NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2004-08

php-general Digest 19 Aug 2004 08:49:52 -0000 Issue 2945

php-general-digest-helplists.php.net
Date: Thu Aug 19 2004 - 03:49:52 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 19 Aug 2004 08:49:52 -0000 Issue 2945

Topics (messages 194178 through 194230):

Re: PHP HTML text editor issues...
194178 by: Tim Traver
194179 by: Curt Zirzow

membership via folders
194180 by: Mag
194225 by: Jason Wong

Cannot Load DLLs (WinXP, Apache 2, PHP 5)
194181 by: Chris Jenkinson
194183 by: John Holmes

Re: mkdir() permissions
194182 by: Matthew Sims

PHP/PearDB works on commandline but not via http....
        194184 by: pw
        194185 by: Justin Patrin
        194187 by: Matthew Sims
        194188 by: pw
        194191 by: pw
        194218 by: Justin Patrin

Weather php SDK for weather - Historical, current and forecast
        194186 by: Eugene Voznesensky
        194198 by: Gerard Samuel
        194222 by: Eugene Voznesensky

Re: Securing Forms???
        194189 by: Peter Brodersen
        194196 by: John Holmes
        194201 by: Peter Brodersen
        194204 by: Chris Shiflett
        194205 by: Peter Brodersen
        194206 by: Curt Zirzow
        194207 by: Jennifer Goodie
        194208 by: Chris Shiflett
        194210 by: Peter Brodersen
        194211 by: Michal Migurski
        194212 by: Chris Shiflett
        194213 by: John Holmes
        194214 by: Gerard Samuel
        194215 by: Gerard Samuel
        194220 by: Nobody Special
        194221 by: John Holmes

Support dbase problems
194190 by: Bernardo

Re: OO Theory Question
194192 by: Kevin Waterson

form items lost their values when start using sessions
194193 by: Leticia Campos
194194 by: Matt M.

Delete a file after it has been downloaded?
        194195 by: Yngve
        194199 by: John Holmes
        194200 by: Matt M.

Modifying this PHP-based sourceforge.net web proxy
        194197 by: news.php.net
        194203 by: Curt Zirzow
        194216 by: Hannes Magnusson

Re: preg_match question
194202 by: Chris Jenkinson

Re: Greetings.
194209 by: Research
194224 by: Jason Wong

Please have a look at my function
194217 by: Mag
194226 by: Jason Wong

Re: ftp_connect returns false
        194219 by: DBW
        194223 by: Jason Wong
        194228 by: DBW
        194229 by: Jason Wong

connection_aborted does not work
194227 by: Nolan Eakins

oop too slow
194230 by: Krzysztof Gorzelak

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Darnit if the php.ini file that I was looking at was the wrong one...

looks like turning the magic quotes off in the correct php.ini file worked...

thanks,

Tim.

At 10:17 AM 8/18/2004, Curt Zirzow wrote:
>* Thus wrote Tim Traver:
> > Hi all,
> >
> > ok, I've made my own version of a file manager complete with a text
> editor,
> > and I'm having troubles figuring out some issues.
> > ...
> >
> > I've tried to use addslashes and stripslashes to prevent some of the
> > clobbering of the text, but it doesn't seem to be working. If I don't do
> > anything, it looks like PHP (or HTML) backslashes all quotes...
> >
> > I just want to get the EXACT text that is in the textarea to be saved to
> > disk...
> >
> > Here is an example of a line that gets clobbered :
> >
> > $value =~ tr/\0//d;
> >
> > I read the file in from disk using file_get_contents. Does that do any
> > translation ???
>
>file_get_contents doesn't do any filtering. The issue your you're
>probably running into is that magic_quotes_gpc is set to On. This
>will addslashes to all your data by default. Two options:
>
> 1. Turn it off.
> 2. apply strip_slashes() to the string before writing to disk
>
>
>Curt
>--
>First, let me assure you that this is not one of those shady pyramid schemes
>you've been hearing about. No, sir. Our model is the trapezoid!
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

SimpleNet's Back !
http://www.simplenet.com

attached mail follows:

* Thus wrote Justin Patrin:
> On Wed, 18 Aug 2004 17:17:26 +0000, Curt Zirzow
> <php-generalzirzow.dyndns.org> wrote:
> > * Thus wrote Tim Traver:
> > >
> > > I just want to get the EXACT text that is in the textarea to be saved to
> > > disk...
> > >
> > > Here is an example of a line that gets clobbered :
> > >
> > > $value =~ tr/\0//d;
> > >
> > > I read the file in from disk using file_get_contents. Does that do any
> > > translation ???
> >
> > file_get_contents doesn't do any filtering. The issue your you're
> > probably running into is that magic_quotes_gpc is set to On. This
> > will addslashes to all your data by default. Two options:
> >
> > 1. Turn it off.
> > 2. apply strip_slashes() to the string before writing to disk
> >
>
> Don't you mean magic_quotes_runtime?

No. gpc is for data that is posted, if magic_quotes_gpc is on
$_POST['textfield'] will have \\0.

when magic_quotes_runtime is on, it effects results from things like
SQL and exec().

Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!

attached mail follows:

Hi,
I have searched for this kind of an app on hotscritps
and also at phpclsases, I have found a couple that
come close and am confused which one to download, this
is my requirment:

1.Visitor joins (and becomes a member), a folder is
created just for him (i have done this)

2.He is allowed to upload upto x.xx mb of files

3.He can download his files and should have a kind of
file manager to see what he has there

I can write the above myself, but the above is quite
"normal" and I am sure many people must have had a
requirement close to this so if possible I would like
to avoid writing this from scratch...maybe modifying
some existing apps?

Any recommendations? resources? links?

Thanks,
Mag

=====
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)

__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

attached mail follows:

On Thursday 19 August 2004 02:31, Mag wrote:

> I have searched for this kind of an app on hotscritps
> and also at phpclsases, I have found a couple that
> come close and am confused which one to download,

Download all of them and try them out. None of them will charge you for trying
it out.

> this
> is my requirment:
>
> 1.Visitor joins (and becomes a member), a folder is
> created just for him (i have done this)
>
> 2.He is allowed to upload upto x.xx mb of files
>
> 3.He can download his files and should have a kind of
> file manager to see what he has there
>
> I can write the above myself, but the above is quite
> "normal" and I am sure many people must have had a
> requirement close to this so if possible I would like
> to avoid writing this from scratch...maybe modifying
> some existing apps?
>
> Any recommendations? resources? links?

Resources? Links? Wouldn't you be even more confused with the plethora of
choices?

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Whitehead's Law:
The obvious answer is always overlooked.
*/

attached mail follows:

Hi,

I can't get PHP to load php_mysql.dll, required to use the mysql_*()
functions.

I have tried a variety of values for extension_dir, including
"C:/php/ext", "C:\php\ext", "C:\php\", "./ext/", "ext/". I have copied
php_mysql to all these directories, but it is not loading it.

PHP is stored in C:/php, and works perfectly apart from not finding the
MySQL dll file.

If you could advise me for how to get PHP to load this DLL, I would be
very grateful!

Cheers,
Chris

--
Chris Jenkinson
chrisstarglade.org

attached mail follows:

Chris Jenkinson wrote:

> I can't get PHP to load php_mysql.dll, required to use the mysql_*()
> functions.
>
> I have tried a variety of values for extension_dir, including
> "C:/php/ext", "C:\php\ext", "C:\php\", "./ext/", "ext/". I have copied
> php_mysql to all these directories, but it is not loading it.
>
> PHP is stored in C:/php, and works perfectly apart from not finding the
> MySQL dll file.
>
> If you could advise me for how to get PHP to load this DLL, I would be
> very grateful!

This was just disussed a few days ago. Copy the libmysql.dll file **that
comes with PHP5** into the windows/system32/ directory.

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:

> Hi
>
> I am new to PHP and I'm trying that my script checks if a directory exists
> and
> if not, it should create it. I'm doing it with mkdir() but it returns this
> error message:
>
> Warning: mkdir(0): Permission denied in /xxxxxx on line 32
>
> I wonder what kind of permissions should I set. This should be doable by
> any
> visitor.
>
> Thanks for your help.
>
> Percy

It you're trying to do this through a web server, then permissions need to
be set with the web server. Directories and files need to be owned by the
whatever UID the web server runs as (nobody, www, etc).

If you're running it through a stand alone script, well then, if you don't
own the directory or you're not root, that's probably the problem.

--
--Matthew Sims
--<http://killermookie.org>

attached mail follows:

Hello,

I have an interesting problem with PostgreSQL
via PearDB and PHP 4.3.3 .

I have a php page that opens a remote connection
to a Postgres database, performs a query, lists
the results and then closes the connection.

If I run the php from the command line the
connection and query work fine. Php dumps
a nice web page with all the data that I am asking for.

If I serve the same php page via apache
from the same machine, php fails to open
the database connection and thus the page
fails to fill out. PearDB is installed and working
since

if(DB::iserror($db))

detects the error.

Anyone have any ideas?

Thanks,

Peter

attached mail follows:

On Wed, 18 Aug 2004 12:53:25 -0700, pw <p.willistelus.net> wrote:
> Hello,
>
> I have an interesting problem with PostgreSQL
> via PearDB and PHP 4.3.3 .
>
> I have a php page that opens a remote connection
> to a Postgres database, performs a query, lists
> the results and then closes the connection.
>
> If I run the php from the command line the
> connection and query work fine. Php dumps
> a nice web page with all the data that I am asking for.
>
> If I serve the same php page via apache
> from the same machine, php fails to open
> the database connection and thus the page
> fails to fill out. PearDB is installed and working
> since
>
> if(DB::iserror($db))
>
> detects the error.
>
> Anyone have any ideas?
>

Can't help you unless you give us an error...

--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

attached mail follows:

> On Wed, 18 Aug 2004 12:53:25 -0700, pw <p.willistelus.net> wrote:
>> Hello,
>>
>> I have an interesting problem with PostgreSQL
>> via PearDB and PHP 4.3.3 .
>>
>> I have a php page that opens a remote connection
>> to a Postgres database, performs a query, lists
>> the results and then closes the connection.
>>
>> If I run the php from the command line the
>> connection and query work fine. Php dumps
>> a nice web page with all the data that I am asking for.
>>
>> If I serve the same php page via apache
>> from the same machine, php fails to open
>> the database connection and thus the page
>> fails to fill out. PearDB is installed and working
>> since
>>
>> if(DB::iserror($db))
>>
>> detects the error.
>>
>> Anyone have any ideas?
>>
>
> Can't help you unless you give us an error...
>

And check to see that PostgreSQL is accepting network connections rather
than localhost. Is it listening to a port?

--
--Matthew Sims
--<http://killermookie.org>

attached mail follows:

Justin Patrin wrote:
>
>
> Can't help you unless you give us an error...
>

There's no error.

DB_Error::toString()

returns the following.

[: message="" code=0 mode= level= prefix="" info=""]

Peter

attached mail follows:

Matthew Sims wrote:
>
> And check to see that PostgreSQL is accepting network connections rather
> than localhost. Is it listening to a port?
>

Connecting remotely to postgres via the command line:

psql -h nnn.nnn.nnn.nnn database_name -p 5432 -U user -W

works fine.

Like I wrote before, if I run the same script from the command line
with the same php build...
ie:
cmd_line/> php db_test.php

the script works fine and retrieves data fromt he database.

If I try to serve the same php page via apache it
can't connect, thus no $db object is returned from
$db=DB::connect("pgsql://yada:blahnnn.nnn.nnn.nnn/databasename");

I've tried running the php as various users including apache from
the command line and it continues to work fine there. So, it's not
a user permissions thing.

Peter

attached mail follows:

On Wed, 18 Aug 2004 14:23:49 -0700, pw <p.willistelus.net> wrote:
>
>
> Matthew Sims wrote:
> >
> > And check to see that PostgreSQL is accepting network connections rather
> > than localhost. Is it listening to a port?
> >
>
> Connecting remotely to postgres via the command line:
>
> psql -h nnn.nnn.nnn.nnn database_name -p 5432 -U user -W
>
> works fine.
>
> Like I wrote before, if I run the same script from the command line
> with the same php build...
> ie:
> cmd_line/> php db_test.php
>
> the script works fine and retrieves data fromt he database.
>
> If I try to serve the same php page via apache it
> can't connect, thus no $db object is returned from
> $db=DB::connect("pgsql://yada:blahnnn.nnn.nnn.nnn/databasename");
>
> I've tried running the php as various users including apache from
> the command line and it continues to work fine there. So, it's not
> a user permissions thing.
>

Did you try:
if(PEAR::isError($db)) {
echo $db->getMessage().' '.$db->getUserInfo();
}

It's probably because:
1) the postgres the module isn't in the PHP that apache is using
2) the postgres module isn't loaded in the PHP that apache is using
3) the postgres module in the PHP that apache is using is connecting
via a socket instead of a port (or vice-versa)

--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

attached mail follows:

I am looking for sources for weather information and found the site

http://www.nws.noaa.gov/forecasts/xml/

Is there any way to get historical weather data via a PHP Script or any available SDK?

attached mail follows:

Eugene Voznesensky wrote:
> I am looking for sources for weather information and found the site
>
> http://www.nws.noaa.gov/forecasts/xml/
>
> Is there any way to get historical weather data via a PHP Script or any available SDK?
>
>

Take a look at http://www.weather.com/services/xmloap.html
Unfortunately they dont provide historical, only current/forcast data...

attached mail follows:

Thank you!

Gerard Samuel <php-generaltrini0.org> wrote:Eugene Voznesensky wrote:
> I am looking for sources for weather information and found the site
>
> http://www.nws.noaa.gov/forecasts/xml/
>
> Is there any way to get historical weather data via a PHP Script or any available SDK?
>
>

Take a look at http://www.weather.com/services/xmloap.html
Unfortunately they dont provide historical, only current/forcast data...

attached mail follows:

On Fri, 13 Aug 2004 12:39:07 -0700 (PDT), in php.general
shiflettphp.net (Chris Shiflett) wrote:

>http://shiflett.org/talks/oscon2004/php-security/36

$token = md5(uniqid(rand(), true));

.. is a pretty bad idea, since the output could include quotes,
newlines, low-ascii-characters, thereby messing up the form.

