in now VARCHAR

Seems like one cannot mix char and varchar columns in one table

Matt Schroebel wrote:

>>-----Original Message----- >>From: Marek Kilimajer [mailto:kilimajerwebglobe.sk] >>Sent: Friday, January 10, 2003 11:45 AM >>To: Matt Schroebel >>Cc: Simon Dedeyne; php-generallists.php.net >>Subject: Re: [PHP] Mysql/php database performance question >> >> >>Sure, just tried it (32-bit platform, might be >7 for 64-bits). >>I have a feeling it is somewhere in the manual. >> >> > >How'd you try it? > >I created a 1 column 42 char record in phpMyAdmin. Everytime I add a >row, regardless of size the dataspace increases by 42. > >With a second table, with 1 column varchar(42), each 4-5 char insert >resulted in 20 bytes of space (must be some minimum overhead), and a >full 42 resulted in 44 bytes of dataspace used. > >I'm curious here, as it seems the trade off is speed of access with char >[and the overhead of removing trailing spaces on each retrieval] vs >storage size in varchar [and it's improved strip right spaces on storage >only happening once]. That's what the man page I pointed to last time >said. There are some examples of truncating data to 4 bytes on that >page but no mention of storing char as varchar. > > > >

attached mail follows:

Oh, sorry, i should have remarked that all of the columns should be fixed width (CHAR) for this optimization to take effect, since if even one of the columns is variable width (VARCHAR) the whole row will be variable width, and it will be no use to change to CHAR.

Regards, Khalid

>seems to be a little bit more complicated: > >CREATE TABLE `aa` ( >`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , >`aaa` CHAR( 50 ) NOT NULL , >`bbb` CHAR( 50 ) NOT NULL >); > >both aaa and bbb are char now > > >CREATE TABLE `aaa` ( >`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , >`aaa` CHAR( 50 ) NOT NULL , >`bbb` VARCHAR( 255 ) NOT NULL >); > >aaa will be varchar anyway > >CREATE TABLE `aaa` ( >`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , >`aaa` CHAR( 50 ) NOT NULL , ); > >aaa is char > >ALTER TABLE `aaa` ADD `bbb` VARCHAR( 250 ) NOT NULL ; > >aaa in now VARCHAR > >Seems like one cannot mix char and varchar columns in one table > >Matt Schroebel wrote: > >>>-----Original Message----- >>>From: Marek Kilimajer [mailto:kilimajerwebglobe.sk] Sent: Friday, >>>January 10, 2003 11:45 AM >>>To: Matt Schroebel >>>Cc: Simon Dedeyne; php-generallists.php.net >>>Subject: Re: [PHP] Mysql/php database performance question >>> >>> >>>Sure, just tried it (32-bit platform, might be >7 for 64-bits). >>>I have a feeling it is somewhere in the manual. >>> >>> >> >>How'd you try it? >> >>I created a 1 column 42 char record in phpMyAdmin. Everytime I add a >>row, regardless of size the dataspace increases by 42. >> >>With a second table, with 1 column varchar(42), each 4-5 char insert >>resulted in 20 bytes of space (must be some minimum overhead), and a >>full 42 resulted in 44 bytes of dataspace used. >> >>I'm curious here, as it seems the trade off is speed of access with char >>[and the overhead of removing trailing spaces on each retrieval] vs >>storage size in varchar [and it's improved strip right spaces on storage >>only happening once]. That's what the man page I pointed to last time >>said. There are some examples of truncating data to 4 bytes on that >>page but no mention of storing char as varchar. >> >> >> >> > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus

attached mail follows:

I'm coming in a little late on this thread, but I would suggest structuring you data differently.

I would have two tables: words and meanings. Then you won't have any null fields and you won't limit yourself to just 5 definitions. It will also be a heck of a lot easier to setup a full text index on the "meaning" since you only need to index one field instead of 5.

On Friday, January 10, 2003, at 10:49 AM, Maxim Maletsky wrote:

>>> What would be faster/better: >>> - putting everything in a big varchar column (size 5x50) and PHP >>> parsing >>> them by comma after >>> fetching >>> >>> or >>> >>> - keeping those 5 columns with a lot of empty cells in the last >>> columns? >>>

-- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577

attached mail follows:

Basically, you want to do a regular expression to see what characters are in the username, and make none of them are illegal...

I currently have the rules of

5-30 characters lowercase, numbers 0-9 and underscore (_) only

I achieve this with:

<? if((!preg_match("/^[a-z0-9_]*$/", $username)) OR (strlen($username) < 5) OR (strlen($username) > 30) ) { echo "username invalid -- must contain only blah blah blah"; }

You could extend preg_match("/^[a-z0-9_]*$/", $username) to match more or less characters to suit your needs, but I'm no expert.

[a-zA-Z0-9_-] would also include a dash (-) and uppercase chars

Best advice I can give you is rather than worrying about which chars might do damage, think the other way, and only allow characters you trust.

Justin

on 10/01/03 1:46 AM, Vernon (vernoncomp-wiz.com) wrote:

> I'm having trouble when a user post a message to a MySQL database where if a > user create a user name like 'user&user' as the & symbol is used in URLs. > Does anyone have any idea how I can inform user that they have entered and > illegal character and are there are illegal characters that I should let > them use other than '&' and '?'

attached mail follows:

on 10/01/03 6:14 PM, Tom Rogers (trogerskwikin.com) wrote:

> I use webdrive which allows me to map an ftp site to a windows drive letter so > it gets treated as a local drive ..... very usefull. > You can read about it here http://www.webdrive.com/

Does anyone know of a mac (OS8/9 NOT OSX) application that does a simular thing?

Justin

attached mail follows:

Hi,

Where did he say he wanted to use Word to edit PHP files? AFAICT the idea was to automatically upload Word files, presumably to make them available on an Intranet for download etc.

As for uploading a file automatically - PHP isn't going to do it. An app which can map a virtual drive in Windows would probably be the best bet - I think Windows has built in support for mapping WebDAV and FTP servers as shares so this may be a good starting point.

HTH

Danny.

----- Original Message ----- From: "Maxim Maletsky" <maximphp.net> To: <tryneasys.com> Cc: <php-generallists.php.net> Sent: Friday, January 10, 2003 11:38 AM Subject: Re: [PHP] Is this possible with php?

> > tryneasys.com wrote... : > > > I would like to know if the follwing function can be implemneted > > in php with help of other tools: > > in PHP distribution? PHP is the programming language, not a > client/server tool. This is definitely something to be an integrated > part of something else. > > > using MS Word in windows, > > MS Word for editing PHP files? That is very, very bad ... You will never > find a job if ever mention it to an employer. Search the archives of > this list for "PHP Editors". I recommend Edit Plus for plain-text > programming. If you want a whole IDE then Zend Studio is probably the > best for you. > > > when a file is saved, can it be AUTOMATICALLY > > uploaded (via http POST or other mechanism) to a server? > > > > Currently I need to first save it on my desktop, then upload that copy > > to a php-supported server. > > Oh well, there are four ways to accomplish this. > > > 1. Professional way: > > Using CVS. CVS (cvshome.org) is a system that allows you to version your > files. This, in two words, works this way: in CVS, you `checkout' > (update) a file, edit it, and save it (if somebody else edited that file > while you edited yours both changes will merge). CVS is the most > professional solution for this thing. > > > 2. Simplest way: > > Use a mapped networking like Samba. This will mean that you will see > your server just as it was a hard disk on your windows. You drag&drop > files there and the same will occur remotely. Not a very secure way, > though. > > > 3. FTP integrated tool: > > Get a good editor that has some FTP integration. It will means that when > you `save' a file in your editor, it will automatically FTP that file on > the server. A very tool-dependent way but can work. Very cruel when > something goes wrong, though. Again, Zend IDE and Edit Plus can do that. > > > 4. The Geeky way: > > Edit all your files in a simple VIM or other fancy directly on the > server by logging there with telnet or SSH. > > > Have fun. > > > -- > Maxim Maletsky > maximphp.net > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >

attached mail follows:

On Fri, Jan 10, 2003 at 12:00:33PM -0000, Danny Shepherd wrote: > Hi, > > Where did he say he wanted to use Word to edit PHP files? AFAICT the idea > was to automatically upload Word files, presumably to make them available on > an Intranet for download etc.

Yes, automatically upload word file after the save button is pressed.

> As for uploading a file automatically - PHP isn't going to do it. An app > which can map a virtual drive in Windows would probably be the best bet - I > think Windows has built in support for mapping WebDAV and FTP servers as > shares so this may be a good starting point.

I have looked at webdav, ftp, etc. None can solve my client's problem without a major overhaul of the system. The problem is:

My client has a document management system (implemented in php) on a server. It does uploads without problem. However, each time, a file get modified, it has to be saved on local disk first and uploaded to the server by a few more clicks. It would be nice if the application (e.g.,ms words) can save the modified file directly to the server.

