OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
php-general Digest 6 Jan 2005 04:56:56 -0000 Issue 3211

php-general-digest-helplists.php.net
Date: Wed Jan 05 2005 - 22:56:56 CST


php-general Digest 6 Jan 2005 04:56:56 -0000 Issue 3211

Topics (messages 205677 through 205708):

XML Filters for illegal characters
        205677 by: Jones, Douglas 1
        205679 by: John Holmes
        205682 by: Jones, Douglas 1
        205684 by: Jason Barnett
        205690 by: Jones, Douglas 1
        205693 by: John Holmes

Regular help
        205678 by: Uroš Gruber
        205680 by: M. Sokolewicz
        205681 by: John Holmes
        205685 by: John Holmes

Re: SSL
        205683 by: Jamie Alessio

Re: How to argue with ASP people...
        205686 by: Chris Shiflett
        205697 by: Richard Lynch

Re: PHP cacher?
        205687 by: Matthew Weier O'Phinney
        205688 by: Kimmo Alm
        205706 by: Matthew Weier O'Phinney
        205708 by: Kimmo Alm

Re: [PHP-INSTALL] Compile Errors on Solaris 9
        205689 by: Andrew Kreps

Re: php ignores php_value from httpd.conf?
        205691 by: Steve Kieu

Php 400 error with suexec/cgi
        205692 by: Aurélien Cabezon

compilation of 4.3.10 fails at zend_strtod.c
        205694 by: Nat Irons

Re: Persistent PHP web application?
        205695 by: Richard Lynch
        205698 by: Rasmus Lerdorf
        205700 by: Richard Lynch
        205702 by: Rasmus Lerdorf

Re: making FORM dissapear when successful login
        205696 by: Richard Lynch
        205705 by: Jerry Kita
        205707 by: JHollis

Re: Saving Files
        205699 by: Richard Lynch

Re: whats happen fsockopen function?
        205701 by: Richard Lynch

Apache won't start after upgrading to 4.3.10
        205703 by: Matt Blasinski

endless while loop
        205704 by: Gunter Sammet

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
        php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:


Hello,

I'm wondering if anyone knows of a filter that can take data to be wrapped in XML tags and filter this data encoding any illegal XML characters or, if they cannot be encoded, remove them. The problem I have is a database that contains text that must be wrapped in XML. Some of this text has illegal characters in it (probably copied from MS Word). Some of the characters that keep popping up are not very frequently used, so I'm hoping whatever filters get suggested, they can simply strip out these characters if they cannot encode them.

thanks for your help.

--
Doug Jones
Co-Op Web Developer
douglas.1.joneslmco.com

attached mail follows:


Jones, Douglas 1 wrote:
> I'm wondering if anyone knows of a filter
> that can take data to be wrapped in XML tags
> and filter this data encoding any illegal XML characters

Have you tried htmlentities()?

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:


Yes, I have tried htmlentities. Unfortunately it doesn't seem to be catching the characters that are plaguing my program.

--
Doug Jones
Co-Op Web Developer
douglas.1.joneslmco.com

-----Original Message-----
From: John Holmes [mailto:holmes072000charter.net]
Sent: Wednesday, January 05, 2005 11:32 AM
To: Jones, Douglas 1
Cc: php-generallists.php.net
Subject: Re: [PHP] XML Filters for illegal characters

Jones, Douglas 1 wrote:
> I'm wondering if anyone knows of a filter
> that can take data to be wrapped in XML tags
> and filter this data encoding any illegal XML characters

Have you tried htmlentities()?

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:


Douglas 1 Jones wrote:
> Hello,
>
> I'm wondering if anyone knows of a filter that can take data to be wrapped in XML tags and filter this data encoding any illegal XML characters or, if they cannot be encoded, remove them. The problem I have is a database that contains text that must be wrapped in XML. Some of this text has illegal characters in it (probably copied from MS Word). Some of the characters that keep popping up are not very frequently used, so I'm hoping whatever filters get suggested, they can simply strip out these characters if they cannot encode them.
>
> thanks for your help.
>
>

Perhaps I am misunderstanding your problem, so let me ask it another
way. Is the problem that you are getting characters entered into the
database that are encoded in one way (e.g. UTF-8) when you expected the
characters to be encoded in another way (e.g. ISO-8859-1)?

--
Teach a person to fish...

Ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html
PHP Manual: http://php.net/manual/
php-general archives: http://marc.theaimsgroup.com/?l=php-general&w=2

attached mail follows:


>Perhaps I am misunderstanding your problem, so let me ask it another
>way. Is the problem that you are getting characters entered into the
>database that are encoded in one way (e.g. UTF-8) when you expected the
>characters to be encoded in another way (e.g. ISO-8859-1)?

No, the problem involves characters in the text that are Illegal XML characters much like "&" is an Illegal XML character. Only, the one the character that my software is reporting as illegal is apparently not one that is caught by the normal filters (like htmlentities or even some functions specifically coded for XML that I found on the PHP.net website). I think the problem with the filters that I have tried is that they only attempt to change entities that are can be encoded to something XML safe. Ideally, what I want is something that just removes the offending character if it cannot make it safe for XML. So, say & is made into & but an unexpected symbol is simply removed. For example (suppose "^" is a symbol that cannot be encode for this example):

input: "str&ing"
output: "str&ing"

input: "str^ing"
output: "string"

I hope this makes things clear. I think that a function just like htmlentities but one that just removes characters that are illegal but can not be fixed would be the ideal solution.