$token = md5(uniqid(rand() ));
ought to be sufficient - and works with PHP4 :)

--
- Peter Brodersen

attached mail follows:

Peter Brodersen wrote:

>>http://shiflett.org/talks/oscon2004/php-security/36
>
> $token = md5(uniqid(rand(), true));
>
> .. is a pretty bad idea, since the output could include quotes,
> newlines, low-ascii-characters, thereby messing up the form.

How do you figure that? md5() only returns 0-9 and a-f characters.

> $token = md5(uniqid(rand() ));
> ought to be sufficient - and works with PHP4 :)

Using entropy with uniqid() simply returns a more unique value to md5(),
so what's the difference.

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:

On Wed, 18 Aug 2004 17:59:34 -0700, in php.general
holmes072000charter.net (John Holmes) wrote:

>> $token = md5(uniqid(rand(), true));
>>
>> .. is a pretty bad idea, since the output could include quotes,
>> newlines, low-ascii-characters, thereby messing up the form.
>How do you figure that? md5() only returns 0-9 and a-f characters.

From the manual: http://php.net/md5
string md5 ( string str [, bool raw_output])
"If the optional raw_output is set to TRUE, then the md5 digest is
instead returned in raw binary format with a length of 16."

raw_output is set to true, meaning that md5() will not just return a
hexdump of the digest, but a raw binary format, which could contain
quotes and other special characters. There's about 6% probability of
md5 returning (at least) one double quote for a random input :)

>> $token = md5(uniqid(rand() ));
>> ought to be sufficient - and works with PHP4 :)
>Using entropy with uniqid() simply returns a more unique value to md5(),
>so what's the difference.

Err... the only difference is that I removed the second argument,
making md5() return a simple hex-encoded string.

--
- Peter Brodersen

attached mail follows:

--- Peter Brodersen <phpter.dk> wrote:
> > http://shiflett.org/talks/oscon2004/php-security/36
>
> $token = md5(uniqid(rand(), true));
>
> .. is a pretty bad idea, since the output could include quotes,
> newlines, low-ascii-characters, thereby messing up the form.

That's incorrect. An MD5 is a hexadecimal number.

Chris

attached mail follows:

On Wed, 18 Aug 2004 15:26:34 -0700 (PDT), in php.general
shiflettphp.net (Chris Shiflett) wrote:

>> $token = md5(uniqid(rand(), true));
>> .. is a pretty bad idea, since the output could include quotes,
>> newlines, low-ascii-characters, thereby messing up the form.
>That's incorrect. An MD5 is a hexadecimal number.

Ah, damn you, parenthesis :)

I read it as:
md5(uniqid(rand()), true);

My bad - sorry!

--
- Peter Brodersen

attached mail follows:

* Thus wrote Peter Brodersen:
> On Wed, 18 Aug 2004 17:59:34 -0700, in php.general
> holmes072000charter.net (John Holmes) wrote:
>
> >> $token = md5(uniqid(rand(), true));
> >>
> >> .. is a pretty bad idea, since the output could include quotes,
> >> newlines, low-ascii-characters, thereby messing up the form.
> >How do you figure that? md5() only returns 0-9 and a-f characters.
>...
>
> >> $token = md5(uniqid(rand() ));
> >> ought to be sufficient - and works with PHP4 :)
> >Using entropy with uniqid() simply returns a more unique value to md5(),
> >so what's the difference.
>
> Err... the only difference is that I removed the second argument,
> making md5() return a simple hex-encoded string.

The second argument was to uniqid().

Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!

attached mail follows:

> >> $token = md5(uniqid(rand(), true));
> >>
> >> .. is a pretty bad idea, since the output could include quotes,
> >> newlines, low-ascii-characters, thereby messing up the form.
> >How do you figure that? md5() only returns 0-9 and a-f characters.
>
> From the manual: http://php.net/md5
> string md5 ( string str [, bool raw_output])
> "If the optional raw_output is set to TRUE, then the md5 digest is
> instead returned in raw binary format with a length of 16."

The true is the second argument (more_entropy) for uniqid.

attached mail follows:

--- Peter Brodersen <phpter.dk> wrote:
> raw_output is set to true, meaning that md5() will not just return a
> hexdump of the digest, but a raw binary format, which could contain
> quotes and other special characters.

I see your mistake now. That second argument is for the uniqid() function.
Have another look and pay close attention to parentheses. :-)

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
     Coming Fall 2004
HTTP Developer's Handbook - Sams
     http://httphandbook.org/
PHP Community Site
     http://phpcommunity.org/

attached mail follows:

On Wed, 18 Aug 2004 15:57:26 -0700 (PDT), in php.general
shiflettphp.net (Chris Shiflett) wrote:

>I see your mistake now. That second argument is for the uniqid() function.
>Have another look and pay close attention to parentheses. :-)

"My arch enemy, Parenthesis, we meet again. And I can see that you
have grown stronger since our last encounter!"

--
- Peter Brodersen

attached mail follows:

"true" is an argument to uniqid(), in that snippet:
string uniqid ( [string prefix [, bool more_entropy]])

You would run the risk of messing up the form with (sound of pipe organ)
*excessive entropy*.

---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html

attached mail follows:

--- Gerard Samuel <php-generaltrini0.org> wrote:
> > http://education.nyphp.org/phundamentals/PH_spoofed_submission.php
> >
> > http://shiflett.org/talks/oscon2004/php-security/36
> >
> > Hope that helps.
> >
>
> Just wanted to chime in to the list and to Chris.

Hi. :-)

> I've been mulling the example in the second link since last we
> talked about this, and I modified the example to make an even
> safer example (IMHO). The idea of using the plain "token" in the
> form, and using it to compare with the session wasn't sitting
> well with me for some reason (maybe bad karma in the air or
> something), so I borrowed an idea from a previous article you
> wrote on session hijacking, by utilising a "private key".

The idea, although presented a bit differently, is the same.

> The goal, is so that one cannot really determine what the
> comparison token can be by looking at the hidden field value
> of "token".

Before I comment on your code, I think it's worth pointing out that the
risk this method attempts to mitigate is a spoofing of the form. This can
come in many forms, but here are two examples:

1. Bad guy uses a CSRF attack on good guy. Thus, good guy submits a form
of the attacker's choosing (a forged HTTP request). This method
complicates such an attack, because the attacker won't know the token.
This is sometimes called a "shared secret," because the token is known by
the user and the server - third parties have a difficult time compromising
this (SSL can mitigate the concern for man-in-the-middle attacks).

2. Bad guy uses the application and wants to submit the form without using
the form you provide. This method complicates this, because without at
least receiving the form you provide once, there is no way to collect the
token. Your data filtering on the server side should take care of the
rest.

> Comments are welcome...
>
> ---
> <?php
>
> session_start();
>
> $some_hidden_key = 'abcde...';
>
> if (isset($_POST['message']))
> {
> if ($_POST['token'] . $some_hidden_key === $_SESSION['token'])
> {
> $message =
> htmlentities($_POST['message']);
> $fp = fopen('./safer.txt', 'a');
> fwrite($fp, "$message<br />");
> fclose($fp);
> }
> }
>
> $token = md5(uniqid(rand(), true));
> $_SESSION['token'] = $token . $some_hidden_key;
>
> ?>
>
> <form method="post"
> action="<?php echo $_SERVER['PHP_SELF']; ?>">
> <input type="hidden" name="token"
> value="<?php echo $token; ?>" />
> <input type="text" name="message"><br />
> <input type="submit">
> </form>
>
> <?php readfile('./safer.txt'); ?>

This doesn't provide any benefit that I can see, but I'm ready to admit
that I might be missing something. If the token is captured, the
conditional statement can still be bypassed, because the value of
$some_hidden_key isn't necessary for this at all.

Anyway, I'm a bit rushed, and I'll be happy to have a better look later if
this doesn't make sense, or if it seems like I'm wrong. :-)

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
     Coming Fall 2004
HTTP Developer's Handbook - Sams
     http://httphandbook.org/
PHP Community Site
     http://phpcommunity.org/

attached mail follows:

Peter Brodersen wrote:

>>>$token = md5(uniqid(rand(), true));
>>>
>>>.. is a pretty bad idea, since the output could include quotes,
>>>newlines, low-ascii-characters, thereby messing up the form.
>>
>>How do you figure that? md5() only returns 0-9 and a-f characters.
>
>
> From the manual: http://php.net/md5
> string md5 ( string str [, bool raw_output])
> "If the optional raw_output is set to TRUE, then the md5 digest is
> instead returned in raw binary format with a length of 16."

That "true" is the second parameter to uniqid(), not md5().

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:

Peter Brodersen wrote:
> On Wed, 18 Aug 2004 17:59:34 -0700, in php.general
> holmes072000charter.net (John Holmes) wrote:
>
>
>>>$token = md5(uniqid(rand(), true));
>>>
>>>.. is a pretty bad idea, since the output could include quotes,
>>>newlines, low-ascii-characters, thereby messing up the form.
>>
>>How do you figure that? md5() only returns 0-9 and a-f characters.
>
>
> From the manual: http://php.net/md5
> string md5 ( string str [, bool raw_output])
> "If the optional raw_output is set to TRUE, then the md5 digest is
> instead returned in raw binary format with a length of 16."
>

Double check the example that I originally provided.
--
md5( uniqid(rand(), true) )
--
Im not using the "raw_output" option of md5()
md5( uniqid(rand(), true) )

attached mail follows:

Chris Shiflett wrote:
> This doesn't provide any benefit that I can see, but I'm ready to admit
> that I might be missing something. If the token is captured, the
> conditional statement can still be bypassed, because the value of
> $some_hidden_key isn't necessary for this at all.
>
> Anyway, I'm a bit rushed, and I'll be happy to have a better look later if
> this doesn't make sense, or if it seems like I'm wrong. :-)
>
>

The idea was just that, an idea. I was trying to play out
mechanics/scenarios in my head, before blindingly changing my code to
suit this "secure" method.
But thats for the conversation...

attached mail follows:

On Fri, 13 Aug 2004 18:57:24 -0400, Gerard Samuel
<php-generaltrini0.org> wrote:
> Chris Shiflett wrote:
> > You might find these resources helpful:
> >
> > http://education.nyphp.org/phundamentals/PH_spoofed_submission.php
> >
> > http://shiflett.org/talks/oscon2004/php-security/36
> >
> > Hope that helps.
> >
>
> Thanks. These are doable..
>

With curl I can automate pretty much any web site, you can't tell the
difference between it and somebody using a browser. You are better
off worrying about sanatizing the incoming data then securing the
form. Let your session handling and login stuff take care of that.

--
Use Linux.

attached mail follows:

Nobody Special wrote:

> With curl I can automate pretty much any web site, you can't tell the
> difference between it and somebody using a browser. You are better
> off worrying about sanatizing the incoming data then securing the
> form. Let your session handling and login stuff take care of that.

This isn't about sanitizing data. This is about making a user
unknowingly make a request to another site.

Yes, you can automate things with cURL, but the requests are coming from
your server, not the user you're trying to abuse. You could simulate
their cookies, but you'd have to get them first, which isn't always easy
or possible. With a CSRF attack, you have the user make the request and
send their cookies, data, whatever, without them even knowing it.

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:

Hello:

I have a RedHat 9 linux distribution and y have already install the httpd and the php and it works well, but i have to install the dbase support (httpd + php + dbase). I was found a rpm packages for this support (php-dbase x.x-i386.rpm and php-common x.x-i386.rpm) but it doesn't work, i have a command not found error in the code whe i try to call dbase_open(). I already try to compile the httpd and the php package with the same results. ¿ What should i do ?

Best Regards

_____________________________________
Bernardo Zerda Rodriguez
Ingeniero de Sistemas
Telintel
Bogota-Colombia

attached mail follows:

This one time, at band camp, Justin Patrin <papercranegmail.com> wrote:

> On Wed, 18 Aug 2004 11:03:47 -0300, Ricardo Cezar <hosptalabwnet.com.br> wrote:
> > Probably it's a dumb question, but I'm new to OO Programming, so...
> >
> > How can I store the instance of the class in the session????
> >
>
> I answered this a long time ago in this thread. Did you not get my mail?

http://www.phpro.org/sessions.php

--
______
(_____ \
_____) ) ____ ____ ____ ____
| ____/ / _ ) / _ | / ___) / _ )
| | ( (/ / ( ( | |( (___ ( (/ /
|_| \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia

attached mail follows:

Why since I put session_start(); in my php code the input items lost values
previously entered if user goes back to the form page?

Leticia Campos
IT Programming

attached mail follows:

On Wed, 18 Aug 2004 14:35:19 -0700, Leticia Campos
<leticia.campossanoviv.com> wrote:
> Why since I put session_start(); in my php code the input items lost values
> previously entered if user goes back to the form page?

might have something to do with session.cache_limiter , get rid of it
and see if you still have the problem.

attached mail follows:

Hi!

I wonder if it´s possible (and how) to delete a file after it has been
downloaded, without running anything on the server except for the PHP page
which the user gets the file from.

If it is not possible, i wonder how i could create a script which deletes
all files in a directory which are more than 5 hours old?

Best regards, Yngve

attached mail follows:

Yngve wrote:

> I wonder if it´s possible (and how) to delete a file after it has been
> downloaded, without running anything on the server except for the PHP page
> which the user gets the file from.

unlink()

You need a middle man script to manage the download and delete the file.
The script receives the request, send the appropriate file headers, uses
readfile() to send the file data, then deletes the file with unlink().

> If it is not possible, i wonder how i could create a script which deletes
> all files in a directory which are more than 5 hours old?

opendir() and readdir() to loop through the file and
filectime()/filemtime()/fileatime() to get the age of the file
(depending on how you define 5 hours old).

You could also just make a system() call to the command line to delete
the files or just have something run by cron.