I am wondering if office suite applications can be tweaked (using macros, vb?), so that a 'save' event will trigger an action of automatic upload. Or there is a better approach.

Tim

attached mail follows:

> -----Original Message----- > From: pippobellnet.ca [mailto:pippobellnet.ca] > Sent: 10 January 2003 01:00 > > All of a sudden, I get the message: > Warning: Failed opening '/../lib/somefile.conf' for inclusion > (include_path='.:/usr/local/lib/php') in > /usr/local/www/html/index.php on > line 6 > > I can find nothing in the httpd.conf files that could account > for this; > there is no configuration in them for include_path.

Have you also checked in php.ini? -- that would seem to be a more likely place!

Cheers!

Mike

--------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: m.fordlmu.ac.uk Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211

attached mail follows:

I want to thank all those who made suggestions. All were helpful. Question: As my server is on LAN only, I could turn on the register_globals for debugging purposes etc. But, is the only way to turn register_globals on to uninstall and then reinstall mod_php4 with a modified php.ini file? Or is there another temporary solution until I can modify all my php files?

At 08:39 PM 1/9/2003 -0500, you wrote: >$DOCUMENT_ROOT is now $_SERVER['DOCUMENT_ROOT'] unless register_globals is >on. > >You need > >include $_SERVER['DOCUMENT_ROOT'].'/../lib/somefile.conf'; > >take care, >Greg >-- >phpDocumentor >http://www.phpdoc.org > ><pippobellnet.ca> wrote in message >news:5.1.0.14.2.20030109194115.00b32880mail.host45.com... > > I absolutely cannot understand the include_path directive. > > Can somebody, please, explain this? > > I have a situation that I find absolutely incomprehensible: I moved my > > experimental web-site from FreeBSD 4.5 running php4 v. 4.0 (or something), > > apache 1.13 where thesite worked just fine to another box with FreeBSD 4.7 > > running php4 v. 4.2.3, apache 1.13.27_1. > > All of a sudden, I get the message: > > Warning: Failed opening '/../lib/somefile.conf' for inclusion > > (include_path='.:/usr/local/lib/php') in /usr/local/www/html/index.php on > > line 6 > > > > I can find nothing in the httpd.conf files that could account for this; > > there is no configuration in them for include_path. > > > > Obviously, the php file is being parsed correctly, but there is a problem > > with the line : > > include "$DOCUMENT_ROOT/../lib/somefile.conf". > > > > It works on one machine, but not on the latest version of php4 an apache. > > > > I see there are others on the net who have had this problem, but I have >not > > yet found an explanation or a cure. > > > > HEEEEELP.... please, > > > > PJ > > > > > > > > > > > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

only modify php.ini and restart the server (apache, not the computer), run as root:

/etc/init.d/httpd restart

pippobellnet.ca wrote:

> I want to thank all those who made suggestions. All were helpful. > Question: > As my server is on LAN only, I could turn on the register_globals for > debugging purposes etc. But, is the only way to turn register_globals > on to uninstall and then reinstall mod_php4 with a modified php.ini file? > Or is there another temporary solution until I can modify all my php > files? > > PJ > > At 08:39 PM 1/9/2003 -0500, you wrote: > >> $DOCUMENT_ROOT is now $_SERVER['DOCUMENT_ROOT'] unless >> register_globals is >> on. >> >> You need >> >> include $_SERVER['DOCUMENT_ROOT'].'/../lib/somefile.conf'; >> >> take care, >> Greg >> -- >> phpDocumentor >> http://www.phpdoc.org >> >> <pippobellnet.ca> wrote in message >> news:5.1.0.14.2.20030109194115.00b32880mail.host45.com... >> > I absolutely cannot understand the include_path directive. >> > Can somebody, please, explain this? >> > I have a situation that I find absolutely incomprehensible: I moved my >> > experimental web-site from FreeBSD 4.5 running php4 v. 4.0 (or >> something), >> > apache 1.13 where thesite worked just fine to another box with >> FreeBSD 4.7 >> > running php4 v. 4.2.3, apache 1.13.27_1. >> > All of a sudden, I get the message: >> > Warning: Failed opening '/../lib/somefile.conf' for inclusion >> > (include_path='.:/usr/local/lib/php') in >> /usr/local/www/html/index.php on >> > line 6 >> > >> > I can find nothing in the httpd.conf files that could account for >> this; >> > there is no configuration in them for include_path. >> > >> > Obviously, the php file is being parsed correctly, but there is a >> problem >> > with the line : >> > include "$DOCUMENT_ROOT/../lib/somefile.conf". >> > >> > It works on one machine, but not on the latest version of php4 an >> apache. >> > >> > I see there are others on the net who have had this problem, but I >> have >> not >> > yet found an explanation or a cure. >> > >> > HEEEEELP.... please, >> > >> > PJ >> > >> > >> > >> > >> > >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php > > > >

attached mail follows:

At 12:01 PM 1/10/2003 +0000, you wrote: > > -----Original Message----- > > From: pippobellnet.ca [mailto:pippobellnet.ca] > > Sent: 10 January 2003 01:00 > > > > All of a sudden, I get the message: > > Warning: Failed opening '/../lib/somefile.conf' for inclusion > > (include_path='.:/usr/local/lib/php') in > > /usr/local/www/html/index.php on > > line 6 > > > > I can find nothing in the httpd.conf files that could account > > for this; > > there is no configuration in them for include_path. > >Have you also checked in php.ini? -- that would seem to be a more likely >place!

The only php.ini files are in work directories for installation of mod_php4 and there is no reference to register_globals, which seems to be my problem (by default, php4.2 has register_globals = off) I suppose the only way to temporarily turn the globals on is by modifying the php.ini file. But I am not sure just what the directive should be... :(( Thanks for your help, PJ

attached mail follows:

At 06:39 PM 1/10/2003 +0100, you wrote:

Problem is - the only php.ini file is in a work directory for mod_php4 installation. As far as I know, this file would not be read by apache or the php module. I do get the feeling that the only way to turn the globals on is to reinstall the php module....

PJ >only modify php.ini and restart the server (apache, not the computer), run >as root: > >/etc/init.d/httpd restart > >pippobellnet.ca wrote: > >>I want to thank all those who made suggestions. All were helpful. >>Question: >>As my server is on LAN only, I could turn on the register_globals for >>debugging purposes etc. But, is the only way to turn register_globals on >>to uninstall and then reinstall mod_php4 with a modified php.ini file? >>Or is there another temporary solution until I can modify all my php files?

attached mail follows:

register_globals = on

somewhere in php.ini

pippobellnet.ca wrote:

> At 12:01 PM 1/10/2003 +0000, you wrote: > >> > -----Original Message----- >> > From: pippobellnet.ca [mailto:pippobellnet.ca] >> > Sent: 10 January 2003 01:00 >> > >> > All of a sudden, I get the message: >> > Warning: Failed opening '/../lib/somefile.conf' for inclusion >> > (include_path='.:/usr/local/lib/php') in >> > /usr/local/www/html/index.php on >> > line 6 >> > >> > I can find nothing in the httpd.conf files that could account >> > for this; >> > there is no configuration in them for include_path. >> >> Have you also checked in php.ini? -- that would seem to be a more likely >> place! > > > The only php.ini files are in work directories for installation of > mod_php4 and there is no reference to register_globals, which seems to > be my problem (by default, php4.2 has register_globals = off) > I suppose the only way to temporarily turn the globals on is by > modifying the php.ini file. But I am not sure just what the directive > should be... :(( > Thanks for your help, > PJ > > >

attached mail follows:

pippobellnet.ca wrote:

[snip] > Problem is - the only php.ini file is in a work directory for mod_php4 > installation. As far as I know, this file would not be read by apache > or the php module. [/snip]

Run phpinfo()

<?php

phpinfo()

and see whether there's a reference to where the php.ini being used resides... Then, edit it accordingly (as somebody already mentioned).

HTH,

- E __________________________________________________ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/

attached mail follows:

At 03:14 AM 1/11/2003 +0900, you wrote: >pippobellnet.ca wrote: > >[snip] > > Problem is - the only php.ini file is in a work directory for mod_php4 > > installation. As far as I know, this file would not be read by apache > > or the php module. >[/snip] > >Run phpinfo() > ><?php > > phpinfo() > >?> > >and see whether there's a reference to where the php.ini being used >resides... Then, edit it accordingly (as somebody already mentioned). > >HTH, > >- E Duh, I feel a little stupid. I had not worked on my website for a while nor on php, so I forgot all that stuff. Turns out I had a test file already set up for this. :))

All is well now. thanks much. PJ

attached mail follows:

Hello!

I don't know if there is a bug on php4-imap debian package, but I could not connect to to my IMAP server. (With mutt it works).

PHP says: Couldn't open stream {localhost:143/notls}INBOX

I have tried everything. Add/remove the "/notls" to the port, imap2, imap3, imaps, dpkg-reconfigure libc-client2002 and allow/disallow encryted connections, etc...

