|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 9 Oct 2004 05:21:40 -0000 Issue 3042
php-general-digest-help
lists.php.net
Date: Sat Oct 09 2004 - 00:21:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 9 Oct 2004 05:21:40 -0000 Issue 3042
Topics (messages 198994 through 199049):
Re: sending mail -- nullmailer
198994 by: Matthew Sims
198995 by: Manuel Lemos
199018 by: Josh Howe
199022 by: John Nichel
Re: Need help with a string
198996 by: Greg Donald
199002 by: Jason Davidson
199003 by: Tim Van Wassenhove
199026 by: Andrew Kreps
Re: Quotes """ in form textarea fields
198997 by: Jensen, Kimberlee
199025 by: Andrew Kreps
199027 by: John Holmes
move_uploaded_file() problem
198998 by: Daniel Lahey
199004 by: Tim Van Wassenhove
Creating a Sequence from Array
198999 by: Nick Wilson
199005 by: Tim Van Wassenhove
199014 by: Nick Wilson
Re: Help with Array Sorting Please
199000 by: Nick Wilson
199001 by: Nick Wilson
199008 by: Nick Wilson
199016 by: M Saleh EG
199020 by: Nick Wilson
Re: header redirect with POST?
199006 by: djoseph.twmi.rr.com
199015 by: Chris Shiflett
read aspx files
199007 by: celso andrade
199010 by: Robby Russell
199011 by: Brent Clements
199013 by: Marek Kilimajer
199017 by: M Saleh EG
Re: fopen and http://
199009 by: Andrew Kreps
Re: Sessions not destroyed
199012 by: Dennis Gearon
static inheritance in a class object
199019 by: Kevin
finding links to jpg,mpg,avi
199021 by: Mag
1000+ character POSTed strings get mangled
199023 by: Jonny Roller
199024 by: John Holmes
Callback functions inside classes - how to?
199028 by: Thomas Hochstetter
199049 by: Aidan Lister
Recursion to sanitize user input
199029 by: zooming.gamebox.net
199030 by: M. Sokolewicz
199031 by: zooming.gamebox.net
199033 by: Comex
199034 by: Yoed Anis
199035 by: Curt Zirzow
199036 by: Robet Carson
199037 by: Robet Carson
199038 by: Comex
199039 by: zooming.gamebox.net
Securing Servers
199032 by: Stephen Craton
199041 by: raditha dissanayake
199043 by: M Saleh EG
199044 by: Stephen Craton
199045 by: John Nichel
199046 by: Stephen Craton
199047 by: John Nichel
199048 by: Stephen Craton
MYSQL_VERSION_ID?
199040 by: Minuk Choi
Safe mode & imagecreatefromjpeg
199042 by: Paulo JF Silva
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Does nullmailer have a sendmail wrapper? mail() in unix/linux looks for
the sendmail binary.
mail() on windows uses the settings in php.ini.
--
--Matthew Sims
--<http://killermookie.org>
>
>
> Ok, so I came across nullmailer, which seems to do exactly what I want -
> forward mail to an existing smtp server. But it isn't working. I'm using
> the
> mail() php function, and the mails aren't arriving. The same code works
> fine
> on a windows machine pointing to the same smtp server. Does anybody have
> any
> experience configuring nullmailer? How do I tell linux to use nullmailer
> as
> the default MTA? Thanks!!
>
>
attached mail follows:
Hello,
On 10/08/2004 01:35 PM, Josh Howe wrote:
> Ok, so I came across nullmailer, which seems to do exactly what I want -
> forward mail to an existing smtp server. But it isn't working. I'm using the
> mail() php function, and the mails aren't arriving. The same code works fine
> on a windows machine pointing to the same smtp server. Does anybody have any
> experience configuring nullmailer? How do I tell linux to use nullmailer as
> the default MTA? Thanks!!
I don't know why do you want to replace your Linux installation MTA.
Usually is sendmail or compatible and can be configured to relay
messages to a SMTP server instead of deliverying them directly.
Under Linux/Unix PHP just hands the message to the sendmail program. It
would not make much sense to relay messages a SMTP server when sendmail
can be more efficient by sending them directly to the SMTP of the
recipient users, unless you are trying to send messages from a server
that is blacklisted and the world is not accepting messages from it or
because of some other blocking reason.
Anyway, if you really want to relay messages to a SMTP server under
Linux/Unix, the mail function will not do that. Instead you may want to
try this class that comes with a wrapper function named smtp_mail(). It
emulates the mail() function and the purpose of its arguments except
that it can relay the messages a SMTP server of choice.
http://www.phpclasses.org/mimemessage
You also need this:
http://www.phpclasses.org/smtpclass
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
attached mail follows:
I don't want to setup and maintain a new mail server (sendmail) when we
already have an smtp server set up and maintained by our sys admin. Am I
crazy here?
Can anybody recommend a good sendmail wrapper I can use that will work with
PHP and any other apps that use sendmail? Thanks
-----Original Message-----
From: Manuel Lemos [mailto:mlemosacm.org]
Sent: Friday, October 08, 2004 12:59 PM
To: Josh Howe
Cc: php-generallists.php.net
Subject: [PHP] Re: sending mail -- nullmailer
Hello,
On 10/08/2004 01:35 PM, Josh Howe wrote:
> Ok, so I came across nullmailer, which seems to do exactly what I want -
> forward mail to an existing smtp server. But it isn't working. I'm using
the
> mail() php function, and the mails aren't arriving. The same code works
fine
> on a windows machine pointing to the same smtp server. Does anybody have
any
> experience configuring nullmailer? How do I tell linux to use nullmailer
as
> the default MTA? Thanks!!
I don't know why do you want to replace your Linux installation MTA.
Usually is sendmail or compatible and can be configured to relay
messages to a SMTP server instead of deliverying them directly.
Under Linux/Unix PHP just hands the message to the sendmail program. It
would not make much sense to relay messages a SMTP server when sendmail
can be more efficient by sending them directly to the SMTP of the
recipient users, unless you are trying to send messages from a server
that is blacklisted and the world is not accepting messages from it or
because of some other blocking reason.
Anyway, if you really want to relay messages to a SMTP server under
Linux/Unix, the mail function will not do that. Instead you may want to
try this class that comes with a wrapper function named smtp_mail(). It
emulates the mail() function and the purpose of its arguments except
that it can relay the messages a SMTP server of choice.
http://www.phpclasses.org/mimemessage
You also need this:
http://www.phpclasses.org/smtpclass
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Josh Howe wrote:
> I don't want to setup and maintain a new mail server (sendmail) when we
> already have an smtp server set up and maintained by our sys admin. Am I
> crazy here?