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:

On Wed, 18 Aug 2004 23:56:57 +0200, Yngve <kentnntpmds.mdh.se> wrote:
> Hi!
>
> I wonder if it´s possible (and how) to delete a file after it has been
> downloaded, without running anything on the server except for the PHP page
> which the user gets the file from.
>
> If it is not possible, i wonder how i could create a script which deletes
> all files in a directory which are more than 5 hours old?

http://us3.php.net/unlink

or something like this

define(FILE_DIRECTORY , path to your directory);
define(DELETE_TIME , 18000); //5 hours

        $current_time = time();
        // Open a known directory, and proceed to read its contents
        if (is_dir(FILE_DIRECTORY)) {
           if ($dh = opendir(FILE_DIRECTORY)) {
                   while (($file = readdir($dh)) !== false) {
                        if (is_file(FILE_DIRECTORY.$file) ) {
                                        $file_time = filectime ( FILE_DIRECTORY.$file );
                                        if ($current_time - $file_time > DELETE_TIME ) {
                                                unlink(FILE_DIRECTORY.$file);
                                        }
                                }
                   }
                   closedir($dh);
           }
        }

attached mail follows:

Attached is an awesome web proxy, which totally meets my needs, but I need
it to be transparent. I need anyone accessing the computer that this is on
to be automatically proxy-ed to a URL, but then let them navigate through
the links just fine. I also do not want them to see the banner that's
displayed by default.

This script was designed for people to be able to bypass blocked websites
from work, by going through this proxy, but I need it because one DMZ on our
firewall cannot access the other DMZ where the web server is, and they need
to be able to.

This script works fine in my testing, but I do not know enough about PHP yet
to be able to modify it on my own.

I tried changing the "$this->url" on line 202, which set the script up to
browse that URL fine, but none of the links. It always displayed only the
home page. I need an initial URL, but then allow it to be changed when
people click on a link.

Can anyone help? Thanks a million!