I suspect that is a problem with TLS, that is not supported by PHP, but I don't know how to solve it.

The imap server is the uw-imapd: ii uw-imapd 2002a.dev.snap.021205 remote mail folder... ii uw-imapd-ssl 2002a.dev.snap.021205 Dummy upgrade package...

PHP version is 4.2.3-9, and I have tried both remotely and localy, from apache php server and using php4-cgi as shell to test only the imap_open sentence.

Thanks in advance

-- 
        .,,,     Guillermo Pérez    -=] 10/01/2003 [=-
      _' .,,,,    - bisho ( onirica.com | eurielec.etsit.upm.es )
     <·)/ ,''
      ( \/    ::               Por Galicia: ¡Nunca máis!              ::
bisho! ``\\

attached mail follows:

> -----Original Message----- > From: Jason Sheets [mailto:jsheetsshadotech.com] > Sent: 10 January 2003 02:25 > > You should always use the exit after a redirect, the browser is not > required to go to the new location. > > If you do not exit your script after you redirect and the browser does > not go to the new location you risk the unintended continued execution > of your script.

That's good advice, but the explanation is not quite accurate. If you do not exit your script after a redirect, the remainder *will* be executed and any output it generates sent to the browser. However, if the browser obeys the redirect, it will simply ignore the output you sent, and never display it -- so you've just wasted bandwidth transmitting it!

Cheers!

Mike

attached mail follows:

You can make a special case - if a special cookie is present, session is not required. Then your client script would send the cookie.

Max Davy wrote:

>Hi, > >I finally figured out how to use fsockopen() to post data >when my server responded with a Document Moved error. > >I knew the document was where I said it was ... After >many hours I realised that the location the document had >allegedly been moved to was the login screen that the >user would be redirected to if they did not have a valid >session id. > >I removed the session handling and ... success! > >This is not an acceptable solution because I need the >session to be valid. > >Any help would be most appreciated. > >Thanks, > >Max > >-- > >Oz Impact Multimedia >Innovate, Immerse, Inspire > >www.ozimpact.com > > > > >

attached mail follows:

Nick,

> As PHP becomes more accepted in the corporate world, it is only logical > that larger and more complex applications are going to be developed using > it.

To start I will state this: I am one of the consultants of a project run by 70 developers for the period of 2 years at the Ministry of the Economy and Finance of Italy.

This is supposed to be the world's first or the second biggest project in the (depending on whatever size Yahoo is like, Rasmus is there :) The project is mostly in PHP/Apache/Linux and uses Oracle and PL/SQL plus a lot of other things like Java, Ruby, C/C++, C# and even old-friend COBOL and NatStar. Most of the whole thing is PHP/Oracle though. There are approximately 104 servers in all the regions of Italy and are some 5-8.000 authenticated users.

Best part of PHP was not really the price (there were money) but the compatibility for all the technologies we needed to communicate within the framework. There are also parts written in other languages and PHP handles them just well.

Normally, one chooses Java for such things as Java is supposed to be the most dymanic and flexible language. But, personally, I don't see it that way - I prefer PHP because of the faster development times what makes the application's quality much higher and things much quicker to implement.

> While there is an abundance of information out there about making > specific things work, there seems to be a shortage regarding the big picture.

Because of this, PHP is also cheaper - you need less time for debugging and researching online. Bigger you go - more you appreciate things like this mailing list and the tons and tons of online resources.

Need a check for the email format?

in PHP - a) Google / SourceForge / app you know has it. in 3-5 minutes you got it. in Java - a) What Sun's CD was that? b) What class was that? c) Is it copyrighted? d) Can it be used for free??? ....

So, you end up making it on your own, even if Java makes all these `reusable components' you still need to tripple-check the things and so on ....

> As such, my question is this: What methods and techniques can be used to > help design and build complex, medium to large PHP applications that are > not only scalable, but maintainable and extensible? > > Obviously separating application and business logic from interface code is > a given, but what about other things? Are the object orientated facilities > of PHP currently worth really trying to take advantage of? If so, what are > you doing to take advantage of them? Are design concepts such as design > patterns relevant at this level? What frameworks, if any, currently exist > to assist in rapid, structured development, and what specific benefits do > they bring to the table?

Everyone says OOP. But, in reality I'd say: OOP only for the things you reuse more that once. The rest of application should be written in plain concept of

1. Auto-prepend 2. Prepare XML output 3. Auto-append for the layout

Which is something like, let's load a few classes every file needs. Then simply make the file's functionality based on params received and output some XML. The XML will then be used or laying out the page and the rest of the process.

Everyone this way gets much a simpler framework to develop with.

The important parts of a large PHP project, in my opinion, are:

1. High and solid standardization of the framework and coding. Meaning that everyone works in the same way and not `as he thinks is the best'. This will give the possibility for the team to work better together and move between the sub-projects easier. It's same in every language, so one should really care.

2. Have at least a one or two people who maintain the commonly shared libraries. This is, when someone says "Hey, I want this code to my page too" the team answers: "which code?" and then takes that code, creates a library component, document it and organizes it within the libraries.

3. All of the output for the application is better to be an intermediate mark-up like XML. This way you can have the designers who get XML and apply whatever templates to it. Programmers should never care how something looks - their output is plain XML and that is it. Other technics are good too - for instance Smarty if a good idea. But, I'd still prefer XML and then XSLT and then caching mechanism to avoid overload.

4. 30% (AT LEAST!!!) of thee development times should be spent for planning. That is - no coding just sitting with the pen and paper in the meeting room and designing the framework till everyone agrees. After that point everyone knows exactly what is where and things becomes very fast.

5. team should have tools already ready AND STANDARIZED for them to do the development. Thus, CVS is a must. No one should care what OS one uses for development workstation, but the way it is organized on the server should be once agreed and never changed. It is too expensive to change even a simple .htaccess file - take one hour from 70 people to explain what happened and you ended up with 70 hours (2 weeks of amployee's time) lost. There can be no mistakes.

So, in conclusion I'd say - language doesn't really make a big deal out of itself when this is a BIG project, what matter is the professionality and knowledge of people. PHP can do almost all of it, so as long as the management is good, times are not idiotically strict and people are enough - you can do it just fine.

-- Maxim Maletsky maxim

php.net

attached mail follows:

> I'm looking for online > references, personal experience and opinion and even examples of open > source code which you think demonstrate the above criteria on this one.

I have found the Smarty template engine (http://smarty.php.net/) to be a most excellent tool for separating business logic and presentation.

attached mail follows:

Adam, et al --

...and then Adam Ferguson said... % % Hello ...

Hi!

% % I was wondering if anyone had a good resource or code sample for opening ( or accessing ) an excel spreadsheet using php. I need to be able to convert a spreadsheet of products and info to a table of products in a mysql database. Also ... I need to be able to perform this on a Linux machine. Any help would be great.

I haven't used either, but xlHtml and xls2csv have been mentioned on the mutt-users list a few times for when one receives those annoying attachments.

% % Thanks guys! % Adam Ferguson

HTH & HAND

:-D

-- David T-G * There is too much animal courage in (play) davidtg

justpickone.org * society and not sufficient moral courage. (work) davidtgwork

justpickone.org -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE+HroaGb7uCXufRwARAtgqAKCuwtC5mpFjngtVQiWoYm5XUon3hgCfT0hH UnWdJLv8UNR7mxXdzh3BgOY= =gdPX -----END PGP SIGNATURE-----

attached mail follows:

as a 'one off' exercise I recently did something similar except the data was from Access, but would work the same from an excel file:- saved as a CSV file and then used phpMyAdmin to import the CSV file data into a MySQL table (of course, didn't have to use phpMyAdmin for this but it did make the import process very quick and straight forward)

"Adam Ferguson" <adamadamferguson.com> wrote in message news:002001c2b86e$34514590$6601a8c0FERG... Hello ...

I was wondering if anyone had a good resource or code sample for opening ( or accessing ) an excel spreadsheet using php. I need to be able to convert a spreadsheet of products and info to a table of products in a mysql database. Also ... I need to be able to perform this on a Linux machine. Any help would be great.