If anyone needs further clarification, I would be happy to try to provide it.

--
Doug Jones
Co-Op Web Developer
douglas.1.joneslmco.com

attached mail follows:


Jones, Douglas 1 wrote:
> I think that a function just like htmlentities but one
> that just removes characters that are illegal but can not
> be fixed would be the ideal solution.

How do you define what can and cannot be fixed, though? You'd have to
know the "bad" characters and in that case, a simple str_replace() is
all you need.

$bad_characters = array('^','*','#');
$text = str_replace($bad_characters,'',$text);
$text = htmlentities($text);

Or, since you don't really know what's "bad" then you'd want to define
what's good. You could use get_html_translation_table() to find
everything that htmlentities() will convert and then combine those
characters, alphanumeric characters and whitespace into a preg_replace
to match anything that's *not* one of those characters and erase it.

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:


Hello!

I'm pulling my hair so please help.

I need correct regular expression to get string between "

but if I use 2 pair of " must also work

"this is" "some kind" "of a test"

matches would be

this is
some kind
of a test

I hope somebody have and idea, because I can only get one or
everything from first " to the last one.

regards Uros

attached mail follows:


preg_match_all('/"(.+)"/U', $string, $result);

Uroš Gruber wrote:
> Hello!
>
> I'm pulling my hair so please help.
>
> I need correct regular expression to get string between "
>
> but if I use 2 pair of " must also work
>
> "this is" "some kind" "of a test"
>
> matches would be
>
> this is
> some kind
> of a test
>
>
> I hope somebody have and idea, because I can only get one or everything
> from first " to the last one.
>
> regards Uros

attached mail follows:


Uroš Gruber wrote:
> I need correct regular expression to get string between "
>
> but if I use 2 pair of " must also work
>
> "this is" "some kind" "of a test"
>
> matches would be
>
> this is
> some kind
> of a test

preg_match_all('/"[^"]*"/',$text,$matches);

[^"]* matches anything that is not a double quote

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:


M. Sokolewicz wrote:
> Uroš Gruber wrote:
>> I need correct regular expression to get string between "
>>
>> but if I use 2 pair of " must also work
>>
>> "this is" "some kind" "of a test"
>>
>> matches would be
>>
>> this is
>> some kind
>> of a test
>
> preg_match_all('/"(.+)"/U', $string, $result);
>

If the text between quotes can include newlines, you'll want to use

preg_match_all('/"(.+)"/Us', $string, $result);

or what I replied with in my other post. :)

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

attached mail follows:


> Thinking of going from http to https on the server.
> Would there be any differences in my php-code from now?
>
Switching from http to https shouldn't require any big changes to your
PHP code. The PHP code itself doesn't care that it is being accessed via
a https url - your webserver takes care of all that before/after
invoking PHP.

A few things you might need to watch out for:
- If you have hard links to http://yoursite.com/page.php instead of
relative links to just "page.php" then users will be directed away from
https and to http when they follow links on the site. You probably don't
want this and it will cause browser security warnings in many cases.
Even if you have a lot of these you might be able to get around it by
using apache's mod_rewrite to redirect all http requests over to https.

- Similarly, be careful about references to external files in your final
html output. This includes images, style sheets and javascript includes.
Make all references relative so that browsers won't display an error to
the effect of "some of the content on this page is secure and some of it
isn't".

- I have used a wysiwyg html editor as a text area replacement and had
trouble with SSL warnings in IE because of <iframe> tags. Just something
to keep in mind if you're using complex third-party php/javascript
applications
(http://wysiwygpro.com/xForum/topic.asp?TOPIC_ID=69&SearchTerms=iframe).

I worked on a large code base that ran via http on my local dev server
and via https on the live server and it wasn't a problem. The PHP code
works the same regardless of whether the traffic between the web server
and the browser is encrypted or not.

- Jamie

> Thinking of going from http to https on the server. My question is: Would
> there be any differences in my php-code from now?
>
> /G
> varupiraten.se
>

attached mail follows:


--- Sagar C Nannapaneni <sagarrythumithra.com> wrote:
> I just had an argument with my collegue (who is ASP
> programmer). He said that in ASP he can use a global
> variable to store the counter and then when the IIS is
> shutting down he can grab that event and dump the
> counter variable to a text file. I just betted him that
> i can also do that with PHP.

This just demonstrates that your colleague may not really know what a
global variable is - what is really happening. Not understanding the
underlying mechanism certainly isn't a unique characteristic of ASP
developers (many PHP developers are guilty of the same), but it seems to
be more prevalent among them. I credit this mostly to the unnecessary
abstraction of details in the language.

Of course, this comes down to a difference in perspective. ASP development
places more responsibility on the language and less on the developer -
much like Java. It is safer. PHP places more responsibility on the
developer and less on the language - much like C. It is more flexible. As
a manager, you like ASP and Java, because they limit the likelihood of
your developers making a mistake. As a developer, you like PHP and C,
because you want the power and flexibility, and you have confidence in
yourself.

This isn't true for everyone. Some managers are technically astute and
choose flexibility over safety, having confidence in their ability to
manage the project as well as hire skilled developers. Some developers
choose safety over flexibility, because they see programming as a job, not
a craft, and they're not looking to impress anyone - they just want a
paycheck.