- Adam

begin 666 poxy-0.3.zip
M4$L#!!0````(`)%2U3"1+O>D[0$``&($```-````:F%V87-C<FEP="YJ<XU3
M:V_3,!3]7JG_P1I(<921-./;NJ-]Z.PL0T&M"5R4R?QZMK!CZ4#\=^QDS1-
M1JGPE]C7Q^>><^\-HGF&0C "#IK'"YRD&;E9TA7C^0\AE;XMUG<_3Y\^>_[B
MY:O7;]Z^&[__<';^\>+RZM/GZR]?OSG#?]9AB/+T'G4H>L\ZM!9AGXOT2Q6
MA#,E8$5^%C:'9NO_>KWP-F,5Q<*F%S5';2[`D)C88 (.+%/?8I9JC)S
M]CRW0M4$=L5:C+&RNU$)CC,D3A4D[O ^9LQCRF-A3YA"[P^2V!UY3;Y[2()
MJ.-9,0]<-SM72NS70L>ZQ5FRL\%7]]%1OW*1Y5IK](C]=Q\"$LA.6RY:5'^
M;N>N:V(>PZWJ$S!PP9.-U>/*P]'&:H-K+#>,`BLM6$UJ;LN+=F/T?$54*1MN
M^Y)0E$J[V=N9QKK$2AE_TL<4VX"<.#R7DYDSV]^Y*HUU^A]4$S(S?G&\Q O;
M%"4TMB5Q0L?4PQDXM?7&^:[&E G]6T0U-C;*T_#?:(5$:B=ESQ3T*P(\2+
MG:*B.45L62J+%,\WXB1&(L[.D5+8-&4$N]P,BT\_]',<X^GP30(4K)'D!:T
M$;_]H_X6U^!\7.*8P[B0_!P<-P&ARX[IY<U6# #:2>HP11B:LQ^-02P,$
M% `````(QTK,.-4['LL&P``JT<```L```!,24-%3E-%+G1X=)U<77/;R+%]
M7M;E?YC2BZ4J6EE[;SYVE=HJ2J9L)K*DD)0=O04DAR)B$& P+3\]_><[ID!
M0%).;C;9M45B>KI[^N-T3T,__&#PS\?;!_-Q=#N:#&_,_</ES?C*X-_1[734
M[_T3^"?+[9T:9&;]P/SESJWYMW//[_K]_H]<U5L=V7ZM*[,Z=49/O[3SP/Y
MTER7UIIIL:I>DM*:ZZ+.ETD%$,SSA?G6'G\G]__;&9VL\VLN<^2A1V8:9U6
MUOSTTX\#<UFXB0^#XWY\?V[=^_>OOOIQS\:\S =M[HV9:[`KRESFQMN4FK
MRBY-59%6#1)OC3+U%5E.J]!#\_.P<Z&7Z;687FQ,M4:2[-T87-GS;)8U!N;
M5P.#!6:Q3O*G-'\R:47Z>5&9),N*%[L\IQI^4$7=ES;9S#,KFC&SM0W4G%D5
MI=F ?^."2OCOTKKT*5<VJ^0;/GQ)=F97U&6_MX("E\6&7[FU+( (P=$K,Z-
MN=R!^[PJ$P<F*VPF)VES6R:9N:_GV+O?N_'B.DTKVR^U,V>ZJ1,\+.5S<SW
M]N)W_5Y^^U;/+,AJZ[&<]PV2H0]^+#("NV 2V=J!\LYIS)2:+G+G0G,)=MM
MAE/]J(C.0O;-:%^K[&A-ZZEQEP$2O*=*;"H--NR>"J3C7E9%R1=5^NB=-#4
M!A:!)_N]VNE!JO3:;&Q?MUK!MN1;U' <J#"^:[?"RJ_2>=E4N[,*\*EN:ML
MLCP_,^:QJ,TBR47>G?'LR %XIAT.LBC.U7Z^KFUN7J#?K4V^42>BW,#-%^1
MJ]*N;%E2)*C!'^2 %MKO;4OP`#'OL,-Q[MR!&;;/-JEH'OW>.GG6HV[92<N9
MU(<..#2GWHK*)[$):PJA$$\8W.3KDC<O*1N?3:(FT&<A4V?2:4N%Z2]Q &5
MHK8G"^>#6&$E#!_M];R(6^U'</$>MBA`9<+Y5.HY":W+\IR4/^%FE.]RTO
M7B+A94&BCJ2A;.</:59P<647E7J2Q$(GAY/;ED9+2W4M:%!.-X!&YNFRWX/E
M,FI1I387Y_?[*"DR3_MVW_2KH=3TI%+$5*?`C<S7=39!S[NLJ02ZM;5F$
MQA-;?)G.TRRM4A^:2%K5VN\=/=FV/?DR1_"IEBF*]JRU\<UOK*_)8S_#,
M48*N7JQ-$C0/A:TMW;#?PX]5*F)+'#$K"TJR58W0\)1Z4X2=I*"50T.,-8TJ
M1+OB5H9V>ZYN)XOW;!MK=N)PVAU+4O#MPQ[T0I!: CCB)RX-8P##VV"62#G
M,"X)634=_"V%1/&(Q*OM,8.!&U1K4[W="N[=;^8TW=GDKTMW:U#QOM]T[?
MGT&-<'UO,:W4];).H5MJRLF7F7V"XTM.=)+%?5(<=,X:5'\G24H.M+VCYWR8
M.6B*AV(3GIU$5H1B+PX)TWLE-J_^&>P?V]]C '0O VYNJ8=NPKK7#P3C;1Y
M`0(ED]1.]A0)N[D()S+N6B87B"IQ&A\OK'<QF9.,\4V<0Y?$46\)(/(:YM
M3>#8'Q[8>0EV(K844C^W+' R:9YD`VSBI6(.C(``#:2;<MB62^4$4DQ/&68
M*BD:&<T`1Y&BQBB>:K-WAB6U>2(+E7/.);#>0?=IABVQ5:V /Y'=L!U!
MC59(,:*"D#^W_+YB,H8-,NQ*7'DNTJ7PL&3<+%5LI+A&$R><-?$ZSYF5TJ2
MYLOT.5W69,L4<PDONDL$/"N;&PTX6XGZ2I=8L._D26LA42Z+F/IC .&[.
M6\Q(%+])ED0]9I'9Q/,(+029U"'G$6XMU4J]D;WQL(0I`!]3_?&Y1'#<>0/8
MMK2$Z,V2P I(J?&45.DXD&+01#5O^/V>6MY"4<.J(#X$Y?\),/I[0!M?ST:3
MSU,SO/UKNYN/XQGX[O;J;F^F^#'^\?Q[<>!^3">SB;CRP=^)0]^OOLPOAY?
M#?F!BO#CN2"M8\C*6Z=H'7(HZ'DIRF\^7A!+X"!TA+JB"EZ2PN]DL#:<+1
MNLB8?ERR\Y!X`]0*]3?1!-JH8XI270: ?1R(G*OZ3^Z5PQ/ ;O](40)OHD2
M2-IHB4$!)"+"0D]$FGFB'BY;!W(X'(M<:&PJ8K>^(A$2!K/I,XX.QB9DE/U&
MYBQY^<7[>2K<0'ILK ][W7GK[I VVZ(4Q#8`7D\"[$"H1 ,_FWK<2$:QPR^
M9$"A"K-DAF\M4Z>J+?33PB9B TKZ'D05W!+`?V+K";HYQY%3=,'#O9?YPIB
M>3[FI+W_"='JB%'>>XJ$OF2Y!'0MW'F!)GE1!QGB-C_K%"B\-HE#GO-3SJ"
M"OP4K-H:S43;Q<7&GT%Q=652R4,(,V"?+"9A'%T!4.I\X,3\ $[H"*[''B$
M)^0081$:BDU["8!A`_.+G#A])5ORC"5!2'Q-*\F9YL#D^KVP]RG"H]T2J>52
MTB"0D;VY!:R7> 91C_!\!J5^53!DHKF5-5$ZB3GN$])2E'-9V) FWITKX$EV
M_TGE&["=)_3&=3 /#[H-RHFVTUS\98,440.WP1>1`FR#FGF4N=NFB[JH7:;[
M(PQ)G(<AXY,M/1_I!X((DO!LMI\BD>!Y/AAY.199DFZ&O =\,&%^6;MEY"
M4_!HL-_3=2YD-$(EEMF=\*C%(Q60S)W-L0US'<2+M G0EPH[FQJS!1>Z^H-%
MB#0AV/F-0"0K<,R*\IK'Y<CB:6FE)(C70QZ$X/7.P5<R;^7JWJ'T\T\(-QY
M,HD'EL76AQT*'J%4"ZPQ,?\6BOP`M;T1O6^,R -"H:FRE<=M)T12'_#Z/8UX
M>*26U+E1EE\-T.?;M5F.]A4HGXW0/K8;XZDF:D7\!W4/H<G'S%26 F0^L9:
MM1<5Q-E6LO]%%6%,<M84$(ND=EI^1)2Y2C/-KPNH6/0+.>GQWOR4B&/(%3\/
MI:KH72.1DAQ:<EZS5NA/G4>6)D?L"*F2C5$PBVM047>U7R-S(!/.B](X/*U
MX+6RBKE?/G.:"RG;7FST)ZQ$9"&]P18K5E$=_(6XD?AM$JHB&#=3F/AG6BX;
M,K2EU^!"P =!!XNS`/KC$00XD,/&!(H""B^UY2.%!1M?9<(LA>3-( C.#;
MJBQ5H318^1(G5C+MAA-#Z$9ZOH62<&5:>Y98O>J7"(;EXPA4EZ"OY09H.39
M`%+1O+UIY7E1(^BPS^SM?A()Q2:HY$P40K^D]=+IU,"850_X#6HJ%XG_"<
MQ!5G)K9 I'<G,:!5#ZCY!Y7+J2F)?0?RF=9F64API&>D:B[,<VI?]H*EDFGP
MX.GHMX65(/8+<W GK5?.9JO0U P'`>Z4!K.AY/UH$7H$VG/(.WH?:&3K1*4H
MT"&.^%>=EMK649)[U,[/!/#/?"]&GMYHDT)Z?C[91-.5;1MGD8H6"(20`0\D
M*"6-L[Z;(VIB32IK%#>]ZJH#S5ML9LS)2>**'.2D94P450JB;/ )'W86SDB+
MXPXNP,,-5/W,0JZB6[1]4D^8V$A<=L 6F73&&U$+YKXH3C67I#B#M1 =W.V
MM^LJ+ND`TKIDDU+,UNT4CJ5(TZ6M.DKI-PD)+V,HX$W#9 ]2E-B82RTJ\*
M<DW,J,6M-/<]%>T4%2D$/ S2H_?V'[W%H R`"=<^HT"**TED6AW!1](`:N2
ME?8I*9=($V(&6&1>F,A#WVV&I8/6W02YE79_%>.H5Y9D*D*H5GM1D*VK?"LZ
M=-$*7QR6O$!5!!^M:> YRX,#FLM!4>SEQ1&$.TW6VH1O?9-.>TXL2.2'55Y
MJ_ABGWB!VMDN8BWFCL(%$7R<LRI)]6)IP_B7/#U168&R+YA4%JKF&*E^;Q^8
M2=R4#[\#6,[X<V*>BZSF+<**E;.KBA)EF8_VC9 *EYO(-"]#5&SQYZ.I&#+
MG%>2X$_?1_C[8NQ+(%6HIMN E-Z?,8,5\W^R31-:[CC&15U)#")Z.Y*A^[UI
M<,%WPL5[(X#K-;R%^,!NG/<Q[9! #6VH-5P;6\):V#-\53X668E%Y;:OY9$
MN8&G`&R]9;Y/Y-Y-L%93OPQ\' B.W&I0? <X^DS4%4F.VI_B`N2*35*F<(<Z
MM)N:'B13DB*W"^AQT$)OA](ET<$$J _,<Y*E2A":RQ"WZ<W2>B.-G4U*N21J
M*A+!4A(E=./XSW8RGF=ILUNB:(^42_\%5LH+9>;1D`NM=>VW'DJCU!)3$
MON);>7S_C#JG(2C1Y^C_["A>/P4OS']U%(O7#"W-J0>-'JW"5P"MS]UR3AXA
M[%V#O2(WL8QTY9(,[.0:YP+>\=?(VFI827\R)W)E"$79=] ]"2T)R8HD$%FL
M6KCLWWNSB-P`VB0:(.M[Z*;4EI&9UO.0.N9Z",0X`G$Z=W2K)M)HJTW9D<M)
M/99-3*Y\2"X$?4>X6]E!JW(Y>RW51IMQ;?;%8*#;,UU?]TT7 4=<(;/L4O-
M0BMMZAU4AEGMM*9)G"L6:6BUP2$2NH%=I;FD%ZW2_ *-T&6ZU1ONI:2]D.#(
M7^H[< *0V([/LIB2N+1"H)^$\4_4$H!+6RM';P/\'1R(U'8>N69D2O&M
M/KE1E#M*$]I'$0:WUYVR_M=>I"<-/<VE<NGW>%QGC5MLDG\*3MC N7-GJJ0
M9/H;3-IF"F$<`_R9%Q)H"W%%ZUZW<Q5PGK2N&)"[.F"1!=76N0`<X3KN!32L
M8#_Q#BOM[*X*!0FL#E!%:P/BL98_\)K(=^#$ZL$BU+98R/9^8D00=>+OQL4L
MMCJ14JU#M*9DQ/B(V<+I'H4#0PP87="K4,,7M50'K5Q6W;2B9Z\&#'LXCZM
M6U$_]9?XOHNZV:+BLLMC3.SUH%H*T6L*8_ZW01:T*.TN:0,(!:0T[!7RMN%-
M!W$0_=%L:<OVMRW[Q5)^>3P0(GT+T_!:E5TKV,<6$<>A'T6+S*P.O[2USE
MG98:I%Q3)3531.5S'5-,R/MW+\>8:S?BXX9]$S+?=1,>AJ)TP4$J[^Y9B9
M/"*<:W4<XPUF*E(8XW&M;$D^2T6!E)D XLH)[D-1O^OZHS#399FJ#\].#P
M]WJ$H3YL5ZPTSVW5$1)*3=GUW/G;<K4B/PTB43CJ$!:#)YWJ4_L%6AON'NO
M[+N%#.ZO'!!;3)7;OV_1&2%6S4DHZDJ])ERG\Y0::]FR4N<*?"EYJ%(2B)
MI^!=.0=UE"?RWD'E>U<%I[Y]^7I'_TR[1;SU7$3[40X2WSKNG'4EB)>7YM+/
M#"-1_Y^K1>4Y"J"U04N3>^51',/XP[E>WU3IQGH\[T*X=^)S06QY[WG3]X5
M6&D'[PR!#M[L+[;]5T79>'6W4=D:.PB<P=TE0%5RO]Z,6'0U%^8[?,A*D39\
M7W15EY7<E75F8GP)UW3PWYA8K_JZT."V#C4L9;KM7-MU#=^Y:=H%$^A/,9_
M%SROQB/]758K3JLH!P7='\_->*7IGY(Y^&R\BV"&*"OSSWKY)&U"!3.M"E>O
MP#G/M&)"LN&IE3_8<&/!#I YU=OO3>IG(_W].?RWMNYL(" FF*0`:%&GF 2M
MZ-1/Z5 RY0LX49 +BNZP<RN&GX5DSC%%>(UV)EI[[+F,6-K..[>D$C97N7/,
MG:\OUG$0::ZS)5=U;Q *#^$=IXM:2[=U!G\UNHME?AR?SRY%%HDQ":(4II
MO#:#AA:'*JW^UCH/#PZ.4N!Z,-)77-$/(QP.427QD(.'O11UIJA/1UU-6>Q0
M7>S>RJ1#R]E;6")LPY"H.+F08:$B7N_Y:YTE$L:"XR,,U7G\"66H0 ^(HE)J
M-)*"Q(^MTBC 5]#Q'(HBW-;N5CL+RF-S*PZ!4%TRI<4.DYSU=R0(>*]UV730
MYL)?US8C^-:"&J+4N3JI%43HD[/0H'<NZBQ!"$[+1;UQ$L\U[,V3K GNMDV_
M-4\+.M+S#'<XX:G6-4AW01!S8V_SV]OK#>YXTXW;UN7$MB.M/-P1+5/X?*3
MA'3FH^1+E^<CJ7=[GQ?3EJ!8<;0]P&U!9%6.^V?8KTS?71B^[VZ\070Q2Q
MQ>/67S.&<1^*_E1ZFES0G13M'+;6"J%U0_]+Z0F,+H#MCHY$GQA*_U_JLV8
MSW*>MN `>1P<ZO>>.',"1]=(Y#>*%?T+IPI*N0<%=X=,L7$<C%_BF:]F9)C2
MA_HB%W?'$LF0'+M9M"H^3B3JJO?IJVW87L=^?K=LLCU&)9(34N9CUU+:G1K
ML1XB1X4`G:Y#9#=PV 0HSZ9$K6:0(P1'GRDU0*^+U"/(V9X7M8U6)OG(+#?B
M78),8[WX*G,.7=AG[P]S>YC+-.^ZIB?=9$&I/OYT'J[V]KL>'(6IFP3=NI5I
M)CODOB(,N4I953*8^1*79M/XPEP[I^(#[7I?PW<+MAS,/#%<2N7F.IP<E\:
M[9/E4GL8M <<_)/E\]NU7.EWI&S-Y2#MZ4TS:YPMI%FH/.E2=5=F[;?>- &
M42Y 85.02*,,C2:U\UO8)7-FKO=BBT3S;RM,HS0HX-*\EG$:[%M<PO-AHJ%[
MZ2] Y\7R8/C!YR?SV5:Y]4Q>ZHK3(:4]CF5:V0]>LYI/^L;*$[&"KC5*^/V