Thanks guys! Adam Ferguson

attached mail follows:

write a macro which will create a file with insert statments from the data in the excel sheet. run the macro get the file and run it on the linux box Gurvinder Singh www.gurvindersingh.com

<rblackdatavisibility.co.uk> wrote in message news:OFC136F6B2.F56E7B76-ON80256CAA.003F673Cd-h.co.uk... > > If this is a one off excercise, ie you only have to do it once and > afterwards things will be dealt with ENTIRELY through the MySQL database, > you could save the spreadsheet as a CSV file and work with that. > > HTH, > > Richy > > ========================================== > Richard Black > Senior Developer, DataVisibility Ltd - http://www.datavisibility.com > Tel: 0141 951 3481 > Email: rblackdatavisibility.co.uk > > > > Maxim Maletsky > <maximphp.net To: "Adam Ferguson" <adamadamferguson.com> > > cc: <php-generallists.php.net> > Subject: Re: [PHP] Converting Excel Spreadsheet to MySQL table ... > 10/01/2003 > 11:40 > Please respond > to maxim > >

> > > > > > Excel on its own is a compiled document. However, I think there was some > way to do that. I remember I had to do it for MS Aceess files (Access -> > mySQL) and i used a tool made by a brasilian guy, (someone remind me the > name). I have the feeling that this is accomplisheable. Not sure if > directly on Linux box... > > > -- > Maxim Maletsky > maximphp.net > > > > "Adam Ferguson" <adamadamferguson.com> wrote... : > > > Hello ... > > > > I was wondering if anyone had a good resource or code sample for opening > ( or accessing ) an excel spreadsheet using php. I need to be able to > convert a spreadsheet of products and info to a table of products in a > mysql database. Also ... I need to be able to perform this on a Linux > machine. Any help would be great. > > > > Thanks guys! > > Adam Ferguson > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs SkyScan > service. For more information on a proactive anti-virus service working > around the clock, around the globe, visit http://www.messagelabs.com > ________________________________________________________________________ > > > >

attached mail follows:

Sean, et al --

...and then Sean Malloy said... % ... % % Its a bad example. However, it demonstrates that the relative path for each % include changed depending on what file was being included. % % PHP doesn't do that. Which is kind of annoying, but you get used to it.. But

Not only does one get used to it, but one might have preferred it that way in the first place :-)

% I've come up with a work around. % % htdocs/index.php % include('./system/core.php'); % % htdocs/system/core.php % define('CORE_PATH', str_replace('core.php', '', __FILE__)); % include(CORE_PATH.'logic/engine.php'); % % htdocs/system/logic/engine.php % include(CORE_PATH.'html/header.php');

I've come up with the following trick for files being tested in a development environment.

In general, we have

$ cat index.php <?php include("/home/sites/.php/devel/index.inc";)?>

$ cat other.php <?php include("/home/sites/.php/devel/other.inc";)?>

where /devel might be missing (for production code) or /test (for a test version) or anything else for some devel offshoot. There are various files included within index.inc, and we of course want to get the right copies.

So in index.inc and other.inc and any other files, I have a short

# this will let us figure out where we are and then always source the right include stuff! # it does not work with symlinks (__FILE__ reports the *target*) # you must have a full env tree in your devel tree; we now look exclusively in $DEVELDIR if set if ( ereg("/home/sites/\.php/",__FILE__) ) # are we *somewhere* in our usual master tree? { $DEVELDIR = preg_replace("|/.*/home/sites/\.php(.*)/[^/]*$|","\\1",__FILE__) ; } # get the working dir

followed by

include("/home/sites/.php$DEVELDIR/includestuff.inc"); # include our various files

where includestuff.inc looks like

# config settings and functions and the like foreach ( array ( "config.php" , "functions.inc" ) as $incfile ) { foreach ( array # (this could be quite long) ( "/home/sites/.php$DEVELDIR", # host-wide dir "$_SERVER[DOCUMENT_ROOT]", # web-site-wide dir getcwd() # this job ) as $dir # what do we call it? ) { if ( file_exists ("$dir/$incfile") ) # is there a script file? { include ("$dir/$incfile") ; } # well, include it! } }

and, as you can see, gets the master config.php and functions.inc from the proper devel tree (as well as then from the doc root and the script dir), and any other includes down in the script point the same way like

include ("/home/sites/.php$DEVELDIR/index.table.inc"); # magic auto-table code

or so. It's hard-coded to our central directory (/home/sites/.php) but you have to write these things down somewhere :-)

% ... % Hope someone finds that useful

Same here :-)

HTH & HAND

:-D

-- David T-G * There is too much animal courage in (play) davidtg

justpickone.org * society and not sufficient moral courage. (work) davidtgwork

justpickone.org -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE+Hr0HGb7uCXufRwARAlYPAJ0Y/CTwQ5YfJu6aFYi13EH8ath/nwCgpHO6 LkKcFzCPX6+0Y1j+b31qDac= =nWOL -----END PGP SIGNATURE-----

attached mail follows:

Hi, I´m a newbie in PHP. How can I declare a structured type in PHP like the struct statement in C ? Thanks amjr

attached mail follows:

use array, but remember, there is no type declaration in php. example

$structure = array ( 'id' => 1, 'subs' => array( 'sub1', sub2'));

ntuser wrote:

>Hi, > >I´m a newbie in PHP. >How can I declare a structured type in PHP like the struct statement in C ? > >Thanks > >amjr > >

attached mail follows:

On Fri, 10 Jan 2003 10:38:31 +0000 (GMT), you wrote:

>On Wed, 8 Jan 2003, Macrosoft wrote: > >> Can anybody explain me what does mean error: >> >> Warning: main(footer.inc.php) [function.main.html]: failed to >> create stream: >> Too many open files in /www/sql/main.php on line 96 >> >> (phpPgAdmin 2.4.2 scripts, PHP 4.3.0 + Apache) >> >> Does PHP exceed any limit of opened files? How can I change the limit?

As someone else said, this is an OS issue, but if you're running on Linux do a Google search for:

/proc/sys/fs/file-max

attached mail follows:

On Friday 10 January 2003 09:27 pm, Michael Sims wrote: > >> Warning: main(footer.inc.php) [function.main.html]: failed > >> to create stream: > >> Too many open files in /www/sql/main.php on line 96

> As someone else said, this is an OS issue, but if you're running on > Linux do a Google search for: > > /proc/sys/fs/file-max

something else to point out. if you are hitting this limit, it's possible that you're doing something wrong. what does main.php do? how many files does it include? what are you trying to do in there that could lead to opening lots of files? e.g., do you have a loop that opens files, does something with them, then continues the loop (opening more files without closing the previously opened files that you don't need anymore)?

tiger

-- Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Veritas liberabit vos. Doveryai no proveryai.

attached mail follows:

redhat linux 7.3 apache 1.3.27 mysql 3.23.49 php 4.0.4pl1 (static install) mod_ssl-2.8.12

the box had php 4.2.3 installed on it originally. we had a mysql application that would only run with php version 4.0.4pl1 so we installed the old version of php and everything worked.

then we ran autorpm with the 'interactive' setting (just downloading and not auto installing) and the application broke. when I run debug_phpinfo it says version 4.2.3. we have reinstalled php version 4.0.4pl1 and debug_phpinfo still says version 4.2.3 and the app. remains broken. yes we copied the php.ini file after the install.

we checked the new php binary and its definitely version 4.0.4pl1. we're pulling our hair out. what are we doing wrong/do we have yet to do?

thanks!

attached mail follows:

Thanks! But your .txt are not carriage-returned, it just runs continuosly, very hard to read. Is that you odd programming style or can you send me another that has "enter" and newline?

Sorry for the trouble... sorry..

-----Original Message----- From: Michael Sims [mailto:mhsimsmidsouth.rr.com] Sent: 10 January 2003 09:30 To: See kok Boon Subject: Re: [PHP] how to make server response to emails

On Fri, 10 Jan 2003 18:51:07 +0800, you wrote:

>Thanks Michael!!

Not a problem...

>Can I also request that you send the perl equivalent script that you have >written to me to kokboonshinningstudios.com please?

I've attached the scripts. The main one is vagent-admin.pl, and it includes code from common.pl. There's tons of stuff in there that probably won't be of any interest, but take a look at the subroutine "parsemail" that inside vagent-admin.pl. Also, my coding standards were fairly odd when I wrote this (lots of tabs) so apologizes if it's hard to read. If anything doesn't make sense let me know.

attached mail follows:

-----Original Message----- From: Michael Sims [mailto:mhsimsmidsouth.rr.com] Sent: 10 January 2003 09:30 To: See kok Boon Subject: Re: [PHP] how to make server response to emails

On Fri, 10 Jan 2003 18:51:07 +0800, you wrote:

>Thanks Michael!!

Not a problem...

>Can I also request that you send the perl equivalent script that you have >written to me to kokboonshinningstudios.com please?

attached mail follows:

Benjamin, you are my father! Dude! That worked perfectly...

