|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 24 May 2003 08:48:37 -0000 Issue 2075
php-general-digest-help
lists.php.net
Date: Sat May 24 2003 - 03:48:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 24 May 2003 08:48:37 -0000 Issue 2075
Topics (messages 148811 through 148824):
HTTP_REFERER <-> Norton firewall
148811 by: Martin Christian Koch
Re: Could someone look at my problem in shell-exec?
148812 by: Ernest E Vogelsinger
Re: Friendly URLs
148813 by: Ernest E Vogelsinger
Ereg() Function
148814 by: Daniel J. Rychlik
148815 by: Joe Stump
148816 by: Ernest E Vogelsinger
148817 by: John Coggeshall
148818 by: Ernest E Vogelsinger
Re: What is happening with php.net ???
148819 by: Jim Lucas
Re: text editor that includes folding
148820 by: Chris
Re: OOD/UML/CASE Tool
148821 by: Manuel Lemos
socket disconnection
148822 by: Thomas Weber
looking for function (pre 4.3.x)
148823 by: Carl P. Corliss
Encrypt psw before sending?
148824 by: Thomas Hochstetter
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Due to the fact that Norton firewall takes control of the value of
HTTP_REFERER, I want to find another way to secure data.
This is the setup :
picserver = apache server with PHP4 - acts as upload / output of jpeg server
www = apache server with PHP4 - this is where the website runs from
Now - on www I'm posting through a form a file upload directly to picserver.
The receiving PHP-script checks the HTTP_REFERER - if it's NOT www, you will
not be able to upload the picture. Now - under normal circumstances this is
working fine, but NOT for users using Norton firewall, since HTTP_REFERER is
altered.
Outputting pictures is done like this :
<a href=http://picserver/output.php?c=code> running on www.
output.php contains a script which checks 'c' and outputs like this :
if ($HTTP_REFERER == "www") {
header("Content-type: image/jpeg");
readline("picture.jpg");
exit;
}
Now - under normal circumstances this works fine - but again - HTTP_REFERER
is altered so Norton users are not able to view the pictures.
How do I set security so that only www has access to picserver - so that
noone else are able to misuse the server.
Thanks for any advice,
Martin
attached mail follows:
At 20:33 23.05.2003, love jiangnan said:
--------------------[snip]--------------------
>Thank you very much for your great help.
>
>I am trying to put my tar file into /tmp directory
>which is available to all users and return it to the
>user.
>
>$output=`cd /tmp; tar cvf output.tar
>$home/www/1989/01/01.txt; ls; tar uvf output.tar`;
>
>echo<pre>$output</pre>;
>
>This time, the webpage list the files in tmp including
>the tar file. However, it is not the /tmp which I see
>from server. I have no idea which directory it
>opened. Meanwhile, it cannot tar uvf output.tar.
This sounds very much as if some security settings are in effect (I'm
thinking on either an open_basedir setting, or on safe_mode). Check your
ini file for this (use ini_get('open_basedir') if you have no access to the
ini file).
If this is the case you're seeing a fake /tmp folder instead of the "real"
one. Take my advice - create a folder within your web root, you have enough
control there to make this writeable for the web server.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
attached mail follows:
At 21:04 23.05.2003, Catalin Trifu said:
--------------------[snip]--------------------
> I know this may not be the place to discuss this, but
>we are all involved in HTML, wether we like it or not.
> My question is, where is the fuss with all this friendliness
>of URLs. I mean, why is
> http://mysite.mydom.dom/index.php?id=1&c=asaadas&dadsd=abc
> uglier than any other beautification, like:
> http://mysite.mydom.dom/index/id/1/c/asaadas/ etc.
> or any other "beauty" scheme.
> I, for one, think this is a bunch of crap and a useless effort.
> If any of you guys out there have any thoughts on this, please
>bear with me and let's talk about it.
--------------------[snip]--------------------
It's all about the search engines - they usually regard URLs having query
parameters for being dynamic (think they're right, hm?), and refuse to add
them to their database.
Quite a mess if you have a dynmic portal...
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
attached mail follows:
If I wanted to check for a valid email address, basically and email that has
and some domain like .edu, .net or something, why wont this work ?
if (ereg ("^[\w.-]+[\w.-]+\.(com|net|org|edu|mil|gov|gob|info|tv|biz)
+(\.[A-Za-z]{2}|\s*)$", $_POST["emailaddy"])) {
echo "doesnt appear to be a valid mail addy";
}
Im not understanding why $_POST["emailaddy"] is not being evaluated correctly. Im putting in non-valid email addresses and I expect this to return true, but it doesnt. Any Ideas.?
-Dan
attached mail follows:
You may want to try "eregi" instead (if you're having issues with case
sensitvity). There are abundant examples on the the eregi pages at
http://www.php.net. You can also look at http://regexlib.com/Default.aspx.