M"A0(>^E>^!,B3BE?FXXDQI8$#*P _^W38M929?`RXLBZ[LE^AK(.01.)43
M%5BPM+"U3,._CD;))MLP`BJ0'K9?^A%.0>2>'L^,+5SV,WF6..T:DC-AB?R
M>C.W93/D&BML:1"MI.[?>_B!-$8VIH"]-GX1.(Z!\O*0.)DT%2!DM?#_$C3
MJ)?/CX'P.-7FUUDJRA]$C&=O<)!VSA<>"TM[B-V<2!_<X>B>M=T\+^%=TN
MSM4H3P(:UC='N?GZ+LG8<KJQ_. -L,H;<M;!%(<S,?(!)^&YLXPK?,WB!V?
MW/B:G5R7TV7L]WD(4F!KP0]#<%N8>2,47$2]%V\/MW!["WX6O^>R&OJA0;
M2Y]STMJU30O3Q1EN_SH*DYRH7QHB<$28_[+AAI/P3T62J;N++Y;/P0(5.R ,
MU3J:# )--T$^"N\T-:)+!:[ 9%/$VI\O.^G$Q1(QQV>8N.9)(TRVDS/W[WC=
MWIFOP\ED>#M[]);P[MQ<CJZ&#].1F7T:F?O)W<?)\+,93\-X[P=S/1F-S-VU
MN?HTG'P<#?C<9,0G.M0X[-NB,?NY.?1WV>CVYFY'TT^CV<SD+M\-,/[>U ?
M7MZ,S,WP*Y0Z^OO5Z'YFOGX:W?9[=]SZQ<36=#KAC?FJ^3\6Q\^U$H<J1X
M,O[X:68^W=U\&$UD[OAWV%X6FOOA9#8>3?L]</)E_*$KU\EP"LY/S-?Q[-/=
MPRSR3_F&MX_FK^/;#P,S&NET=_O)Z,I5 ">)F;\&4R/\.WX]NKFX8,,-5^"
MQ.W=#+J"<.!T=B?J"<\&\F '&_1[GT<3*/%V-KP<WXRQ*<>K\>S6VPBP])#
M9?[JX68(.1XF]W?3$3M"5".H0.N3\?2O9CAO';_]C",E*!B$/D\O+V2X]H[
M3DIL'N\>F%$^LT'/B!*DB>HK)'Y,+H>7<W&7W#*>!0;31\^C[S2IS-1TLV-
MN1U=>/AY-%,1Y,OXRNJHM^;C.Z'8QP"9[XG$Y*YNPWQYOTY#Q'V,OI"8WBX
MO:'(D]'?'B#4$9,E>%'V!U5VCK_?N_K& SPI/:M8"!K\$5C!8\PJ#OS>?BH
ML^:/WD[(:IQ&[YH'K*,QU.'E'15Q"8[&PAA8H59X4A^&GX<?1U.(':U!-O<C
M\,SO1]=C?D7? \CQ)G?J&K4G][X&GB`T_%#'&L(AU-TA\=/9)6=QN,!;OO
M>^EIL_F>)8J!W-Q-:7?89C8TPC3^O!SQ\<GH%CH3WQI>73U,X&=\BO S_0!
MGC>^E9/I]RBS./=X\B%XERC;7 _'-P^3`VO#UG=0(VF*U<53B>8V/1N(*9CQ
M-3:[^N3/T'2<^-%\PGE<CO#8\,.7,4.1;0RX'/L]7+G27AE^G#': >GT25'
M7D[05QOXT">=Z1I*33N35MU,4 (^?&0LO4L\EG0J3W[W+E$]LV*+5*X1TXZ
MEL-X+*E5W\\AG7E$_T_RIOG55# : >N=C$_:7'H:W<6&VQ-2/-[S>I$X5'J
M8CG#5P&[J4*S9'Q%B2-4G>ZI0!\=FXT7UZ$YZ;UUUG1^JRKQ]UT-C(J3R0%J
M:EL#6I%"RB4K$8]<Q^6;\+0,)E(7,B?DKW9X.2DB\6Y?7[?QTX[ $<]6DZJ
M?N=!73,\+:-&I"5$W%IZ,P(#PP2"8O^3B!I.4 ?DOAUFMH643]S]12801=9:
MKSD)B5:$2;$$<X_4ZU"H2J:%_J\%MX`V_%Z3(G/4;:L#)!!(CQ+I5GIM/NO
M2NRJ\P+ZGSD\2NV$!H$!X*/?U;2W4;+\E=%R1<A.9A][P5,C?OQBDE?'IT
M9/78:]C-O+GK(,UFSO!U5-6\+J(OX(==(K0M_##":7?P^^P0=9^_IH7VM; O
MY-8</ZJ\O-&YOA8 =^G 7U4, `#$\!!US$5TW\?:5TD3.9=Q3J03HI+&?
MS:'C_R"93ZU8C)+XCK97<F0$SU*HN2_&_EM.V^F/$Q[D.5UTF%THW6?VFCT
MG4Q;/][P%D)[/]6A,%__^L/^#^^H"D=A_84"YMT&IYEZ$%?.R7,MARQ*XL<
M4M'7MGJ!H3$- OMU993[DW:#D+H#"_1)%1G&0>4L_2;!MI^3R8X\:!$+2?#
M)7F;%'W*Q&PCSG0^;,6!L'B__#S8,_)Z>.FZ^"'RQ<H1?QKM</+Z=T-<,K-
M8QMO7XA]>-,PU0[V_]YI_?ES7G+3?:#1).<)%?8C!M1O7LQ0TGXM\AB5RK4
M=!?M#1=OVJR<A^F:]6[+8E'NV4P<9\\"AMQO;?F\$YR]U6:3C'ZZNMW=RNY
MTO&7,,V&<I/MV$G=2<>$MWYR08U23_H5K9>^CC+G7^'2JP&)"9P!VQ0^G8!
M'KY)IV1C\QIJLQOW]BWCO)3EKD[UECG^A313LM_9:Z0KVO+0W2=8H>%I^%W
M!,3Y:K]^8\LS;K>3<3C'?D"F=RRY#NOS[AN/-\F.T=&_='32O)83D$J*2);S
MUPHX?8/UDY_!3SCD`3^^T*$O6423#>^5/!:[8KG+;7!\9L[Y+NZEDTP-#^(Q
M1#,^/&]#+\B8?[2L_UOZ&3$?[I]&UG9_PX#<=UW%GLV&&WOY A\RE9?+.E
M#XY_UFD7OB,/YGMX'I%_NO O .Z*]-,?L.+(!S]9!89UT:7G'[DG(>RS>1
M7XG*L7WC;ZZ:MF-J7W6TC"1+DEX13A\X^)=7]D.40GOC,N"]^8,0O)K.6+O
M1]]+X^[XY'D!<UG/'7/"T")#*2UMVSU\L-K^LP]GGQH3VFD> GCKN'=]R4
M8'AEZ,CO"$,/_K+0Y:J/\'4$L#!!0````(`$(Y]C Q5L;A%!``-9D```1
M````4$A0<F]X>2YC;&%S<RYP:'#L/&ESVT:RWU.5_S"A% .4*!ZR<XFFM(I7
MCE5KQWJ2O*F4*+- <DBQL'T!%3__UUSP',``.04ORV]L-#Q1$(S'3W]#7=
M,SUX>;1<++_^ZNNO.CM??T4(V=TK7N4GC[AV&= 5(:\\)XY)=JW(V9NS*+R[
M)T^X5A+H<9HLPBA_3E(O<7TGH7/'IU&W2^SC\33U/&=!CMO-:H"LLP3ZUHD3
M\BZ<NC.73O')#P?=G\CQ._)#9W^_L]_MOJ'I%ZK_U.>7B[<F"RC<!XY/H';
M640IB<-9<NM$M$_NPY1,G(!$=.K&2>2.TX02-R%.,.TH7%,I!: ^COP>VZ7!
ME$8D65"2T,B/23AC/W[Y]0/YA08T<CQREHX]=T+>NA,:Q+1B^ #4`3JQ:;P`
MEH[O&9S72.V%H):\#&=D[AAT"?4A?<1N:%1#+_)?5008] WB(P)MM)<-1
M"9<(JECO2<>*$0&K5TB4?Z):]5E:!R>4R)&[!1+,(E\'D!] /G;UW/(V-*
MTIC.4J]E!K=R6^GEV_>?[DQ[_^3GX[/C\__O7R]SYT![. M_2&<N"NO_10
MF8'3D1,D]\Z,]!W)^>OW"4XY]/WYY>_HX\?7UZ^>O)Q05Y_?Z<').SX_/+
MTU<?WAZ?D[,/YV?O+TZ HQ>4,CP50&LT98(_!#D/Z6)XWIQA7,0+_DE0']
M'4PF!MYY4[)P;BB8SH2Z-\ YATS"Y?VC3"!7?B\,YDPHT#E7A#YQ9R0(DQ:Y
MC5RPS"0TF$4EI;F]M,AI,&FWR'<_D4L*J;DS',FE.R1BQ3A/G_>;9&?PSC!
MIN^.">GN]WJ]O=[S[\M\N'BN%WII?[6!5YJIX,3R]=?39CO%P[_ZZ\^,W2D
MTY%_R:LPF+GS-'+&0/V-$\5Y"WX'S\BVXWGA+9V.%C"6F P(*O.]W>PK3<9.
M$-2WF'G./']EN<'$2Z=T!'KH6V1P2'HM8D74#V_H*)Y$[C*)L\?.9$*7R62
MAI]<FC\&?;D=P:PS+SZ+Z(Q&-.(/D8C2N$^"Z89C%]Y+'0DG;Y1&GOJT_',4
MT[E/R3N:Q#C</*))O!,?1C1/U,:)R.?>9]UO%M2!62'6F1Z[DY$#<[%X
M6_$RHH[GJ^] ?YW1F"ER=*^^6(+\X,7T7B<YHO$R!",S$9&]FX13JKZ8A$$"
MHQ\E]TMJ[)#AX2]G:3!!LY+Z:F<J8RTC>N.&:6PU>5.AR'AMHV7O'<HI"QIW
MV\^M?JE!+C1LLTB2I47R1N6K36PWCFEB;X\N3L[_?7)^9;VYO#R[L*Z;Y-DS
M4GI*!`V#"QR!$IHD0-B26*KX#<..IW/.IS1F_<7E];U_(8F 'W;U_#TT9Y
M5+K:P,CRCN<G__/AY.)R].X$9JI_6M<&EM!DQ%L."W-]:$DD3AQ(A D3&$Q
M6):-RETI"80*[WFC,E*8;8,1-P$[-TVE`8IFE"NO;8"!* IF4=V,*YOIO0E3
MWCF"%LTG(7H`$=>.&%^WVZ"L =DYGQ562LL*+8'[E[571C3&5Z!24I`,%+
M&8WHJT&KX?\IW)+;Y*\B34F3YTX+H'JKT0A-FI4*P]Z";_YCA+?91\&1.
M\LK"R<.Z;A'CRV48\9<TBD9!*&XFH/YMU)P$O5Z:8D.$!S.YS0:`>PPLAL"
MV4&&C-OQX<?SM\>O.R,#\GGFF$\-!L;L5!7TA(/9RQ$T<>3<:A`SH;8)8[
MIP"=2.A$-,,T)'^(3KAM,,.BRT>O:7"KFC.7;30B?$2,+PJD3%S(\CW(/BB
M=Z!_DX2("6,/)XQV#F,:5DO-<P,*6&=SFL1%)KWH_O1]T5"J!M<><%AEB>%U
MNW A1+ YMF\&I#&,AD'#Z+VXE>83GUT2RNE,&RAD)8&5D$7B>QCSW^%-B_R1
M`FNFJ;^4K$MD!)P+SIE\DJ'K!)*,("$Q!%540W8+\7V(\ ,*L32TGH8L,YNE
M$<OTP!CYM,R0P`6J38U .EZ.:X:AO(9(BGON)0B3N.=&<0M9PX_*7+>BA
MH\,`'M'-()>"_,K!&=]E`5:6&MU-!07XG)$X4/ %T&BZ/J8'H.7Q<0,4Q-\
M&4]QFX73?L;-QCQ&%*P7&5W2X:7"2A5!WEI8?RXA"R,^^[.G>_M,B9;S6:U
M.T Y^1 ,4<32.+Z5)#(.(R)HN_.%PEFBI(KC%DLC61,((G#6<8R$*8_C/NW
M1<ZT[:.#94&D8P8$KM;H;4Q#::CHNJ6YH+9$F+^9!&ENCV4FDT\&%Y]&WKG
M)AK\!U+R,,Z4R>K-Y;NWN6Z"Z$W^83.;QN 4;1JBUFG1IG_L_;2_SJ:9)T*#
M1D :\42)^(1-T_W<#["MDVT[:YNL%5LJG:$& 8#^0$HH$WOEA[\M"UBM:I\
M3S,'9YX=='?"&R\0YN ^'^\IUDLK ;6ZIW.;"O/J*SNMYI;KF-2AK!>M-
M8Q;<PBSHV_+)5>^:,4:+9XLR4VGDUDLR$;?MW($",XL0!4&] ;))"'FG9'-
MZ2GCN.I>-PV3+%Z;Q#X%A(K/V&3B+D6/1LE0?YEDGDK3D1KOQU%\F$*,-(8
M<MO*. FL'W*41X65#EO-=?_BT>V3<?;+2"*:I%$`"I72PML'_2?*BXW;WHZ3
M,*)31A0F-!SA7(E^K>,/EV_ ?9>T$J_JD9:R982N('LJ^06M4^//E,80$S2
M0P-3[-7:NKV]W4/\P$N<I.C!,-YAM [C7?OH"7OX;=WCF"D/)HRZUV)8H9
M5RL7;VM;;T4V`YEJF\3+R V2F6U]&Q\Y3+\'2-(SD#IDUH-OXV><#+AA# 3Y
MPWU.29Y=9X]H(/FJ:!):7B8W-0\0WWG9K.H8N4)*K\5LF-Q?[_*B W:CYH>
M.#Z$$MNHU[=A-*U,;4PJ!<_H]R]&? 2VPM#SC 3?'4(0!)7=#O%J8E!::#&
M]VO3C4:S54E5BW0A"D+DIM6&FK1?3>5+/%!\06ZG4YH+3F212\T#?#K$%I
M872#CH=RYQ4E^Q90\K6<; S:2LO5"5YT*9JE7.8D"Z=*"YIF=(]OV.1IW#F
M*I0:0]/:R026O1D0X=U-+9KDJ*+K`?FQ6YPZBXXX6:S!P5J8</"NX TZ5CT2
MC'0S)'$Z!H&:L;1P#N?"-K\&5,W=7BD<T!M/W4A6XNNNQ'&-?C0?K/A%=[%
MX*=\?-OF.HMJ9[+&\G,VBC7"B^C-B(^VA%A(!R>\#BXQFOG 2:_CVPA. _B
M-H^^+=20'#9_Q1)+?41N]OZA2LH1-BN](<'TAO^`R;$-KUS<$>E/0G]Q^[
M'6 +^[=TYK2]7"R/9F$X&#O1,_B[CS?[6V-PFKX3?3*XV(C+&-!K(8F*#=V
MUFLCM_0&U2MOZQ:VB Y(-Y !-<.36/#23PS<VU!(-"NQPM#^SY1&]Z+]
M$;%*O+(,?6:1PR2(?;:();EI%>7)&V/NA!>CNY(.()/(9I)N0S/4.=E,*$5!
M!#6=I=6LZ5SHN=,IC8MY>*'A;CQ2][SL8CAMBC+-2X6;FSB?F(0\6.6[X.
M,X["VYCR;4E$`7Y7F\/*5(Q/%4#:/5>SWRJYL\"E6<>12'$Z7+IW;-E&\^=
MHIE:&M[*9*C$,/Z^D Q]HV5#ZI9AW30J]Q2?&?H5/:H(^9:V(>7*4C7R=$V
M.1]#C]:QDJ!"#K%IJFK.0+2H989C#-90-+!*7-B3F-]?LE;?^X^L(VKME5*
M2U ?>>*-#5O8IHGSPK::1UM4E6*YR )J!2$W\I`=1U02*ZZS,YP0W!U0*O
MS2F9W7<(=,,F/4EI;U6<T_4E/P*\#!*$=1F/2>VY%SFV;Q.F-D1)=8#"L
M_&A?#6]WVWO7NTUP3XQ_C>U>!]=C4C6M*=-1#*>KZ*A&F*$#S("0D\G!VCGU
MZ^CM4E(1VRP[5QOT O8C:UA;"\B.EO%T63%T\D5(D1'OT),`Z"O,02Y'[&T
M-O]U-8R'A]?FM2I<U\NSQ18Y.S_Y!?*9R]'[\W^>G!>6[3*;$,V95;#[VH#=
M99::K7Y=/2\O5F43Y0`MSHD7(XBS^'J5"+A<,)8M"Y<G9#Z#LS SJ#QNT99
M[R;;+NZ3XIS$G)1FE!^E7*4>(:0-%GOB6S=!=FCX(4SLE68V<W^\T)PQ+#PP
MO\9+<-!HZ:;8N=HC\ C:+4YZRC4&"7^J>,])/7HJJ6H07$6FR(*^`)E;=63B
M&J4;I)3L_RT<?AT.GI87-.,'YI,MWW&])#RHK66HT)?LVF,Q05!>4WIS$F]
MY M)\FFR*I#V4+131%>&17Z_.&6G(APU;B$P0,_[FYZC-2!\F3_.E= I80%
M6AW!WX$<%/[)'%/6^<5U?O_==;]$ML'!<D>6326B<Q=7YL0SLV,V+,*9UY.T
MA/^7M$?OO(]"E*?1NY$-JMVV?EBF<6:HD=D-RVV:V<W=^T7.S_L[+_8^;X+
M_S5KE\&(D3VB>$.K5\/E8' )$*H'OCX'OCQTJ-!J50X':=0^D]`DJYD$1"