Ask your colleague if there is a tradeoff concerning the convenience of a
persistent process when it comes to performance and scaling issues. There
are advantages and disadvantages to each, and PHP certainly doesn't win on
all fronts.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/

attached mail follows:


It should be noted that the MS KnowledgeBase article about trying to do a
dynamic include (as of when I last used ASP, years ago) made absolutely NO
mention of using:

<!--#include <%=FileName%> --!>

and tells you to just 'read' and 'print' the file -- which doesn't execute
the ASP at all, and there is no 'eval' function (as far as I could find).

So, assuming this #include stuff actually works, I guess it's just the
documentation that sucked, not the actual technology.

For *THIS* problem.

I fought with ASP for only a few months, but it felt like years, and I
hated every minute of it.

I actually wrote comments in ASP like:

<% /*
Microsoft sucks, Microsoft sucks
Can't moveFirst in an empty record set
*/ %>

My co-workers knew when such comments were written, since I would sing
them as I typed. (Yes, really)

I had a lonnnnnnnnnng song before that two months was up...

"Boolean expressions don't short-circuit" is another verse I recall, off
the top of my head.

Sadly, I lost all my copies of that song/project.

Oh well.

If somebody out there actually *LIKES* ASP VBScript programming, more
power to them -- So long as I don't have to ever use it again, I don't
care what you use.

Oh yeah, here's a good one:

*EVERY* error message coming back from SQL Server had the same error
number -- Even when the error *message* was different! That's got to be
in the running for dumbest software design choice on the planet.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


* Kimmo Alm <kimmo.almbredband.net>:
> Hello!
>
> I've been looking for some PHP cache software for a while now, and I just
> can't seem to find one suitable for my setup.
>
> I run PHP 5.x on FreeBSD 4.x with Apache 2.x. I don't particularly fancy
> the Linux compability, but rather would prefer a native solution.
>
> It must be free (no charge)...

http://eaccelerator.sourceforge.net/Home

> PS: How come that this isn't included in PHP itself, just as there's
> mod_deflate for Apache 2?

Probably because it's overkill for most sites.

--
Matthew Weier O'Phinney | mailto:matthewgarden.org
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org

attached mail follows:


On 5 Jan 2005 17:28:42 -0000, Matthew Weier O'Phinney <matthewgarden.org>
wrote:

> * Kimmo Alm <kimmo.almbredband.net>:
>> Hello!
>>
>> I've been looking for some PHP cache software for a while now, and I
>> just
>> can't seem to find one suitable for my setup.
>>
>> I run PHP 5.x on FreeBSD 4.x with Apache 2.x. I don't particularly fancy
>> the Linux compability, but rather would prefer a native solution.
>>
>> It must be free (no charge)...
>
> http://eaccelerator.sourceforge.net/Home
>

I was happy when you showed me that link, as I had managed to not find
that particular accelerator software.

However, that ALSO doesn't seem to support PHP 5 and says nothing about
FreeBSD.

>> PS: How come that this isn't included in PHP itself, just as there's
>> mod_deflate for Apache 2?
>
> Probably because it's overkill for most sites.
>

Well... it should still be available as an option.

attached mail follows:


* Kimmo Alm <kimmo.almbredband.net>:
> On 5 Jan 2005 17:28:42 -0000, Matthew Weier O'Phinney <matthewgarden.org>
> wrote:
> > * Kimmo Alm <kimmo.almbredband.net>:
> > > I've been looking for some PHP cache software for a while now, and
> > > I just can't seem to find one suitable for my setup.
> > >
> > > I run PHP 5.x on FreeBSD 4.x with Apache 2.x. I don't particularly fancy
> > > the Linux compability, but rather would prefer a native solution.
> > >
> > > It must be free (no charge)...
> >
> > http://eaccelerator.sourceforge.net/Home
>
> I was happy when you showed me that link, as I had managed to not find
> that particular accelerator software.
>
> However, that ALSO doesn't seem to support PHP 5 and says nothing about
> FreeBSD.

I don't mean to be rude, but how deep did you dig into that site?

It *does* support PHP5, as of 0.9.1. It was for that reason that it came
into being -- it forked off of Turckk mmcache because no progress was
being made on PHP5 compatability.

Also -- of the two items in the FAQ, one *specifically* addresses
compiling for FreeBSD.

--
Matthew Weier O'Phinney | mailto:matthewgarden.org
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org

attached mail follows:


On 6 Jan 2005 03:02:10 -0000, Matthew Weier O'Phinney <matthewgarden.org>
wrote:

> * Kimmo Alm <kimmo.almbredband.net>:
>> On 5 Jan 2005 17:28:42 -0000, Matthew Weier O'Phinney
>> <matthewgarden.org>
>> wrote:
>> > * Kimmo Alm <kimmo.almbredband.net>:
>> > > I've been looking for some PHP cache software for a while now, and
>> > > I just can't seem to find one suitable for my setup.
>> > >
>> > > I run PHP 5.x on FreeBSD 4.x with Apache 2.x. I don't particularly
>> fancy
>> > > the Linux compability, but rather would prefer a native solution.
>> > >
>> > > It must be free (no charge)...
>> >
>> > http://eaccelerator.sourceforge.net/Home
>>
>> I was happy when you showed me that link, as I had managed to not find
>> that particular accelerator software.
>>
>> However, that ALSO doesn't seem to support PHP 5 and says nothing about
>> FreeBSD.
>
> I don't mean to be rude, but how deep did you dig into that site?
>
> It *does* support PHP5, as of 0.9.1. It was for that reason that it came
> into being -- it forked off of Turckk mmcache because no progress was
> being made on PHP5 compatability.
>
> Also -- of the two items in the FAQ, one *specifically* addresses
> compiling for FreeBSD.
>

Hmm... I'm very sorry if this is the case, which it probably is.

