OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
php-general Digest 11 Mar 2005 05:32:07 -0000 Issue 3331

php-general-digest-helplists.php.net
Date: Thu Mar 10 2005 - 23:32:07 CST

php-general Digest 11 Mar 2005 05:32:07 -0000 Issue 3331

Topics (messages 210453 through 210494):

Re: PHP RegExp and HTML tags attributes values etc...
        210453 by: BlackDex
        210485 by: BlackDex
        210486 by: BlackDex

Re: Best way to validate a date
        210454 by: Jamie Alessio

Re: `ls -l /` does not reproduce same info than when executed in bash.
        210455 by: Rory Browne
        210460 by: Hans Deragon
        210467 by: Richard Lynch
        210472 by: Hans Deragon

Re: PHP hangs when exec'ing SSH
        210456 by: Jamie Alessio
        210457 by: Ross Becker
        210458 by: Jamie Alessio
        210459 by: Ross Becker
        210461 by: Chris W. Parker
        210462 by: Richard Lynch
        210466 by: Ross Becker
        210476 by: Richard Lynch
        210478 by: Ross Becker

Re: Question re empty query
        210463 by: Jochem Maas

Re: howto kill proc stream after X seconds
        210464 by: Richard Lynch

Re: PHP Fedora rpm on RedHat9
        210465 by: Richard Lynch

Imap and attachments
        210468 by: Evert | Rooftop Solutions
        210489 by: Jim Plush

how to verify image and not http error is returned to browser
        210469 by: Cindy Reeves
        210471 by: Jason Barnett

Re: destructor not called for static members?
        210470 by: Richard Lynch
        210474 by: Jochem Maas
        210477 by: Richard Lynch
        210484 by: Jochem Maas

Re: PHP 5.0.3 and base64 encoded cookie value issue?
        210473 by: Richard Lynch

Re: incrementing a number from a text file
        210475 by: Richard Lynch

Re: Question re empty query SOLVED
        210479 by: Jackson Linux

PHP causes Apache segmentation fault?
        210480 by: John Swartzentruber

Re: sorting arrays
        210481 by: Dotan Cohen

Increase execution time
        210482 by: Jeremy Schreckhise
        210483 by: Jason Barnett

Temporary storage of data
        210487 by: dan
        210488 by: dan

free php live chat with visitor/customer script
        210490 by: p80

Re: warning & question about mysql sessions & concurrency
        210491 by: Josh Whiting

Using javascript function from php
        210492 by: b.rbz.biz

PHP help Quotations, Quotations, Quotations
        210493 by: stg
        210494 by: Stephen Johnson

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
        php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

"Jason Petersen" <fuzzybadgmail.com> wrote in message
news:5eafe1ec050310084713cca44dmail.gmail.com...
> On Thu, 10 Mar 2005 00:18:05 +0100, BlackDex <black.dexlycos.nl> wrote:
>> Hello ppl,
>>
>> I have a question about regex and html parsing.
>>
>> I have the following code:
>> ---
>> <p class=MsoNormal><font size=3 face="Comic Sans MS"><span lang=NL
>> style='font-size:12.0pt;font-family:"Comic Sans
>> MS"'>&nbsp;</span></font></p>
>
> I'm guessing that you're writing a function to parse "HTML" that users
> upload via a web form? I would start with a look at this Perl script
> to fix code generated by MS products:
>
> http://www.fourmilab.ch/webtools/demoroniser/
>
---
Il go and check it out..
---

> Also, PHP's "libtidy" extension might be useful for you, although I
> haven't used it personally.
---
I have tryed it.. But it removes/changes to much even if i disable all the
tidy settings. So thats not an option :(.
---

>
> http://us2.php.net/manual/en/ref.tidy.php

attached mail follows:

Owkay.. i fixed it :).

Here is the final code.

attached mail follows:

Owkay i fixed it :D.
The regexp needed a /s (Pattern Modifier) also so that the "."(DOT) also does newlines :).
Now it is fixed...

Thank you very much Eli :)

/me is happy.