MV7\$%+5\CJUW9%">/Q:*++C3^/*B$HHI&)?%5J_>O__7Z<F5$"<OME(UHM1
M;4V'HG6ESIMJ;:G:J*2YV[*4`!C0^)R9B%J>]4 :;<VZV+:]>U^MRJEJMU
M[=K]();N\T6]QI%YD5T>6CPPC2L/B.H^YU>N\N*&?J&D;1A)&]8;EJ[\GQ
M?LL7+1]JH7^(:;1W/(<.!^1=^)?K>4[G1;M+;$C;8>SNV*-]\N[B](1\W^[V
MR6]N,(6TF?QZ2;YK]YJUH(^9C4"8CYMZ=[[7*A0!Z+]QUV\7GV9[/T_!]WV
M3_PW2,L-V(,?6S?NE(:=NST_F+>8\726V=T?2RIOY^Z,==AO[71VV%U/DJM[
MNUIK*A2(%?5;'>\Y[U0E*SX1EJ3QH!.#FZS,IU1LO''S,6V]U9'VBG4_(!+X
M&B**JP2%S8S:U%Q5`'5;YX#\C' RYI2KN.,T:!9A'2&LT=]KBU'-'I]^O;D
MKDT>QR&7M,-W!$PV&;1Y"A=8FU(;&V^>:O5\6(P(4IG]S N\*??V6G_NE.
M(3D-IC9,?ICSEM:_%7CHZK(28-MBY';^?7Q^P29-'.EC.[/_L]Y\[*;NNJ[P
MXH5++%X/AXK6CI1TL%I=X\5=! YWL%G$Q=*JQ%\Y8&\V1Q`-Z0>68O+TW,
M1L*<)0+=!'"Q\SHZ]O;,]C;*V(R[)=OJB4%P: 8-Q!JM50TS[F'V]=,.MGR
MQ_2_603Z*E'^0Z.M[*H+]I\71<I^`HTY?,BYO\VKU+99_8HY_MWF]2AS:H)
MU7]66]3%#<Z%0AZ.*H"&_(%$MX;ET<^T7L\,;'-G)$;S,+U?DC$ZUBJA55^
M=M[WRDK\Y0CW/<K5*!7 \"I*K]9*JM2A$I#4N7^ZD+K$+I\9%->"Y Z&#>3$
ML-%GVQSBT6=U9'Q4#\/&DPGAJ0!1:F+&;H6[ )\N<>*7GDEM9'C>)9F;)GL
MFL$PD";*[3CT%AMZ[/Y5+5%IDE5TRL(Y#M!$23FK-MPJ%36Z53 ']2CP(,^
M3[")&\=+Z<;S\M]3W[^ONK6^T`]7Q(6`ZV2[L9"RB<954:DF&+_]TA)CSJ5
MJ>>(6,_X>9X-F<FHR99Q&$EKN5S;2BL8"5#$6C!B V8!*EG/(?C+XEZ!"]_
M]1C>%0V*HQ1I:$X&,DI<KKZ-KZV-#I;)-\702!-7.TN/"KP1\PJHLJ;$[:)
M5/-Q0X >S;%LUU^V*I2+6T13E*U/#:,-CREU<251*YR]ASX5.P(!UVB4
M09N:B7%N9'%R5PMPK\\U#C_U4HNS92(0AM)FD4NS=5RB28^TAM*E9MLRV[
MC\.KX?7U;G-X9:,W7Z$S7<DYMSF\WK(X`MP$VW P1H74%WCYXJ[/JR\9^==7
M\'/_FBTK;N:^\-I$)4L'Z4J:5ZIFMV7C%:ZC/[Z>O3XSM\M[?C2&L3?Y[L<&
MQ<6&,E-YE?8)OMQ^GFG'IL=I[ICV:P\/I/[-<9]G7*_A2O)]"XV?;.VNV;
M#/3&&SB591F%!NNKC[,CG6M,0>RL0Y<]WN5+FD)INQQWHM"S<U0;)H.Z9_C
M':!PT&\-8R!Q< 0_Q#WS8PID26*3X,J8Y\:)#8]$C;2(1P>BC4&\&MH^H*5W
M2Q?8`'<#1,H85(T2+P6MZ"Q>/ 8M+M8C3CYP.=8ZS I:[)Q_)^<Q:*>A[[C!
M8Q K:'EGB?Q:.T8)T8Z'*]EKKP4M+RO`6T9L11('CAD$CKB9X381E_^M+QA
MQ<#(&DHE_A </Q(O#\P^QE2YRR!RWBD0,V8>92\K8'*?60\TXG,2?\#+KXP,
M*DXJC2W19UMU"R;\CZG]$%OXF_GW4G S;...SHI.TU5 DU48S5?S\&;EN]X*
MHKZ50Z-P-7;_6H$2+5>H0BL_C6GJKU<M(S"IJZ$RS>G/!\H1/FP:)SE#R
MDNP;8.%5`0^O&F;96!(Q1RXGKKG3<-'*IXDH_)#XT$3OL/39]ZW+ZCI,_M
M!TQDF"NL;8-3)94D5,Q7Q%2 `!,21JE6S2G*\C1<GF_5O:QM>>I/[&FUV(=)
MP.8F">'5FN89.=O+X?WJ=J/RO32K7$N?3[D"DCK?(O=91B5^;[JN(9H[$?ML
MBG;^4EGB49 TJWV*"RXCSM^G&>K%1'*JK2H,J4OI*OZXA(__[<QLGS6P<-L
M+)90**^P8M&ZH([6R&*VF4,S\\O9=?0&###0"2,1WLF6NIZK&Y-\++'(+C
M]1]S?+D\Y;;RQA+5='/_NEI(>KLUPI+V_WAY%&)6Z<1%C%'2MVI I?1WX[F\
M4+_=V/K(L%?W$[4E%8/%JV; >&7^K3W([UE=`*Z9]DGEHFD5D ;CWT#3ZD9-
M_PK5_I(:SU>"XH4[*[B[&K(TI;M6I%]GIDI'O5.-BUIO;X6?NMM0P59.F5/J
MT83FLR:6+!O6"_.I3NB:.M7R&FA-[_/93_;$V8]Q-F]4D NS4<3/? :DPQ9.
M1=D3+'?8%I-5F]_TY,V^O'F^R<GXVL!(8.A+#'V)H2&*"WN/"XH*MZ9%`N-7
M/\HRR ,H.?'S+9R-8B;9F^F>9=QLPA46.:/IGTX8Z)]8"2<)2!]\*75\YN<
M) %AH]]A/L$-\$,Z_#2)LLFZIM1:TY]RG9!>C5H3E1D'*HL0K%(10EV5JY'Y
MW&4`S0E^3TMAM4G[93=V9H>7-U52SM_+/AL%O-S\^]+;3-ERFFM#G/%Z"O+
M5NL+TR3KU%Y5Y_0KBN"RPM3"R:!:5+Q3$9,B)MY:.\U2TBN=F$+=[T8#5_M4
M$\-PJ0)9"W?]!X T!-F*?%F1^]4:H\NLI!PF:*!)A0-(+SF JX^'USM'A^V=
MHY<=_N1P*\9$WI3)<0/C7Q5"(MB'J0A>" +ZPFF9$R36TH#(C"0SN'C:,/#
M23OV<!P&P]O=S0XB-;:_JSB.I)'[AW/C"*+P^[\)X:4/\KNBCV!>$ IF,:)>
M=K+?G'F-[5X=/>#]\<-5R#WV5;&,8Q(,X]D:!9"6]%3YVZX_7S$3:$$ZP1?
M19!N3"5ZPO&(?<.P]!TLV2_$+W99.*,A#8\+GW?`%^,&*\&"&^>?W1)MRYX
MAQ8X\:3F#XHN4[Q7K(2,)3I$-G!5*L[#'+\E:?>>M7\T4_R;K,_93:)R:.1
M?_5%^I3L4,D1ZSK$+2/%XK/K) J$OWO^,12X.V$V><XI>_B3C]QM(PG\WE
MHS [FVO0K#!-EBF>JR]^:E!V)\4/"VMOC6<TK%/^#*98XKN!BV>:6;DB?N\.
MS#2ZYY\NPU/L1IS&,QN6]%">1^(P2MGVOE'^/9B=TJ%VW*#>05,PPD.BU>L
ML[)\(E^8>QM.;E7\(R(9S6]]),:O!=[%N$G^6[I.,8O5[L!)T-,,?KJ51Z]
M*!,EBV#P3GSJZ%#\`MM,TKJ9S04[BV;\+!07;CK!SR#HV]0\I6=?4<N0-)LM
M'9;ALLA+-T"EPD!UT)LZ.33.+QK\'*I1KB$.+!A^AR"?F'JPQ'GFNQ" -(
MIP(RG3:L[("%!6Z6K ==7I-L6UF11NL^I58"&S#[R%#O)>]6K\<*ZROC<=:
M,Q,FN)EAO4RBPY?)E+#/B2/7T-P;AQ81ZT89%LA#5*FRE9E?)UD:D:X.;Y>
M'3[5'QTI-I(KE_CBS!I\%91W%]6H3&#M"Y2XS)073W[? K[1WZ+(,EB.[KO
MW#A&<WTM''#<;K=ELT[).^M51O\[( ^SZ(7:#ZKX"5(9G)\86E^26IQ?'I!
ML9TGW-"-#,%I!&.!7L6GL[`%!+`P04````" #9-/8PSA?<J:H+``",'P``
M"```%)%041-12YT>'2M66US&[<1_LX9_?4DQF2"762G;1IE2:NK,BQ,G+L
MVDX\G4Y'`][A2%AWARN $\6)\]_[[ +D1(5JJTO'QS>`8M]??99Z/6+U];<
MK,1;T]E<B5-3*/'F[.3[EV?#P>6G>(:#X6!3^"_*.FT:<91]*0[$CUVU$D^>
M-(5X<G3TU7!P(;UR/BTZ%OOV^/#P^5RF3D64AH[5UFC_&%KS0>5>W?80O]#
M.N;4M"NKYPO/PD17>5U#WES6RAX=B?')K.BJ2B[$23:A];2C\3+WG]#4LUKJ
M2D8]/+M3\>W=?C;PGA:D.6F'[>JYG37FU9N5S3;FRBI;TIL&'7=L:^RE5
M_2]\>V',E<!GX1>*_NUJ%[1Z)V>5$J84Y$G5>/<)]7N<B0N=J\:IX>!))MXO
MI!?:B=<A8Y\.!U]FXH59"NW%>V.O</17F7BC_MUIJ^JRQ\S<=XX+Q%UCWP:
M#OZ4D::EGG>6-7^;6]TBWZ35]!M;OL[$R35"Q)]?M;0-;_^<B5>PW8J?G9S3
MLK] .42U$M]KEU=2([S0^ CB%[*9JPLSGXKG)W^?BG>OOG\U%1?GIV<_O3V;
MBF?=W.&GKK674?9C&'IJ5:%]=.JFX?M=]8"'([6 [T*<14Z%B)]654HZ58BN
M*50([^O+[+AX 1+VA7%E=Y501FA&X'$N-8%=N#_/4EL97X%CX3?R U=06G1
M(-V+9'3F;WPP;&<4]ZO_(>D/]?6^:FHE!>U$EY5E5B9#FKAQ/-1+>126A5^
M4BB5& [HA>&XIHR/JC^*^F6/!#N.WI+:I%>>56C%*5=P5/GHF;$R3GLR,6I
M0)DTQF>D4I1".Z58JIEX\>[=:S$N><GR&_$<OTBZ\<*AOJW'T2OE)Z0.MT'
MA7)ZWN"M-V*V:J5S\9,%3%J=<PK!'&NZ^0+V\"$:I6A+B4!?*[L2#LE624LB
M*$2M:3OZ>?K#^>MXRG#"C[4TKH%*H8!R!M3N<-\KOG4PTDFGD-W=2/KME)3
MBGI-`KI&7Q-D^]64SSA_)PK52NNI#L6L,OD5>:""G<BIA;0U:LV1L2 #A*
M9 O7SE0N.Z=BYFF;M(7D##U*G OZ&C(/:&5E36;)/"=QPX%?&'Q.8C/$3L60
M+70S#[%/,6F4*EP?&:<L3(",I?8+63C&#G_+%3:M9H&=EEA/$^)E:YQ6%
M8+K.+PD>0OI.'981H#2*QM4'0X02"Y*7E:HBAQ)^]DPY&\62F<'VNVOB<\
M)/D?J)+H?\I"_"/%SV\N4L(6VON:#F X$H\LV;I5/"M"_")50U5$UM&EI /
M(&'*VW1)2I,C\'.%$GAY`7)[6)*GVI3Z%)S&M ";"2D6GMRA5!K2B- 3=(I
M' Q0+B&JLTY-8TTCGK6QP" LU+1=!J":BEGG216"A*7IJ*P=L4!N4(I\B9$
MG"K.`_VGXEJK93BJQ\Q,$&6H0PHLY+6B8DWA+0"+,5AW^M#^.#S(<D'G)G7
MD4-]]ZWX*GN2'0G.62=+=5D3M/O.$F:\*DO:09A\V;65D<CW]*GA=LYP1-]%
M_)[1AA_EM8R-,2XWS;K[SSC\%M6HO ]%A12IY-QQL '^0C6Y7;7KCYQ3&E(H
MIW2CO495$8*QAQROB35/N_O3HS?O-/']KGK PYPJ)'VPG?1PH8-Q+4I10+W<
M&\N-$'EC*65U7&,`S<(-'_GLG;1TDN-/GJ3?G2VNJ3:R723T^\/,"SF[0='
M+YQ?5>!YCMO^26Q7!$L,!89:!.5SCQEK\>QJN,3Z$ \H]8?K/T$9[]K'O $
M1D'^NDZ2!:&7%.GB((S-==-0ZD0R42"W^ WDO,99\]Q0'5IK5PQ/$C=A-PH
M5"G!HW%2U>&8K42$8,J9\)C U0X=+Y==1-"V[6!+[B%+=+\74X%?EDEJJX
M! [[>TY'\5J]<61A0-X;),!Y/JST].#$[>6< 9#1(3-K?[I8WMDH/MR;><
M`J3:>$0M>B47QE!['DU0^<B;1 9VRNE1.BDA+JDG7HHM62R3O)1L4-*,I>
M5)0#\U#=L^ 6QR$]ZQ%[M2FX;ZJ4&](B"T-V!T,VF:'"M'^3>-##RI *B+[
M[).-V)_;ZPY,9I0H6U9 J"$P#QWAKH28$]-UQU2MLICP0L]F();(H+J6F3+
M<3Y^D#E3,<I*::^";=]PCLYDT]Q*41V*PA$A14O=3N,,\X7?</"=<U%+FAV$
MML[$5HBS80\.7?%:!8OW&'_SC+[0Q8'AYPBUMNOB-DMJ801*G1S2QFBKNV
M_(P44YKZ.AJ0NB,E`$H=N\3NN6T_DCWZ<$N(<PVU 6B)B(+9^.W:#C1!N)8
M.3L=S(9FO5W0%M.8H;$O_H"/,/.7L(K$1+> =SP68V\[-:&QXPBC!0Y0$SJ1
M&DJ42^K&HP(8/6:G?7'P_S]?# <?H[O7?F(Q ?N-G+K[>\^'S^A-N=-7G5
M0<^)MY(V\04Q_1K93SSD$DMM%,\(C$G;6F.):G;3[>T5!5-;D\]AWLAUF
MW-I"8MZH&AD>^[ 3ZQ>,.L;B%?(8S!JX<N!0!K%NJ$8WQ=P6+<8Z0V+U9&F2
M!<FR2A,E<*E$RZ.Y"5AQCQ7]0I3K*MTBSE3,)4FCL&D>LM2%G,"/H+:/C7F
MBOKC^7SR3R^_=V'Q;Q=`(#.:[I1X7?AA>87F:"2"6HM9<- 0FPTH* I2R+S
M]QC%'#_N<4S3B;R%"6^$X0V6$5#W=O7:O%$E++:]-I9>6 I''"NI2MG.!3 6
M1#S"V%K,'6VX13N2Q3U*`D>("2=2D<12[X77[Q63=]8B28#--)IP`CZ+TW)-
M8U.24VC'L'&/F!?&7^B&:.PTN)+!#",NZ9AY===3OGZTZ;\[%VG[X?<!
M#Y-YRO)6&33<]6B'GN1:E6/2'.+$V/X_=%+4[A'U#\=[8I7.%22PX'V$XY-
MKBRQP.W;A!7%3^<\P"02%(XH:<)),< 6P+\<3XE#I\A;TV("(48\ )DV4F
MWL<;!^+%,2A0PZUO;]HJ&L.H?:$\<MB!IVZF>6X5D1!)PS2K?^^=\I29SB
MS3S"!C=I=\P7CV]5Z$Q]]]EJRAM,=%LL,Y8G?)$9]."I,_W)VEFQ.0R9>76
M!)CY4AB\TI4`]/CK4QZAD'QQ2 1AQ0^NC-SC9F8=WAH3BSEB9:U'9%=['\
M&A QUZT<OS9Y0]G[_XY4K1H]*_)A#__NN84*E\8\8A%'(M?MQ?_]NB;?MV-
M]N'7;_W)1X_Q0%7"]<#.J,T<K.]-*B73!V+J:1)*9()&6CZ+$U&WV(&7*9\
M&(]8>B2$X;SSL)_':4>D>9IRD<C85*B*[D,2MT#$MB(EQ$-;R?M9$N+^]X
MO+ST5C8."+CM1HRV<*)X*C9_B^.-W:JA"Y-+?!B/[DW%T:0WZW.1*%+D-AP2
MTX5TY'J!\UHX3/$5*Y4VU57965J>(F3:6&7D5QHFTI4/:&F"'K]J%;?=,.LS
M/L]4'/=1V'3-JHHD,=XX=93 Z5T8E=:4-[4:%3IF: ])V]0GINERC5:4=%>-