I looked through the entire site (all I could find), and even downloaded
the latest package and read the README.

Quote: "Requirements
------------
apache 1.3, mod_php 4.1, autoconf, automake, libtool, m4"

This is where I stopped reading. Perhaps it was a stupid thing to do.

Thanks again for the tip. Since you're most likely right, I'll dig in
further into the docs.

But on my side, the requirements aren't exactly clear in any way...

attached mail follows:


On Wed, 5 Jan 2005 10:17:29 -0800, H. Scott Brown <hs.brownsmius.com> wrote:
> Hi, List,
>
> I need some help with compilation.
>
> ./configure runs fine, in the following manner (4.3.10):
>
[snip]
> *** Error code 1
> make: Fatal error: Command failed for target `ext/zlib/zlib.lo'
>
> Any ideas? I really need to get this going ASAP. I'll post it here first,
> but it looks like a bug?

I once had a similar problem, although not on Solaris. Have you tried
using --with-zlib or --with-zlib=shared?

attached mail follows:


 --- Sebastian <sebastianbroadbandgaming.net> wrote:
> hmm i never even knew you can put that in there..

Yes according to php official manual you can
<quote Chapter 4 Runtime configuration How to change
configuration setting>
When using PHP as an Apache module, you can also
change the configuration settings using directives in
Apache configuration files (e.g. httpd.conf) and
.htaccess files. You will need "AllowOverride Options"
or "AllowOverride All" privileges to do so.
</quote>

> always used .htaccess or
> in the php.ini
> i've never seen anyone do it in the httpd.conf.
I will try to do it in .htaccess to see but doubt that
it works when in httpd.conf not work.
 
> also you shouldn't quote the value.. you might also

Unquoting it does not solve the problem.

> need to increase
> post_max_size

Will try it. But not only upload_max_filesize; I used
to specify open_dir as well.
 
Thank you for reply.

Kind regards,

=====
S.KIEU

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

attached mail follows:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have set up an Apache 1.3.33 with PHP 4.3.10 patched for suexec. Php
run as CGI. Some of my visitors got this [1] error (code 400). When they
turn "http/1.1" option ON with IE, the error disapear. Google's crawlers
~ also get the 400 error. What can i do ? I have played with php/cgi
redirect option (in php.ini), but nothing is better. Any suggestion ?

Thanks very much,
- -Acz

Error [1]
- -------------------------------------------------------
Security Alert! The PHP CGI cannot be accessed directly.

This PHP CGI binary was compiled with force-cgi-redirect enabled. This
means that a page will only be served up if the REDIRECT_STATUS CGI
variable is set, e.g. via an Apache Action directive.

For more information as to why this behaviour exists, see the manual
page for CGI security.

For more information about changing this behaviour or re-enabling this
webserver, consult the installation file that came with this
distribution, or visit the manual page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB3Ftm2e0VO2fZtNYRAtQMAJ9GlpfSai6WfNMvK4DnuJbM3bWOCwCfTCAr
e7CttCMMRB1tKvoZPBYMh1U=
=9a2E
-----END PGP SIGNATURE-----

attached mail follows:


I have a production server running Mac OS X Server 10.2.8 and PHP 4.3.9.
Building 4.3.10 fails, along the same lines as this report from last
week to php-install:

  http://marc.theaimsgroup.com/?l=php-install&m=110351226709409&w=2

Several closed bugs seem to refer to this problem, for instance:

  http://bugs.php.net/bug.php?id=30927

which suggests it should have been fixed in CVS by of Dec 1, 2004. Mr.
Byrne discovered otherwise with 200412200130, but I confirmed that it
apparently has been fixed by stable-200412292330.

So, I seem to be faced with the choice of either putting a snapshot into
production, or waiting for the next regularly scheduled PHP release to
resolve ostensibly high-priority security problems. Is there a third
option?

Thanks,

  -nat

attached mail follows:


Rasmus Lerdorf wrote:
> Robert Cummings wrote:
>> FWIW, I can't see how a WYW server is going to make his application run
>> faster. The transfer of the data he wants will still have to be
>> serialized and unserialized (in an optimal WYW server only unserialized)
>> and this is is exactly his bottleneck using an include. Actually I'd
>> imagine because he's using an accelerator it's fast as it can get
>> without using some kind of shared memory system. Correct me if I'm
>> confused and you know how to transfer raw zend vars over a socket
>> without the need to unserialize on the receiver end.
>
> You are correct, serialization tends to be the bottleneck when it comes
> to restoring large data structs. So you either avoid recreating the
> data structure and just use the data directly, or use an in-process
> mechanism like apc_store/apc_fetch which does a straight memcpy and
> doesn't need top serialize. Of course, this still doesn't match writing
> your own extension to manage your persistent data directly without
> needing to shuffle it around back and forth between process and shared
> memory.

Perhaps I'm just being naive and/or stupid, but I was imagining his array
elements going in separate apc_store()s...

And he'd not serialize them, cuz they're just INT or CHAR...

So he'd only retrieve what he needed on a one-by-one basis, very quickly...

But maybe that can't be done.

Or maybe it would be incredibly inefficient.