THE CODE:
---
<?php
function tag_rep($tag)
{
    return
preg_replace('/(?<!\<)(\S+)\s*=\s*(?<![\'"])([^\s\'"]+)(?![\'"])/','\1="\2"',$tag);
}

$html="<p class=MsoNormal id=par><font size=3 face=\"Comic Sans
MS\"><span lang=NL style='font-size:12.0pt;font-family:\"Comic Sans
MS\"'><a
href=http://www.php.net/index.php>&nbsp;key=value&nbsp;</a></span></font></p>";

echo 'Normal HTML:<br><textarea cols="70" rows="10">';
echo $html;
echo "</textarea><br><br>";

$improved_html = preg_replace('/\<(.*)\>/Ueis','"<".tag_rep("\1").">"',$html);
echo 'Improved HTML:<br><textarea cols="70" rows="10">';
echo str_replace("\\'","'",$improved_html);
echo "</textarea>";
?>
---

"BlackDex" <black.dexlycos.nl> wrote in message news:20050310140600.25321.qmaillists.php.net...
> Thx... it works almost :P
>
> I Changed the code a bit so you can see the results quicker :).
>
> It doesn't change every attribute/value. I think this has to do something with the opening and closing of a tag <>.
>
<CUT>
> ---
>
> "Eli" <eli.hengmail.com> wrote in message news:4230195E.4040404gmail.com...
>> Sorry for the spam.. here it is:
>>
>> <?php
>> function tag_rep($tag)
>> {
>> return preg_replace('/(?<!\<)(\S+)\s*=\s*(?<![\'"])([^\s\'"]+)(?![\'"])/','\1="\2"',$tag);
>> }
>>
>> $html="<p class=MsoNormal id=par><font size=3 face=\"Comic Sans MS\"><span lang=NL style='font-size:12.0pt;font-family:\"Comic
>> Sans MS\"'><a href=http://www.php.net/index.php>&nbsp;key=value&nbsp;</a></span></font></p>";
>>
>> $improved_html=preg_replace('/\<(.*)\>/Ue','"<".tag_rep("\1").">"',$html);
>> echo str_replace("\\'","'",$improved_html);
>> ?>
>>
>> :)

attached mail follows:

>> I'm looking to validate a date submitted through a
>> form and I cannot decide which would be the best way
>> to do it. The form of the date needs to be:
>> YYYY-MM-DD.
>> At the moment I'm torn between using a regex,
>> something like: 20[\d][\d]-[0-1][\d]-[0-3][\d]
>> or using the checkdate() function.
>>
>> Does anyone have any pros and/or cons to implement one
>> method over the other or other methods you may have
>> used?
>>
>> Thanks,
>> David
>
>
> Better use checkdate, since it checks if the date really exists (not
> just well formatted).
> Mabye do something like this:
>
> list($check_year,$check_month,$check_day) = explode("-",$date);
> if (checkdate($check_month,$check_day,$check_year))
> echo "Date is valid";
> else
> echo "Date is not valid";
>
David,
Why not do both types of validation so that you can provide the user
with more informative error messages? First check to make sure the date
matches your regex and give them an error like "your date must me is
YYYY-MM-DD format" if it doesn't match. If it passes the regex check
then you can use checkdate() to make sure that it is a valid date (ie.
not February 31, 2004). If it doesn't pass that then give them an
informative message that lets them know the format was correct but that
they entered a date that cannot exist. After that you could even use
something like PEAR::Date to do additional checks to make sure the date
is in the past/future, etc and give messages based on those checks.

Finer-grain tests provide the opportunity to give better messages to the
user so that they can intelligibly fix the errors. It really drives me
crazy when I get errors that tell me something I entered is invalid but
don't specify *why* it is invalid. I know that the program knows
*exactly* what the problem is, but I'm left to guess and play the "well,
I'll see if this passes" game. Anyhow, just a suggestion to not pin
yourself down to a single type of test - check it in multiple ways and
provide feedback based on the various checks.

- Jamie

attached mail follows:

Forwarding to list - forgot to cc.
---------- Forwarded message ----------
From: Rory Browne <rory.brownegmail.com>
Date: Thu, 10 Mar 2005 18:50:41 +0000
Subject: Re: [PHP] `ls -l /` does not reproduce same info than when
executed in bash.
To: Hans Deragon <hansderagon.biz>

Perhaps Jay has a point, but I don't think so. To confirm this, you
can probably check some variable in phpinfo, or you can run 'whoami'.

How are you running ls -ld? system? exec? Try backticks or shell_exec().