>
> Can anybody recommend a good sendmail wrapper I can use that will work with
> PHP and any other apps that use sendmail? Thanks
Well, to use the mail() functions on a *nix box, you need to have some
MTA running on it. Maybe php's *other* mail functions are more along
the lines of what you're looking for....
http://us4.php.net/imap
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
On Fri, 8 Oct 2004 11:38:23 -0500, Brent Clements
<bclemimaginative-enterprises.com> wrote:
> Given the following string:
>
> $textString = "Share A Dream Come True Parade 3:00 SpectroMagic Parade 9:00, 11:00 Wishes? nighttime spectacular 10:00"
>
> I need to break the string up into pieces where as
>
> $string[1] = "Share A Dream Come True Parade 3:00"
> $string[2] = "SpectroMagic Parade 9:00, 11:00"
> $string[3] = "Wishes? nighttime spectacular 10:00"
>
> Granted this is pretty easy because I could just search for this stuff and break it up, but the string above can actually be different each time, for instance, next time it could be:
>
> $textString = "Share A Dream Come True Parade 3:00, 5:00 SpectroMagic Parade 9:00, 11:00 Wishes? nighttime spectacular 10:00"
>
> I think my main issue is that I don't know how to keep the , XX:XX part combined with the previous part of the string.
preg_match_all() is what you want to use. You can easily match
everything up to the time since it's formed with a ":00" at the end
each time.
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
attached mail follows:
prolly already mentioned, but what about explode using the commas
$strings = explode(',', $textString);
Greg Donald <destineygmail.com> wrote:
>
> On Fri, 8 Oct 2004 11:38:23 -0500, Brent Clements
> <bclemimaginative-enterprises.com> wrote:
> > Given the following string:
> >
> > $textString = "Share A Dream Come True Parade 3:00 SpectroMagic Parade 9:00,
> 11:00 Wishes? nighttime spectacular 10:00"
> >
> > I need to break the string up into pieces where as
> >
> > $string[1] = "Share A Dream Come True Parade 3:00"
> > $string[2] = "SpectroMagic Parade 9:00, 11:00"
> > $string[3] = "Wishes? nighttime spectacular 10:00"
> >
> > Granted this is pretty easy because I could just search for this stuff and
> break it up, but the string above can actually be different each time, for
> instance, next time it could be:
> >
> > $textString = "Share A Dream Come True Parade 3:00, 5:00 SpectroMagic Parade
> 9:00, 11:00 Wishes? nighttime spectacular 10:00"
> >
> > I think my main issue is that I don't know how to keep the , XX:XX part
> combined with the previous part of the string.
>
> preg_match_all() is what you want to use. You can easily match
> everything up to the time since it's formed with a ":00" at the end
> each time.
>
>
> --
> Greg Donald
> Zend Certified Engineer
> http://gdconsultants.com/
> http://destiney.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
In article <ea9da26c041008100635fdcfemail.gmail.com>, Greg Donald wrote:
> On Fri, 8 Oct 2004 11:38:23 -0500, Brent Clements
><bclemimaginative-enterprises.com> wrote:
>> Given the following string:
>>
>> $textString = "Share A Dream Come True Parade 3:00 SpectroMagic Parade 9:00, 11:00 Wishes? nighttime spectacular 10:00"
>>
>> I need to break the string up into pieces where as
>>
>> $string[1] = "Share A Dream Come True Parade 3:00"
>> $string[2] = "SpectroMagic Parade 9:00, 11:00"
>> $string[3] = "Wishes? nighttime spectacular 10:00"
>>
>> Granted this is pretty easy because I could just search for this stuff and break it up, but the string above can actually be different each time, for instance, next time it could be:
>>
>> $textString = "Share A Dream Come True Parade 3:00, 5:00 SpectroMagic Parade 9:00, 11:00 Wishes? nighttime spectacular 10:00"
>>
>> I think my main issue is that I don't know how to keep the , XX:XX part combined with the previous part of the string.
>
> preg_match_all() is what you want to use. You can easily match
> everything up to the time since it's formed with a ":00" at the end
> each time.
If i'm not mistaken, preg_split on \d{0,2}:\d{2}
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://www.timvw.info>
attached mail follows:
On 8 Oct 2004 17:27:10 -0000, Tim Van Wassenhove <eukipi.be> wrote:
> In article <ea9da26c041008100635fdcfemail.gmail.com>, Greg Donald wrote:
> > On Fri, 8 Oct 2004 11:38:23 -0500, Brent Clements
> ><bclemimaginative-enterprises.com> wrote:
> >> Given the following string:
> >>
> >> $textString = "Share A Dream Come True Parade 3:00 SpectroMagic Parade 9:00, 11:00 Wishes? nighttime spectacular 10:00"
> >>
> >> I need to break the string up into pieces where as
> >>
> >> $string[1] = "Share A Dream Come True Parade 3:00"
> >> $string[2] = "SpectroMagic Parade 9:00, 11:00"
> >> $string[3] = "Wishes? nighttime spectacular 10:00"
> >
> > preg_match_all() is what you want to use. You can easily match
> > everything up to the time since it's formed with a ":00" at the end
> > each time.
>
> If i'm not mistaken, preg_split on \d{0,2}:\d{2}
>
You may want to add a \s+ to the end of that, in the event that there
is more than one time associated with the string, as in $string[2].
If you can count on the last 2 digits of the time followed by a space
determining your separator (and a comma means keep going), it should
work for you.
My best guess: /([\w\s]+[\d{1,2}:\d{2},*]+\s+)/
attached mail follows:
Yes, the magic quotes will get you, but they are meant to "protect" you.
Either
1. Go into php.ini and disable them
2. Create an include file that you include in each script, in it, use ini_set() to disable magic quotes at run time http://us2.php.net/manual/en/function.ini-set.php
-----Original Message-----
From: Sam Smith [mailto:phpitab.com]
Sent: Fri 10/8/2004 6:22 AM
To: PHP
Cc:
Subject: Quotes """ in form textarea fields
I swear I googled for an hour first.
A user enters in a textarea field of FORM1.php:
Bob is "high"
Submitted to FROM2.php we get:
Bob is \"high\"
In a hidden field in FROM2.php we store the value: <type="hidden", value="<?
echo stripslashes($_POST['textarea']); ?>> Value now Bob is "high"
Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
textarea field with:
<type="textarea", value="<? echo $_POST['hidden']); ?>
we have;
Bob is
Everything after the first double quote is clobbered.
I can fix this by putting this in FORM2.php:
$APParea1 = $_POST['textarea'];
$APParea1 = str_replace("\"","[QT]",$APParea1);
and then back by putting this in FORM1.php:
$APParea1 = $_POST['hidden'];
$APParea1 = str_replace("[QT]","\"",$APParea1);
<type="textarea", value="<? echo $APParea1; ?>
BUT THIS must have happened many times a long long time ago to many good
people and some smart function was developed, right?