Or both. :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


Richard Lynch wrote:
> Rasmus Lerdorf wrote:
>
>>Robert Cummings wrote:
>>
>>>FWIW, I can't see how a WYW server is going to make his application run
>>>faster. The transfer of the data he wants will still have to be
>>>serialized and unserialized (in an optimal WYW server only unserialized)
>>>and this is is exactly his bottleneck using an include. Actually I'd
>>>imagine because he's using an accelerator it's fast as it can get
>>>without using some kind of shared memory system. Correct me if I'm
>>>confused and you know how to transfer raw zend vars over a socket
>>>without the need to unserialize on the receiver end.
>>
>>You are correct, serialization tends to be the bottleneck when it comes
>>to restoring large data structs. So you either avoid recreating the
>>data structure and just use the data directly, or use an in-process
>>mechanism like apc_store/apc_fetch which does a straight memcpy and
>>doesn't need top serialize. Of course, this still doesn't match writing
>>your own extension to manage your persistent data directly without
>>needing to shuffle it around back and forth between process and shared
>>memory.
>
>
> Perhaps I'm just being naive and/or stupid, but I was imagining his array
> elements going in separate apc_store()s...
>
> And he'd not serialize them, cuz they're just INT or CHAR...
>
> So he'd only retrieve what he needed on a one-by-one basis, very quickly...
>
> But maybe that can't be done.

You can apc_store an entire PHP array in a single call and bring it back
out with a single apc_fetch call without any serialization needed. It
does however do a deep-copy, so there is still overhead, but it is an
order of magnitude faster than serialize/unserialize.

-Rasmus

attached mail follows:


>> So if what your application mostly does is load in all this data and
>> respond to requests, you could write a *SINGLE* PHP application which
>> listened on port 12345 (or whatever port you like) and responded with
>> the
>> data requested. Like writing your own web-server, only it's a
>> _________-server where you get to fill in the blank with whatever your
>> application does.
>
> Please see my repsonse to Manuel Lemos and his suggestion to run a SOAP
> server. Basically my concern is the lack of having a
> multi-process/forking server to handle concurrent incoming requests
> (which may or may not be a problem - not sure). We're talking about a
> persistent PHP server (SOAP or otherwise), and I'm having trouble
> groking how that would work in an environment with many concurrent
> requests. (Other than, of course, running a PHP SOAP server inside
> Apache which brings me back to square one :)

[shrug]
In my Dream World, you could run as many "%> php -q wyw_server.php"
processes as you like, and the low-level socket code would take care of
only having one of them respond to any given request.

Assuming that's not Reality Based, I guess you could try to figure out how
Apache does its pre-fork and child management...

Ya know, Rasmus' answer of just making your own PHP Module is looking REAL
GOOD right now...

You'll have to stumble your way through a LITTLE bit of C -- most of which
is going to be copy&paste from his example code (http://talks.php.net)

And then you're going to copy&paste your monster array into your new C code.

Then you'll have to change every line with $foo to just have foo, and
declare foo correctly, and segregate all your data/arrays so all the
arrays have only one kind of data in them, and...

It's going to be confusing as hell at first, but do it with a very SMALL
version of your monster array, and after you get the hang of that, it will
be a lot of global Search&Replace to make your big array work.

Or you could pay a guy who knows C and PHP to do it in, what, a couple
hours? Depends on how confusing your arrays are, and how heterogeneous
they are, I guess.

Once you do that, all your data is in PHP/Apache when it launches, and
it's always available to your PHP script all the time. Sweet.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


Richard Lynch wrote:
> Or you could pay a guy who knows C and PHP to do it in, what, a couple
> hours? Depends on how confusing your arrays are, and how heterogeneous
> they are, I guess.
>
> Once you do that, all your data is in PHP/Apache when it launches, and
> it's always available to your PHP script all the time. Sweet.

Anything you do in the MINIT hook is basically free, so it would be
trivial to load the data for the array from somewhere. Like a database,
an xml file, etc. So you wouldn't need to hardcode a complex array
structure in your MINIT hook, just have this generic little extension
that creates an array (or object) from some external source. To change
the data you would change that external source and restart your server,
or you could write a PHP function in your extension that forced a reload
with the caveat that each running httpd process would need to have that
function be called since your array/object lives in each process separately.

If you ask really nicely one of the folks on the pecl-dev list might
just write this thing for you. Especially if you spec it out nicely and
think through how it should work.

-Rasmus

attached mail follows:


JHollis wrote:
> I had this code working the way i wanted it to (as far as correct
> username and password allowing successful login)...but what i want to
> happen now is when a user successfully logs it it will make the login
> form disappear and just say successfully logged in or welcome user and a
> link below it so they can log off and make the form re-appear. Below is
> the code that i have where i tried to get it to disappear on successful
> login, but it stays disappeared all the time. Can someone please point
> out what im doing wrong. I have tried everything i can think of...and
> nothing works. Im a PHP newbie...so im sure some of you might get a
> laugh out of this...if it is real easy.

I would *NOT* use break; to get out of the successful login...

Just move everything else inside the else{ } block if you don't want it to
appear.

After they *DO* login, perhaps use http://php.net/session_start so they
can *stay* logged in. You'll need to move the password check (and
database connection and so on) to be *ABOVE* all the HTML stuff -- to the
very tip-top of the file.

Then, to log them out, you can use the code from
http://php.net/session_destroy

For sure, don't send stuff through as ?_SERVER[username]=xxx

$_SERVER is for the web server to fill in, not you.

