|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 10 Mar 2004 04:02:56 -0000 Issue 2637
php-general-digest-help
lists.php.net
Date: Tue Mar 09 2004 - 22:02:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 10 Mar 2004 04:02:56 -0000 Issue 2637
Topics (messages 179900 through 179974):
Single button click to call PHP logout scripts in 2 Frames
179900 by: Pushpinder Singh
179962 by: Tom Rogers
Re: Pagination & MSSQL
179901 by: Richard Davey
Re: Generating Sub Headings
179902 by: Nicole
179903 by: Nicole
Re: new session in new window
179904 by: Hardik Doshi
179910 by: Chris Shiflett
Support for remote DataBase Systems
179905 by: edwardspl.ita.org.mo
IE 6 hotix and header problem
179906 by: Ed Curtis
179907 by: Richard Davey
179908 by: Chris Shiflett
deleting array elements
179909 by: Benjamin Jeeves
179911 by: Rob Ellis
179912 by: Sven
Re: PHP and FLASH progress bar
179913 by: Justin Patrin
Re: Shopping Carts
179914 by: Justin Patrin
179916 by: Chris W. Parker
179932 by: Justin Patrin
Re: SESSION vs ENV variables?
179915 by: Justin Patrin
Problem with cookies on new server
179917 by: Teren
179918 by: Sam Masiello
179919 by: Richard Davey
mssql_data_seek offset error
179920 by: Alex Hogan
179921 by: Jay Blanchard
179922 by: Alex Hogan
179923 by: Jay Blanchard
179924 by: Alex Hogan
179925 by: Jay Blanchard
179930 by: Alex Hogan
179931 by: Jay Blanchard
179933 by: Alex Hogan
179934 by: Jay Blanchard
179935 by: Alex Hogan
179937 by: Jay Blanchard
179938 by: Alex Hogan
mysql query with php
179926 by: tony
179927 by: Jay Blanchard
179928 by: Jason Davidson
Re: mysql query with php {ot}
179929 by: Jay Blanchard
PHP as a File Proxy between the internet and a LAN computer - a possibility?
179936 by: Irfan Adilovic
179939 by: Justin Patrin
image header problem
179940 by: qt
179942 by: Justin Patrin
179945 by: Richard Davey
Session Logout Problems
179941 by: Bob Irwin
179946 by: Richard Davey
179950 by: Bob Irwin
sessions timeout
179943 by: André Ventura Lemos
179944 by: Richard Davey
179949 by: André Ventura Lemos
179953 by: Richard Davey
179955 by: André Ventura Lemos
179956 by: Richard Davey
179957 by: André Ventura Lemos
Re: SQLite Support is library call?
179947 by: Marek Kilimajer
Re: using mail() for multiple email address...
179948 by: Adam Reiswig
Control Structure Syntax Question
179951 by: Ahbaid Gaffoor
179952 by: daniel.electroteque.org
179954 by: Richard Davey
179958 by: Ahbaid Gaffoor
179959 by: Justin Patrin
Re: mail() and passwords
179960 by: Manuel Lemos
179961 by: Will
SQL in the database..little help please
179963 by: Ryan A
179964 by: Richard Davey
179966 by: Ryan A
179968 by: Richard Davey
179971 by: Chris W. Parker
gd for windows not working
179965 by: Joe Patiani
179972 by: Jason Sheets
179973 by: Span
179974 by: Joe Patiani
Warning: Cannot modify header information - headers already sent by (output sta
179967 by: Mike Mapsnac
179969 by: Martin Towell
179970 by: Chris W. Parker
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Hello alll,
I am using three frames on my site. The left and the main frame have
all the dynamic content in it. My login module is embedded in the
leftFrame. To check out the site please look here
http://masterstream.com/dev/
Once the user logs in the site successfully the left frames shows the
name of the user who is currently logged in. This ways a session
variable is set and the end user can get to the protected areas of the
site. Also, on the left frame there is are links to 'logout' and 'edit
profile' which enable additional methods for the logged in user.
If the user clicks the 'edit profile' button in the left frame, the
complete profile is depicted in the main frame. Also this edit profile
page has a 'logout' link as well.
My question is that when I click the 'logout' button in the left frame,
the session is killed and the user is informed that 'he is logged out'
in the left panel. Also the login module is redisplayed in the left
panel. This works fine. However the mainFrame, stays the same way...
;-) if the user profile page was open in the mainFrame then on logging
out using the ink in the leftFrame, the mainFrame page should also show
that the user had now logged out.
This should be true in the reverse scenario. If the user were to click
the logout button in the mainFrame, it should show that the user had
now logged out successfully. Also it should trigger the logout script
in the leftFrame.
So the question is: Can I make a call to 2 logout scripts one each in
the mainFrame and the leftFrame using a single click event in either
frame. Thanks in advance.
regards
Pushpinder Singh
attached mail follows:
Hi,
Wednesday, March 10, 2004, 1:49:14 AM, you wrote:
PS> Hello alll,
PS> I am using three frames on my site. The left and the main frame have
PS> all the dynamic content in it. My login module is embedded in the
PS> leftFrame. To check out the site please look here
PS> http://masterstream.com/dev/
PS> Once the user logs in the site successfully the left frames shows the
PS> name of the user who is currently logged in. This ways a session
PS> variable is set and the end user can get to the protected areas of the
PS> site. Also, on the left frame there is are links to 'logout' and 'edit
PS> profile' which enable additional methods for the logged in user.
PS> If the user clicks the 'edit profile' button in the left frame, the
PS> complete profile is depicted in the main frame. Also this edit profile
PS> page has a 'logout' link as well.
PS> My question is that when I click the 'logout' button in the left frame,
PS> the session is killed and the user is informed that 'he is logged out'
PS> in the left panel. Also the login module is redisplayed in the left
PS> panel. This works fine. However the mainFrame, stays the same way...
PS> ;-) if the user profile page was open in the mainFrame then on logging
PS> out using the ink in the leftFrame, the mainFrame page should also show
PS> that the user had now logged out.
PS> This should be true in the reverse scenario. If the user were to click
PS> the logout button in the mainFrame, it should show that the user had
PS> now logged out successfully. Also it should trigger the logout script
PS> in the leftFrame.
PS> So the question is: Can I make a call to 2 logout scripts one each in
PS> the mainFrame and the leftFrame using a single click event in either
PS> frame. Thanks in advance.
PS> regards
PS> Pushpinder Singh
Make the logout link back to the overall page(the one that specifies
the frames) and kill the session there and just let the frames reload
and the session will be dead for them.
--
regards,
Tom
attached mail follows:
Hello Alex,
Tuesday, March 9, 2004, 3:11:54 PM, you wrote:
AH> I have searched for some references on pagination using mssql but have come
AH> up empty.
AH> I have looked at the tutorials on Zend and just about everywhere else but
AH> unfortunately they all use LIMIT in the sql statement and the closest thing
AH> to that in mssql is either TOP n, or SET ROWCOUNT which does me no good.
This should help:
http://rosca.net/writing/articles/serverside_paging.asp
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
Can we take this one step further and make it so that if you're searching
and you want to only see histories with the words "parking" in the title or
only the histories between 1500 & 1550 it only puts the year headings for
the years that actually have a history that meets this criteria?
"Nicole" <ndiratojenkinslaw.org> wrote in message
news:20040219193419.53589.qmailpb1.pair.com...
> That's exactly it!
>
> I don't know why I didn't think about that. For anyone else reading this,
I
> added
>
> $field = mysql_fetch_array($dbArray);
>
> above the line that reads
>
> $yeartitle = $years["year"];
>
> And now it works!
>
> "Richard Davey" <richlaunchcode.co.uk> wrote in message
> news:1849384669.20040219191241launchcode.co.uk...
> > Hello Nicole,
> >
> > Thursday, February 19, 2004, 6:28:13 PM, you wrote:
> >
> > N> And so on, always putting the right years and the right number of
> histories
> > N> below the year, but always listing the first history and nothing
else.