Thanks
attached mail follows:
On Fri, 08 Oct 2004 06:22:22 -0700, Sam Smith <phpitab.com> wrote:
> Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
> textarea field with:
> <type="textarea", value="<? echo $_POST['hidden']); ?>
I'd like to add that you can also use the following syntax for textarea fields:
<input type="textarea"><?= $_POST['hidden'] ?></textarea>
which may also get you past the quoting problem.
attached mail follows:
Andrew Kreps wrote:
> I'd like to add that you can also use the following syntax for textarea fields:
>
> <input type="textarea"><?= $_POST['hidden'] ?></textarea>
>
> which may also get you past the quoting problem.
You mean you can use:
<textarea name="hidden"><?=htmlentities($_POST['hidden'])?></textarea>
unless you prefer depreciated code and cross site scripting
vulnerabilities...
http://www.w3.org/TR/html4/interact/forms.html#input-control-types
http://www.w3.org/TR/html4/interact/forms.html#h-17.4
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
attached mail follows:
I'm seeing a very strange problem with move_uploaded_file(...). I'm
uploading jpegs and the transfer appears to go a little too quickly,
and when I look at the directory listing, the files are about twice the
size that they should be. When we view the file in the browser, the
images are either mangled or appear incomplete. Sometimes the bits
seem to be scrambled and other times it appears that only the first 1/4
or so of the image is complete. I can ftp the files to the same folder
and they are uploaded without any problem. Another odd thing is that
the permissions on the files are set to -rw------- and owned by apache.
I can do a chmod on them to get them readable, but chown doesn't
appear to work to change ownership.
I'm using a multipart/form-data form with a MAX_FILE_SIZE of 1MB, which
should be plenty.
We're using PHP 4.2.2, Apache 2.0.40, and Red Hat Linux 9 (Shrike).
Has anyone encountered such a thing before? We're going to upgrade PHP
from 4.2.2, but I wasn't able to find any documented bugs with that
version relating to this issue.
attached mail follows:
In article <AEDABE69-194C-11D9-9A20-000D932C0C84comcast.net>, Daniel Lahey wrote:
> I'm seeing a very strange problem with move_uploaded_file(...). I'm
> uploading jpegs and the transfer appears to go a little too quickly,
> and when I look at the directory listing, the files are about twice the
> size that they should be. When we view the file in the browser, the
> images are either mangled or appear incomplete. Sometimes the bits
> seem to be scrambled and other times it appears that only the first 1/4
> or so of the image is complete.
Meaby the maximum execution time is exceeded, and the script dies?
>Another odd thing is that
> the permissions on the files are set to -rw------- and owned by apache.
> I can do a chmod on them to get them readable, but chown doesn't
> appear to work to change ownership.
I believe you have to be root to perform chown.
If you really want another user to be the owner of the files, you could
extend your upload script so that it uploads all the files with ftp to
localhost. This way they will be owned by the ftp-user.
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://www.timvw.info>
attached mail follows:
hello all,
I have an array like this:
array (
1 => array(123, 345, 454),
2 => array(8854, 393, 4947, 77, 3343),
3 => array(393, 33)
);
I need to create an array sequence from that that would look like this:
array (
'1:123',
'2:8854',
'3:393',
'1:345',
'2:393',
'3:33',
'1:454',
'2:4947',
'3:393', // notice this has started from the start again...
'1:123', // as has this..
'2:77',
etc etc
);
untill the last number of the largest array (number 2 in
the original array) have been used.
I do have some code to show you but im afraid ive been going at it all
the wrong way so im not sure it's of any use. (posted below) - Could
someone please help me out? im just not good enough to do this i
think... thanks very much indeed..
#### Nicks messed up code so far:
function rubbish_function($machines) {
while(count($machines) > 1) {
for($i=0; $i<count($machines); $i++) {
sequence[] = ($i+1) . ':' . rtrim($machines[$i][0]);
array_shift($machines[$i]);
}
if(empty($machines[$i])) {
array_shift($machines);
} else rubbish_function($machines);
}
return $sequence;
}
--
Nick W
attached mail follows:
In article <20041008171835.GC21400stylesheet.org>, Nick Wilson wrote:
> array (
> 1 => array(123, 345, 454),
> 2 => array(8854, 393, 4947, 77, 3343),
> 3 => array(393, 33)
> );
>
> I need to create an array sequence from that that would look like this:
> array (
> '1:123',
> '2:8854',
> '3:393',
> '1:345',
> '2:393',
> '3:33',
> '1:454',
> '2:4947',
> '3:393', // notice this has started from the start again...
> '1:123', // as has this..
> '2:77',
> etc etc
> );
>
> untill the last number of the largest array (number 2 in
> the original array) have been used.
>
> I do have some code to show you but im afraid ive been going at it all
> the wrong way so im not sure it's of any use.
Do you have a clue what your code is doing? Or did you just come up with
it? What is the use of writing code that you don't understand?
Not going to do your homework, but will give you some hints:
it seems your function accepts an array as parameter, and returns a new
array.
to find the largest number, you could say the first number in the array
is the current biggest. And then you loop through all the values, and remember
the array number when you meet a value that is greater than the current
biggest.
Now it's only a matter of building the new array, and resetting your
index to 0 when it's as big as the biggest found earlier.
http://www.php.net/functions
http://www.php.net/foreach
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://www.timvw.info>
attached mail follows:
* and then Tim Van Wassenhove declared....
> > I do have some code to show you but im afraid ive been going at it all
> > the wrong way so im not sure it's of any use.
>
> Do you have a clue what your code is doing? Or did you just come up with
> it? What is the use of writing code that you don't understand?
>
> Not going to do your homework, but will give you some hints:
Please dont. Thanks.
--
Nick W
attached mail follows:
* and then Ford, Mike declared....
php
> > 543 => 2
> > 432 => 2 // like here, more 2's than 1's see?
> > 566 => 2
> > 568 => 2
> > 999 => 3
> > 878 => 3
> > 444 => 3
>
> That's not terribly good, as you are using the "unknowns" (ip addresses) as keys to the "knowns" (machine IDs). It would be better keying off the machine IDs, although this does lead to a 2-level array; something like:
>
> array( 1 => array(123),
> 2 => array(543, 432, 566, 568),
> 3 => array(999, 878, 444)
> )
That's exactly what i have Mike, the above was what i had generated in
an attempt to get the ips in sequential machineId order ;-)
So, now im back to square one, do you have a suggestion as to how to
acheive the goal? -
many, many thanks..
--
Nick W
attached mail follows:
* and then Ford, Mike declared....
> > 543 => 2
> > 432 => 2 // like here, more 2's than 1's see?
> > 566 => 2
> > 568 => 2
> > 999 => 3
> > 878 => 3
> > 444 => 3
>
> That's not terribly good, as you are using the "unknowns" (ip addresses) as keys to the "knowns" (machine IDs). It would be better keying off the machine IDs, although this does lead to a 2-level array; something like:
>
> array( 1 => array(123),
> 2 => array(543, 432, 566, 568),
> 3 => array(999, 878, 444)
> )
That's exactly what i have Mike, the above was what i had generated in
an attempt to get the ips in sequential machineId order ;-)
So, now im back to square one, do you have a suggestion as to how to
acheive the goal? -
many, many thanks..