In case you all didn't understand what I was trying to do, attached are some examples... This worked thanks to "Benjamin Vincent" ;-)

------------ snip 'customer_email.php' -------------- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html> <head> <title>Untitled</title> </head>

<body> <CENTER> <TABLE> <TR><TD><B>Username</B></TD><TD><B><?=$User?></B></TD></TR> <TR><TD><B>Password</B></TD><TD><B><?=$Password1?></B></TD></TR> <TR><TD><B>Company Code</B></TD><TD><B><?=$Company?></B></TD></TR> </TABLE> </CENTER> </body> </html> ------------ snip 'customer_email.php' --------------

------------ snip 'emailtest.php' -------------- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html> <head> <title>EMAIL include test</title> </head>

<body> <?php

$User = "test user"; $Password1 = "mypass"; $Company = "mycomp";

// email us to let us know there is a new user. $email = "daeviddaevid.com"; $subject = "email test"; $myname = "emailtest"; $myemail = "emailtestdaevid.com"; $myreplyemail = $myemail;

ob_start(); include("/www/secure.interactnetworks.com/customer_email.php"); $message = ob_get_contents(); ob_end_clean();

$headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers .= "From: ".$myname." <".$myemail.">\r\n"; $headers .= "To: ".$email."\r\n"; $headers .= "Reply-To: ".$myname." <".$myreplyemail.">\r\n"; $headers .= "X-Mailer: Linux Server"; mail($email, $subject, $message, $headers);

echo $message; ?> check your email to see if this worked. </body> </html> ------------ snip 'emailtest.php' --------------

> -----Original Message----- > From: Benjamin Niemann [mailto:b.niemannbetternet.de] > Sent: Friday, January 10, 2003 2:02 AM > To: php-generallists.php.net > Subject: Re: [PHP] how can I use an external 'template' file > and still use PHP variables? > > > I think this should make it: > > ob_start(); > include("/pathto/customer_email.php"); > $message = ob_get_contents(); > ob_end_clean(); > > ----- Original Message ----- > From: "Daevid Vincent" <daeviddaevid.com> > To: <php-generallists.php.net> > Sent: Friday, January 10, 2003 10:48 AM > Subject: [PHP] how can I use an external 'template' file and > still use PHP > variables? > > > > I've posted this a few weeks ago with no response. I want to use an > > external > > "email template" as it were, so that the sales guys can > edit it as they > > like and simply shuffle the variables around that they need > > $username and $password (either with or without the <?php ?> tags). > > > > I don't want them mucking around in my code and potentially > screwing it > > up. Not to mention having a huge 'email' text in between those > > HTMLMESSAGE markers is ugly as hell and ends up making the > color-coding > > in HomeSite all kinds of whack at the end of it. > > > > I tried to use: > > > > $message = <<<HTMLMESSAGE > > include("/pathto/customer_email.php"); > > HTMLMESSAGE; > > > > But $message has the literal string > > ''include("/pathto/customer_email.php");'' instead of including the > > file. Grr.. (wouldn't it make sense that an include() > should be parsed > > FIRST with the contents put in place basically? This seems > like a 'bug' > > not a feature. > > > > I also tried: > > > > $filename = "/pathto/customer_email.php"; > > $fd = fopen ($filename, "r"); > > $message = fread ($fd, filesize ($filename)); > > fclose ($fd); > > > > But all the $username, etc. are treated as literals and if I use > > <?=$username?> in the customer_email.php the field is blank > (like it's > > being parsed but doesn't have a value for it or something), > instead of > > being converted to their actual PHP values. I also tried to put the > > "global" keyword in the customer_email.php file at the top. > > > > Ideally I would like to set things up so we have varoius form letter > > emails and I can switch them around based upon say a "special order > > code", where the $user/$pw is always the same (depending on > the database > > user of course), but the email content is different formats. > > > > Is there no way to accomplish this? Am I not being clear on > what it is > > I'm trying to accomplish? > > > > My final thought is to use some regex to search for > <?=$username?> in > > $message after it's all been read in, and replace it with > the variable > > $username or make up my own tag codes like [!username!] or something > > like that. This seems like such a hack, when PHP should be > able to do > > this natively somehow. > > > > Surely somebody out there has had to do this type of thing? >

attached mail follows:

Anyone?

CDitty

>>> "Christopher Ditty" <cdittymlgw.org> 01/09/03 04:04PM >>> I have successfully installed oracle 8.1.7 w/ php and have it configured to run from the command line. When I run a simple script that connects, and selects records from the database, the last line is a segmentation fault error. This does not seem to happen when the same script is run through the browser.

Can anyone offer any help or advice? The code is listed below.

CDitty

#!/usr/bin/php <? function oci8Connect(){ $db_conn = ocilogon("usrname","pwd", "dbase"); if (!$db_conn){ echo "Help<br>"; exit (); } echo "Connected<br>"; return ($db_conn); }

$conn = oci8Connect();

$stmt = ociparse($conn,"select * from US_MSTR"); ociexecute($stmt);

$i=0; $row = array();

while(OCIFetchInto($stmt, &$row, OCI_ASSOC)){ # do stuff with $row... echo $row['US_ID'] . " $i<br>"; $i++; }

ocifreestatement($stmt); ocilogoff($conn); ?>

-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

attached mail follows:

Are you saying that OCILogoff gives you the segfault? It's very strange because OCILogoff is actually an "empty" function - all the contents of that function is commented and is there only for the backwards compatibility reasons. Zend API ends OCI sessions automatically as script's execution ends.

Do what, try removing the last function from your script and run again. If the segfault happens again submit a bug report at http://bugs.php.net with all the possible details (server log, script, system etc) and I will take over the bug myself (I maintain the OCI8 extension)

--
Maxim Maletsky
maximphp.net
"Christopher Ditty" <cdittymlgw.org> wrote... :
> Anyone?
> 
> CDitty
> 
> >>> "Christopher Ditty" <cdittymlgw.org> 01/09/03 04:04PM >>>
> I have successfully installed oracle 8.1.7 w/ php and have it
> configured
> to run from the command line.  When I run a simple script that
> connects,
> and selects records from the database, the last line is a segmentation
> fault error.  This does not seem to happen when the same script is run
> through the browser.  
> 
> Can anyone offer any help or advice?  The code is listed below.
> 
> CDitty
> 
> #!/usr/bin/php
> <?
> function oci8Connect(){
>          $db_conn = ocilogon("usrname","pwd", "dbase");
>          if (!$db_conn){
>          	echo "Help<br>";
>             exit ();
>          }
>          echo "Connected<br>";
>          return ($db_conn);
> }
> 
> $conn = oci8Connect();
> 
> $stmt = ociparse($conn,"select * from US_MSTR");
>   ociexecute($stmt);
> 
> 	$i=0;
> 	$row = array();
> 
>   while(OCIFetchInto($stmt, &$row, OCI_ASSOC)){
>  		# do stuff with $row...
>  		echo $row['US_ID'] . " $i<br>";
>  		$i++;
> 	}
> 
> 	ocifreestatement($stmt);
> 	ocilogoff($conn);
> ?>
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php 
> 
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

Hey All. The subject line pretty much says it all. I have php-nuke installed in the / directory and it works fine. However, when I try to run the gallery or netjuke software (also php) They just return the source code of the file. (not exactly what you want) I am using Apache 2.0 and php 4.3 (compiled from sources) on a redhat 8.0 box. If needed I will include the configs, but I don't want to waste bandwidth.

attached mail follows:

"Jacob" <listsbraindonors.net> wrote... :

> Hey All. > > The subject line pretty much says it all. > > I have php-nuke installed in the / directory and it works > fine. > However, when I try to run the gallery or netjuke software > (also php) > They just return the source code of the file. (not exactly > what you want) > > I am using Apache 2.0 and php 4.3 (compiled from sources) on > a redhat 8.0 box. > > > If needed I will include the configs, but I don't want to waste > bandwidth.

what are the extensions of these files? You might need to add them to your httpd.conf or .htaccess files.

-- Maxim Maletsky maxim

php.net

attached mail follows:

I highly doubt it. The server, and PHP, have absolutely no idea about frames and don't care about them, it's just handling page requests. Frames are a display feature in the browser and it's the browser that requests the various pages it needs for display. PHP is just getting a few page requests in quick succession and as far as I know, PHP is thread safe where it uses threads. Meaning it won't trip over itself.

What may be slowing things down is the number of files the browser needs to download, which is a minimum of 9 with 8 frames. And that doesn't include any image files. Most browsers limit themselves to certain number of connections. IE for Mac defaults to 4 max connections and can be set as high as 8. So with 9 files to download the browser won't even request the 9th file until at least one of the first 8 is completely downloaded. And then you have the overhead in the browser parsing all those files for display.

I don't know what your web page looks like, but perhaps Javascript, CSS and/or DHTML could reduce the number of frames being used.

On Thursday, January 9, 2003, at 01:45 PM, Dale Schell wrote:

> All of the pages in these frames activate the > session, and some of them modify session variables. > Can this cause the pages to load slowly? Can a page have the session > file write locked and make other pages wait?

-- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577

attached mail follows:

Dale Schell wrote:

>List, > I have a website that uses (too) many frames. At its most ugly, it will >load 8 frames at once. All of the pages in these frames activate the >session, and some of them modify session variables. > Can this cause the pages to load slowly? Can a page have the session >file write locked and make other pages wait? > I don't know the php internals, but my guess is yes, each session_start() locks the session file and the lock is released when you session_write_close or your script ends, otherwise some session variables could be lost. Other scripts with session_start will wait. You should after calling session start do what is neccessery and call session_write_close()

> >Thanks for your help, >Dale >daledatabright.com > > > > >

attached mail follows:

Thanks, that helped out a lot. One of those RTFM times.