> My
> > N> loop works if I don't have the while loop in there with the
subheadings
> ...
> >
> > In looking quickly at the code, I can't see a chance for the $field
> > value to ever be updated. You call it once (in the first while
> > statement) and populate the field array with the SQL results, you then
> > move into the 2nd while loop which handles the years. But once in that
> > loop you don't fill the $field array with any new data, so it's using
> > the same data over and over again for every year. I believe, although
> > I've not looked at it for very long, it's simply that the while loops
> > are nested in such a way that the field values never get a chance to
> > re-populate themselves.
> >
> > --
> > Best regards,
> > Richard Davey
> > http://www.phpcommunity.org/wiki/296.html
"Nicole" <ndiratojenkinslaw.org> wrote in message
news:20040219182810.22290.qmailpb1.pair.com...
> I have data that looks like this:
>
> (20, '1915', '192', '', '', '312', '525', '404', '', 'title')
> (21, '1915', '338', '', '', '736', '0', '929', '', 'title')
> (22, '1917', '193', '', '', '447', '0', '1275', '', 'title')
> (23, '1919', '129', '', '', '208', '636', '0', '', 'title')
> (24, '1919', '274', '', '', '581', '321', '1634', '', 'title')
>
> The second value is the year, I have have multiple files for the same
year.
> What I want to do is output the values under Year sub headings.
>
> So it prints like this:
> -------------------------------------
>
> <b>1915</b>
> <p>(20, '1915', '192', '', '', '312', '525', '404', '', 'title')<br>
> (21, '1915', '338', '', '', '736', '0', '929', '', 'title')
>
> <b>1917</b>
> <p>(22, '1917', '193', '', '', '447', '0', '1275', '', 'title')
>
> <b>1919</b>
> <p>(23, '1919', '129', '', '', '208', '636', '0', '', 'title')<br>
> (24, '1919', '274', '', '', '581', '321', '1634', '', 'title')
>
> -------------------------------------
>
> I have a function that displays each "history" in a loop. Here's the
> function:
>
> -------------------------------------
>
> function display_history($dbArray,$yearArray)
> {
> while($field = mysql_fetch_array($dbArray))
> {
> $yeartitle="";
> while($years = mysql_fetch_array($yearArray))
> {
> if ( $years["year"] != $yeartitle)
> {
> print "<p><b>" . $years["year"] . "</b>";
> }
> print "<p><a href=\"" . $field["filename"] . "\">" . $field["year"];
> //print the Resolution or Act Number
> if (!$field["res_no"] && !$field["j_res_no"])
> {
> print " - Act # " . $field["act_no"];
> }
> elseif (!$field["act_no"] && !$field["j_res_no"])
> {
> print " - Res # " . $field["res_no"];
> }
> else
> {
> print " - J.Res.# " . $field["j_res_no"];
> }
>
> //print the Public Law Number
> if ($field["pl_no"]!=0)
> {
> print ", P.L. " . $field["pl_no"];
> }
> //print the Senate Bill Number
> if ($field["sb_no"]!=0)
> {
> print ", SB " . $field["sb_no"];
> }
>
> //print the House Bill Number
> if ($field["hb_no"]!=0)
> {
> print ", HB " . $field["hb_no"];
> }
>
> //close the link
> print "</a> - ";
>
> //print the Misc Text or Part Number if there is one
> if ($field["misc_part_no"] != "")
> {
> print $field["misc_part_no"] . " - ";
> }
>
> //print the title and number of pages
> print $field["title"] . " - [" . $field["pgs"] . " pgs - ";
>
> //print the file size
> if ($field["mb"] != 0)
> {
> print $field["mb"] . "mb]";
> }
> else
> {
> print $field["kb"] . "kb] ";
> }
> $yeartitle = $years["year"];
> }
> }
> }
>
> -------------------------------------
>
> The values being passed in are:
>
> -------------------------------------
>
> //get all of the histories from the table sorted by year
> //then resolution number then by act number
> $result = mysql_query("SELECT * FROM table ORDER BY
> year, res_no, j_res_no, act_no, misc_part_no",$connect);
>
> //get the years from the same table
> $yrArray = mysql_query("SELECT * FROM table ORDER BY
> year",$connect);
>
> //display histories
> display_history($result,$yrArray);
>
> -------------------------------------
>
> I'm sure it's an easy solution ... but here's what a resulting page looks
> like:
>
> -------------------------------------
> 1501
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
>
> 1913
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
>
> 1925
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> -------------------------------------
>
> And so on, always putting the right years and the right number of
histories
> below the year, but always listing the first history and nothing else. My
> loop works if I don't have the while loop in there with the subheadings
...
>
> Thank in advance for any help you can offer!
attached mail follows:
Can we take this one step further and make it so that if you're searching
and you want to only see histories with the words "parking" in the title or
only the histories between 1500 & 1550 it only puts the year headings for
the years that actually have a history that meets this criteria?
Thanks
Nicole
"Nicole" <ndiratojenkinslaw.org> wrote in message
news:20040219193419.53589.qmailpb1.pair.com...
> That's exactly it!
>
> I don't know why I didn't think about that. For anyone else reading this,
I
> added
>
> $field = mysql_fetch_array($dbArray);
>
> above the line that reads
>
> $yeartitle = $years["year"];
>
> And now it works!
>
> "Richard Davey" <richlaunchcode.co.uk> wrote in message
> news:1849384669.20040219191241launchcode.co.uk...
> > Hello Nicole,
> >
> > Thursday, February 19, 2004, 6:28:13 PM, you wrote:
> >
> > N> And so on, always putting the right years and the right number of
> histories
> > N> below the year, but always listing the first history and nothing
else.
> My
> > N> loop works if I don't have the while loop in there with the
subheadings
> ...
> >
> > In looking quickly at the code, I can't see a chance for the $field
> > value to ever be updated. You call it once (in the first while
> > statement) and populate the field array with the SQL results, you then
> > move into the 2nd while loop which handles the years. But once in that
> > loop you don't fill the $field array with any new data, so it's using
> > the same data over and over again for every year. I believe, although
> > I've not looked at it for very long, it's simply that the while loops
> > are nested in such a way that the field values never get a chance to
> > re-populate themselves.
> >
> > --
> > Best regards,
> > Richard Davey
> > http://www.phpcommunity.org/wiki/296.html
"Nicole" <ndiratojenkinslaw.org> wrote in message
news:20040219182810.22290.qmailpb1.pair.com...
> I have data that looks like this:
>
> (20, '1915', '192', '', '', '312', '525', '404', '', 'title')
> (21, '1915', '338', '', '', '736', '0', '929', '', 'title')
> (22, '1917', '193', '', '', '447', '0', '1275', '', 'title')
> (23, '1919', '129', '', '', '208', '636', '0', '', 'title')
> (24, '1919', '274', '', '', '581', '321', '1634', '', 'title')
>
> The second value is the year, I have have multiple files for the same
year.
> What I want to do is output the values under Year sub headings.