--
Nick W
attached mail follows:
* and then Nick Wilson declared....
>
> * and then Ford, Mike declared....
> php
sorry about the dupes everyone, i changed router today and resent a
whole bunch of stuff b4 i realized it wasnt goint out...
--
Nick W
attached mail follows:
i'd recommand u to use trees if u got complicated data arrays.
use tree datascturcutres... u could sort n do watever then
or jus queues or stacks depending on what u wanna do....
Try PEAR Tree class.... it might help
Hope that was usefull.
On Fri, 8 Oct 2004 20:13:10 +0200, Nick Wilson <nickstylesheet.org> wrote:
>
> * and then Nick Wilson declared....
> >
> > * and then Ford, Mike declared....
> > php
>
> sorry about the dupes everyone, i changed router today and resent a
> whole bunch of stuff b4 i realized it wasnt goint out...
>
>
> --
> Nick W
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
M.Saleh.E.G
97150-4779817
attached mail follows:
* and then M Saleh EG declared....
> i'd recommand u to use trees if u got complicated data arrays.
>
> use tree datascturcutres... u could sort n do watever then
> or jus queues or stacks depending on what u wanna do....
>
> Try PEAR Tree class.... it might help
>
> Hope that was usefull.
*very* useful, thankyou so much! ;-)
--
Nick W
attached mail follows:
I'm not sure I completely understand what is trying to be accomplished, but it sounds like some javascript could be used to do this. Basically, you'd have form a submit to form b, then form b generate a form with a few hiddens, then force a submit with javascript to form c.
-Dan Joseph
----- Original Message -----
From: "Matt M." <h.dudenessgmail.com>
Date: Friday, October 8, 2004 11:59 am
Subject: Re: [PHP] header redirect with POST?
> > Is it possible to have a form where I post variables to a processing
> > script which would then redirect to another form have variables
> posted> from the processing script? I am researching the HTTP
> header things as I
> > write this, but have not found a viable answer that is PHP only.
>
> I dont know if that is poosible. I think you would have to find a way
> to tell the browser to pass the post data.
>
> Why are you trying to do this? Why not use sessions, or the query
> string?
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
--- Jay Blanchard <jay.blanchardniicommunications.com> wrote:
> Is it possible to have a form where I post variables to a processing
> script which would then redirect to another form have variables posted
> from the processing script? I am researching the HTTP header things as I
> write this, but have not found a viable answer that is PHP only.
Luckily, this is not possible as you describe. Imagine if it were - just
by visiting a URL, I could unintentionally use Amazon's one-click
mechanism to make a purchase, even if I am a paranoid user with all
scripting disabled. That's not good.
There are ways to solve your problem, but you have to rethink your
approach a little.
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004 http://httphandbook.org/
attached mail follows:
hi all,
how do i setup a apache+php server to read aspx files
as php files?
i need it to parse aspx files.
thank you
_______________________________________________________
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/
attached mail follows:
On Fri, 2004-10-08 at 15:00 -0300, celso andrade wrote:
> hi all,
>
> how do i setup a apache+php server to read aspx files
> as php files?
>
> i need it to parse aspx files.
>
> thank you
Do you mean run aspx files?
Or just read them? If so, you should just be able to read the contents
of yourfile.aspx on the local disk.
PHP doesn't run aspx files..
-Robby
--
/***************************************
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | robbyplanetargon.com
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
****************************************/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQBBZtsG0QaQZBaqXgwRAikdAJ9x1+oXmMxee3v1HaOKq4T2SbUePQCg2biu
7gnbMIgz4QQn1xdBxnB/8q0=
=yPz4
-----END PGP SIGNATURE-----
attached mail follows:
Your question is a bit confusing.
Do you want to convert asp to php on the fly? and then parse the php
natively? Not easily done.
Or do you just want to name your files .aspx yet have php code in the files.
Easily done.
Or do you want to run aspx files natively?(if so check out the mod_mono
project).
-Brent
----- Original Message -----
From: "celso andrade" <cnldayahoo.com.br>
To: <php-generallists.php.net>
Sent: Friday, October 08, 2004 1:00 PM
Subject: [PHP] read aspx files
> hi all,
>
> how do i setup a apache+php server to read aspx files
> as php files?
>
> i need it to parse aspx files.
>
> thank you
>
>
>
>
>
>
> _______________________________________________________
> Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora!
http://br.acesso.yahoo.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
celso andrade wrote:
> hi all,
>
> how do i setup a apache+php server to read aspx files
> as php files?
>
> i need it to parse aspx files.
Find this line in httpd.conf:
AddType application/x-httpd-php .php
Add aspx extension and restart apache
attached mail follows:
Do u mean using .aspx as ur file extensions? and then setup Apache to
read them as php file?
If that's the case then ur talking about types and extension handlers.
Try or research about:
Add Type in apache docs.
and handlers.
On Fri, 08 Oct 2004 11:23:02 -0700, Robby Russell <robbyplanetargon.com> wrote:
> On Fri, 2004-10-08 at 15:00 -0300, celso andrade wrote:
> > hi all,
> >
> > how do i setup a apache+php server to read aspx files
> > as php files?
> >
> > i need it to parse aspx files.
> >
> > thank you
>
> Do you mean run aspx files?
> Or just read them? If so, you should just be able to read the contents
> of yourfile.aspx on the local disk.
>
> PHP doesn't run aspx files..
>
> -Robby
>
> --
> /***************************************
> * Robby Russell | Owner.Developer.Geek
> * PLANET ARGON | www.planetargon.com
> * Portland, OR | robbyplanetargon.com
> * 503.351.4730 | blog.planetargon.com
> * PHP/PostgreSQL Hosting & Development
> ****************************************/
>
>
>
--
M.Saleh.E.G
97150-4779817
attached mail follows:
On Fri, 8 Oct 2004 08:33:11 -0500 (CDT), Adam Williams
<awilliammdah.state.ms.us> wrote:
> So now it works except on the
> very last line it processes, it prints "does not exist", so there is still
> some sort of a hidden character but its not affecting fetching the URLs
> from the web server. so i'm still trying to figure that last line out,
> but everything else works.
>
That new problem you're having might just be an extra newline in the
file. Make sure you don't have any blank lines at the end, or check
to make sure you actually have a URL to fetch before trying to grab
it.
attached mail follows:
There is a difference between the session file existing, and the user
still having a valid session.