Dale

On 1/10/03 10:24, "Marek Kilimajer" <kilimajerwebglobe.sk> wrote:

> Dale Schell wrote: > >> List, >> I have a website that uses (too) many frames. At its most ugly, it will >> load 8 frames at once. All of the pages in these frames activate the >> session, and some of them modify session variables. >> Can this cause the pages to load slowly? Can a page have the session >> file write locked and make other pages wait? >> > I don't know the php internals, but my guess is yes, each > session_start() locks the session file and the lock is released when you > session_write_close or your script ends, otherwise some session > variables could be lost. Other scripts with session_start will wait. You > should after calling session start do what is neccessery and call > session_write_close() > >> >> Thanks for your help, >> Dale >> daledatabright.com >> >> >> >> >> >

attached mail follows:

Can PHP connect to IMB DB2 dbms running on an AIX Unix server?

Jack

attached mail follows:

Yes, it can. Use the odbc_connect. Here's what I use that work...

--clip-- $database = "TEST_DB"; $user = "db2inst1"; $pass = "ibmdb2";

$cid = odbc_connect($database,$user,$pass) or die("Unable to Connect to Database !!!") ; if ($cid == 0) { exit("<br><br><font color='red'><b>Unable to Connect to Database !!!</b></font><br><br>"); } --clip--

"Jack Schroeder" <jack.schroederbnsf.com> wrote in message news:3E1EE24F.1DA998E4bnsf.com... > Can PHP connect to IMB DB2 dbms running on an AIX Unix server? > > Jack >

attached mail follows:

Be care of the PHP bug on one of hte php function, odbc_fetch_row(). This function does not very well start at 0 when the odbc_fetch_row() start automatically, so you'll have to at the counter inside the function. Why is that, I do not know. Here's the example of the workaround I did. --clip--

$cid = odbc_connect('blah blah blah');

$ask7 = "SELECT * FROM INQUIRIES WHERE USER_ID = '38SCK3'";

$R7 = odbc_exec($cid,$ask7);

$result = odbc_result($R7,1);

echo "Result or No Result??? --> ".odbc_fetch_row($R7);

$bug_workaround=0;

while (odbc_fetch_row($R7,++$bug_workaround))

{

odbc_fetch_into($R7,$inquiry,$inq_c);

echo $inquiry[0], $inquiry[1];

}

--clip--

"Jack Schroeder" <jack.schroederbnsf.com> wrote in message news:3E1EE24F.1DA998E4bnsf.com... > Can PHP connect to IMB DB2 dbms running on an AIX Unix server? > > Jack >

attached mail follows:

Grrrr... I meant to say "Be careful of the PHP bug".

"Scott Fletcher" <scottabcoa.com> wrote in message news:20030110154015.28739.qmailpb1.pair.com... > Be care of the PHP bug on one of hte php function, odbc_fetch_row(). This > function does not very well start at 0 when the odbc_fetch_row() start > automatically, so you'll have to at the counter inside the function. Why is > that, I do not know. Here's the example of the workaround I did. > --clip-- > > $cid = odbc_connect('blah blah blah'); > > $ask7 = "SELECT * FROM INQUIRIES WHERE USER_ID = '38SCK3'"; > > $R7 = odbc_exec($cid,$ask7); > > $result = odbc_result($R7,1); > > echo "Result or No Result??? --> ".odbc_fetch_row($R7); > > $bug_workaround=0; > > while (odbc_fetch_row($R7,++$bug_workaround)) > > { > > odbc_fetch_into($R7,$inquiry,$inq_c); > > echo $inquiry[0], $inquiry[1]; > > } > > --clip-- > > "Jack Schroeder" <jack.schroederbnsf.com> wrote in message > news:3E1EE24F.1DA998E4bnsf.com... > > Can PHP connect to IMB DB2 dbms running on an AIX Unix server? > > > > Jack > > > >

attached mail follows:

For a moment, I thought you were referring to me when you said "Fletcher" since it's my name also. :-)

FletchSOD "Mike Ford" <M.Fordlmu.ac.uk> wrote in message news:7E070107F405BA4790C43526CC4985A10132AD33lis-exchange3.lmu.ac.uk... > > -----Original Message----- > > From: Dave Gervais [mailto:dag27dslmagma.ca] > > Sent: 09 January 2003 21:36 > > > > Here is the C code. There is a decode function, but I don't > > need it in > > PHP because I have a C program listening to serial port on > > the other end > > that will validate the checksum. > > > > > > /* > > * operator fletcher_encode > > */ > > fletcher_encode( buffer, count ) > > unsigned char* buffer; > > long count; > > { > > int i; > > unsigned char c0 = 0; > > unsigned char c1 = 0; > > * ( buffer + count - 1 ) = 0; > > * ( buffer + count - 2 ) = 0; > > for( i = 0; i < count; i++) > > { > > c0 = c0 + * ( buffer + i ); > > c1 =c1 +c0; > > } > > * ( buffer + count - 2 ) = c0 - c1; > > * ( buffer + count - 1 ) = c1 - 2*c0; > > } > > > > > > My problem with PHP was with the unsigned char. > > Well, as I guess that would effectively be an integer in the range 0-255, I'd just treat it as an integer and reduce it modulo 256 in places where it might overflow that value. > > Exactly how this translates into your PHP code depends on how you're translating the rest of the routine, and especially what you turn buffer into, but the loop might go something like: > > for ($i=0; $i<$count; $i++): > $c0 = ($c0+$buffer[i])%256; > $c1 = ($c1+$c0)%256; > endfor; > > You could also do the modulo 256 reduction by doing a bitwise and with 0xff (or 0377, or 255), of course -- this is likely to be more efficient, and may, depending on your point of view, be more obvious as to what's going on. Then your loop might look like this: > > for ($i=0; $i<$count; $i++): > $c0 = ($c0+$buffer[i])&0xff; > $c1 = ($c1+$c0)&0xff; > endfor; > > Hope this is helpful and sets you off on the right track. > > Cheers! > > Mike > > --------------------------------------------------------------------- > Mike Ford, Electronic Information Services Adviser, > Learning Support Services, Learning & Information Services, > JG125, James Graham Building, Leeds Metropolitan University, > Beckett Park, LEEDS, LS6 3QS, United Kingdom > Email: m.fordlmu.ac.uk > Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211

attached mail follows:

Here's the challenging project I'm doing. I'm trying to encrypt the user_id and password in javascript and submit it. Then have PHP to decrypt the user_id and password. The only problem I have is I don't know what javascript function or javascript algorithm that can also work the same way as the php function or php algorithm. Anybody know?

Thanks, FletchSOD

attached mail follows:

The way you want it can be securely done only using asymetric encryption, which is not available to JS. Do you really need to encrypt user_id? You could use md5 to hash password with some random string, store the hash in a hidden field and erase password. On server side if the hidden field is set compare it whith a hash you create with password and the random string (keep the string as a session variable, don't pass it as a form hidden field). If the hidden hash field is not set, use normal procedure.

code:

server: $_SESSION[random]=create_random_string();

client: function onsubmit(form) { form.hiddenfield.value= md5( md5(form.password.value) + form.randomstring.value); form.password.value=''; return true; }

server: if($_POST[hiddenfield]) { $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' AND '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))");

} else { $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' AND password=MD5($_POST[password]"); }

this example assumes passwords are stored as md5 hashes in the database

Scott Fletcher wrote:

>Here's the challenging project I'm doing. I'm trying to encrypt the user_id >and password in javascript and submit it. Then have PHP to decrypt the >user_id and password. The only problem I have is I don't know what >javascript function or javascript algorithm that can also work the same way >as the php function or php algorithm. Anybody know? > >Thanks, > FletchSOD > > > > >

attached mail follows:

I'll look into this and try it out. The only thing that is important to me is that the password get encrypted before transmitting across the internet. I'm not worry if the JS is disabled because if it is then the login will never be authenticated. I'll keep on exploring for way to increase security. Thanks for the response.

"Marek Kilimajer" <kilimajerwebglobe.sk> wrote in message news:3E1EEDFA.30202webglobe.sk... > The way you want it can be securely done only using asymetric > encryption, which is not available to JS. > Do you really need to encrypt user_id? You could use md5 to hash > password with some random string, > store the hash in a hidden field and erase password. On server side if > the hidden field is set compare it > whith a hash you create with password and the random string (keep the > string as a session variable, don't > pass it as a form hidden field). If the hidden hash field is not set, > use normal procedure. > > code: > > server: > $_SESSION[random]=create_random_string(); > > client: > function onsubmit(form) { > form.hiddenfield.value= md5( md5(form.password.value) + > form.randomstring.value); > form.password.value=''; > return true; > } > > server: > if($_POST[hiddenfield]) { > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > AND > '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); > > } else { > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > AND password=MD5($_POST[password]"); > } > > this example assumes passwords are stored as md5 hashes in the database > > Scott Fletcher wrote: > > >Here's the challenging project I'm doing. I'm trying to encrypt the user_id > >and password in javascript and submit it. Then have PHP to decrypt the > >user_id and password. The only problem I have is I don't know what > >javascript function or javascript algorithm that can also work the same way > >as the php function or php algorithm. Anybody know? > > > >Thanks, > > FletchSOD > > > > > > > > > > >

attached mail follows:

Hey! There's no MD5 in Javascript which is why I post hte question in the first place. Now I lost 5 hours of my time working on writing this script. You're going to have to be careful because you had to make sure there is MD5 features in Javascript before posting a reply.