On Thu, 10 Mar 2005 11:41:31 -0500, Hans Deragon <hansderagon.biz> wrote:
> Jay Blanchard wrote:
> > [snip]
> > I did "su - apache" to switch to the same user under which the Apache
> > server is running and tried the "ls -ld /" under bash, and it worked
> > fine. Thus the server's has all the permissions to read the root
> > directory. Yet PHP does not seam to have these permissions.
> > [/snip]
> >
> > Good work Sparky, you answered your own question.
> >
> > Who does PHP run as? Does it really run as Apache?
>
> Since PHP runs under Apache, I assume it runs under the apache user. But if I
> am wrong, please advise.
>
> For the other readers, sorry for submitting twice my email to the list. I had
> a problem with my mailer...
>
>
> Best regards.
> Hans Deragon
> --
> Consultant en informatique/Software Consultant
> Deragon Informatique inc. Open source:
> http://www.deragon.biz http://facil.qc.ca (Promotion du libre)
> mailto://hansderagon.biz http://autopoweroff.deragon.biz (Logiciel)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

attached mail follows:

Rory Browne wrote:
> Perhaps Jay has a point, but I don't think so. To confirm this, you
> can probably check some variable in phpinfo, or you can run 'whoami'.
>
> How are you running ls -ld? system? exec? Try backticks or shell_exec().

Tried popen() and backticks. I do not think that the other functions would
change anything. `whoami` executed under php returns "apache", as we suspected.

Best regards,
Hans Deragon
--
Consultant en informatique/Software Consultant
Deragon Informatique inc. Open source:
http://www.deragon.biz http://facil.qc.ca (Promotion du libre)
mailto://hansderagon.biz http://autopoweroff.deragon.biz (Logiciel)

attached mail follows:

> BASH -------------------------------------------------------
> lrwxrwxrwx 1 root root 28 Mar 3 07:25 app ->
> /afs/sunrise.ericsson.se/app
> drwxr-xr-x 2 root root 0 Mar 7 13:06 apps
> lrwxrwxrwx 1 root root 24 Mar 7 14:11 archives ->

> PHP --------------------------------------------------------
> ?--------- ? ? ? ? ? app
> ?--------- ? ? ? ? ? apps

WILD GUESSES

#1 (benign)
Your 'apache' user on the bad box has some kind of cool shell color-coding
going on.

The color-coding puts out control characters for directories, users,
permissions, and masks weird-o characters in filenames.

Those control characters, when presented to you in a browser/text rather
than a shell context, show up as funky-ass things like ? and that
diamond-shaped inverse ? thing.

You can diagnose this pretty easily, really.

When you su to apache on the bad box and do "ls -ld /" do you get all
kinds of pretty colors and stuff? Well, there ya go. Make it not do
that.

You're on your own figuring out how to do that. To me, it's just some
magic that's sometimes on some Un*x boxes, and sometimes not, and that's
how life goes. :-) [I don't care enough either way about the color-coding
to find out, much less remember, how to change it either way.]

#2 (panic)
EXTREMELY UNLIKELY:
You've been hacked and the 'ls' binary has been replaced with something
that does something else very weird, but you don't see it under shell
conditions...
#1 is almost for sure the real answer...
But if it's #2, you'd better act carefully.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Richard Lynch wrote:
>>BASH -------------------------------------------------------
>>lrwxrwxrwx 1 root root 28 Mar 3 07:25 app ->
>>/afs/sunrise.ericsson.se/app
>>drwxr-xr-x 2 root root 0 Mar 7 13:06 apps
>>lrwxrwxrwx 1 root root 24 Mar 7 14:11 archives ->
>
>
>>PHP --------------------------------------------------------
>>?--------- ? ? ? ? ? app
>>?--------- ? ? ? ? ? apps
>
>
> WILD GUESSES
>
> #1 (benign)
> Your 'apache' user on the bad box has some kind of cool shell color-coding
> going on.
>
> The color-coding puts out control characters for directories, users,
> permissions, and masks weird-o characters in filenames.
>
> Those control characters, when presented to you in a browser/text rather
> than a shell context, show up as funky-ass things like ? and that
> diamond-shaped inverse ? thing.
>
> You can diagnose this pretty easily, really.
>
> When you su to apache on the bad box and do "ls -ld /" do you get all
> kinds of pretty colors and stuff? Well, there ya go. Make it not do
> that.
>
> You're on your own figuring out how to do that. To me, it's just some
> magic that's sometimes on some Un*x boxes, and sometimes not, and that's
> how life goes. :-) [I don't care enough either way about the color-coding
> to find out, much less remember, how to change it either way.]
>
> #2 (panic)
> EXTREMELY UNLIKELY:
> You've been hacked and the 'ls' binary has been replaced with something
> that does something else very weird, but you don't see it under shell
> conditions...
> #1 is almost for sure the real answer...
> But if it's #2, you'd better act carefully.