>
> So it prints like this:
> -------------------------------------
>
> <b>1915</b>
> <p>(20, '1915', '192', '', '', '312', '525', '404', '', 'title')<br>
> (21, '1915', '338', '', '', '736', '0', '929', '', 'title')
>
> <b>1917</b>
> <p>(22, '1917', '193', '', '', '447', '0', '1275', '', 'title')
>
> <b>1919</b>
> <p>(23, '1919', '129', '', '', '208', '636', '0', '', 'title')<br>
> (24, '1919', '274', '', '', '581', '321', '1634', '', 'title')
>
> -------------------------------------
>
> I have a function that displays each "history" in a loop. Here's the
> function:
>
> -------------------------------------
>
> function display_history($dbArray,$yearArray)
> {
> while($field = mysql_fetch_array($dbArray))
> {
> $yeartitle="";
> while($years = mysql_fetch_array($yearArray))
> {
> if ( $years["year"] != $yeartitle)
> {
> print "<p><b>" . $years["year"] . "</b>";
> }
> print "<p><a href=\"" . $field["filename"] . "\">" . $field["year"];
> //print the Resolution or Act Number
> if (!$field["res_no"] && !$field["j_res_no"])
> {
> print " - Act # " . $field["act_no"];
> }
> elseif (!$field["act_no"] && !$field["j_res_no"])
> {
> print " - Res # " . $field["res_no"];
> }
> else
> {
> print " - J.Res.# " . $field["j_res_no"];
> }
>
> //print the Public Law Number
> if ($field["pl_no"]!=0)
> {
> print ", P.L. " . $field["pl_no"];
> }
> //print the Senate Bill Number
> if ($field["sb_no"]!=0)
> {
> print ", SB " . $field["sb_no"];
> }
>
> //print the House Bill Number
> if ($field["hb_no"]!=0)
> {
> print ", HB " . $field["hb_no"];
> }
>
> //close the link
> print "</a> - ";
>
> //print the Misc Text or Part Number if there is one
> if ($field["misc_part_no"] != "")
> {
> print $field["misc_part_no"] . " - ";
> }
>
> //print the title and number of pages
> print $field["title"] . " - [" . $field["pgs"] . " pgs - ";
>
> //print the file size
> if ($field["mb"] != 0)
> {
> print $field["mb"] . "mb]";
> }
> else
> {
> print $field["kb"] . "kb] ";
> }
> $yeartitle = $years["year"];
> }
> }
> }
>
> -------------------------------------
>
> The values being passed in are:
>
> -------------------------------------
>
> //get all of the histories from the table sorted by year
> //then resolution number then by act number
> $result = mysql_query("SELECT * FROM table ORDER BY
> year, res_no, j_res_no, act_no, misc_part_no",$connect);
>
> //get the years from the same table
> $yrArray = mysql_query("SELECT * FROM table ORDER BY
> year",$connect);
>
> //display histories
> display_history($result,$yrArray);
>
> -------------------------------------
>
> I'm sure it's an easy solution ... but here's what a resulting page looks
> like:
>
> -------------------------------------
> 1501
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
>
> 1913
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
>
> 1925
>
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> 1501 - Act # 90, P.L. 647, SB 582 - this test - [5 pgs - 55kb]
> -------------------------------------
>
> And so on, always putting the right years and the right number of
histories
> below the year, but always listing the first history and nothing else. My
> loop works if I don't have the while loop in there with the subheadings
...
>
> Thank in advance for any help you can offer!
attached mail follows:
> > Nice article by the way, and I am indeed already
> using those same
> > methods to secure the user session. (I use SHA1 on
> the IP, PHPSESSIONID,
> > user agent, and a secret...)
>
> Thanks for the kind words. I must point out that
> you'll never see me
> suggesting to use the IP address for anything
> important, especially
> anything regarding security.
I read your article about session security on php
magazine as well as on php architect. Both are very
nice articles. I would like to ask you what is the
reason you are not suggesting to use IP address as one
of the parts in generating the fingerprint.
In php architect magazine (Feb) you have suggested to
use session_regenerate_id() on all the pages before i
start session. In my application i am storing some
variables temporarily into the DB for the specific
session ID. Now if session id changes from page to
page then how would i retrieve the information back
from the DB? What is the reason you are suggesting to
use that function?
> Also, George Schlossnagle recently expressed to me
> that he has observed
> the User-Agent header changing for the same client.
> I've never heard of
> this myself, and he had nothing but his memory of
> the event to support it,
> but it's something to keep in mind. I try to never
> "punish" a user who
> fails a check, just in case the user isn't actually
> the bad guy. Rather, I
> ask the user to re-enter the password or something,
> which is less
> problematic (unless the user really is a bad guy).
Please let me know what should be the best combination
of fingerprint. Currently i am using SECRETWORD + user
agent + accept charset + session id and hashing it
with md5(). Now if someone has pointed that user agent
changes for the same browser then i don't think it's
worth to add user agent. What do you think?
I have one concern for securing the session variables.
I may be wrong here. If bad guy steals session id
information then he can also produce the same
fingerprint too. Because right now i am storing the
fingerprint into the session variable and on everypage
i am checking the expected fingerprint. So please
explain me how bad guy can attack to client machine..
How the fingerprint can save an application from this
attack? I am not clear here.
Thanks for the nice articles. I am waiting for your
future security tips on php architect magazine.
Regards,
Hardik
__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com
attached mail follows:
--- Hardik Doshi <php_hardikyahoo.com> wrote:
> I read your article about session security on php magazine as well
> as on php architect. Both are very nice articles.
Thank you. :-)
> I would like to ask you what is the reason you are not suggesting
> to use IP address as one of the parts in generating the fingerprint.
My general approach to security is to make things are difficult as
possible for the bad guys and as easy as possible for the good guys. This
is a vague guideline, but it can help you to make good decisions, in my
opinion.
There are two situations which can be problematic when you depend on the
IP address:
1. Multiple people can have the same IP address.
2. One person can have multiple IP addresses.
Both of these situations are not only possible, but quite common in
practice. As an example, all AOL users fall into the second category.
So, it is my opinion that relying on the IP address does not offer much
protection and can potentially cause your legitimate users a lot of
problems. I think Web developers should focus on the information within
HTTP and stay away from reliance on the TCP/IP stack.
There are exceptions, of course, but only when you can be sure of the
network topology of your users. This might be the case when you're
developing an intranet application for a simple local network (users
connect directly to your Web server and never go through an HTTP proxy).
In this case, checking the IP should not adversely affect your users, and
it requires one more hurdle for an attacker to overcome.
> In php architect magazine (Feb) you have suggested to use
> session_regenerate_id() on all the pages before i start session.
That's not quite what I was suggesting. In order to prevent session
fixation, I think you should regenerate the identifier anytime there is a
change in privilege. Later in the article, I suggest regenerating the
identifier anytime the user provides authentication credentials, but I
also warn about passing along such a simplistic suggestion, because people
can misinterpret this without a good understanding of the reasoning behind
it.
> In my application i am storing some variables temporarily into the
> DB for the specific session ID. Now if session id changes from page
> to page then how would i retrieve the information back from the DB?
If you're doing something outside of PHP's session mechanism, you'll have
to handle this yourself. If, however, you use PHP's mechanism, most
everything will be transparent to you. PHP will set a new cookie, rewrite
the URLs correctly, provide the correct information in SID, etc. Whatever
your method of session identifier propagation, as long as you're using a
standard PHP session feature, you should not have to change anything.
> What is the reason you are suggesting to use that function?
To prevent, or at least complicate, session fixation attacks.
> Please let me know what should be the best combination of
> fingerprint. Currently i am using SECRETWORD + user agent + accept
> charset + session id and hashing it with md5(). Now if someone has
> pointed that user agent changes for the same browser then i don't
> think it's worth to add user agent. What do you think?
I have always used User-Agent and have never encountered a problem. The
only header I have seen to change from one request to the next on the same
browser is the Accept header on certain versions of IE (I apologize for
not having specific versions, but you can test this for yourself). When a
user clicks Refresh, the Accept header was different than when the user
clicked a link (or anything except Refresh, from my experience). You can
probably work around this, but I decided it was best to not trust the
consistency of the header.
The reason that I always encourage User-Agent checking is that it is one
of the most unique headers sent. I just checked the statistics of my Web
site, and I have had more than 500 unique User-Agents access my site
today. This makes prediction very unlikely, which is a nice
characteristic.
> I have one concern for securing the session variables. I may be wrong
> here. If bad guy steals session id information then he can also
> produce the same fingerprint too.
If this is true, then you should change your approach. Above, you stated:
Currently i am using SECRETWORD + user agent + accept charset +
session id and hashing it with md5().
Assuming your secret padding isn't really SECRETWORD, or assuming that the
attacker isn't subscribed to this list, this should be very difficult to
predict. If an attacker has only been able to compromise a valid session
identifier, he/she still has a few other things to obtain before a
successful impersonation attack can be launched:
1. SECRETWORD
2. The User-Agent of the user's client (the user whose session identifier
was stolen)
3. The Accept-Charset header sent by the user's client
4. The procedure you use to create the fingerprint
I don't think this is very easy at all.