I found a workaround to it. You have to manually create a MD5 algorithm in Javascript. I did the google search and got this, it is at http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash/ . Pretty cool, isn't it!!!!!

Take care, Scott "Scott Fletcher" <scottabcoa.com> wrote in message news:20030110160708.59273.qmailpb1.pair.com... > I'll look into this and try it out. The only thing that is important to me > is that the password get encrypted before transmitting across the internet. > I'm not worry if the JS is disabled because if it is then the login will > never be authenticated. I'll keep on exploring for way to increase > security. Thanks for the response. > > > "Marek Kilimajer" <kilimajerwebglobe.sk> wrote in message > news:3E1EEDFA.30202webglobe.sk... > > The way you want it can be securely done only using asymetric > > encryption, which is not available to JS. > > Do you really need to encrypt user_id? You could use md5 to hash > > password with some random string, > > store the hash in a hidden field and erase password. On server side if > > the hidden field is set compare it > > whith a hash you create with password and the random string (keep the > > string as a session variable, don't > > pass it as a form hidden field). If the hidden hash field is not set, > > use normal procedure. > > > > code: > > > > server: > > $_SESSION[random]=create_random_string(); > > > > client: > > function onsubmit(form) { > > form.hiddenfield.value= md5( md5(form.password.value) + > > form.randomstring.value); > > form.password.value=''; > > return true; > > } > > > > server: > > if($_POST[hiddenfield]) { > > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > > AND > > '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); > > > > } else { > > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > > AND password=MD5($_POST[password]"); > > } > > > > this example assumes passwords are stored as md5 hashes in the database > > > > Scott Fletcher wrote: > > > > >Here's the challenging project I'm doing. I'm trying to encrypt the > user_id > > >and password in javascript and submit it. Then have PHP to decrypt the > > >user_id and password. The only problem I have is I don't know what > > >javascript function or javascript algorithm that can also work the same > way > > >as the php function or php algorithm. Anybody know? > > > > > >Thanks, > > > FletchSOD > > > > > > > > > > > > > > > > > > >

attached mail follows:

If you want to increase security then you really should use a secure connection, then everything is encrypted as well as other security measures. Even if you do encrypt the password you also need to establish and track a session to make sure it's the same computer you are communicating with, guarding against a hijacked connection. Besides, using SSL is a heck of a lot easier. Just get a certificate for the server and slap https:// on the front of the URL. I'll admit I summarized the process a bit.

On Friday, January 10, 2003, at 11:12 AM, Scott Fletcher wrote:

> I'll look into this and try it out. The only thing that is important > to me > is that the password get encrypted before transmitting across the > internet. > I'm not worry if the JS is disabled because if it is then the login will > never be authenticated. I'll keep on exploring for way to increase > security.

-- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577

attached mail follows:

Really, pretty cool. I don't know why I was so sure there was a md5 function in javascript (propably because I thought is was everywhere - untill now). Thanks for the link.

Scott Fletcher wrote:

>Hey! There's no MD5 in Javascript which is why I post hte question in the >first place. Now I lost 5 hours of my time working on writing this script. >You're going to have to be careful because you had to make sure there is MD5 >features in Javascript before posting a reply. > >I found a workaround to it. You have to manually create a MD5 algorithm in >Javascript. I did the google search and got this, it is at >http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash/ >. Pretty cool, isn't it!!!!! > >Take care, > Scott >"Scott Fletcher" <scottabcoa.com> wrote in message >news:20030110160708.59273.qmailpb1.pair.com... > > >>I'll look into this and try it out. The only thing that is important to >> >> >me > > >>is that the password get encrypted before transmitting across the >> >> >internet. > > >>I'm not worry if the JS is disabled because if it is then the login will >>never be authenticated. I'll keep on exploring for way to increase >>security. Thanks for the response. >> >> >>"Marek Kilimajer" <kilimajerwebglobe.sk> wrote in message >>news:3E1EEDFA.30202webglobe.sk... >> >> >>>The way you want it can be securely done only using asymetric >>>encryption, which is not available to JS. >>>Do you really need to encrypt user_id? You could use md5 to hash >>>password with some random string, >>>store the hash in a hidden field and erase password. On server side if >>>the hidden field is set compare it >>>whith a hash you create with password and the random string (keep the >>>string as a session variable, don't >>>pass it as a form hidden field). If the hidden hash field is not set, >>>use normal procedure. >>> >>>code: >>> >>>server: >>>$_SESSION[random]=create_random_string(); >>> >>>client: >>>function onsubmit(form) { >>> form.hiddenfield.value= md5( md5(form.password.value) + >>>form.randomstring.value); >>> form.password.value=''; >>> return true; >>>} >>> >>>server: >>>if($_POST[hiddenfield]) { >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' >>> AND >>>'$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); >>> >>>} else { >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' >>> AND password=MD5($_POST[password]"); >>>} >>> >>>this example assumes passwords are stored as md5 hashes in the database >>> >>>Scott Fletcher wrote: >>> >>> >>> >>>>Here's the challenging project I'm doing. I'm trying to encrypt the >>>> >>>> >>user_id >> >> >>>>and password in javascript and submit it. Then have PHP to decrypt the >>>>user_id and password. The only problem I have is I don't know what >>>>javascript function or javascript algorithm that can also work the same >>>> >>>> >>way >> >> >>>>as the php function or php algorithm. Anybody know? >>>> >>>>Thanks, >>>>FletchSOD >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> >> > > > > >

attached mail follows:

Some people don't need it so sophisticated, besides you need your own IP to use SSL, and that's the problem with virtual hosts.

Brent Baisley wrote:

> If you want to increase security then you really should use a secure > connection, then everything is encrypted as well as other security > measures. Even if you do encrypt the password you also need to > establish and track a session to make sure it's the same computer you > are communicating with, guarding against a hijacked connection. > Besides, using SSL is a heck of a lot easier. Just get a certificate > for the server and slap https:// on the front of the URL. I'll admit I > summarized the process a bit. > > > On Friday, January 10, 2003, at 11:12 AM, Scott Fletcher wrote: > >> I'll look into this and try it out. The only thing that is important >> to me >> is that the password get encrypted before transmitting across the >> internet. >> I'm not worry if the JS is disabled because if it is then the login will >> never be authenticated. I'll keep on exploring for way to increase >> security. > > -- > Brent Baisley > Systems Architect > Landover Associates, Inc. > Search & Advisory Services for Advanced Technology Environments > p: 212.759.6400/800.759.0577 > >

attached mail follows:

It would be nice if I can use the SSL but I don't want to spend a lot of time on it on IIS. Beside part of that website is only for internal part for my company. Beside the end user wouldn't know where hte login link is anyway.

"Brent Baisley" <brentlandover.com> wrote in message news:59292EC2-24D9-11D7-B05B-0050E4C5CF70landover.com... > If you want to increase security then you really should use a secure > connection, then everything is encrypted as well as other security > measures. Even if you do encrypt the password you also need to establish > and track a session to make sure it's the same computer you are > communicating with, guarding against a hijacked connection. > Besides, using SSL is a heck of a lot easier. Just get a certificate for > the server and slap https:// on the front of the URL. I'll admit I > summarized the process a bit. > > > On Friday, January 10, 2003, at 11:12 AM, Scott Fletcher wrote: > > > I'll look into this and try it out. The only thing that is important > > to me > > is that the password get encrypted before transmitting across the > > internet. > > I'm not worry if the JS is disabled because if it is then the login will > > never be authenticated. I'll keep on exploring for way to increase > > security. > -- > Brent Baisley > Systems Architect > Landover Associates, Inc. > Search & Advisory Services for Advanced Technology Environments > p: 212.759.6400/800.759.0577 >

attached mail follows:

Here's the message I got from someone. It is pretty cool!

--clip-- if U want MD5 for Java Script try down load PHPLib and search in this package. and you will find MD5 script with Java Script.