Also, if you're checking email addresses check out the checkdnsrr() function
to validate that the host has a valid DNS record.
--Joe
--
Joe Stump <joejoestump.net>
http://www.joestump.net
"Label makers are proof God wants Sys Admins to be happy."
-----Original Message-----
From: Daniel J. Rychlik [mailto:drychliktcsconsult.com]
Sent: Friday, May 23, 2003 2:19 PM
To: php-generallists.php.net
Subject: [PHP] Ereg() Function
If I wanted to check for a valid email address, basically and email that has
and some domain like .edu, .net or something, why wont this work ?
if (ereg ("^[\w.-]+[\w.-]+\.(com|net|org|edu|mil|gov|gob|info|tv|biz)
+(\.[A-Za-z]{2}|\s*)$", $_POST["emailaddy"])) {
echo "doesnt appear to be a valid mail addy";
}
Im not understanding why $_POST["emailaddy"] is not being evaluated
correctly. Im putting in non-valid email addresses and I expect this to
return true, but it doesnt. Any Ideas.?
-Dan
attached mail follows:
At 23:18 23.05.2003, Daniel J. Rychlik said:
--------------------[snip]--------------------
>If I wanted to check for a valid email address, basically and email that has
> and some domain like .edu, .net or something, why wont this work ?
>
>if (ereg ("^[\w.-]+[\w.-]+\.(com|net|org|edu|mil|gov|gob|info|tv|biz)
>+(\.[A-Za-z]{2}|\s*)$", $_POST["emailaddy"])) {
>
> echo "doesnt appear to be a valid mail addy";
>}
>Im not understanding why $_POST["emailaddy"] is not being evaluated
>correctly. Im putting in non-valid email addresses and I expect this to
>return true, but it doesnt. Any Ideas.?
>-Dan
--------------------[snip]--------------------
I believe it's the '.' character in your character sets above - the dot
represents "any character". You need to escape this with a backslash:
if (ereg
("^[\w\.-]+[\w\.-]+\.(com|net|org|edu|mil|gov|gob|info|tv|biz)+(\.[A-Za-z]{
2}|\s*)$", $_POST["emailaddy"])) {
Note that your expression will rule out _all_ national top level domains,
like "us", "ca", "br", etc... there are a lot of these, and you might want
to check for a valid TLD in an extra step, if at all.
I'm using preg_match to validate syntactically correct email addresses
using this expression:
if (!preg_match('/([a-z0-9\-\.\#\:]+[a-z0-9\-]+\.[a-z0-9\-\.]+)/i',
$value, $aresult)) {
I do not know if that allows all RFC compliant addresses (including routing
information that _may_ be part of the address), but didn't have any
complaint yet, and have _no_ invalid email addresses in our databases so far.
BTW, the preg functions are said to be faster than ereg.
HTH,
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
attached mail follows:
> I do not know if that allows all RFC compliant addresses (including routing
> information that _may_ be part of the address), but didn't have any
> complaint yet, and have _no_ invalid email addresses in our databases so far.
It doesn't, no way. For those of you who happen to own a copy of
"Mastering Regular Expressions" From O'Reilly, I suggest you turn to
page 316 and see the 6,598 byte regular expression that has the best
shot at holding the claim of "RFC Complaint" :)
John
--
-~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~-
John Coggeshall
john at coggeshall dot org http://www.coggeshall.org/
-~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~-
attached mail follows:
At 23:57 23.05.2003, John Coggeshall said:
--------------------[snip]--------------------
>> I do not know if that allows all RFC compliant addresses (including routing
>> information that _may_ be part of the address), but didn't have any
>> complaint yet, and have _no_ invalid email addresses in our databases so
>> far.
>
>It doesn't, no way. For those of you who happen to own a copy of
>"Mastering Regular Expressions" From O'Reilly, I suggest you turn to
>page 316 and see the 6,598 byte regular expression that has the best
>shot at holding the claim of "RFC Complaint" :)
--------------------[snip]--------------------
In this case I opt in to not being fully RFC compliant ;-)
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
attached mail follows:
That is pretty good. I live in a town with a number of different ISP's. I
work for one, and have a friend that hosts my web site at another ISP. just
accross town ( 3-4 miles ) and it is 23 hops to get to my server from where
I work.
Now that sucks!!!
Jim Lucas
----- Original Message -----
From: "Frappy John" <frappyjohngulfbridge.net>
To: "Manuel Lemos" <mlemosacm.org>; <php-generallists.php.net>
Sent: Thursday, May 22, 2003 7:39 PM
Subject: Re: [PHP] What is happening with php.net ???
> Manuel--
>
> That same link
> http://www.phpclasses.org/mirrors.html?closest
> thinks I'm in Australia:
>
> Your approximate location:
> City:
> State:
> Country:
> Australia
>
> Longitude:
> 135° East
>
> Latitude:
> 25° South
>
> But I'm really in South Florida: 80° West 26.5° North!!