If the timeout has occurred, and the file has not been deleted, when the
user accesses it, the session will not show up in $_SESS[]. Which for
all intents an purposes, means the session has been deleted as far as
the script is concerned.. Now whether it gets deleted by such a direct
request, I wonder. It will get deleted by OTHER sessions be requested,
if the gc probablity works at that moment.
attached mail follows:
Anyone know why class static vars are inherited? (See code below)
class A
{
public static $CONFIG = null;
}
A::$CONFIG = "A";
class B extends A
{
public static $CONFIG = null;
}
B::$CONFIG = "B";
print ("A: " . A::$CONFIG . "<br>");
print ("B: " . B::$CONFIG . "<br>");
attached mail follows:
Hi,
I have seen this functionality in a PERL
program/script and would like to do the same
thing...but in php.
The way the script worked was, you give it a url:
http://somesite.com/pics-and-movies.html
pics-and-movies.html (the above example page) would
contain something like:
<html>
<body>
<a href=pic1.jpg> pic 1</a>
<a href=pic2.jpg> pic 2</a><br>
...
<a href=mgp1.mpg> mpg 1</a>
<a href=mpg2.mpg> mpg 2</a><br>
</body>
</html>
the scipt would find ONLY the links pointing to either
a .jpg or a .mpg and then display the size of each.
This is how far I have come:
1: via fopen download the entire page (done)
2: scan the page for all where href ends with .jpg or
mpg (cant work out logic for this)
3: send the names and url to a function to get the
sizes of each (did this with help from the php manual!
yeahhh!!)
biggest problem I have come accross is that the link
can be written like this
<a href='pic.jpg'> or
<a href="pic.jpg"> or
<a href=pic.jpg> or
<a class='blah' href='pic.jpg'>
etc
HOW are these guys doing it? anybody? (I think I need
regex here...but dont know regex :-(( )
Thanks,
Mag
=====
------
- The faulty interface lies between the chair and the keyboard.
- Creativity is great, but plagiarism is faster!
- Smile, everyone loves a moron. :-)
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
attached mail follows:
If I POST a string greater than 1000 character through a form, the
resulting string gets mangled. What I get back is the first 1000
characters of the string, then the name of the form variable, an equal
sign (=) and then the entire string again. If I change the form to a
GET, this problem does not occur.
If I add a phpinfo() call to the same page, I see that $_REQUEST and
$_POST variables are indeed mangled. However,
$_SERVER["CONTENT_LENGTH"] reports the correct string length.
I did not compile PHP with the hardened flag... adding
"varfilter.max_value_length = 5000" to the php.ini file had no effect.
I recreated this form with a Perl CGI and could not recreate the problem
in that environment.
I'm running PHP 4.3.8 with Apache 2.0.50 on Linux but it also occurred
with PHP 4.3.9 on Apache 2.0.52. However, a similarly configured (but
not identical) server running the same versions of PHP and Apache does
not exhibit this behavior.
Any assistance that can be provided would be greatly appreciated.
- Jonny Roller
attached mail follows:
Jonny Roller wrote:
> If I POST a string greater than 1000 character through a form, the
> resulting string gets mangled. What I get back is the first 1000
> characters of the string, then the name of the form variable, an equal
> sign (=) and then the entire string again. If I change the form to a
> GET, this problem does not occur.
[snip]
> I'm running PHP 4.3.8 with Apache 2.0.50 on Linux but it also occurred
> with PHP 4.3.9 on Apache 2.0.52. However, a similarly configured (but
> not identical) server running the same versions of PHP and Apache does
> not exhibit this behavior.
I remember an Apache2/PHP bug that caused issues like this with any
request variables, but I couldn't find it on bugs.php.net. Have you
reported this there, yet?
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
attached mail follows:
Hi again,
I have always been wondering how this is done properly:
Here is an example:
[snip]
class A {
function name( $a, $b, $c) {
$tmp = array();
$tmp[a] = $a;
.
array_push( $GLOBALS['XMLStack'], $tmp );
}
function parse() {
.. some definitions .
$parser->set_handler( "root/page/title", "name" );
. some more stuff here .
}
}
[/snip]
What I want is to have the callback function name as it is in the above
example. But, obviously, the above code won't work. So, how do I tell the
set_handler function that it must use the name function from the class?
Using:
"A::name" or "$this->name" (if instantiated) . how do these callback
function calls work, because the same issue is with the xml handler
functions in php4 (have not as yet been to v5).
Also, how can I get the data from the callback function out without using
$GLOBALS? I cannot just return an array, can I?
Any ideas.
Thanks so long.
Thomas
attached mail follows:
http://php.net/language.types.html#language.pseudo-types
"Thomas Hochstetter" <fisherofmengmx.net> wrote in message
news:php.general-199028news.php.net...
> Hi again,
>
> I have always been wondering how this is done properly:
>
> Here is an example:
>
> [snip]
> class A {
> function name( $a, $b, $c) {
> $tmp = array();
> $tmp[a] = $a;
> .
> array_push( $GLOBALS['XMLStack'], $tmp );
> }
>
> function parse() {
> .. some definitions .
> $parser->set_handler( "root/page/title", "name" );
> . some more stuff here .
> }
> }
> [/snip]
>
> What I want is to have the callback function name as it is in the above
> example. But, obviously, the above code won't work. So, how do I tell the
> set_handler function that it must use the name function from the class?
> Using:
> "A::name" or "$this->name" (if instantiated) . how do these callback
> function calls work, because the same issue is with the xml handler
> functions in php4 (have not as yet been to v5).
>
> Also, how can I get the data from the callback function out without using
> $GLOBALS? I cannot just return an array, can I?
>
> Any ideas.
>
> Thanks so long.
>
> Thomas
>
attached mail follows:
I'm trying to sanitize my user input. My sanitize function does not work if
I send a variable that's an array. I'm using recursion to go through the
array. The example below shows that $_POST['city'] works but $_POST['user']
doesn't work. The array comes back blank.
Anyone see what's wrong with my code?
OUTPUT:
Array
(
[city] => New York
[user] =>
)
CODE:
<?php
function sanitize($userInput = '')
{
if ( is_array($userInput) )
{
foreach ( $userInput as $key => $value )
{
sanitize( $value );
}
}
else
{
if ( get_magic_quotes_gpc() )
{
return trim( $userInput );
}
else
{
return trim( addslashes($userInput) );
}
}
}
$_POST['city'] = 'New York';
$_POST['user']['firstName'] = 'Bob';
$_POST['user']['lastName'] = 'Smith';
$_POST['user']['country'] = 'USA';
foreach ( $_POST as $key => $value )
{
$_POST[$key] = sanitize( $value );
}
echo '<pre>';
echo print_r($_POST);
echo '</pre>';
?>
attached mail follows:
Very simple :)
when recursion happens, you return the sanitized value, but never store
it ;)
zoominggamebox.net wrote:
> I'm trying to sanitize my user input. My sanitize function does not work if
> I send a variable that's an array. I'm using recursion to go through the
> array. The example below shows that $_POST['city'] works but $_POST['user']
> doesn't work. The array comes back blank.
>
> Anyone see what's wrong with my code?