--clip--

"Marek Kilimajer" <kilimajerwebglobe.sk> wrote in message news:3E1F2DA5.40102webglobe.sk... > Really, pretty cool. I don't know why I was so sure there was a md5 > function in javascript (propably because I thought is was everywhere - > untill now). Thanks for the link. > > Scott Fletcher wrote: > > >Hey! There's no MD5 in Javascript which is why I post hte question in the > >first place. Now I lost 5 hours of my time working on writing this script. > >You're going to have to be careful because you had to make sure there is MD5 > >features in Javascript before posting a reply. > > > >I found a workaround to it. You have to manually create a MD5 algorithm in > >Javascript. I did the google search and got this, it is at > >http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash / > >. Pretty cool, isn't it!!!!! > > > >Take care, > > Scott > >"Scott Fletcher" <scottabcoa.com> wrote in message > >news:20030110160708.59273.qmailpb1.pair.com... > > > > > >>I'll look into this and try it out. The only thing that is important to > >> > >> > >me > > > > > >>is that the password get encrypted before transmitting across the > >> > >> > >internet. > > > > > >>I'm not worry if the JS is disabled because if it is then the login will > >>never be authenticated. I'll keep on exploring for way to increase > >>security. Thanks for the response. > >> > >> > >>"Marek Kilimajer" <kilimajerwebglobe.sk> wrote in message > >>news:3E1EEDFA.30202webglobe.sk... > >> > >> > >>>The way you want it can be securely done only using asymetric > >>>encryption, which is not available to JS. > >>>Do you really need to encrypt user_id? You could use md5 to hash > >>>password with some random string, > >>>store the hash in a hidden field and erase password. On server side if > >>>the hidden field is set compare it > >>>whith a hash you create with password and the random string (keep the > >>>string as a session variable, don't > >>>pass it as a form hidden field). If the hidden hash field is not set, > >>>use normal procedure. > >>> > >>>code: > >>> > >>>server: > >>>$_SESSION[random]=create_random_string(); > >>> > >>>client: > >>>function onsubmit(form) { > >>> form.hiddenfield.value= md5( md5(form.password.value) + > >>>form.randomstring.value); > >>> form.password.value=''; > >>> return true; > >>>} > >>> > >>>server: > >>>if($_POST[hiddenfield]) { > >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > >>> AND > >>>'$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); > >>> > >>>} else { > >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > >>> AND password=MD5($_POST[password]"); > >>>} > >>> > >>>this example assumes passwords are stored as md5 hashes in the database > >>> > >>>Scott Fletcher wrote: > >>> > >>> > >>> > >>>>Here's the challenging project I'm doing. I'm trying to encrypt the > >>>> > >>>> > >>user_id > >> > >> > >>>>and password in javascript and submit it. Then have PHP to decrypt the > >>>>user_id and password. The only problem I have is I don't know what > >>>>javascript function or javascript algorithm that can also work the same > >>>> > >>>> > >>way > >> > >> > >>>>as the php function or php algorithm. Anybody know? > >>>> > >>>>Thanks, > >>>>FletchSOD > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >> > >> > > > > > > > > > > >

attached mail follows:

I got the script working so, I'm posting a script that work for me. If you wanna try it out or use it then you'll need to get the MD5.js that come with the libPHP. Just download the libPHP and pull out only one file, MD5.js and then junk the libPHP.

I found one thing interesting about this code is that whether the login is successfull or failed. The password will not be shown, neither is the encrypted password. That is a good thing.

I had to create a Session ID also.

You'll have to forgive me for include some script for PHP 4.0.6 and PHP 4.2.3 since I'm stuck with one of the employee who doesn't have time to upgrade one of the website.

--clip-- <? //PHP 4.0.x Only ============================== if ($auth == "true") { //Initialize the Session Cookie...... session_start(); session_register("admin_detail"); //============================================= //PHP 4.2.x Only ============================== //if ($_REQUEST['auth'] == "true") { // //Initialize the Session Cookie...... // session_start(); //=============================================

$SID = session_name()."=".session_id();

//PHP 4.0.x Only ============================== //Validating the User's Login Attempt..... if (($user == "administrator")&&($HiddenField == md5(md5("passwordExample123").$admin_detail['random_number']))) { //============================================= //PHP 4.2.x Only ============================= ////Validating the User's Login Attempt..... //if (($_REQUEST['user'] == "administrator")&&($_REQUEST['HiddenField'] == md5(md5("passwordExample123").$_SESSION['random_number']))) { //============================================= header("Location: http://www.whatever.com/admin/main_index.php?$SID"); } else { $login_action = "Failed!!"; } } else { //Creation of the Session ID..... $salt = strtoupper(md5(uniqid(rand())));

session_id($salt);

session_start();

//PHP 4.0.x Only ============================== session_register('admin_detail'); $admin_detail['random_number'] = rand(); //============================================= //PHP 4.2.x Only =========================== //$_SESSION['random_number'] = rand(); //============================================= } ?>

<? echo "<form name='LoginForm' method='post' action='dp_admin_auth.php?".SID."&auth=true' onSubmit='encryptPass(document.LoginForm)'>"; ?> <table border="0" cellpadding="0" cellspacing="0" align="center" width="600"> <tr> <td class="normal">       Use the Login to access the Administration Site. </td> <td> <table border='1' align='right'> <tr> <td> <table width='175' cellpadding='0' cellspacing='0' border='0'> <tr> <td align='center'><br> Username: <input type='text' name='user' size='10' maxlength='14'> <br><br> Password: <input type='password' name='pass' size='10' maxlength='14'> <br><br> </td> </tr> <tr> <td align='center'> <input type='submit' value=' Login '>   <input type='reset' value=' Clear '><br><br> <? //PHP 4.0.x Only ============================== echo "<input type='hidden' name='RandomString' value='".$admin_detail['random_number']."'>"; //============================================= //PHP 4.2.3 Only ============================ //echo "<input type='hidden' name='RandomString' value='".$_SESSION['random_number']."'>"; //============================================= echo "<input type='hidden' name='HiddenField' value='Null'>"; ?> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td class="dp_support1"> <? if($login_action == "Failed!!") { echo "     <span style='color:#FF0000;'>The Login Attempt had Failed!!</span>"; } ?> </td> </tr> </table> </form> --clip--

Enjoy! FletchSOD

"Scott Fletcher" <scottabcoa.com> wrote in message news:20030110203640.19011.qmailpb1.pair.com... > Here's the message I got from someone. It is pretty cool! > > --clip-- > if U want MD5 for Java Script try down load PHPLib and search in this > package. and you will find MD5 script with Java Script. > > --clip-- >

attached mail follows:

Session Destroy will work if you provide the user a way to log out of the website. But if the user closed the browser then that's it. Session Destory can't be used because the browser is a client side and Session Destroy is a server side. So, once the browser close, it doesn't contact the server before closing.

You're only option is to clean up the session data from the webserver as I usually have done. I also use the database to find out about the session id and the timestamp it was updated. That way, I will know which session not to delete if it is active.

"Ken Nagorski" <kennpcintelligent.com> wrote in message news:1106.66.93.13.118.1042146480.squirrelsecure.pcintelligent.com... > Hi there, > > So it is the browsers problem. I tested what you said and Mozilla acts as > you stated and IE does as well. I guess my question is. Is there no way to > close clear out the session when the user logs out? > > The way I set things up the class that I wrote just gets the current > sessionid and does a select from the database to see if it has been logged. > The problem this creates is that someone could sit down and reopen a > browser and have access to the site as if they where logged because the > session is not gone. > > Hmm - Like a said I have never used sessions before so I am learning about > them. Thank you for your input... > > Ken > > > > What browser are you running? I find that IE drops the session when > > you close the browser window actively working the site. On Mozilla I > > have to close every instance of Mozilla regardless of the site before > > it drops the session. Pretty aggravating so I'm going to have to start > > working on a method based on responses to your post. > > > > Larry S. Brown > > Dimension Networks, Inc. > > (727) 723-8388 > > > > -----Original Message----- > > From: Ken Nagorski [mailto:kennpcintelligent.com] > > Sent: Thursday, January 09, 2003 1:35 AM > > To: php-generallists.php.net > > Subject: [PHP] session_destroy problem > > > > Hi there, > > > > I have written a class that manages sessions. I have never used > > sessions before so all this is new to me. Everything works fine as far > > as starting the session and logging in however when I call sessoin > > destroy it doesn't seem to work the function returns 1 as it should if > > all goes well however if I go to another page and do some other > > browsing even if I close the browser the session still hangs around. Is > > there something I don't know about sessions? I have read the > > documentation on the session_destroy function, I don't think that I am > > missing anything... > > > > Anyone have any suggestions? I am totally confused. > > > > Thanks > > Ken > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > >

attached mail follows:

Javascript has a function for performing actions on window close. You could have a submit action on the page that is sent when the window closes. I've not used it yet but it should work I would think.

Larry S. Brown Dimension Networks, Inc. (727) 723-8388

-----Original Message----- From: Scott Fletcher [mailto:scottabcoa.com] Sent: Friday, January 10, 2003 10:58 AM To: php-generallists.php.net Subject: Re: [PHP] session_destroy problem

Session Destroy will work if you provide the user a way to log out of the website. But if the user closed the br