Hi Richard.

   Although "ls -ld /" returns some color, that is not the problem. I tried
within PHP `ls --color=never -ld /` and it fails to. ls is not the only
command having problems. I tried other commands like `find /lmw -name '*'`
and `cd /lmw` and they fail because of bad permissions.

  Could it be because of SELinux? I wonder. I think that Apache runs under
some SELinux restrictions and that might be the problem. I will investigate
and report on this.

Ciao,
Hans Deragon
--
Consultant en informatique/Software Consultant
Deragon Informatique inc. Open source:
http://www.deragon.biz http://facil.qc.ca (Promotion du libre)
mailto://hansderagon.biz http://autopoweroff.deragon.biz (Logiciel)

attached mail follows:

> I'm attempting to execute some things on remote servers using ssh, using
> a strictly limited account created for this express purpose. I set up
> passwordless key authentication from the user the web server runs as to
> the limited account on the remote server. I wrote some PHP code which
> calls:
> system("ssh userhost mycommand", $result)
>
> If I become the web-server user and run this via php from the
> command-line, everything works. The commands are executed remotely, and
> the expected HTML comes to standard-out.
>
> If I run this through apache, I can verify that the authentication
> happens successfully, and the commands are run, but output to the
> browser hangs. No errors, nothing. I have attempted using shell_exec,
> and popen as well- both exhibit the same problems. I can run commands
> other than ssh without difficulty.
>
> This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what may
> be happening?
>
Ross,
A couple of ideas:

- Here's your code: "system("ssh userhost mycommand", $result)"
You do realize that $result only contains the return code of the system
call and not the actual output from the program called via system(), right?

- Do you have any sort of output buffering in the script?

- Have you tried using passthru() or backticks[1] instead of system()?
Same results?

- Is it possible the ssh command on the remote host is sending the
output to STDERR instead of STDOUT? I'm not sure that this makes sense
since you say it is working via PHP CLI, but perhaps you are seeing the
STDERR output along with the output of your script? This idea a longshot
at best.

--
Jamie

1. http://us4.php.net/language.operators.execution

attached mail follows:

There is no output to stderr or stdout from the script being executed.
All I care about are the side-effects of running this remote program. If
something fails, a numeric error-code will be returned.

I have tried this using: system(), shell_exec() - same as backtick
operator, and popen(). I have tried this using an external shell script
  which calls the ssh executable. All methods get the same results.
The program on the remote host is successfully executed, but PHP never
comes back if it is operating under the web server. Also note that I
became the same user that the web server runs as to execute the script
under the PHP CLI.

I actually located a bug filed for this in early 2003 reguarding this
happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
because there was no feedback from the user.

My worry is that there's also another bug reguarding executing SSH that
the developers closed as bogus claiming it was an SSH problem, and
pointing to an FAQ on the openssh site saying that SSH can hang due to
not knowing if there's further output coming from the program. I'm
hoping that this isn't their answer to my problem, because I can
demonstrate that it all works when PHP runs in CLI mode.

--Ross

Jamie Alessio wrote:
>> I'm attempting to execute some things on remote servers using ssh,
>> using a strictly limited account created for this express purpose. I
>> set up passwordless key authentication from the user the web server
>> runs as to the limited account on the remote server. I wrote some PHP
>> code which calls:
>> system("ssh userhost mycommand", $result)
>>
>> If I become the web-server user and run this via php from the
>> command-line, everything works. The commands are executed remotely,
>> and the expected HTML comes to standard-out.
>>
>> If I run this through apache, I can verify that the authentication
>> happens successfully, and the commands are run, but output to the
>> browser hangs. No errors, nothing. I have attempted using shell_exec,
>> and popen as well- both exhibit the same problems. I can run commands
>> other than ssh without difficulty.
>>
>> This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what
>> may be happening?
>
> >
> Ross,
> A couple of ideas:
>
> - Here's your code: "system("ssh userhost mycommand", $result)"
> You do realize that $result only contains the return code of the system
> call and not the actual output from the program called via system(), right?
>
> - Do you have any sort of output buffering in the script?
>
> - Have you tried using passthru() or backticks[1] instead of system()?
> Same results?
>
> - Is it possible the ssh command on the remote host is sending the
> output to STDERR instead of STDOUT? I'm not sure that this makes sense
> since you say it is working via PHP CLI, but perhaps you are seeing the
> STDERR output along with the output of your script? This idea a longshot
> at best.
>
> --
> Jamie
>
> 1. http://us4.php.net/language.operators.execution

attached mail follows:

> There is no output to stderr or stdout from the script being executed.
> All I care about are the side-effects of running this remote program. If
> something fails, a numeric error-code will be returned.
>
Ross,
Since you don't care about the output from the program can you start the
process in the background so that PHP won't wait on it?

system("ssh userhost mycommand &");

and based on the notes at From http://us4.php.net/system you might need
something like:
system("ssh userhost mycommand > /dev/null 2>&1 &");

I think this gives up your ability to check on whether the script was
command actually ran successfully though which might not be acceptable
for your situation.

Some more random ideas...

- Could ssh possibly be relying on some environment variables to behave
properly that are available on the command line that aren't available
when running system() via the web server? I'm assuming you "become the
webserver" by doing something like "sudo apache" or "sudo nobody" in
which case you'd have environment variables lying around that won't
exist for the apache process. A quick look at "man ssh" lists a bunch of
environment variables it uses/sets, but none of them look like obvious
culprits.

> I actually located a bug filed for this in early 2003 reguarding this
> happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
> because there was no feedback from the user.
>
URL to the bug report?

--
Jamie

> I have tried this using: system(), shell_exec() - same as backtick
> operator, and popen(). I have tried this using an external shell script
> which calls the ssh executable. All methods get the same results. The
> program on the remote host is successfully executed, but PHP never comes
> back if it is operating under the web server. Also note that I became
> the same user that the web server runs as to execute the script under
> the PHP CLI.
>
> I actually located a bug filed for this in early 2003 reguarding this
> happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
> because there was no feedback from the user.
>
> My worry is that there's also another bug reguarding executing SSH that
> the developers closed as bogus claiming it was an SSH problem, and
> pointing to an FAQ on the openssh site saying that SSH can hang due to
> not knowing if there's further output coming from the program. I'm
> hoping that this isn't their answer to my problem, because I can
> demonstrate that it all works when PHP runs in CLI mode.
>
> --Ross
>
> Jamie Alessio wrote:
>
>>> I'm attempting to execute some things on remote servers using ssh,
>>> using a strictly limited account created for this express purpose. I
>>> set up passwordless key authentication from the user the web server
>>> runs as to the limited account on the remote server. I wrote some PHP
>>> code which calls:
>>> system("ssh userhost mycommand", $result)
>>>
>>> If I become the web-server user and run this via php from the
>>> command-line, everything works. The commands are executed remotely,
>>> and the expected HTML comes to standard-out.
>>>
>>> If I run this through apache, I can verify that the authentication
>>> happens successfully, and the commands are run, but output to the
>>> browser hangs. No errors, nothing. I have attempted using shell_exec,
>>> and popen as well- both exhibit the same problems. I can run commands
>>> other than ssh without difficulty.
>>>
>>> This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what
>>> may be happening?
>>
>>
>> >
>> Ross,
>> A couple of ideas:
>>
>> - Here's your code: "system("ssh userhost mycommand", $result)"
>> You do realize that $result only contains the return code of the
>> system call and not the actual output from the program called via
>> system(), right?
>>
>> - Do you have any sort of output buffering in the script?
>>
>> - Have you tried using passthru() or backticks[1] instead of system()?
>> Same results?
>>
>> - Is it possible the ssh command on the remote host is sending the
>> output to STDERR instead of STDOUT? I'm not sure that this makes sense
>> since you say it is working via PHP CLI, but perhaps you are seeing
>> the STDERR output along with the output of your script? This idea a
>> longshot at best.
>>
>> --
>> Jamie
>>
>> 1. http://us4.php.net/language.operators.execution
>
>

attached mail follows:

I actually do care about the return code from the program, as well as
knowing that the program executed and completed successfully, so
background execution is not a valid option.

I tried using system("ssh userhost mycommand > /dev/null 2>&1") and got
the same results.

You are correct that I am using "su" to become the same user that the
web server runs under, after temporarily changing the password file to
give said user a valid shell. I can verify that the shell does not
affect whether this problem occurs or not, and I have determined that
the SSH process is not left lying around after it executes- The remote
command is run, ssh executes, PHP simply never comes back.