>
> OUTPUT:
>
> Array
> (
> [city] => New York
> [user] =>
> )
>
> CODE:
>
> <?php
>
> function sanitize($userInput = '')
> {
> if ( is_array($userInput) )
> {
> foreach ( $userInput as $key => $value )
> {
> sanitize( $value );
> }
> }
> else
> {
> if ( get_magic_quotes_gpc() )
> {
> return trim( $userInput );
> }
> else
> {
> return trim( addslashes($userInput) );
> }
> }
> }
>
> $_POST['city'] = 'New York';
> $_POST['user']['firstName'] = 'Bob';
> $_POST['user']['lastName'] = 'Smith';
> $_POST['user']['country'] = 'USA';
>
> foreach ( $_POST as $key => $value )
> {
> $_POST[$key] = sanitize( $value );
> }
>
> echo '<pre>';
> echo print_r($_POST);
> echo '</pre>';
>
> ?>
attached mail follows:
Hi M
I don't understand. I don't think I'm storing it anywhere. I have it
looping through all the POST variables. If it's not an array then the
sanitize function returns a sanitized value. If it's an array then the
sanitize function calls itself again and again until it finds a single
variable and returns it as a sanitized value.
----- Original Message -----
From: "M. Sokolewicz" <tularisphp.net>
To: <php-generallists.php.net>
Sent: Friday, October 08, 2004 6:19 PM
Subject: [PHP] Re: Recursion to sanitize user input
> Very simple :)
> when recursion happens, you return the sanitized value, but never store
> it ;)
>
> zoominggamebox.net wrote:
>
> > I'm trying to sanitize my user input. My sanitize function does not
work if
> > I send a variable that's an array. I'm using recursion to go through
the
> > array. The example below shows that $_POST['city'] works but
$_POST['user']
> > doesn't work. The array comes back blank.
> >
> > Anyone see what's wrong with my code?
> >
> > OUTPUT:
> >
> > Array
> > (
> > [city] => New York
> > [user] =>
> > )
> >
> > CODE:
> >
> > <?php
> >
> > function sanitize($userInput = '')
> > {
> > if ( is_array($userInput) )
> > {
> > foreach ( $userInput as $key => $value )
> > {
> > sanitize( $value );
> > }
> > }
> > else
> > {
> > if ( get_magic_quotes_gpc() )
> > {
> > return trim( $userInput );
> > }
> > else
> > {
> > return trim( addslashes($userInput) );
> > }
> > }
> > }
> >
> > $_POST['city'] = 'New York';
> > $_POST['user']['firstName'] = 'Bob';
> > $_POST['user']['lastName'] = 'Smith';
> > $_POST['user']['country'] = 'USA';
> >
> > foreach ( $_POST as $key => $value )
> > {
> > $_POST[$key] = sanitize( $value );
> > }
> >
> > echo '<pre>';
> > echo print_r($_POST);
> > echo '</pre>';
> >
> > ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
The recursion doesn't do anything with the returned value from the function.
attached mail follows:
Simple your code should look like this:
...
if ( is_array($userInput) )
{
foreach ( $userInput as $key => $value )
{
return sanitize( $value ); //<-------- needed to return it or
else its not recurssive
}
}
else
{
...
.
Should work, not tested.
Best,
Yoed
-----Original Message-----
From: zoominggamebox.net [mailto:zoominggamebox.net]
Sent: Friday, October 08, 2004 5:15 PM
To: php-generallists.php.net
Subject: [PHP] Recursion to sanitize user input
I'm trying to sanitize my user input. My sanitize function does not work if
I send a variable that's an array. I'm using recursion to go through the
array. The example below shows that $_POST['city'] works but $_POST['user']
doesn't work. The array comes back blank.
Anyone see what's wrong with my code?
OUTPUT:
Array
(
[city] => New York
[user] =>
)
CODE:
<?php
function sanitize($userInput = '')
{
if ( is_array($userInput) )
{
foreach ( $userInput as $key => $value )
{
sanitize( $value );
}
}
else
{
if ( get_magic_quotes_gpc() )
{
return trim( $userInput );
}
else
{
return trim( addslashes($userInput) );
}
}
}
$_POST['city'] = 'New York';
$_POST['user']['firstName'] = 'Bob';
$_POST['user']['lastName'] = 'Smith';
$_POST['user']['country'] = 'USA';
foreach ( $_POST as $key => $value )
{
$_POST[$key] = sanitize( $value );
}
echo '<pre>';
echo print_r($_POST);
echo '</pre>';
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
* Thus wrote Yoed Anis:
> Simple your code should look like this:
>
> ...
> if ( is_array($userInput) )
> {
> foreach ( $userInput as $key => $value )
> {
> return sanitize( $value ); //<-------- needed to return it or
> else its not recurssive
This is wrong, only the first item of each array will ever be seen.
Curt
--
The above comments may offend you. flame at will.
attached mail follows:
it should be this i think:
foreach ( $userInput as $key => $value )
{
$newvalue[] = sanitize( $value );
}
return $newvalue // returns an array - since this is the only
way to get all veriables from the function
}
else
I could be wrong but the only way it would work for the code you have
writen would be to return an array of all the sanatized strings
attached mail follows:
this would probably be even better:
foreach ( $userInput as $key => $value )
{
$newvalue[$key] = sanitize( $value ); // reassign key with
sanatized value
}
return $newvalue // return array with sanatized $key => $value pairs
}
else
My 2 cents:
attached mail follows:
foreach ( $userInput as $key => $value )
{
$newvalue[$key] = sanitize( $value );
}
return $newvalue;
attached mail follows:
Hi Comex
Thanks! That worked! Robet you almost had it but missing the $key in
$newvalue[$key].
----- Original Message -----
From: "Comex" <comexkgmail.com>
To: <php-generallists.php.net>
Sent: Friday, October 08, 2004 8:05 PM
Subject: Re: [PHP] Recursion to sanitize user input
> foreach ( $userInput as $key => $value )
> {
> $newvalue[$key] = sanitize( $value );
> }
> return $newvalue;
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
Hello,
I'm in the process of hooking up my own personal web server for use by
certain clients to view the progress on work I'm doing for them. However,
I'm on a shared network that is behind a firewall and some computers on the
network need to stay secure as possible. I've heard that if you gain access
to one computer, the whole thing is vulnerable.
I've going to be running Apache with PHP on my Windows box that has
antivirus all set up and whatnot. My question comes in terms of port
security. Since I'll be having the port open for Apache, I want to make sure
nothing naughty gets through the port. What should I do to secure it to the
best ability? Is there any special firewall I can use or any special tricks
I should do? How should I configure Apache and PHP in order to keep it as
secure as possible but still functional?
I have considered using Linux, but until I can get myself a separate
computer box to dedicate to the server, I'm stuck with using my personal
computer as the server as well and all my programs/games need Windows.
Any help here would be greatly appreciated.