Now, one very important thing to keep in mind is that because the user is
passing this fingerprint to the server every time, there is a chance that
it can also be compromised. A good approach is to propagate the session
identifier and the fingerprint by using two different methods. This can
mitigate the possibility that both are compromised at the same time.
But, even if an attacker has obtained a valid session identifier and the
associated fingerprint, because the fingerprint is an MD5, the attacker
doesn't necessarily know the User-Agent and Accept-Charset headers that
were used to create the fingerprint (unless the method used to obtain
these provided this information as well, which is something that using SSL
can help to prevent). Assuming you are checking these things each time,
the attacker still can't impersonate the user. The valid headers must also
be sent.
Now, this is still possible, of course, but hopefully you can see that it
is quite difficult. If you add in a small timeout, you can make the
attacker's job even more difficult. If you add a bit of obscurity, you can
help things even more (obscurity isn't as useless as people may lead you
to believe).
> Because right now i am storing the fingerprint into the session
> variable and on everypage i am checking the expected fingerprint.
You also want to be checking each thing that you used to create the
fingerprint. As easy way to do this might be to simply regenerate the
fingerprint each time and compare it to the one being presented.
> Thanks for the nice articles. I am waiting for your future security
> tips on php architect magazine.
I am finishing up one on shared hosting right now. It should be in this
month's issue of php|architect, although I am currently past my deadline.
:-(
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
attached mail follows:
Dear All,
Which ODBC or related driver with php supports the following Database
Systems ( remote ) ?
1, Oracle
2, Sybase
3, MS-SQL 2000
4, MySQL
Thank for your tell !
Edward.
attached mail follows:
Does anyone happen to have the link on microsoft's support site that
addresses the problem with the latest IE 6 hotfix and incomplete headers
being sent? I can't seem to find my bookmark and I can't access the
archive site to find it.
Thanks,
Ed
attached mail follows:
Hello Ed,
Tuesday, March 9, 2004, 4:41:14 PM, you wrote:
EC> Does anyone happen to have the link on microsoft's support site that
EC> addresses the problem with the latest IE 6 hotfix and incomplete headers
EC> being sent? I can't seem to find my bookmark and I can't access the
EC> archive site to find it.
http://support.microsoft.com/default.aspx?kbid=831167
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
--- Ed Curtis <edhomes2see.com> wrote:
> Does anyone happen to have the link on microsoft's support site that
> addresses the problem with the latest IE 6 hotfix and incomplete
> headers being sent?
I think this is what you want:
http://support.microsoft.com/default.aspx?kbid=831167
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
attached mail follows:
Hi All
I have two array one with a list of items in it. Then a second array with a list of items in it what I want to be able to do is compare array1 to array2 and if a match is found in both arrays delete that match from array1 and then so now? Any help would be good.
so array1 = (1,2,3,4,5)
array2 = (1,3,5)
then print array1 and the output be 2,4
Thank you
attached mail follows:
On Tue, Mar 09, 2004 at 05:22:37PM -0000, Benjamin Jeeves wrote:
> Hi All
>
> I have two array one with a list of items in it. Then a second array with a list of items in it what I want to be able to do is compare array1 to array2 and if a match is found in both arrays delete that match from array1 and then so now? Any help would be good.
>
> so array1 = (1,2,3,4,5)
> array2 = (1,3,5)
>
> then print array1 and the output be 2,4
$array1 = array_diff($array1, $array2);
- rob
attached mail follows:
Benjamin Jeeves schrieb:
> Hi All
>
> I have two array one with a list of items in it. Then a second array with a list of items in it what I want to be able to do is compare array1 to array2 and if a match is found in both arrays delete that match from array1 and then so now? Any help would be good.
>
> so array1 = (1,2,3,4,5)
> array2 = (1,3,5)
>
> then print array1 and the output be 2,4
>
> Thank you
>
hi,
try array_diff() or array_intersect() or any other corresponding function.
hth sven
attached mail follows:
Ryan A wrote:
> Hi,
> This is an older problem that I posted to the list and since the solutions
> posted didnt really work,
> I started searching for a different solution.
>
> Required result:
> After each email show the client a message:
> eg:
> Sent email #1
> Sent email #2
> etc
>
> The message should display after each email which is easily enough done via
> simple echo but the problem
> is that all browsers wait and display a crapload of "sent email #x" instead
> of one by one....
>
> I tired Andre's solution of flush() but like its documented in the manual,
> its giving problems on NN and
> tiny problems on IE :-(....I am sure many of you more seasoned php guys must
> have faced a problem
> like this and maybe used a flash "progress bar"?
> If yes, any chance of sharing that file with me or giving me a URL to one
> such file which interacts with
> the php "sending mail script"?
>
> Have been searching google for the past 30 mins...will continue to search,
> but have not made this myself
> as I dont know flash well enough....
>
> Any ideas?
>
> Thanks,
> -Ryan
I've run into this problem and the only way to possibly make it better
(that I've found) is to do a flush() as well as echo a large block of
text (and I mean large) to force the webserver to flush instead of cache
AND to force the browser to display (if not enough is sent to the
browser, it will just cache it on the client side). Note that once you
have this working, you could also have some JS flushed which made a
simple progress bar.
--
paperCrane <Justin Patrin>
attached mail follows:
John Nichel wrote:
> Hi List,
>
> I'm looking for people who have experience with the carts listed below
> to solicit your opinion on said cart. My boss is looking to put
> something in place, and while I am evaluating these carts, I'm hoping
> y'all can point out some pluses and minuses that I'm not going to see by
> not running them in a day to day production environment.
>
> osCommerce (http://www.oscommerce.com)- Boss likes this one, but I have
> issues with it's possible security bugs, and the overall design (lack
> of) of the code
>
> xCart - (http://www.x-cart.com) - I'm leaning towards this one so far
>
> SquirrelCart (http://squirrelcart.com) - Just starting my eval on this one
>
> ViperCart (http://advanticsdevelopment.net) - Haven't dug into this one
> yet.
>
> All of them use MySQL 3.x, whereas we're using MySQL 4.x, so if any of
> you have rewritten the queries for any of these carts to take advantage
> of the MySQL 4.x features, I would like to hear your (horror) stories.
> Any security issues you have seen with the above carts will also be very
> helpful (like osCommerce requiring register_globals to be turned on). TIA
>
My company bought Squirrelcart before I was hired and we had two
developers working on adding things to it and it was PAINFUL. It's cheap
and you get what you pay for. I just wrote a new cart for our website
(took me approximately a month of full time work) and I'm much happier
with it. Of course, we also needed ONLY a cart, not a storefront. If you
need a storefront as well, there should be *something* out there that
does what you want.
--
paperCrane <Justin Patrin>
attached mail follows:
Justin Patrin <mailto:papercranereversefold.com>
on Tuesday, March 09, 2004 9:58 AM said:
> Of course, we also needed ONLY a cart, not a storefront. If
> you need a storefront as well, there should be *something*
> out there that does what you want.
i assumed those two things were the same, what's the difference?
chris.
attached mail follows:
Chris W. Parker wrote:
> Justin Patrin <mailto:papercranereversefold.com>
> on Tuesday, March 09, 2004 9:58 AM said:
>
>
>>Of course, we also needed ONLY a cart, not a storefront. If
>>you need a storefront as well, there should be *something*
>>out there that does what you want.
>
>
> i assumed those two things were the same, what's the difference?
>
The cart is the part that holds the products and deals with payment,
checkout, etc. The storefront is the part that displays the products. We
ended up rolling our own storefront (which is really what the whole
website is) on top of squirrelcart. Then I implemented a new cart which
integrated with that.
The real problem with this is that the products have to be stored for
both the storefront and the cart. No cart I have seen allows for this.