Bug link is here: http://bugs.php.net/bug.php?id=22946

At this point I'd love to hear from anyone running a different version
of PHP, OS, or Apache who can actually execute this to find out if they
experience results which are the same or different.

--Ross

Jamie Alessio wrote:
>> There is no output to stderr or stdout from the script being executed.
>> All I care about are the side-effects of running this remote program.
>> If something fails, a numeric error-code will be returned.
>>
> Ross,
> Since you don't care about the output from the program can you start the
> process in the background so that PHP won't wait on it?
>
> system("ssh userhost mycommand &");
>
> and based on the notes at From http://us4.php.net/system you might need
> something like:
> system("ssh userhost mycommand > /dev/null 2>&1 &");
>
> I think this gives up your ability to check on whether the script was
> command actually ran successfully though which might not be acceptable
> for your situation.
>
> Some more random ideas...
>
> - Could ssh possibly be relying on some environment variables to behave
> properly that are available on the command line that aren't available
> when running system() via the web server? I'm assuming you "become the
> webserver" by doing something like "sudo apache" or "sudo nobody" in
> which case you'd have environment variables lying around that won't
> exist for the apache process. A quick look at "man ssh" lists a bunch of
> environment variables it uses/sets, but none of them look like obvious
> culprits.
>
> > I actually located a bug filed for this in early 2003 reguarding this
> > happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
> > because there was no feedback from the user.
> >
> URL to the bug report?
>
> --
> Jamie
>
>> I have tried this using: system(), shell_exec() - same as backtick
>> operator, and popen(). I have tried this using an external shell
>> script which calls the ssh executable. All methods get the same
>> results. The program on the remote host is successfully executed, but
>> PHP never comes back if it is operating under the web server. Also
>> note that I became the same user that the web server runs as to
>> execute the script under the PHP CLI.
>>
>> I actually located a bug filed for this in early 2003 reguarding this
>> happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
>> because there was no feedback from the user.
>>
>> My worry is that there's also another bug reguarding executing SSH
>> that the developers closed as bogus claiming it was an SSH problem,
>> and pointing to an FAQ on the openssh site saying that SSH can hang
>> due to not knowing if there's further output coming from the program.
>> I'm hoping that this isn't their answer to my problem, because I can
>> demonstrate that it all works when PHP runs in CLI mode.
>>
>> --Ross
>>
>> Jamie Alessio wrote:
>>
>>>> I'm attempting to execute some things on remote servers using ssh,
>>>> using a strictly limited account created for this express purpose. I
>>>> set up passwordless key authentication from the user the web server
>>>> runs as to the limited account on the remote server. I wrote some
>>>> PHP code which calls:
>>>> system("ssh userhost mycommand", $result)
>>>>
>>>> If I become the web-server user and run this via php from the
>>>> command-line, everything works. The commands are executed remotely,
>>>> and the expected HTML comes to standard-out.
>>>>
>>>> If I run this through apache, I can verify that the authentication
>>>> happens successfully, and the commands are run, but output to the
>>>> browser hangs. No errors, nothing. I have attempted using
>>>> shell_exec, and popen as well- both exhibit the same problems. I can
>>>> run commands other than ssh without difficulty.
>>>>
>>>> This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what
>>>> may be happening?
>>>
>>>
>>>
>>> >
>>> Ross,
>>> A couple of ideas:
>>>
>>> - Here's your code: "system("ssh userhost mycommand", $result)"
>>> You do realize that $result only contains the return code of the
>>> system call and not the actual output from the program called via
>>> system(), right?
>>>
>>> - Do you have any sort of output buffering in the script?
>>>
>>> - Have you tried using passthru() or backticks[1] instead of
>>> system()? Same results?
>>>
>>> - Is it possible the ssh command on the remote host is sending the
>>> output to STDERR instead of STDOUT? I'm not sure that this makes
>>> sense since you say it is working via PHP CLI, but perhaps you are
>>> seeing the STDERR output along with the output of your script? This
>>> idea a longshot at best.
>>>
>>> --
>>> Jamie
>>>
>>> 1. http://us4.php.net/language.operators.execution
>>
>>
>>

attached mail follows:

Ross Becker <mailto:rossrbecker.org>
    on Thursday, March 10, 2005 11:50 AM said:

ugh: top posting.

ugh ugh: no trimming!

oy vey!

attached mail follows:

> I actually do care about the return code from the program, as well as
> knowing that the program executed and completed successfully, so
> background execution is not a valid option.
>
> I tried using system("ssh userhost mycommand > /dev/null 2>&1") and got
> the same results.
>
> You are correct that I am using "su" to become the same user that the
> web server runs under, after temporarily changing the password file to
> give said user a valid shell. I can verify that the shell does not
> affect whether this problem occurs or not, and I have determined that
> the SSH process is not left lying around after it executes- The remote
> command is run, ssh executes, PHP simply never comes back.
>
> Bug link is here: http://bugs.php.net/bug.php?id=22946
>
> At this point I'd love to hear from anyone running a different version
> of PHP, OS, or Apache who can actually execute this to find out if they
> experience results which are the same or different.

I believe 'su' requires an actual TTY connection or it aborts...

Could be wrong.

"man su"

Why are you doing ssh anyway?

scp, maybe, but...

Sure you're not taking web-based user into and then doing SSH to execute
it on a different server?... [shudder]

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Richard,
   I'm really not sure what you're asking here. I've created a limited
access user account on a remote host so that I can kick off some things
on the remote host by hitting a web page. Access to the web page is
protected via SSL and user authentication. The things which are
executed on the remote host are special purpose programs I am building,
not general commands, and no place does the web page provide a user
direct control over what programs are run.

"su" was only used by me from the command-line to become the same user
the web-server runs under in order that I would get the same
public/private key authentication under SSH as I do when the script runs
as a web page. It is not involved in what the php code runs. Take a
look at the bug report to see a completely reduced test-case which
reproduces the problem I'm seeing.

--Ross

Richard Lynch wrote:

>>I actually do care about the return code from the program, as well as
>>knowing that the program executed and completed successfully, so
>>background execution is not a valid option.
>>
>>I tried using system("ssh userhost mycommand > /dev/null 2>&1") and got
>>the same results.
>>
>>You are correct that I am using "su" to become the same user that the
>>web server runs under, after temporarily changing the password file to
>>give said user a valid shell. I can verify that the shell does not
>>affect whether this problem occurs or not, and I have determined that
>>the SSH process is not left lying around after it executes- The remote
>>command is run, ssh executes, PHP simply never comes back.
>>
>>Bug link is here: http://bugs.php.net/bug.php?id=22946
>>
>>At this point I'd love to hear from anyone running a different version
>>of PHP, OS, or Apache who can actually execute this to find out if they
>>experience results which are the same or different.
>>
>>
>
>I believe 'su' requires an actual TTY connection or it aborts...
>
>Could be wrong.
>
>"man su"
>
>Why are you doing ssh anyway?
>
>scp, maybe, but...
>
>Sure you're not taking web-based user into and then doing SSH to execute
>it on a different server?... [shudder]
>
>
>

attached mail follows:

> I'm really not sure what you're asking here. I've created a limited
> access user account on a remote host so that I can kick off some things
> on the remote host by hitting a web page. Access to the web page is
> protected via SSL and user authentication. The things which are
> executed on the remote host are special purpose programs I am building,
> not general commands, and no place does the web page provide a user
> direct control over what programs are run.

Your setup now:
Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to
Server B
Server B: Authenticates User SSH -> runs command

My sugggested solution:
Server A: Authenticates User SSL -> runs cURL -> Server B
Server B: Authenticates User SSL -> runs PHP -> runs command

IE:
*MOVE* your PHP script that runs the command to Server B.
Use SSL on both A and B
Use cURL from A to B to authenticate.
B runs PHP which runs command.

You've taken out all the su and SSH stuff between A and B with no real
loss of Security.

You already know how to do everything in my suggested solution, except
maybe cURL, which would take you an hour to figure out, max.

I guarantee you that if you do this, you'll have a lot less headaches, now
and in the future, and a lot cleaner/clearer code-base.

Maybe having the PHP script on Server B is impossible. That's the only
reason *not* to do it this way.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Incorrect.
Setup now:
Server A: Authenticates User SSL -> runs PHP -> runs SSH
someotheruserremotehost
Server B: Authenticates user SSH -> runs command

"su" is not involved, and has not been involved- I stated in my original
post, and in my last reply to you that it was only used in order for me
to become the same user the web server runs as, to test the PHP script
from the command line.

Server B is not running a web server, and does not have an SSL
certificate. Why would I add needless complexity and extra software and
services?