You'll just confuse yourself (next week/month/year) and any other
programmer if you start polluting $_SERVER with your own stuff.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


I do exactly the same thing on my website. I use PHP's Session handling
to determine if a user is actually logged on.

You can see that I check a variable called $validlogon which I set to
either YES or NO at the beginning of the script

<?php
if ($validlogon == "NO") {
print "<p class=\"hnavbar\">Salkehatchie Members Login Here:<br>\n";
print "<form action=\"Salkehatchie_LoginScript.php\" method=\"POST\">\n";
print "<p class=\"login\"><small>USER ID:</small><br>\n";
print "<input type=\"text\" name=\"userid\"><br><br>\n";
print "<small>PASSWORD:</small><br>\n";
print "<input type=\"password\" name=\"password\"><br><br>\n";
print "<input type=\"submit\" value=\"Enter\"></p>\n";
print "</form>\n";
                           }
?>

Near the beginning of my script I check for the existence of a valid session

<?php
if (isset($_SESSION[userid])) {
    $validlogon = "YES";
    } else {
    $validlogon = "NO";
    }
?>

Setting the $validlogon variable allows me to do a number of useful
things. For example, there are certain parts of the webpage that I
reveal to logged in users. Checking $validlogon allows me to decide
dynamically what to render to the browser. In the following I display
a message showing the user as being logged in and give them a link that
logs them out.

if ($validlogon == "YES") {
    print "<table style=\"width: 100%\";>\n";
    print "<tbody>\n";
    print "<tr>\n";
    print "<td width=\"50%\"><p class=\"login\"><small><b>YOU ARE LOGGED
     IN AS: $_SESSION[userid]</b></small></p></td>\n";
    print "<td width=\"50%\"><p class=\"login\"><small><b>CLICK <a
href=\"LogoutScript.php\"> here</a> TO LOGOUT</b></small></p></td>\n";
             print "</tr>\n";
             print "</table>\n";
             }

Hope this is helpful

Jerry Kita

JHollis wrote:
> I had this code working the way i wanted it to (as far as correct
> username and password allowing successful login)...but what i want to
> happen now is when a user successfully logs it it will make the login
> form disappear and just say successfully logged in or welcome user and a
> link below it so they can log off and make the form re-appear. Below is
> the code that i have where i tried to get it to disappear on successful
> login, but it stays disappeared all the time. Can someone please point
> out what im doing wrong. I have tried everything i can think of...and
> nothing works. Im a PHP newbie...so im sure some of you might get a
> laugh out of this...if it is real easy.
>
> <---snippet
>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html>
> <head>
> <link href="style.css" rel="stylesheet" type="text/css" />
> </head>
> <body>
> <div id="container">
> <div id="top">
> <h1>header</h1>
>
> </div>
> <div id="leftnav">
> <p>
>
> <?php
>
> $username=$_POST['username'];
> $password=$_POST['password'];
> $db="user";
> $server="localhost";
> $db_username="root";
> $db_password="*******";
>
> $connect = mysql_connect($server,$db_username,$db_password);
> if (!$connect) {
> die ("could not connect to database");
> }
> $select = mysql_select_db($db,$connect);
> if (!$select) {
> die ("could not select database $db");
> }
> /*username='$username'";*/
> $sql = "SELECT * FROM passwords, user_info where id=PID and
> username='$username'";
> $result = mysql_query($sql);
> /*$num_rows = mysql_num_rows($result);*/
> while ($user = mysql_fetch_array($result))
> {
> $id = $user['id'];
> $username2 = $user['username'];
> $password2 = $user['password'];
> $firstname = $user['firstname'];
> $email = $user['email_address'];
>
>
> IF ($username=="$username2" && $password=="$password2")
> {
> echo("\"Welcome, <b>$firstname</b>\"");?><br><?
> echo ("\"Your email address is <b>$email<b>\"");?></td><tr>
> <a
> href="<?$_SERVER['PHP_SELF']?>?username=""&?password=""">Logoff</a><?
> break;
> }
> else
> {
> ?>
> <FORM action="<?$_SERVER['PHP_SELF']?>" method="post">
> <INPUT type="hidden" name="id">
> <table>
> <td><b>*</b>Username:</td> <td><INPUT class="input"
> size="8" type="text" name="username" value="<?echo $username?>"></td><tr>
> <td><b>*</b>Password:</td> <td><INPUT class="input"
> size="8" type="password" name="password"></td><tr>
> <td class="xsmall"><b>* Case Sensitive</b></td>
> <td><INPUT type="submit" value="Login"></td><tr>
> <td>&nbsp </td>
> </table>
> </FORM>
> <?
>
> break;
> }
>
> }
> //IF ($username != $username2 || $password != $password2) {//
>
>
>
> ?><br>
> <?
> if ($username == "" && $password == "") {
> echo ("Please type in a Username and Password");}
>
> if ($username != "" && $password == "") {
> echo ("Please type in a password");}
>
> if ($username == "" && $password != "") {
> echo ("Please type in a username and password");}
>
> ?>
>
>
> </p>
> </div>
> <?if (($username2==$username && $password2==$password) &&
> ($username2!="" || $password2!="")){?>
> <div id="rightnav" class="box">
> <p>
> </p>
> </div>
> <?}?>
> <div id="content">
> <h2>Subheading</h2>
> <p>
> </p>
> <p>
> </p>
> </div>
> <div id="footer">
> <p>
> Today is
> <?php
> echo( date("F dS Y."));
> ?>
> </p>
> </div>
> </div>
> </body>
> </html>
> ---->snippet

--
Jerry Kita

http://www.salkehatchiehuntersville.com

email: jskitaattglobal.net

attached mail follows:


Where do i need to start my session? Ive copied and pasted exactly what
you have typed..and the form doesnt display unless i hard code the
variable to "NO".