Hmmm, perhaps I should make one to sell? ;-)
--
paperCrane <Justin Patrin>
attached mail follows:
Vincent Dupont wrote:
> Hi,
>
> My script needs to load a config file with DB connection properties, etc.
> At the beginning of the session, the ini file is loaded and all values are stored in $_SESSION
> After the loading, a flag is also set in $_SESSION so that the ini loading is no more executed.
>
> However, all ini properties are the same for all users, so I wonder if I could put them in a cross-session variable. I guess $_ENV or $_SERVER should be good.
>
> So, the question could be :
> If I put something in $_SERVER, will these values be available for ALL users?
>
> Any idea?
>
> I have to keep the ini file, and could not hard code those properties.
>
> Vincent
There is no easy way to do this, no. $_ENV and $_SERVER are populated by
PHP and changes won't be saved. If you need somehting like this, you may
want to look into using serialize() on your structure and putting it in
a file, then reading the file in your other pages. Of course, sessions
already do this. Your filesystem should cache the file in memory for
you, so it shouldn't be too much of a performance hit. If you're really
worried about performance, you could make a RAM drive that the file
could sit in.
--
paperCrane <Justin Patrin>
attached mail follows:
Hey, I'm having some trouble with one of my scripts that is on a new server I just launched. The scripts worked fine on the old server, so i'm pretty sure it's a php configuration problem. The problem is that i am using cookies on the script with the setcookie() function. It looks like the cookies aren't getting created or anything. anyone have any ideas? Thanks
Teren
attached mail follows:
If the install on the new server is a fresh install, you might want to
start by comparing the php.ini files being used on both machines to see
where they differ.
HTH!
--Sam
Teren wrote:
> Hey, I'm having some trouble with one of my scripts that is on a new
> server I just launched. The scripts worked fine on the old server, so
> i'm pretty sure it's a php configuration problem. The problem is that
> i am using cookies on the script with the setcookie() function. It
> looks like the cookies aren't getting created or anything. anyone
> have any ideas? Thanks
>
> Teren
attached mail follows:
Hello Teren,
Tuesday, March 9, 2004, 6:48:15 PM, you wrote:
T> Hey, I'm having some trouble with one of my scripts that is on
T> a new server I just launched. The scripts worked fine on the old
T> server, so i'm pretty sure it's a php configuration problem. The
T> problem is that i am using cookies on the script with the
T> setcookie() function. It looks like the cookies aren't getting
T> created or anything. anyone have any ideas? Thanks
Do they still have the old URL or an invalid path in them? Post the
setcookie part of the code.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
Hi All,
I am using mssql_data_seek() to move the cursor to a particular row for
paging.
$cnt = mssql_data_seek($result, $i);
This works fine until the variable $i reaches a value of 9 and seemingly
higher. (at least 10, I haven't gone higher)
Then I get this error;
mssql_data_seek(): Bad row offset in [snip] on line: x
The line in question is the one above.
Why does it work fine until it reaches 9?
Why can't the offset go above 8?
I searched google and came up with several of the top hits that had this
very error on their pages. Very nice....
alex hogan
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
I am using mssql_data_seek() to move the cursor to a particular row for
paging.
$cnt = mssql_data_seek($result, $i);
This works fine until the variable $i reaches a value of 9 and seemingly
higher. (at least 10, I haven't gone higher)
Then I get this error;
mssql_data_seek(): Bad row offset in [snip] on line: x
The line in question is the one above.
Why does it work fine until it reaches 9?
Why can't the offset go above 8?
[/snip]
How many rows of data do you have? I would have to bet 9 rows.
attached mail follows:
There are 10+ rows of data.
Actually I should say there are over 100 rows of data returned and broken up
into sets of 10 records each. (approx. 103 total records)
alex hogan
> -----Original Message-----
> From: Jay Blanchard [mailto:jay.blanchardniicommunications.com]
> Sent: Tuesday, March 09, 2004 2:52 PM
> To: Alex Hogan; PHP General list
> Subject: RE: [PHP] mssql_data_seek offset error
>
> [snip]
> I am using mssql_data_seek() to move the cursor to a particular row for
> paging.
>
> $cnt = mssql_data_seek($result, $i);
>
> This works fine until the variable $i reaches a value of 9 and seemingly
> higher. (at least 10, I haven't gone higher)
>
> Then I get this error;
>
> mssql_data_seek(): Bad row offset in [snip] on line: x
>
> The line in question is the one above.
>
> Why does it work fine until it reaches 9?
>
> Why can't the offset go above 8?
> [/snip]
>
> How many rows of data do you have? I would have to bet 9 rows.
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
There are 10+ rows of data. Actually I should say there are over 100
rows of data returned and broken up into sets of 10 records each.
(approx. 103 total records)
[/snip]
PLEASE STOP TOP POSTING!
Are you selecting all of the records at once, or just a few at a time?
attached mail follows:
>PLEASE STOP TOP POSTING!
Sorry.... Didn't mean to.... don't even know exactly what it is....
> Are you selecting all of the records at once, or just a few at a time?
I am returning a few records at a time.
alex hogan
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
>PLEASE STOP TOP POSTING!
Sorry.... Didn't mean to.... don't even know exactly what it is....
[/snip]
When you post a reply above a response.
[snip]
> Are you selecting all of the records at once, or just a few at a time?
I am returning a few records at a time.
[/snip]
There is your problem. Return ALL of the records, then use
mssql_data_seek to move about.
attached mail follows:
[snip]
> There is your problem. Return ALL of the records, then use
> mssql_data_seek to move about.
[snip]
OK, I'm returning all the rows and no change.
Code:
$query = "SELECT DISTINCT q.questions
FROM SG_Questions as q, SG_QuesRef as r
WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND r.cat_id
= '$cat' AND r.ques_id = q.ques_id";
$result = mssql_query($query) or die("Can not execute query $query. ");
for ($i = $paging; $i < $paging + $limit; $i++){
$cnt = mssql_data_seek($result, $i);
$row = mssql_fetch_array($result);
...etc...
alex hogan
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
$query = "SELECT DISTINCT q.questions
FROM SG_Questions as q, SG_QuesRef as r
WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND
r.cat_id
= '$cat' AND r.ques_id = q.ques_id";
$result = mssql_query($query) or die("Can not execute query $query. ");
for ($i = $paging; $i < $paging + $limit; $i++){
$cnt = mssql_data_seek($result, $i);
$row = mssql_fetch_array($result);
[/snip]
What does mssql_num_rows($query) return?
attached mail follows:
> What does mssql_num_rows($query) return?
105
alex
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
$query = "SELECT DISTINCT q.questions
FROM SG_Questions as q, SG_QuesRef as r
WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND
r.cat_id
= '$cat' AND r.ques_id = q.ques_id";
$result = mssql_query($query) or die("Can not execute query $query. ");
for ($i = $paging; $i < $paging + $limit; $i++){
$cnt = mssql_data_seek($result, $i);
$row = mssql_fetch_array($result);
[/snip]
Try this ....
$query = "SELECT DISTINCT q.questions
FROM SG_Questions as q, SG_QuesRef as r
WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND
r.cat_id
= '$cat' AND r.ques_id = q.ques_id";
$result = mssql_query($query) or die("Can not execute query $query. ");
$i =1;
for ($i = $paging; $i < $paging + $limit; $i++){
$cnt = mssql_data_seek($result, $i);
$row = mssql_fetch_array($result);
}
attached mail follows:
> Try this ....
>
> $query = "SELECT DISTINCT q.questions
> FROM SG_Questions as q, SG_QuesRef as r
> WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND
> r.cat_id
> = '$cat' AND r.ques_id = q.ques_id";
> $result = mssql_query($query) or die("Can not execute query $query. ");
>
> $i =1;
>
> for ($i = $paging; $i < $paging + $limit; $i++){
> $cnt = mssql_data_seek($result, $i);
> $row = mssql_fetch_array($result);
> }
That cured 9 but it still freaks on 10. It returns the error for the entire
loop count.
I don't get it.
alex
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
[snip]
> Try this ....