Thanks,
Stephen Craton
attached mail follows:
Hi,
This is some what off topic.
Stephen Craton wrote:
>Hello,
>
>I'm in the process of hooking up my own personal web server for use by
>certain clients to view the progress on work I'm doing for them. However,
>I'm on a shared network that is behind a firewall and some computers on the
>network need to stay secure as possible. I've heard that if you gain access
>to one computer, the whole thing is vulnerable.
>
>
It depends on the configuration of your other machines.
>I've going to be running Apache with PHP on my Windows box that has
>
>
if you are concerned about security windows is out.
>antivirus all set up and whatnot. My question comes in terms of port
>security. Since I'll be having the port open for Apache, I want to make sure
>nothing naughty gets through the port.
>
This is pretty hard to do. Once you open the port you allow virtually
anything through but on linux iptables can do some basic checks against
malformed packets etc.
> What should I do to secure it to the
>best ability? Is there any special firewall I can use or any special tricks
>I should do? How should I configure Apache and PHP in order to keep it as
>secure as possible but still functional?
>
>I have considered using Linux, but until I can get myself a separate
>computer box to dedicate to the server, I'm stuck with using my personal
>computer as the server as well and all my programs/games need Windows.
>
>
how about getting a low cost shared hosting solution instead?
>Any help here would be greatly appreciated.
>
>Thanks,
>Stephen Craton
>
>
>
--
Raditha Dissanayake.
------------------------------------------------------------------------
http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
attached mail follows:
Hi there,
I'd agree with Radhita saying "how about getting a low cost shared
hosting solution instead?"
but plz Radhita, don't bring your biased opinions about MS vs
Opensource or Linux vs Windows over here. It's so subjective and plus
gets an off-topic topic more off !
We all benefit from this valuable list so plz dont make your posts a flood!
On Sat, 09 Oct 2004 07:29:11 +0600, raditha dissanayake
<jabberraditha.com> wrote:
> Hi,
> This is some what off topic.
>
> Stephen Craton wrote:
>
> >Hello,
> >
> >I'm in the process of hooking up my own personal web server for use by
> >certain clients to view the progress on work I'm doing for them. However,
> >I'm on a shared network that is behind a firewall and some computers on the
> >network need to stay secure as possible. I've heard that if you gain access
> >to one computer, the whole thing is vulnerable.
> >
> >
> It depends on the configuration of your other machines.
>
> >I've going to be running Apache with PHP on my Windows box that has
> >
> >
> if you are concerned about security windows is out.
>
> >antivirus all set up and whatnot. My question comes in terms of port
> >security. Since I'll be having the port open for Apache, I want to make sure
> >nothing naughty gets through the port.
> >
> This is pretty hard to do. Once you open the port you allow virtually
> anything through but on linux iptables can do some basic checks against
> malformed packets etc.
>
> > What should I do to secure it to the
> >best ability? Is there any special firewall I can use or any special tricks
> >I should do? How should I configure Apache and PHP in order to keep it as
> >secure as possible but still functional?
> >
> >I have considered using Linux, but until I can get myself a separate
> >computer box to dedicate to the server, I'm stuck with using my personal
> >computer as the server as well and all my programs/games need Windows.
> >
> >
> how about getting a low cost shared hosting solution instead?
>
> >Any help here would be greatly appreciated.
> >
> >Thanks,
> >Stephen Craton
> >
> >
> >
>
> --
> Raditha Dissanayake.
> ------------------------------------------------------------------------
> http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
> Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
> Graphical User Inteface. Just 128 KB | with progress bar.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
M.Saleh.E.G
97150-4779817
attached mail follows:
I agree on the whole MS opinions bit. I also agree about it being off topic,
and meant to open it by saying that, but I erased it in fear PHP would
consider it OT and become all mad and whatnot.
The only problem with the shared hosting idea is that I would have to take
time to upload and setup the MySQL tables all over again when I want to
update my work.
On the other hand, if I locally host it, I just have to link them to my IP
or domain pointing to my IP and they can see it straight off my machine.
Any other suggestions?
------------------------------------
Stephen Craton
webmastermelchior.us
IM: webmastermelchior.us
http://www.melchior.us
------------------------------------
-----Original Message-----
From: M Saleh EG [mailto:m.saleh.eggmail.com]
Sent: Friday, October 08, 2004 8:40 PM
To: jabberraditha.com
Cc: Stephen Craton; php-generallists.php.net
Subject: Re: [PHP] Securing Servers
Hi there,
I'd agree with Radhita saying "how about getting a low cost shared
hosting solution instead?"
but plz Radhita, don't bring your biased opinions about MS vs
Opensource or Linux vs Windows over here. It's so subjective and plus
gets an off-topic topic more off !
We all benefit from this valuable list so plz dont make your posts a flood!
On Sat, 09 Oct 2004 07:29:11 +0600, raditha dissanayake
<jabberraditha.com> wrote:
> Hi,
> This is some what off topic.
>
> Stephen Craton wrote:
>
> >Hello,
> >
> >I'm in the process of hooking up my own personal web server for use by
> >certain clients to view the progress on work I'm doing for them. However,
> >I'm on a shared network that is behind a firewall and some computers on
the
> >network need to stay secure as possible. I've heard that if you gain
access
> >to one computer, the whole thing is vulnerable.
> >
> >
> It depends on the configuration of your other machines.
>
> >I've going to be running Apache with PHP on my Windows box that has
> >
> >
> if you are concerned about security windows is out.
>
> >antivirus all set up and whatnot. My question comes in terms of port
> >security. Since I'll be having the port open for Apache, I want to make
sure
> >nothing naughty gets through the port.
> >
> This is pretty hard to do. Once you open the port you allow virtually
> anything through but on linux iptables can do some basic checks against
> malformed packets etc.
>
> > What should I do to secure it to the
> >best ability? Is there any special firewall I can use or any special
tricks
> >I should do? How should I configure Apache and PHP in order to keep it as
> >secure as possible but still functional?
> >
> >I have considered using Linux, but until I can get myself a separate
> >computer box to dedicate to the server, I'm stuck with using my personal
> >computer as the server as well and all my programs/games need Windows.
> >
> >
> how about getting a low cost shared hosting solution instead?
>
> >Any help here would be greatly appreciated.
> >
> >Thanks,
> >Stephen Craton
> >
> >
> >
>
> --
> Raditha Dissanayake.
> ------------------------------------------------------------------------
> http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
> Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
> Graphical User Inteface. Just 128 KB | with progress bar.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
M.Saleh.E.G
97150-4779817
attached mail follows:
Stephen Craton wrote:
> I agree on the whole MS opinions bit. I also agree about it being off topic,
> and meant to open it by saying that, but I erased it in fear PHP would
> consider it OT and become all mad and whatnot.
>
> The only problem with the shared hosting idea is that I would have to take
> time to upload and setup the MySQL tables all over again when I want to
> update my work.