Jerry Kita wrote:
> I do exactly the same thing on my website. I use PHP's Session handling
> to determine if a user is actually logged on.
>
> You can see that I check a variable called $validlogon which I set to
> either YES or NO at the beginning of the script
>
> <?php
> if ($validlogon == "NO") {
> print "<p class=\"hnavbar\">Salkehatchie Members Login Here:<br>\n";
> print "<form action=\"Salkehatchie_LoginScript.php\" method=\"POST\">\n";
> print "<p class=\"login\"><small>USER ID:</small><br>\n";
> print "<input type=\"text\" name=\"userid\"><br><br>\n";
> print "<small>PASSWORD:</small><br>\n";
> print "<input type=\"password\" name=\"password\"><br><br>\n";
> print "<input type=\"submit\" value=\"Enter\"></p>\n";
> print "</form>\n";
> }
> ?>
>
> Near the beginning of my script I check for the existence of a valid
> session
>
> <?php
> if (isset($_SESSION[userid])) {
> $validlogon = "YES";
> } else {
> $validlogon = "NO";
> }
> ?>
>
> Setting the $validlogon variable allows me to do a number of useful
> things. For example, there are certain parts of the webpage that I
> reveal to logged in users. Checking $validlogon allows me to decide
> dynamically what to render to the browser. In the following I display
> a message showing the user as being logged in and give them a link that
> logs them out.
>
> if ($validlogon == "YES") {
> print "<table style=\"width: 100%\";>\n";
> print "<tbody>\n";
> print "<tr>\n";
> print "<td width=\"50%\"><p class=\"login\"><small><b>YOU ARE LOGGED
> IN AS: $_SESSION[userid]</b></small></p></td>\n";
> print "<td width=\"50%\"><p class=\"login\"><small><b>CLICK <a
> href=\"LogoutScript.php\"> here</a> TO LOGOUT</b></small></p></td>\n";
> print "</tr>\n";
> print "</table>\n";
> }
>
> Hope this is helpful
>
> Jerry Kita
>
> JHollis wrote:
>
>> I had this code working the way i wanted it to (as far as correct
>> username and password allowing successful login)...but what i want to
>> happen now is when a user successfully logs it it will make the login
>> form disappear and just say successfully logged in or welcome user and
>> a link below it so they can log off and make the form re-appear.
>> Below is the code that i have where i tried to get it to disappear on
>> successful login, but it stays disappeared all the time. Can someone
>> please point out what im doing wrong. I have tried everything i can
>> think of...and nothing works. Im a PHP newbie...so im sure some of
>> you might get a laugh out of this...if it is real easy.
>>
>> <---snippet
>>
>>
>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
>> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
>> <html>
>> <head>
>> <link href="style.css" rel="stylesheet" type="text/css" />
>> </head>
>> <body>
>> <div id="container">
>> <div id="top">
>> <h1>header</h1>
>>
>> </div>
>> <div id="leftnav">
>> <p>
>>
>> <?php
>>
>> $username=$_POST['username'];
>> $password=$_POST['password'];
>> $db="user";
>> $server="localhost";
>> $db_username="root";
>> $db_password="*******";
>> $connect = mysql_connect($server,$db_username,$db_password);
>> if (!$connect) {
>> die ("could not connect to database");
>> }
>> $select = mysql_select_db($db,$connect);
>> if (!$select) {
>> die ("could not select database $db");
>> }
>> /*username='$username'";*/
>> $sql = "SELECT * FROM passwords, user_info where id=PID and
>> username='$username'";
>> $result = mysql_query($sql);
>> /*$num_rows = mysql_num_rows($result);*/
>> while ($user = mysql_fetch_array($result))
>> {
>> $id = $user['id'];
>> $username2 = $user['username'];
>> $password2 = $user['password'];
>> $firstname = $user['firstname'];
>> $email = $user['email_address'];
>> IF ($username=="$username2" && $password=="$password2")
>> {
>> echo("\"Welcome, <b>$firstname</b>\"");?><br><?
>> echo ("\"Your email address is <b>$email<b>\"");?></td><tr>
>> <a
>> href="<?$_SERVER['PHP_SELF']?>?username=""&?password=""">Logoff</a><?
>> break;
>> }
>> else
>> {
>> ?>
>> <FORM action="<?$_SERVER['PHP_SELF']?>" method="post">
>> <INPUT type="hidden" name="id">
>> <table>
>> <td><b>*</b>Username:</td> <td><INPUT class="input"
>> size="8" type="text" name="username" value="<?echo $username?>"></td><tr>
>> <td><b>*</b>Password:</td> <td><INPUT class="input"
>> size="8" type="password" name="password"></td><tr>
>> <td class="xsmall"><b>* Case Sensitive</b></td>
>> <td><INPUT type="submit" value="Login"></td><tr>
>> <td>&nbsp </td>
>> </table>
>> </FORM>
>> <?
>> break;
>> }
>> } //IF ($username != $username2 || $password !=
>> $password2) {//
>>
>>
>> ?><br>
>> <?
>> if ($username == "" && $password == "") {
>> echo ("Please type in a Username and Password");}
>>
>> if ($username != "" && $password == "") {
>> echo ("Please type in a password");}
>>
>> if ($username == "" && $password != "") {
>> echo ("Please type in a username and password");}
>> ?>
>> </p>
>> </div>
>> <?if (($username2==$username && $password2==$password) &&
>> ($username2!="" || $password2!="")){?>
>> <div id="rightnav" class="box">
>> <p>
>> </p>
>> </div>
>> <?}?>
>> <div id="content">
>> <h2>Subheading</h2>
>> <p>
>> </p>
>> <p>
>> </p>
>> </div>
>> <div id="footer">
>> <p>
>> Today is
>> <?php
>> echo( date("F dS Y."));
>> ?>
>> </p>
>> </div>
>> </div>
>> </body>
>> </html>
>> ---->snippet
>
>
>