>
> $query = "SELECT DISTINCT q.questions
> FROM SG_Questions as q, SG_QuesRef as r
> WHERE r.pos_id = '$pos' AND r.sic_id = '$sic' AND
> r.cat_id
> = '$cat' AND r.ques_id = q.ques_id";
> $result = mssql_query($query) or die("Can not execute query $query.
");
>
> $i =1;
>
> for ($i = $paging; $i < $paging + $limit; $i++){
> $cnt = mssql_data_seek($result, $i);
> $row = mssql_fetch_array($result);
> }
That cured 9 but it still freaks on 10. It returns the error for the
entire
loop count.
[/snip]
Becaue $paging might be turning the integer you need into text? Maybe?
attached mail follows:
> That cured 9 but it still freaks on 10. It returns the error for the
> entire
> loop count.
> [/snip]
>
> Because $paging might be turning the integer you need into text? Maybe?
I found it.
In that sql statement I'm using SELECT DISTINCT....
In the sql statement that I'm using to get my record count I'm using SELECT
Count(fieldname).....
When I review the records I see that there are some that are duplicated.
Oopsee.....
Thanks for the help... and I promise not to top post again....
Beware the wrath of Blanchard!
alex
******************************************************************
The contents of this e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom it is addressed. The views stated herein do not
necessarily represent the view of the company. If you are not the
intended recipient of this e-mail you may not copy, forward,
disclose, or otherwise use it or any part of it in any form
whatsoever. If you have received this e-mail in error please
e-mail the sender.
******************************************************************
attached mail follows:
Hi,
I just can't find the forum for any mysql. anyways maybe someone run into
this kind of problem,
i'm saving in a db records of company and in a column i have numbers i.e
1,2,12,31,32
so if want to search a company that has number 2
i do category REGEXP '2'
but the problem it will return
numbers 12, 32
but I just want two.
if anyone has an idea i will really appreciated it
Anthony
attached mail follows:
[snip]
I just can't find the forum for any mysql.
[/snip]
http://www.mysql.com/doc/en/Mailing-list.html
[snip]
anyways maybe someone run into this kind of problem, i'm saving in a db
records of company and in a column i have numbers i.e 1,2,12,31,32 so
if want to search a company that has number 2 i do category REGEXP '2'
but the problem it will return numbers 12, 32 but I just want two.
[/snip]
select company from table where category = '2'
attached mail follows:
or just read the manual at mysql.com ..
"Jay Blanchard" <jay.blanchardniicommunications.com> wrote:
>
> [snip]
> I just can't find the forum for any mysql.
> [/snip]
>
> http://www.mysql.com/doc/en/Mailing-list.html
>
> [snip]
> anyways maybe someone run into this kind of problem, i'm saving in a db
> records of company and in a column i have numbers i.e 1,2,12,31,32 so
> if want to search a company that has number 2 i do category REGEXP '2'
>
> but the problem it will return numbers 12, 32 but I just want two.
> [/snip]
>
> select company from table where category = '2'
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
[snip]
or just read the manual at mysql.com ..
[/snip]
Top posting.
What's annoying?
attached mail follows:
As a first-timer on this newsgroup I beg for understanding for any stupidity
I may write. :)
Hi,
State of affairs:
A LAN with a computer that is not directly accessible from the internet. The
LAN is connected through a gateway to the Internet - and the LAN has only
one IP, so only the gateway is really accessible directly, from the outside.
The owner of the LAN computer (Windows XP) can map a drive to a designated
directory on the gateway computer, and use it as if it were a local drive
(when it comes to file manipulation).
The server is PHP capable and the phpinfo() can be seen here:
http://www.stuwo.at/~adilovici/index2.php .
What I want:
The "designated" directory is indeed the one ~adilovici, and the webspace is
80MB. The problem is that - when I am away for a long time, I might need
access to certain files on my LAN computer, and I am not able to that in a
simple way (or am I?!?) Any method for doing that would suffice - and I was
thinking of doing a PHP interface on my website that would somehow tunnel me
the files on my own computer (in this scenario I am coming from the
internet, to the LAN gateway which is to forward me/be a tunnel to my LAN
computer somehow). The server is a linux machine - what phpinfo() says is
all I have - I don't have shell access to the server. Perhaps perl and cgi
are a possibility, but I don't know cgi or perl (which is not a problem if
anyone suggests I should be able to solve the problem with them, assuming
the server will allow me to use them, but PHP is at stake in this post)...
It is not a problem to set up a Linux computer instead of Windows XP, but if
the same thing is possible with XP, then XP preferred.
I hope I was clear enough about what the problem is. Perhaps a completely
PHP-irrelevant solutions exist, such ideas are also welcome.
-- Irfy
attached mail follows:
Irfan Adilovic wrote:
> As a first-timer on this newsgroup I beg for understanding for any stupidity
> I may write. :)
>
> Hi,
>
> State of affairs:
> A LAN with a computer that is not directly accessible from the internet. The
> LAN is connected through a gateway to the Internet - and the LAN has only
> one IP, so only the gateway is really accessible directly, from the outside.
> The owner of the LAN computer (Windows XP) can map a drive to a designated
> directory on the gateway computer, and use it as if it were a local drive
> (when it comes to file manipulation).
>
> The server is PHP capable and the phpinfo() can be seen here:
> http://www.stuwo.at/~adilovici/index2.php .
>
> What I want:
> The "designated" directory is indeed the one ~adilovici, and the webspace is
> 80MB. The problem is that - when I am away for a long time, I might need
> access to certain files on my LAN computer, and I am not able to that in a
> simple way (or am I?!?) Any method for doing that would suffice - and I was
> thinking of doing a PHP interface on my website that would somehow tunnel me
> the files on my own computer (in this scenario I am coming from the
> internet, to the LAN gateway which is to forward me/be a tunnel to my LAN
> computer somehow). The server is a linux machine - what phpinfo() says is
> all I have - I don't have shell access to the server. Perhaps perl and cgi
> are a possibility, but I don't know cgi or perl (which is not a problem if
> anyone suggests I should be able to solve the problem with them, assuming
> the server will allow me to use them, but PHP is at stake in this post)...
> It is not a problem to set up a Linux computer instead of Windows XP, but if
> the same thing is possible with XP, then XP preferred.
>
> I hope I was clear enough about what the problem is. Perhaps a completely
> PHP-irrelevant solutions exist, such ideas are also welcome.
>
> -- Irfy
>
If you could get it set up, you could have the linux computer port
forward the remote desktop port to your XP box, then you can go directly
to it with a remote desktop client.
If that's not possible, you could possible have your drive on the
Windows bow smbmounted on the linux box. But if you don't own the linux
box, that's probably a large security risk.
I recently found this app on phpclasses:
http://www.phpclasses.org/browse/package/1498.html
which allows you to access a samba share from php. It sounds like
exactly what you want.
--
paperCrane <Justin Patrin>
attached mail follows:
Dear Sirs,
When I am using following codes, I am gettinh "Cannot modify header
information - headers already sent by " error. What should I do?
header ("Content-type: image/png");
$im = imagecreate (50, 100)
or die ("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate ($im, 255, 255, 255);
$text_color = imagecolorallocate ($im, 233, 14, 91);
imagestring ($im, 1, 5, 5, "A Simple Text String", $text_color);
imagepng ($im);
attached mail follows:
Qt wrote:
> Dear Sirs,
>
> When I am using following codes, I am gettinh "Cannot modify header
> information - headers already sent by " error. What should I do?
>
> header ("Content-type: image/png");
> $im = imagecreate (50, 100)
> or die ("Cannot Initialize new GD image stream");
> $background_color = imagecolorallocate ($im, 255, 255, 255);
> $text_color = imagecolorallocate ($im, 233, 14, 91);
> imagestring ($im, 1, 5, 5, "A Simple Text String", $text_color);
> imagepng ($im);
This has to do with what is above this code. Somewhere before this, some
output is happening, through an echo or a print or ?> <?php. Check the
rest of your code for those.