MRPXM.=KQR 8B,0,+MR<K:)'UH(KZ?EV,!#-C5AAP64Z\#(>.)Z$3/W\D/]A
M?_9;K*)NNM[$BY]^%R\:3PD*F=F3B^+5PLX_>>S'Y<\X2Z&2IS!+PV9/=+R
MS;=RMV^]H=^2+_WJUG#$$'+X;(I$>[2U2(C.X*+&+/NNED`,,.!CG K8-;
M3#4E1J%S^!U"+ H&CKZF6ZZS:Q5W$/Y%>13T,#TQ[S?"=I1K86+!J70QP'O,
MLA%6NRL,UR'-:.=,I=S0!+"$A]2_"QF(4(%91X1WB!O=E0=+P]'8245=6A1R
ML'+#97$4^M_^#+4_3 ]XZ'BF4*EL9(Y";V$+J<KUEO7#D&[*^&>GJM>$,W\&
M_8*1])64Y\W)P,V_F.U7ZB$/B?V1!]J7\>\?XOZ_B2"0'Y7-[E"9J'^TY]3
MAH.8ON$6:BEI[%=C26MSI2`+)QWA'=)TEU,.P_4$L#!!0````(`*!PTC X
M0][#L $``,D$```)````<W1Y;&4N8W-SE5-=;Z,P$'Q'XC]8ZFLX`>TU%_<I
M39K_8? 25C7>R)CTX]3_?X8D^22YFXE)&OPSLR.[8+D1QS]CB/FJA%FBYJS
M+-V]LZ/O:?B]$U*BWO(CJ")MDQ8_P37E/?H51W%4D6EF#/6NLW^17^7K.^.H
M<([.>WN92C2H/CA378E2L%;HEG4:2Y(P\^",U:#V8+%TRST8*;1;"(-"S?J&
MI 6#U2AV0<3/<C;A&^"VMIP5I*3'2U)D.+M[F3\^9[\\Z'E_6+0*+A'G/P-Q
M('B<K]-G#Q9D))BD(&NI<3Y<_BTIE$<ZP(80^:B]3PH%*)\W1KJM$Q&L<TF
M=77F8-/7?SJX*YVF0 V3BZ'UI&>U6JW7<T_]AM+6G,W3*=WQ4HC.4F!N0'>.
ME)T84E#92]3LENT3"Y4BX6C,X3]5/NSS=/OGOI*\1/.XNDP^2!8SK>ZX;N
M[Q>+/NZ!JJV%G.[*;>D:A/QN^S)?+E=AN^ *]:M[`WR/+5J0;$IV[,BS999G
M8Y(6WFTBH20C#C-RIDG#[9BKJE\/!SV?;%!N";W`_*HK2X!Q9,C[HAB.NR
M_ZCJAOT#4$L#!!0````(`(.#[C!1A*?TW```%D!```(````5$]$3RYT>'1-
M4,M.`S$,O%?J/\R-2_H#'*E4`2H2(O !WJRS&Y%-HCRJ[M^3!TB<['F,V.?
M</E\1RHA^)B/AQ.DO/Y_/G'.' 4TI5XW'QFD5(F4&5\?5X3H[T;OQBV-_TQN
MMAU(6-AQH\V8=IRE%'BE&TD53<"O$T5R;2DJLJ9>ML3#'=H'\'WZNK(#A?N
M^"72QG5"$://JV^V-D]9!BG;)D9>1WIJLC6/KW\SMFI/63C'7PO7?%,:JWY
M_T:/U<W<:G"!4"9KE(#S4(/4^&_T78^ Q*'O!^6=-DL[21/6QO+Q\ -02P,$
M% `````XACG,$X%N]+$`0``? ,```P```!U<FQ?9F]R;2YI;F-]4TUOVS ,
MO0_8?R"T`4D/F;-+#O%'&T=-F#8BQ=#T%R#)MJW$DY+CI+]^4ARW:]+.
M%Y/BP^-[%!490;*Q8$C$[)[O>)]_N#<,[*'!F%G<V^"IPI(HZ*/D[9LHESLP
M]E"?<!->RU+-0:"R2&&F*4>:P\=F#T;7,H=WTZD(0>A:NV.73*>S69AQL2E)
MMRJ?#!5T7U&$A59V8N0#.Y'PGS+0M,6%-^ZEWI_2'U!PRV:"N=QZQ$RX +
M*[6*6;1HJ905!K>I[^OEW^NEZO1S;<;%__X.EK#(CE22M6T]F2WDGF.BITZ
MM%0SV/&Z=3&#X/_HN:E.8<'7MZ9;H/62N6Q] S_5J9-MM*&S-"VY*"/CU:
M'5^%7O3GELA-&6Z7W^?P3)2_" 9^:C&;S5YR\N]8;"7-)'%5/XQ+AWWC20C
MW1E\Y/ET2K42M12;U]1>LHH*Q2;3^X%789=V4N6Z\V#XB1W<'5-811PJPN(E
MT?T:IKWVA?O%EQA40N?H,>,GJZG!<NN&9U:CAG"7YI)&ZZOC-MPV\$LA?)&$
MPFHZ1 %/UE%&O8<+>MWX^S-I+8T=>X;'&X\"]S:2J*+A?3Q?>N_S+U!+`P04
M````" #F,/8PP5::#4X#``#]!``#0```$-H86YG94QO9RYT>'2M55U+W% 0
M?1?\#_,J$6#W4H+"RWTV*+K:+VJ90P22;)9>]7[T=WUU_?F9O=56H?53 A
M]\Z<,V?.C"_AC1A)#BK7L'7K-<PF]GN!&9G9^?[>_5S_.SO[>^=PFT;E$_0
MH7KEN L0RU=6$#O`EQ?7,-Y-:O.`&T'EI84JA*4O7<AE3L7=W?7T"M-D+UV
MV,4G-SY5.UT#W,:75#WF)2S%5P)FK,$30:\!2<P:5!17W]P#:' +9Q)?B
ME(^ZDOTC2J>OLM!UY$&PU?BST,?J%>KPU\01Y=U!PW!B'^(GV1!LOTWJF&1
M.88ATTA,5VNWK+5K"T,PQ'PG3 JAMJX((:\F#O '\)&4P0,5.3S&",Q])K/
M="9)VT?7+IS?<-!J08*TWK \W! L$%RY3F[.E^SB(:=U"7QP*]6K3?G?:0DC
M:9%K(CB'F+B-46,<*1X=RZ7W6I>V1*!52]SBB[MOE_\25<90IS 12YQ<D2!'
M3KM4G#8G8=RK$!-S5'9%!<D:A(K%NL41I_5BK\S2U;#E&B0DB5FXJ#Z$N*1
M3UIG$_>8`Z+'EN*C#*US"\77)[-R9).H-%[RP/Q4C848A"!+M.E58E)VSE
M&KN6Y5IODSWEMR'SX^:2*T)QU82!\#M3G!J/8;'3FGW:LA!>KUK^AP:M%Q$
M/;J8"LA[-F\"3"5Y0X.R10#7;TUMT5 A_3A2'"7,49RW^VPM:,8B[L8<S,E
M$*7D]\6C[3#C[< #]+ =YL^Z'B;AFCP([4BI]DRO;ERWGL.!U+.=MH=1._ H
M0ULO:+T54+N!-X#L`F4[6E5^]'+TPW<HXD?'>29[\G1]O+V5PX\CVH$/5T:+
M-5=CXA<FX7.C.=G6^(%2#K;>6N/H&)8CDV#QVH6H+])ROY<[HKF EAX)9&E<
MUS'0&QCN+C]%.*J0CN!JE'W_)==Y/FA;"_?#(]'-OPBM?.#+75<"IO\.=#*
M%P("RRM ,9:PP(T9`0?I([MDXXG',NRT.0'949S5,&PKU?,N:YWAZ5%BP6)6
M+B>D6J:L3CC 6[CJ^U*,;?DDEBF712[?OO&X%(9&626^/Y7D8'B:IWGOR+;
MZ?53?[T\1>U'G%SV\G4:G]]E7RQ/,&KY)R"U5]02P,$% `````&SGV, [
M>*^8```Z 0```<```!&05$N='AT;93-3]M $,7O2/P/PXE6HD:T-RY15$"D
M$N53JGI"D_4X7F6]Z^Y'3/[[OET[(:])<&>F?=^\X;'2_K5BI6->%I0]%N*
MCEI"8&V+GD*2O>1="37BPV4>AIT;&EAHWKD:[?>N.\^/,K+]P-PNAT_M-%
MZ;D^EZBJXR,BS.!(L15JQ1C259.VQ4Y.SL^FE_2;Y?(BM1Y>$(_KLO+0?D\
MO S,O[T$Z&C*]T8;"44L/=P^?!'+2X,&RR#>&BHZ&7?H4A0;*V+M$2;9,DX
MQ<9L*>BNQ\=R2\IHM1Y%'0YHI0MB-A(J>I))U\*&B&J.&N_V[/>BGJ[G5W?7
M57R+L'U\]'A)WSEW^')2YZ-(J;&BV2UU#J8^J0KJ<ALE0N5<E5:GY6_5P%?
M,L3/(Z=;O6JA-EFCUV*V%3UKJ^"2&WGM7"V9;$S82TWW34.-\\#*'B60^W$D
M_,QM32UOLF?L]]X63.B W8N-FDUI<*>N)MD5?:],W#3-/.`W.GF)?SJ]G
MLY/9R<5%47W':VA,7M +,<A7W<5!X(M:3MEKFSP-%#?]I6VNI3L!BYH8%ND
M*"0N"EA&Y\R2?9'[;S!OM)?&O94PCI2D'VZLZ^JR%Q07>2OK1N :,C:I?1
M_+?OR"\!E/G J'82<AN/!16B6/</WO#S^#CWRH! _2Q[*2.[3(CI&;M2B-&#
M22NP*/[<:&LR\0X!BT,)$MWB<GOOD/[N_5)V^\IN=9&C') ",UZ7T>]%=; 9
MT!A;YFHD.U\:"D).^!3NJ2=F]9(CI<<KD'H\\:\'!_)^!^71M_TC8+J9/Q*O
M6-NQ;-&4;$XS> F9U+ VY;:#P^6-FYHLGB$<P-YE[R0=7B30Z?,-,?U)D)T5
M3_]L`"YUH3#["U!+`P04````" !-?8PF-#'!'D&```E$P``"0```&EN9&5X
M+G!H<*57;5/;.!#^SS_0=5P.)DV<2C7N0*QF1;2:Z<4&%[:NV$Z&<46L<!O
M)RD$VN._WZYD)[9)"NWE`UC2:M_WT6Y_-X_RU14N92:'DN>9U"(=MP;#-P<'
M[9W5E=45R?^9",F'61IPXAR_/Y;9[5TWB)E27;CK&**U8I]X).534JQ:0BFN
M6VO#/P=G%\YES,;*^=HFNZ2^0[9).HEC*TY<DOJUB8SA4GMUY?OJ"H%?*:KC
M*\VD'FK)4G7)99U^QQ+S(,HJ-R37$YF"G2K/4L5;,[);H<WB?J$*+- B2YVO
M+TK%0QYSS=&6]772("*>1YPRZX%5\XBM>WE84'2:K(L5(HX"\$H>I %#!EO
M5PT/I,CU$"S=M5*]AE]W*#CHU-TDN(R90FW-MF]'"(ZS618W0.R&RZK.Y*S
M.*ENL(F.ALN#A.G#E1XF7$=9"/GA+G.3I,,& P5'R<\U>K"B3*ET9,UKP59
MR%%0JZE<^P$W,'6(>F52?#/>>Z+A"SU<^R!T;^>:;O^ZDK_V?[1WMG?QP,2
MZ20FQ^=O#S[L$=IQW2^;>ZZ[?[9/_GI_]NF ;'1[Y S5$&/BUUW<$)C;3.
MMUUW.IUVIYO=3([=LQ/W%GEMX.7BLZ,K-[NA#BF*-A)ODSA5W(^&UM;6_8Z
M)3%+QQ[E:>?\E.*-[>J&8079ZJ.%?2UTS/W"#WW7+LT)9 `C**>#B'+CT;TL
MU1#OSME=SBD)[,JCFM]J%^7ND"!B$F+I?3]ZKQ^_6JKLT&):[G%(KTFDL<>
M5?HNYBKB7%.B57!(5"*DDCRRX*B:S82'KF41;',TZVFHB24>OV VSZ^Z5
MJK&;GU"_[]HOM-PM3.^/LO ._X?BAHC0HV/$RF7U(HI]R'%)\""%;KU$8"+
M[!F>#DX^#TXN$&7A^^ =U,"N3_WSDP/R+I-)WV4^^9?,[C:KW__$4C;F9,^N
MD;SOMRY`:VP2*,"IU'R=+T[5NP``#-\U K<*.P4^5I:,"PD3_ K^V^._*)
M0[JDS,V'"O0>11O*_*0YA&1;*"VM1P<51#D3$`0PF\SM[1T<</`^<%N62Q
MXO;Y*6^CO&<\R?5=JV34;L^/*W(JWM!L%'-BLLVC4Q'J:)ML]'J_4;\$O.8%
MZ?=U6'HPR]$PK(18Y2SUZ*M*GC1BO6[?"P\3V=^+.9/D31S7(Z]#_".?)AS3
MF/J'`(WV8O-D/TLFQ>?'3,=+3[YS.+)$H9OC#UU+>MZ7F82BX+T=`O_[
MX)E)JN<!P=WGS]OU6XW0X&_M"I- K&] Z^&46J('ECJ0//A-!V$/^,D6CAI
M[<K_7DJ]6!-?+WI?[TNK'IQM_.#L97%&'PJ$7Q<%/KRT66,XRPHI&59X71)
M$KYJB22/X=%L.9#C58[M-E8A+3J1'R?+?3,J1?:X)MEKY/?S3PX%]5BU/,2.
MPXR410MH*V*4T)V#14-.\0]%+84'?*<=;-)J^%+M:LQ&I:FQ/&H]3<.$0GW(
MSH38KL:C.30LE!3!H!;U%H"Y\7K5E(*72/.)+EZ;2(0A!Q3 +6RU*A*R0T6
M$G">P6EI`^DZ^)+]%%-C[*>A1M^A67IL05<Y\Y<SOAIR-D`KA(F7](&OH#
M:"4DP5[/J$=8&I*RRS.P`J]4Y6F:V8UY#:\6TZ0O+,'B_K,6;:])Y8445UI
M8YM'-\&TIM+GI;I-O"P):N['IJ1T?MG4SIR/7OZ?VAP7[GJ2,J5O2X7FZY]4
MJ!K3(AO0T Z+Q1A&H(!C8!O"U624"#T3=?3Q46$+L*L\P:J>'0#"W!,8CV8
M&038M:V4J?W"5$R/(6[0&1J,>04,GM+&:;+BZM:5[.V=3FY&:L?7K"V-?4'
M6,2)7RW1GA(87XR#$39PIB%V:4R&2:90?GD!V^.%C4Z=_"520ZN[).,:U*^1
M>CT=J7QG>5VWY3X!I]_]);DHE&O$J)9P5NQ:A+I5M:3O+G_;90X4262^
M\2E[:KH&$0^N1]EMJ63*I\.I2,-LBHH=\BGY8E9D89+;.R.93=6\W-\6RRP-
M8A%<+XL4VEWE"<,IG]?-":[,F&$=5)L;?F1<V8\4(Z3*)C+('/,NRG7+A3(
M%0^T<G-PJUL9.F"66>AX`%4%G<_0SN;WTDQCC0D1^]WTA1EIM5(:'YY)V&^
MRQ)/XFU2)CF8W"4[/4:,U"E!NRP8]J;LOB1#!X`'.3Z9(U2+#K_P=02P$"
M% `4````" "14M4PD2[WI.T!``!B! ``#0`````````!`" `MH$`````:F%V
M87-C<FEP="YJ<U!+`0(4`!0````(`",=*S#C5.Q[+!L``*M'```+````````
M``$`( "V1"``!,24-%3E-%+G1X=%!+`0(4`!0````(`$(Y]C Q5L;A%!`
M`-9D```1``````````$`( "V6T=``!02%!R;WAY+F-L87-S+G!H<%!+`0(4
M`!0````(`-DT]C#.%]RIJL``(P?```*``````````$`( "V; U``!214%$
M344N='AT4$L!`A0`% `````H'#2,#A#WL.P`0``R00```D``````````0`
M`+:!D$``'-T>6QE+F-S<U!+`0(4`!0````(`(.#[C!1A*?TW```%D!```(
M``````````$`( "V5E#``!43T1/+G1X=%!+`0(4`!0````(`.(8YS!.!;O2
MQ $``'P#```,``````````$`( "V5U$``!U<FQ?9F]R;2YI;F-02P$"% `4
M````" #F,/8PP5::#4X#``#]!``#0`````````!`" `MH%+1``0VAA;F=E
M3&]G+G1X=%!+`0(4`!0````(`!LY]C (.WBOF (``.$```'``````````$`
M( "V<1)``!&05$N='AT4$L!`A0`% `````8#7V,)C0QP1Y!``)1,```D`
M`````````0``+:!4P``&EN9&5X+G!H<%!+!08`````"`*`#D"```A4P``
"````
`
end