>
> (I've got a Covad IP: 68.165.13.xxx)
>
> But truth is, geographical coordinates aren't all that
> important. I've just finished doing traceroutes on the
> phpclasses mirrors on the east coast. You would think I
> would connect fastest to Atlanta (14 hops) or Reston (12
> hops) or New York (15 hops).
>
> Nope. Bloomsburg, Peennsylvania, takes the prize at just 9
> hops!
>
> --Frappy
>
>
>
> On Thursday 22 May 2003 10:02 pm, Manuel Lemos wrote:
> > Hello,
> >
> > On 05/22/2003 10:47 PM, Ashley M. Kirchner wrote:
> > >> http://www.phpclasses.org/mirrors.html?closest=1
> > >
> > > Except:
> > >
> > > Your approximate location:
> > > City: Middletown
> > > State: New Jersey
> > > Country: United States
> > >
> > > Longitude: 74.11° West
> > > Latitude: 40.4° North
> > >
> > >
> > > I'm nowhere NEAR the east coast. I think this has
> > > to do with the way ISP assign their IP pools, so you
> > > can't always rely on a user's IP to determine their
> > > closest location. This page is telling me my closet
> > > mirror would be New York, where in reality Illinois or
> > > California would be closer. For that matter, going
> > > straight up to Edmonton, Canada might be closer for me
> > > than going to the East coast.
> >
> > Usually that is because the ISP did not update its
> > records, but that is not the generate case. This is based
> > on NetGeo service that is free. It is still better than a
> > service that charges you to get this detail of
> > information, especially because being very rigorous is
> > not important and at least it correctly guessed the
> > country which is all that most other free services
> > provide.
> >
> > To learn how to use NetGeo from PHP, here is the solution
> > that was used:
> >
> > http://www.phpclasses.org/netgeoclass
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Homesite on Windows is a great editor for PHP
Emacs on Windows or Linux or just about anything else
attached mail follows:
Hello,
On 05/23/2003 02:15 PM, Chris Boget wrote:
> Does anyone have recommendations for a *good*
> OOD/UML/CASE tool? As some of the projects I
> am working on are getting bigger, I think it'd be a
> good idea to start looking into this type of software.
I am not sure if this is what you are looking for but this project is
meant to drastically reduce the development time of complex projects.
http://www.meta-language.net/news-2002-12-05-metastorage.html
Metastorage is tool that lets you model the classes of data objects that
you want to use in your application using a simple XML format. Then it
generate the classes to make such objects persistent by storing and
retrieving them in a database. It also generates database schemas and
classes to install them, all without the need to write a single line of SQL.
http://www.meta-language.net/metastorage.html
It can also generate classes diagrams in UML that you can render in many
image and document formats:
http://www.meta-language.net/news-2002-12-09-metastorage.html
The current version in CVS is also capable of generating classes that
create, validate, process and output Web forms that act as Web
interfaces for managing the data objects. This new version is going to
be released soon after the documentation is updated.
--
Regards,
Manuel Lemos
Free ready to use OOP components written in PHP
http://www.phpclasses.org/
attached mail follows:
how can i detect a disconnect from a socket on the client-side and
reconnect?
My clients code looks somewhat like this:
$ipcsocket = socket_create (AF_UNIX, SOCK_STREAM, 0);
socket_connect ($ipcsocket, $server["socket_ipc"]);
if ($out = socket_read ($ipcsocket, 8192)) {
do_something ();
}
I thought if i simply add an else-statement like this
while (!$connected) {
sleep (5);
if (socket_connect ($ipcsocket, $server["socket_ipc"])) $connected =
true;
}
would make it.
I tested it in shutting the server down and see, the disconnect was
identified. As i restartet the server, the script seems to reconnect, but it
tries to reconnect over and over again!
Any idea out there? :(
Thanks,
Thomas 'Neo' Weber
---
thomasyoungarts.org
neogothic-chat.de
attached mail follows:
Is there a known function that will give you the name of the calling function,
something like this:
$callee = who_the_heck_called_me();
where $callee would then be an array with the following indices:
calling_function
calling_file
calling_line
or, if not, does anyone have any idea how to go about creating this?
TIA :)
cheers,
--
Carl P. Corliss
System Administrator / Developer
Xaraya Web Application Framework Project
www.xaraya.com
attached mail follows:
Hi guys,
as promised, i am back with another question:
is it possible to md5 encrypt + serialize a password from a form BEFORE
sending off? Along the same line: can we call a php function from an onblur() js
function?
What is the best way of encrypting/ securing the password from a form? At
this stage all i can come up with is POST call and then protect the vars thru a
class.
Any ideas?
Thomas
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]