--
paperCrane <Justin Patrin>
attached mail follows:
Hello qt,
Tuesday, March 9, 2004, 9:08:15 PM, you wrote:
q> When I am using following codes, I am gettinh "Cannot modify header
q> information - headers already sent by " error. What should I do?
Don't send any output from your script, anywhere. This includes white
space around the PHP tags or within the script itself.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
G'day,
I'm not getting much help on the IMP list about this problem, but I think it
is more PHP related than anything else. I'll post as much info as I have,
hopefully someone has seen something similar before.
I have imp mail installed and the users are being randomly logged out. When
I look at the matching session ID on the server, the file is completely
blank! I thought this might have been some sort of problem with using the
/tmp directory or a garbage collection problem. But I've moved the session
storage folder and made the garbage collection a one in 100 million chance!
I've also upped the the lifetimes for the sessions.
Does anyone have any ideas? If you need more info, let me know what it is
and I'll try to get it!
My Config Details.....
I am running version 2.2.4 of Horde and version 3.2 of IMP (according to the
README files).
I'm also running PHP Version 4.3.3 on Apache/1.3.28
Here is my session config
session.save_handler = files
session.save_path = /var/session_files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 36000
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 100000000
session.gc_maxlifetime = 36000
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
Regards,
Bob Irwin
Server Admin & Web Apps
"I'm a Brick!"
Scanned by PeNiCillin http://safe-t-net.pnc.com.au/
attached mail follows:
Hello Bob,
Tuesday, March 9, 2004, 10:43:34 PM, you wrote:
BI> I have imp mail installed and the users are being randomly logged out. When
BI> I look at the matching session ID on the server, the file is completely
BI> blank! I thought this might have been some sort of problem with using the
Does it happen to ANY user or is there a pattern in the nature of
this? Could it be the current IE bug with blank POST data causing the
session to be wiped?
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
Hi Richard,
I wish there was a pattern - it'd help make testing... acheivable! :) I
have had it happen to me on my machine, but it will be completely out of the
blue. Sometimes I can leave the webmail open all day and have no problems
with it.
Hmmm - I'm not aware of the bug in IE, that could definitely be a
possibility as we are all using it! I'll ask the helpdesk guys to use
netscape (as they are seeing it more than me) to rule out a browser problem
(in my experience, netscape is far more reliable with sessions anyhow). But
at least if it happens in netscape, then it should rule out a client
problem.
Here's an example of oe of the links they use... is the bug only when
posting a form, or could it also affect links like below?
<a class="widget"
href="mailbox.php?Horde=SESSID&actionID=160&page=1&uniq=SESSID"
onmouseover="status='Purge Deleted'; return true;"
onmouseout="status='';">Purge Deleted</a>
Regards,
Bob Irwin
Server Admin & Web Apps
"I'm a Brick!"
----- Original Message -----
From: "Richard Davey" <richlaunchcode.co.uk>
To: <php-generallists.php.net>
Sent: Wednesday, March 10, 2004 10:20 AM
Subject: Re: [PHP] Session Logout Problems
> Hello Bob,
>
> Tuesday, March 9, 2004, 10:43:34 PM, you wrote:
>
> BI> I have imp mail installed and the users are being randomly logged out.
When
> BI> I look at the matching session ID on the server, the file is
completely
> BI> blank! I thought this might have been some sort of problem with using
the
>
> Does it happen to ANY user or is there a pattern in the nature of
> this? Could it be the current IE bug with blank POST data causing the
> session to be wiped?
>
> --
> Best regards,
> Richard Davey
> http://www.phpcommunity.org/wiki/296.html
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> Scanned by PeNiCillin http://safe-t-net.pnc.com.au/
Scanned by PeNiCillin http://safe-t-net.pnc.com.au/
attached mail follows:
Hi list :-)
I'm using sessions to manage users, by using cookies to store the
session.
My question is, how do I make the session last _forever_?
ATM the session lasts 'till the user closes the browser.
Thanks
--
I/O, I/O,
It's off to disk I go,
A bit or byte to read or write,
I/O, I/O, I/O...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBATkruduWuN7ka4fkRAgLDAJ9JbSz1p51QqUOZWzy1rwfD5QxiDACbBAP9
KTDzXEWLosrPozygNiHoNlc=
=lRFm
-----END PGP SIGNATURE-----
attached mail follows:
Hello André,
Tuesday, March 9, 2004, 10:53:35 PM, you wrote:
AVL> I'm using sessions to manage users, by using cookies to store the
AVL> session.
AVL> My question is, how do I make the session last _forever_?
AVL> ATM the session lasts 'till the user closes the browser.
Ok first of all - you cannot make a cookie last "forever". You can set
its expiry to be a ridiculous date in the future, but that's all - if
the browser removes it during cookie purging, or the user reinstalls
something - it's gone. One of the best solutions is to refresh the
cookie (without their knowledge) each time they come back to the site.
Anyway, onto the meat of your question - give the cookie an expiry
date well into the future so it persists until the visitor returns.
Look at the help file for details on the attributes you need for
setcookie.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
But my question is, since I don't deal with cookies directly (PHP does
that for me), 'cause I only have to deal with sessions, how can I change
the cookies produced by PHP?
atm I only session_start() and use the $_SESSION[''], so I don't really
know which cookie to change, or how to do it.
TIA
Ps.: I know it doesn't last forever, that's why I've put the _forever_
;-)
On Tue, 2004-03-09 at 23:12, Richard Davey wrote:
> Hello André,
>
> Tuesday, March 9, 2004, 10:53:35 PM, you wrote:
>
> AVL> I'm using sessions to manage users, by using cookies to store the
> AVL> session.
> AVL> My question is, how do I make the session last _forever_?
> AVL> ATM the session lasts 'till the user closes the browser.
>
> Ok first of all - you cannot make a cookie last "forever". You can set
> its expiry to be a ridiculous date in the future, but that's all - if
> the browser removes it during cookie purging, or the user reinstalls
> something - it's gone. One of the best solutions is to refresh the
> cookie (without their knowledge) each time they come back to the site.
>
> Anyway, onto the meat of your question - give the cookie an expiry
> date well into the future so it persists until the visitor returns.
> Look at the help file for details on the attributes you need for
> setcookie.
>
> --
> Best regards,
> Richard Davey
> http://www.phpcommunity.org/wiki/296.html
--
I/O, I/O,
It's off to disk I go,
A bit or byte to read or write,
I/O, I/O, I/O...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBATlYQduWuN7ka4fkRAld7AKCQrFKfPCIK2ecjYjDx2hcAM4PuugCeNIqZ
OwCsmwfUZbCv4OPXGjYM2a0=
=APKF
-----END PGP SIGNATURE-----
attached mail follows:
Hello André,
Tuesday, March 9, 2004, 11:41:04 PM, you wrote:
AVL> But my question is, since I don't deal with cookies directly (PHP does
AVL> that for me), 'cause I only have to deal with sessions, how can I change
AVL> the cookies produced by PHP?
AVL> atm I only session_start() and use the $_SESSION[''], so I don't really
AVL> know which cookie to change, or how to do it.
In that case the reason the session expires when the browser closes is
because that is what sessions are designed to do. In order to "bring
them back" you need to issue a cookie of your own that keeps track and
re-builds the session when they return.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
but since the cookie stores the session id, I thought I could keep that
ID and bring it back.
could you show me some code, or point me to some example?
Thanks
On Tue, 2004-03-09 at 23:48, Richard Davey wrote:
> Hello André,
>
> Tuesday, March 9, 2004, 11:41:04 PM, you wrote:
>
> AVL> But my question is, since I don't deal with cookies directly (PHP does
> AVL> that for me), 'cause I only have to deal with sessions, how can I change
> AVL> the cookies produced by PHP?
>
> AVL> atm I only session_start() and use the $_SESSION[''], so I don't really
> AVL> know which cookie to change, or how to do it.
>
> In that case the reason the session expires when the browser closes is
> because that is what sessions are designed to do. In order to "bring
> them back" you need to issue a cookie of your own that keeps track and
> re-builds the session when they return.