attached mail follows:

* Thus wrote news.php.net:
> Attached is an awesome web proxy, which totally meets my needs, but I need
> it to be transparent. I need anyone accessing the computer that this is on
> to be automatically proxy-ed to a URL, but then let them navigate through
> the links just fine. I also do not want them to see the banner that's
> displayed by default.

- I need money to by myself some good books.
- dont use php.net as your name.
- dont attach files.
- dont send zip files.

Curt
--
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about. No, sir. Our model is the trapezoid!

attached mail follows:

On Wed, 18 Aug 2004 14:59:20 -0700
Adam.Fredencpsa-rbha.org (News.Php.Net) wrote:

> Attached is an awesome web proxy, which totally meets my needs, but I need
> it to be transparent. I need anyone accessing the computer that this is on
> to be automatically proxy-ed to a URL, but then let them navigate through
> the links just fine. I also do not want them to see the banner that's
> displayed by default.
>
> This script was designed for people to be able to bypass blocked websites
> from work, by going through this proxy, but I need it because one DMZ on our
> firewall cannot access the other DMZ where the web server is, and they need
> to be able to.
>
> This script works fine in my testing, but I do not know enough about PHP yet
> to be able to modify it on my own.
>
> I tried changing the "$this->url" on line 202, which set the script up to
> browse that URL fine, but none of the links. It always displayed only the
> home page. I need an initial URL, but then allow it to be changed when
> people click on a link.
>
> Can anyone help? Thanks a million!
>
> - Adam
[snip some crap attachment]
Sure, the author of this unit can help you, doubt anyone here can/want to/will.
Doesnt it seem logical to you mailing the author instead of this mail list?
-Hannes

attached mail follows:

Nicklas Bondesson wrote:
> How do I find an exact match of a string with preg_match?
>
> Example:
>
> String1: www.test.com/
> String2: www.test.com/somepage.php?param1=true
>
> How do you write the regexp to only return String1 and not String2 when you
> match against "www.test.com" ??

You should use the ^ and $ characters which signify the start and the
end of the string respectively.

For example:

$matched = preg_match('/^www\.test\.com$/', $string);

For more information look at the Pattern Syntax page:
--> http://php.net/manual/en/reference.pcre.pattern.syntax.php

Chris

--
Chris Jenkinson
chrisstarglade.org

attached mail follows:

I dont need to report bugs as i didnt see any.
All i need is some info regarding the following request.

Can i see CPU ID / STORAGE ID with php or javascript, or both combined.
I realy need this, please reply ASAP if you can help me, at least give me some hope for it.

Best wishes,
------------------------------------------------------
Pop Mihai Sergiu
POP SERVICE ELECTRONIC HQ
Internet solutionist & developement
Address : Str. Calea Severilului, Bl 317 a.b.
Address2 : 1100, DOLJ, Craiova, Romania
E-mail : Researchpopservice.ro
Url : Http://www.popservice.ro
Phone : +(40) - 251 483 627
Fax : +(40) - 251 418 773
Mobile : +(40) - 744 391 110
Prefered languages : RO / EN
------------------------------------------------------
This mail is scanned and proven not to contain any viruses.
------------------------------------------------------

----- Original Message -----
From: "Gabor Hojtsy" <gaborhojtsy.hu>
To: "Research" <researchpopservice.ro>
Cc: <webmasterphp.net>
Sent: Wednesday, August 18, 2004 10:46 PM
Subject: Re: Greetings.

> Hm, you are not reporting a bug, but asking a support question. Please
> ask support questions at php-generallists.php.net
>
> Regards,
> Gabor Hojtsy
>

attached mail follows:

On Thursday 19 August 2004 07:01, Research wrote:

> Can i see CPU ID / STORAGE ID with php or javascript, or both combined.

Not with PHP. As for javascript ask on a javascript list or refer to some
javascript resource.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Horner's Five Thumb Postulate:
Experience varies directly with equipment ruined.
*/

attached mail follows:

Hello,
I dont know regex very well but I am using one below
that I modified from the web:

** Start code**

function RStripHeader($string) {
return eregi_replace('', '', $string);
}

$the_file = "something.html";
$content = RStripHeader(file_get_contents($the_file));
$fhandle = fopen($the_file, "w");
fwrite($fhandle,$content);
fclose($fhandle);
echo "Done <b>".$the_file."</b><br>";

** End code***

Basically what I am trying to do above is:
open a file
delete everything that starts with

and ends with

eg:
it will delete everything below including
"" and ""

all this will be deleted!

Its working great for 1 file, but when I put it into a
for loop to handle multiple files....it takes ages for
10 files and sometimes just "hangs".

please help.

Thanks,
Mag

=====
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)

_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now.
http://messenger.yahoo.com

attached mail follows:

On Thursday 19 August 2004 08:11, Mag wrote:

> I dont know regex very well but I am using one below
> that I modified from the web:

> return eregi_replace('', '', $string);

> Its working great for 1 file, but when I put it into a
> for loop to handle multiple files....it takes ages for
> 10 files and sometimes just "hangs".

1) regex functions are slow, and can gobble up lots of memory
2) the POSIX regex functions are even slower (than the PCRE functions)

I suggest that you use simple string functions, with this general outline:

- loop through the file line by line looking for the start-tag
- set FLAG
- if FLAG is set and line does not contain the start-tag then write the line
- if FLAG is set and line contains start-tag then unset FLAG, ignore the line
- if FLAG is not set and line does not contain end-tag then ignore the line
- if FLAG is not set and line contains end-tag then set FLAG, ignore the line

If you're allowing the start-tags and end-tags to appear in lines along with
other text then your task is slightly more complicated and you will have to
allow for that when processing the lines containing those tags.

If your files are relatively small then its even easier. Read the whole file
into a string then use strpos() or stripos() along with substr() - and
whatever other useful string functions you find.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Artificial intelligence has the same relation to intelligence as
artificial flowers have to flowers.
-- David Parnas
*/

attached mail follows:

Jason,

Thank you for the reply.

>Have you enabled FULL error reporting? Are you getting any errors?

Here are the couple of lines of interest:

         $connection = ftp_connect($server, $port);
         $loggedOn = ftp_login($connection, $user, $password);
         $systype = ftp_systype($connection);

The error that comes out is:

Warning: ftp_login() expects parameter 1 to be resource, boolean given in
/directory/here/public_html/ftp/index.php on line 108

Warning: ftp_systype() expects parameter 1 to be resource, boolean given in
/directory/here/public_html/ftp/index.php on line 109

Those correspond to the last two lines of the above code.

>Is the server you're connecting to using a non-standard port? If not just
>leave out $port, or make pretty damn sure it's 21.

That is set to 21 anyway, but fair enough point.

>Do you have shell access to the server? If so you can try using the command
>line 'ftp' to see whether you can connect to the ftpserver.

No, wish I did ;-(

>Are you positive that the host allows FTP out of the webserver (the machine
>not the program) to a remote ftpserver? Make sure the host knows what you're
>trying to do and that they know what they're doing.

They have told me on two occasions when I asked them that it was allowed to
ftp from the server to others. I am actually trying to ftp to the same
server anyway.

Catch ya,

DBW
Melbourne | http://ozreef.org/
Australia | dbwozreef.org
--------------------------------------------------------------------------
When the only tool you own is a hammer, every problem begins to resemble a nail.

attached mail follows:

On Thursday 19 August 2004 08:36, DBW wrote:

> >Have you enabled FULL error reporting? Are you getting any errors?
>
> Here are the couple of lines of interest:
>
> $connection = ftp_connect($server, $port);
> $loggedOn = ftp_login($connection, $user, $password);
> $systype = ftp_systype($connection);
>
> The error that comes out is:
>
> Warning: ftp_login() expects parameter 1 to be resource, boolean given in
> /directory/here/public_html/ftp/index.php on line 108
>
> Warning: ftp_systype() expects parameter 1 to be resource, boolean given in
> /directory/here/public_html/ftp/index.php on line 109
>
> Those correspond to the last two lines of the above code.
>
> >Is the server you're connecting to using a non-standard port? If not just
> >leave out $port, or make pretty damn sure it's 21.
>
> That is set to 21 anyway, but fair enough point.

OK we've established a couple of things:

1) You have error reporting enabled - this is most important!
2) The ftp functions are compiled in

One thing that you should do when debugging is to plug in static values rather
than using $variables, thus:

$connection = ftp_connect('remote.ftpserver.com', 21);

This will eliminate the cases where your $variables have inadvertently been
changed between them being defined and them being used. And it will eliminate
the cases where you have defined it as $variable and try to use it as
$variabel.

If that is not the problem then the best way to resolve this is to escalate
the issue with your host. There are other tests that can be done which will
help determine whether outgoing FTP is indeed blocked. Eg you can try to ftp
to the webserver itself - this will usually eliminate firewall issues. But it
will be much quicker to work together with your host.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
"I am not sure what this is, but an `F' would only dignify it."
-- English Professor
*/

attached mail follows:

Jason,

Thanks again for the reply. Much appreciated.

Just to clarify a point, does it matter where you are coming from and
executing the php script? i.e. I am using a browser that is behind a
firewall blocks ftp (hence why I am trying to set up this ftp stuff through
php). I am pretty sure that it doesn't, since I have used other sample
scripts around the web run on their own server and they work fine. Just
want to check to make sure this is actually the case.

Just trying to take it up with my host at the moment. If no joy, shall be
moving on there I think.

Catch ya,

attached mail follows:

On Thursday 19 August 2004 13:43, DBW wrote:

> Just to clarify a point, does it matter where you are coming from and
> executing the php script? i.e. I am using a browser that is behind a
> firewall blocks ftp (hence why I am trying to set up this ftp stuff through
> php). I am pretty sure that it doesn't, since I have used other sample
> scripts around the web run on their own server and they work fine. Just
> want to check to make sure this is actually the case.

The ftp connection is made from where the php script resides. Which means on
the webserver. So if the host has blocked outgoing ftp connections from the
webserver you're hosed.

That is why I suggested that you try an ftp connection to the webserver itself
(from the webserver of course):

1) I'm assuming that your host machine has both the webserver installed
(obviously) and that it has an ftpserver (for you put stuff into your
webspace).

2) I'm further assuming that your host has not blocked ftp connections coming
from localhost

Thus if you're able to connect locally then it is a good indication that php's
ftp functions are not a fault, and that it is the host's network
configuration that is preventing you from making outgoing ftp connections.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
He that breaks a thing to find out what it is has left the path of wisdom.
-- J.R.R. Tolkien
*/

attached mail follows:

Today is the first time I've ever used connection_aborted, and it doesn't
work. There are some bug reports for it dating back to 2002. I'm using PHP
4.3.2. The following script doesn't do what it's supposed to:

<?php
HEADER('Content-type: text/plain');

Set_Time_Limit(0); //this you know what gonna do
Ignore_User_Abort(True); //this will force the script running at the end

$f = fopen("/tmp/aborted.log", "w");
fwrite($f, "Starting...\n");

$count = 0;
While(!Connection_Aborted()) {
fwrite($f, "$count: Going\n");
$count++;
fflush($f);
   Echo "\n"; //this will save de while
   Flush(); //Now php will check de connection
   Echo "My chat....";
   Sleep(1);
}
fwrite($f, "Aborted\n");
fclose($f);
?>

I got that script from php.net's manual page for connection_aborted(), and
modified it to write out to a log file. "Aborted" never ever gets printed
to /tmp/aborted.log.

Hope this gets fixed ASAP.

- Nolan

--
http://www.semanticgap.com/people/sneakin/

attached mail follows:

Hi
I'm trying my new php5 script, but it takes about 1.2s to generate my page.
That is, how my oop model looks like :

[category]
| | |
[photo] [desc] [products]

[products]
|
[product]
| | |
[photo] [desc] [keys]

[keys]
|
[key]
|
[values]
|
[value]

Each object gets data from mysql by itself. The generation time of 1
category [30 products, 10 keys, 5 values ~= 300 mysql queries] takes as I
said more than a 1s (on quite fast machine). How can this model be improved?
Do I create too many objects ? What are the oop solutions for such problem ?

I also use an extra table to create many-to-many relation betwean a product
and a key. Is this the only way in mysql ?

[product]
|
[product_id, key_id]
|
[key]

Thanks a lot help
Krzysztof Gorzelak
krzysztofuno.pl

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]