attached mail follows:


prthompuark.edu wrote:

> 3. Saves/downloads the file to that exact location as pulled from and
> replaces the old file

Ain't no way you're going to be allowed to decide where to save files on
*MY* computer!

That would be a MAJOR security hole...

Now let's look at ways you *COULD* do this.

First, you're looking at a DESKTOP application that can arbitrarily
read/open/write files on the user's desktop.

To keep it relevent, we'll then suggest you use PHP-GTK: http://gtk.php.net

So your user has to install your PHP-GTK application on their own computer.

Then, your GTK PHP application can read/write files on their computer
(assuming they have permission to do so in the first place) and you can
use the functions like http://php.net/file to "talk" to your web-server.

So it *could* be done, with the rather *HUGE* caveat that you have to get
users to install your PHP GTK application on their machine.

NOTE: There might be easier/faster ways to accomplish building a desktop
application, depending on your skills and background. But PHP-GTK is one
very good possible solution, which will also for sure have the web access
part of it pretty easy. Plus it will be portable to many OSes. And you
can compile it to make it look like a "real" application, as I understand
it -- though that might cost money for the compiler.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


You're STILL seeing the same WARNING message?

Or now it's just "not working"?

QT wrote:
> hi,
>
> I clean all & signs, but still no result. This code was working perfect
> last
> two years. I don't know what happen?
>
>
>
>
> "Richard Lynch" <ceol-i-e.com> wrote in message
> news:1087.66.99.91.45.1104857860.squirrelwww.l-i-e.com...
>> QT wrote:
>> > Dear Sirs,
>> >
>> > my fsockopen function is not working, for last 1 day. And I get
> following
>> > error on log.
>> >
>> > Any idea why?
>> >
>> > PHP Warning: Call-time pass-by-reference has been deprecated -
>> argument
>> > passed
>>
>> Get rid of the & signs in your code inside the fsockopen( & )
>>
>> --
>> Like Music?
>> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:


Hi,

I recently upgraded from PHP 4.3.4 to 4.3.10 with Apache 1.3.29 on
Solaris. Before the upgrade, everything was working fine. After,
Apache won't start up correctly.

'apachectl start' works correctly, but doesn't load any of the SSL
components.

'apachectl startssl' does not work. It generates the following on the
command line, and nothing in the apache error logs (set to debug, as
high as we can set them).

Segmentation Fault - core dumped
./apachectl startssl: httpd could not be started

I'm not very familiar with examining core files, so I haven't gotten
very far with that. I also tried trussing the command but didn't figure
it out from there. If you have suggestions with either of these things
that would be helpful.

Also, if it helps:

$php -i
phpinfo()
PHP Version => 4.3.10

System => SunOS mumble 5.8 Generic_117350-08 sun4u
Build Date => Jan 5 2005 13:03:09
Configure Command => './configure' '--with-curl'
'--with-openssl=/usr/local/openssl'
'--with-apxs=/usr/local/wiscmail/admin/bin/apxs'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/lib/php.ini
PHP API => 20020918
PHP Extension => 20020429
Zend Extension => 20021010
Debug Build => no
Thread Safety => disabled
Registered PHP Streams => php, http, ftp, https, ftps

If anyone has had a similar problem or has suggestions it would be
greatly appreciated.

Thanks,

Matt

--
Matt Blasinski (mbv)
Software Engineer
Internet Infrastructure Applications Technology
Division of Information Technology
3121 Computer Science and Statistics
1210 West Dayton Street
Madison WI 53706
Work (608) 262-2286
Personal Cell (608) 347-6940

<?php
     echo "You can have it fast, cheap, or working. Choose two.";
?>

attached mail follows:


Hi all:
I am having some trouble getting the following code to work:

if (is_array($bundle_attributes)) {

reset($bundle_attributes);

while (list($option, $value) = each($bundle_attributes)) {

reset($value);

while (list($option2, $value2) = each($value)) {

$this->contents[$products_id]['attributes'][$option] = $value;

if (tep_session_is_registered('customer_id')) tep_db_query("insert into " .
TABLE_CUSTOMERS_BASKET_BUNDLE_ATTRIBUTES . " (customers_id, products_id,
sub_product_id, products_options_id, products_options_value_id) values ('" .
(int)$customer_id . "', '" . tep_db_input($products_id) . "', '" . $option .
"', '" . (int)$option2 . "', '" . (int)$value2 . "')");

}

}

}

}

It gives me an endless loop in the second while loop. It seems like it
doesn't move the pointer to the next value in the $option array. When I do a
print in that loop, I am getting the key value pair for the first element in
the $option array. Changing it to a for loop works. Any ideas why this
happens?

TIA

Gunter