>
> --
> Best regards,
> Richard Davey
> http://www.phpcommunity.org/wiki/296.html
--
I/O, I/O,
It's off to disk I go,
A bit or byte to read or write,
I/O, I/O, I/O...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBATljrduWuN7ka4fkRArPrAJ42FNonRff4LyIByofhMXRnYwqD2gCgxgrM
iU73y+LyhPbCANiEA7N2Efc=
=7R82
-----END PGP SIGNATURE-----
attached mail follows:
Hello André,
Tuesday, March 9, 2004, 11:53:15 PM, you wrote:
AVL> but since the cookie stores the session id, I thought I could keep that
AVL> ID and bring it back.
You could, but PHP will automatically clear up "expired" sessions as
part of its garbage collection routine, which means its entirely
possible the session data will have been removed when the user returns
and you try retrieving it again.
You could try changing the session.cookie_lifetime in your php.ini
file, or via code by using the session_set_cookie_params() function.
Please note that this will lead to excessive build up of session data
files on your server, depending on the popularity of your site.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
I'll try to find another way then.
Thanks for the replies
On Wed, 2004-03-10 at 00:00, Richard Davey wrote:
> Hello André,
>
> Tuesday, March 9, 2004, 11:53:15 PM, you wrote:
>
> AVL> but since the cookie stores the session id, I thought I could keep that
> AVL> ID and bring it back.
>
> You could, but PHP will automatically clear up "expired" sessions as
> part of its garbage collection routine, which means its entirely
> possible the session data will have been removed when the user returns
> and you try retrieving it again.
>
> You could try changing the session.cookie_lifetime in your php.ini
> file, or via code by using the session_set_cookie_params() function.
>
> Please note that this will lead to excessive build up of session data
> files on your server, depending on the popularity of your site.
>
> --
> Best regards,
> Richard Davey
> http://www.phpcommunity.org/wiki/296.html
--
I/O, I/O,
It's off to disk I go,
A bit or byte to read or write,
I/O, I/O, I/O...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBATlw3duWuN7ka4fkRAsY1AKCF1l3nJa94+nUa7IbFIl9gJggoLQCgvoYY
mvIVR+rLa/uEV3Wq9tBcEuU=
=J+ch
-----END PGP SIGNATURE-----
attached mail follows:
DAvid Jackson wrote:
> Howdy --
> SQLite supported by a direct call the sqlite library?
> As apposed to calling the executable?
>
> Could I use ini_set(include_path=) to tall PHP where the SQLite lib is
> located?
>
> TIA,
> David
>
I have never worked with SQLite but I bet you cannot.
1. the library is linked at php startup
2. enviroment variables LD_* are used to indicate another library to link
3. it is not secure, the library could do anything
attached mail follows:
yes, my webhost is on Unix. Thanks, that must be it because I sent a
regular email to both address's at the same time and I only received one.
-Adam Reiswig
trlistsclayst.com wrote:
> On 8 Mar 2004 Adam Reiswig wrote:
>
>
>>Normally, the two emails would end up in the same pop account but don't
>>seem to be when I use the above script. If I send to one or the other
>>they receive appropriately, but if I send to both at the same time, I
>>only receive one email, not both. If anyone can help me as to why this
>>is and if there is a remedy, I'd sure like to know about it. Thanks a lot!!
>
>
> Is this on a Unix box? The same box where the domain is hosted? If so
> I think sendmail does that -- it notices the duplication, and only
> sends the message once.
>
> --
> Tom
>
attached mail follows:
Someone had posted a tip for using an abbreviated form of an if.. else
structure...
It looked something like:
$x : action1 : action2;
I'm trying to shorten having to do the following:
if ($x) {
action1;
} else {
action 2;
}
can someone please post the syntax if they know it? I am reading the
fine documentation but can't find it...
many thanks
Ahbaid
attached mail follows:
$x ? action1 : action2;
> structure...
>
> It looked something like:
>
> $x : action1 : action2;
>
> I'm trying to shorten having to do the following:
>
> if ($x) {
> action1;
> } else {
> action 2;
> }
>
> can someone please post the syntax if they know it? I am reading the
> fine documentation but can't find it...
>
> many thanks
>
> Ahbaid
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Hello Ahbaid,
Tuesday, March 9, 2004, 11:42:21 PM, you wrote:
AG> Someone had posted a tip for using an abbreviated form of an if.. else
AG> structure...
AG> It looked something like:
AG> $x : action1 : action2;
$x ? xxx : xxx
But it makes your code less readable IMHO and offers no tangible
benefit whatsoever.
--
Best regards,
Richard Davey
http://www.phpcommunity.org/wiki/296.html
attached mail follows:
Yeah, but if my code is less readable, my job security goes up ;) (Kidding)
Thanks for all your help folks,
that's what I needed.
regards
Ahbaid
Richard Davey wrote:
>Hello Ahbaid,
>
>Tuesday, March 9, 2004, 11:42:21 PM, you wrote:
>
>AG> Someone had posted a tip for using an abbreviated form of an if.. else
>AG> structure...
>
>AG> It looked something like:
>
>AG> $x : action1 : action2;
>
>$x ? xxx : xxx
>
>But it makes your code less readable IMHO and offers no tangible
>benefit whatsoever.
>
>
>
attached mail follows:
Ahbaid Gaffoor wrote:
> Yeah, but if my code is less readable, my job security goes up ;) (Kidding)
>
> Thanks for all your help folks,
>
> that's what I needed.
>
> regards
>
> Ahbaid
>
> Richard Davey wrote:
>
>> Hello Ahbaid,
>>
>> Tuesday, March 9, 2004, 11:42:21 PM, you wrote:
>>
>> AG> Someone had posted a tip for using an abbreviated form of an if..
>> else
>> AG> structure...
>>
>> AG> It looked something like:
>>
>> AG> $x : action1 : action2;
>>
>> $x ? xxx : xxx
>>
>> But it makes your code less readable IMHO and offers no tangible
>> benefit whatsoever.
>>
>>
>>
Before this thread dies, I'd like to clarify something. This syntax is
mostly for inline ifs as what it does is return a value. For example:
$apples = 2;
echo 'There are '.$apples.' apple'.($apples == 1 ? '' : 's').'.';
In this case, it returns a string which is then echoed. This *could* be
used in place of a normal if, but there is probably an added overhead as
the value of the last statement is returned. Also, you *must* have an
else when you use this syntax (even if it does nothing), it cannot be
used for a simple if.
--
paperCrane <Justin Patrin>
attached mail follows:
Hello,
On 03/09/2004 05:37 AM, Will wrote:
> How do I modify the following to except a password for the SMTP server?????
The mail function does not support authentication.
You may want to try this class that comes with a wrapper function named
smtp_mail(). It emulates the mail() function except that it lets you
configure details like the authentication credentials.
http://www.phpclasses.org/mimemessage
You also need this:
http://www.phpclasses.org/smtpclass
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
attached mail follows:
I figured out how to do it.
This is what I put in the php.ini file:
SMTP = mydomains_smtp_server.com
sendmail_from = my_webmaster_emaildomain.com
This worked great!!! It is sent right to a SMTP which is setup to
authenticate all outgoing mails.
~WILL~
-----Original Message-----
From: Manuel Lemos [mailto:mlemosacm.org]
Sent: Tuesday, March 09, 2004 7:29 PM
To: Will
Cc: php-generallists.php.net
Subject: Re: mail() and passwords
Hello,
On 03/09/2004 05:37 AM, Will wrote:
> How do I modify the following to except a password for the SMTP
server?????
The mail function does not support authentication.
You may want to try this class that comes with a wrapper function named
smtp_mail(). It emulates the mail() function except that it lets you
configure details like the authentication credentials.
http://www.phpclasses.org/mimemessage
You also need this:
http://www.phpclasses.org/smtpclass
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
attached mail follows:
Hi,
I need to save some SQL queries into the MySql database for later u