>
> On the other hand, if I locally host it, I just have to link them to my IP
> or domain pointing to my IP and they can see it straight off my machine.
>
> Any other suggestions?
Not to start a flame war, but most on this list who will place the value
of security of one OS over another do so because they've worked with the
OS' they have opinions on. Bias doesn't really come into play.
With that aside, before you decide to take on the task of hosting out of
your house (office?), security isn't really the first question you
should ask yourself.
First, do you have the pipe to support it? There may be some broadband
providers out there who will guarantee a certain upstream, but I've yet
to see one. Even with business plans all the ones I know of will tell
you that you _can_ get up to xxx kb/s. Take it from someone who hosted
just three sites off a cable connection, the bandwidth just isn't there.
Chances are, you're going to need a T-1, or at least a fractional.
Are you willing to spend that type of money?
Second, are you going to provide email with this hosting? Do you have
the experience with a MTA for multiple domains?
Third, hardware. We're not talking about a Dell desktop PC here. More
up front cash.
Fourth, time. Running your own hosting is a pain in the neck. Where I
work now, I wear the hats of both programmer and sysadmin, and managing
our domains, takes up a good portion of my time.
I understand where you're coming from...wanting to do it yourself, have
it locally and all, but unless you're planning on making this a full
time business, it's really not worth it. Even if you want it to be
_your_ box, co-location is probably a better solution...takes a lot of
the worry out of your hands. Personally, I wouldn't even do that
though. I'd look at a place like JTL or Rackspace, and just go with
their managed hosting...you have total control of the box.
Not that I went OT here. ;)
--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
attached mail follows:
Thanks for the reply, and forgive me if I top post, just a bad habit. I
think my original intention has been misunderstood. :)
I don't plan on starting my own hosting business at all, I just want to
allow access to my own personal Apache server to show the clients I am
working for the work I've completed on their project so far. Kind of like
showing the progress of the blueprints of a house. I don't plan to host the
end result, just like the constructor doesn't plan to build the house on top
of the blue prints. I seem to like analogies tonight. :)
I have a cable connection and a custom built PC, with a hullava lot of RAM
and processing power (1gb and 3ghz). Basically, I just want to know how to
secure the server so that they don't get access to other computers within
our network. :)
------------------------------------
Stephen Craton
webmastermelchior.us
IM: webmastermelchior.us
http://www.melchior.us
------------------------------------
attached mail follows:
Stephen Craton wrote:
> Thanks for the reply, and forgive me if I top post, just a bad habit. I
> think my original intention has been misunderstood. :)
>
> I don't plan on starting my own hosting business at all, I just want to
> allow access to my own personal Apache server to show the clients I am
> working for the work I've completed on their project so far. Kind of like
> showing the progress of the blueprints of a house. I don't plan to host the
> end result, just like the constructor doesn't plan to build the house on top
> of the blue prints. I seem to like analogies tonight. :)
>
> I have a cable connection and a custom built PC, with a hullava lot of RAM
> and processing power (1gb and 3ghz). Basically, I just want to know how to
> secure the server so that they don't get access to other computers within
> our network. :)
Well, outside of the topics discussed on these pages (you are using
Apache, right? I hope?)...
http://us4.php.net/manual/en/security.php
http://httpd.apache.org/docs/misc/security_tips.html
http://dev.mysql.com/doc/mysql/en/Security.html
Securing the rest of your box would be too off topic (the MySQL and
Apache part are OT too, but we've changed this list to the
PHP/MySQL/Apache list ;)
--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
attached mail follows:
Ah yes, thank you for the links, just what I was looking for. Now to use
some sort of uber cool part of my brain to translate unix command line and
paths to Windows command line commands and paths.
------------------------------------
Stephen Craton
webmastermelchior.us
IM: webmastermelchior.us
http://www.melchior.us
------------------------------------
-----Original Message-----
From: John Nichel [mailto:jnichelby-tor.com]
Sent: Friday, October 08, 2004 10:09 PM
To: PHP List
Subject: Re: [PHP] Securing Servers
Stephen Craton wrote:
> Thanks for the reply, and forgive me if I top post, just a bad habit. I
> think my original intention has been misunderstood. :)
>
> I don't plan on starting my own hosting business at all, I just want to
> allow access to my own personal Apache server to show the clients I am
> working for the work I've completed on their project so far. Kind of like
> showing the progress of the blueprints of a house. I don't plan to host
the
> end result, just like the constructor doesn't plan to build the house on
top
> of the blue prints. I seem to like analogies tonight. :)
>
> I have a cable connection and a custom built PC, with a hullava lot of RAM
> and processing power (1gb and 3ghz). Basically, I just want to know how to
> secure the server so that they don't get access to other computers within
> our network. :)
Well, outside of the topics discussed on these pages (you are using
Apache, right? I hope?)...
http://us4.php.net/manual/en/security.php
http://httpd.apache.org/docs/misc/security_tips.html
http://dev.mysql.com/doc/mysql/en/Security.html
Securing the rest of your box would be too off topic (the MySQL and
Apache part are OT too, but we've changed this list to the
PHP/MySQL/Apache list ;)
--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
I've a Redhat9 and installed MySQL 4.0 from source and Apache 1.3 from source.
I also downloaded the PHP5.0.2 source and attempted to compile it.
Apache and MySQL are installed successfully, as they all work without any noticeable errors.
This is how I configured PHP5
./configure --prefix=/PHP5 --with-mysql=<mysql path>
when I ran "make", I got an error. It was regarding one of the functions, make tried to compile mysql_create_db and mysql_drop_db(functions that are no longer provided by the MySQL4.0 client).
When I checked the source code(the c and h files), there was this line,
#if MYSQL_VERSION_ID < 40000
which was enclosed in the declaration of the function prototypes
PHP_FUNCTION(mysql_create_db)
PHP_FUNCTION(mysql_drop_db)
in php_mysql.h
and also around the implemention of the functions
PHP_FUNCTION(mysql_create_db)
PHP_FUNCTION(mysql_drop_db)
in php_mysql.c
The problem I seem to have is that MYSQL_VERSION_ID is never defined? Perhaps this is due to the fact that I compiled MySQL 4.0 from source and may have skipped a step... but where is MYSQL_VERSION_ID supposed to be defined or retrieved?
typing
echo $MYSQL_VERSION_ID
in bash got me a blank line.
I managed to comment out those functions in the header and the c files and "make" and "make install" ran flawlessly.
Could this be a bug?
-Mark
attached mail follows:
Hi,
I have PHP 4.3.5 and safe mode on. When I create a new image with
imagecreatefromjpeg(), the image owner is 'httpd' and not my ftp user.
[this is in a shared host].
I would like to know if there is any way to create the image with my
user... I can workaround mkdir & stuff with ftp access but i can't
figure out a workaround this 'problem' caused by safe mode.
Any sugestion?
TIA,
Paulo JF Silva
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]