There's no output (besides the numeric return code) from SSH which I
care about- there shouldnt be anything coming back via stdout or stderr.
If there is, I'm happy to discard it. This SHOULD be a dead-nuts-simple
case of exec the command and wait for it to return.

--Ross

Richard Lynch wrote:

>> I'm really not sure what you're asking here. I've created a limited
>>access user account on a remote host so that I can kick off some things
>>on the remote host by hitting a web page. Access to the web page is
>>protected via SSL and user authentication. The things which are
>>executed on the remote host are special purpose programs I am building,
>>not general commands, and no place does the web page provide a user
>>direct control over what programs are run.
>>
>>
>
>Your setup now:
>Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to
>Server B
>Server B: Authenticates User SSH -> runs command
>
>My sugggested solution:
>Server A: Authenticates User SSL -> runs cURL -> Server B
>Server B: Authenticates User SSL -> runs PHP -> runs command
>
>IE:
>*MOVE* your PHP script that runs the command to Server B.
>Use SSL on both A and B
>Use cURL from A to B to authenticate.
>B runs PHP which runs command.
>
>You've taken out all the su and SSH stuff between A and B with no real
>loss of Security.
>
>You already know how to do everything in my suggested solution, except
>maybe cURL, which would take you an hour to figure out, max.
>
>I guarantee you that if you do this, you'll have a lot less headaches, now
>and in the future, and a lot cleaner/clearer code-base.
>
>Maybe having the PHP script on Server B is impossible. That's the only
>reason *not* to do it this way.
>
>
>

attached mail follows:

Jackson Linux wrote:

>>
>>
>> all you need is 1 if (or if/else) statement, note that my example
>> is the logical reverse of the first if statement I posted (in reply
>> to your question):
>>
>> if (!isset($_GET['r']) || empty($_GET['r']) || !($r =
>> intval($_GET['r']))) {
>> // _GET['r'] is either not set, empty or not a positive int
>> greater than zero.
>> // the required var is 'bad' so lets redirect the user.
>> if (!headers_sent()) {
>> header('location: /yourRvarsucks.php');
>> } else {
>> // you'll have to figure out what to do yourself
>> // if you want to redirect and headers have already been sent!
>>
>> }
>> exit;
>> }
>>
>> // now comes the rest of the script (build SQL, run it, output the data)
>>
>> $where = "WHERE cvjobcats.cv_id=cv.cv_id
>> AND cvjobcats.jobcat_id = '$r'
>> AND jobcat.jobcat_id=cvjobcats.jobcat_id";
>>
>> $sort = "ORDER BY cv.sort";
>>
>> // etc etc ...
>>
>
> Whhooo.
>
> I created this:
>
> $badr = "" )
>
> 1. I believe that this:
>
> if (!isset($_GET['r']) || empty($_GET['r']) || !($r =
> intval($_GET['r']))) {
> // _GET['r'] is either not set, empty or not a positive int greater
> than zero.
> // the required var is 'bad' so lets redirect the user.
> if (!headers_sent()) {
> header('location: {$_SERVER['PHP_SELF']}#bookmark');
> } else {
> // you'll have to figure out what to do yourself
> // if you want to redirect and headers have already been sent!
>
> }
> exit;
> }
>
> should kick back anyone who uses a bad or no $r to the location:
>
> {$_SERVER['PHP_SELF']}#bookmark
>
>
> However two problems:
>
> 1. This is dumb, I'm sure, but when I test this on its own it loops
> into a constant redirect, as the page reloads itself (PHP_SELF), hits
> the header location and tries again. I want it to keep the same page
> name (file.htm) but load a conditional menu if the request is for a
> non-existent or bad $r
>
> 2. Mustn't I also speficy what to do in the event that the $r is good?
>

thats up to you, I thought that was the whole point.

>
> Would that be just continuing the script:
>
> if (isset($_GET['r'])) {
> if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
> } else {
> // And if so, then why do I need the IF statement here at all?
> Shouldn't this be a WHILE?

> }
> }
> // now comes the rest of the script (build SQL, run it, output the data)

do you know include()? http://php.net/include

if (!isset($_GET['r']) || empty($_GET['r']) || !($r = intval($_GET['r'])))
{
        // show a list of R's
        include('showlist.inc.php');
}
else
{
        // process an R
        include('process.inc.php');
}
>
>
>
> ??
>

attached mail follows:

> $process = proc_open(''ssh somehost someremotecommand';', $spec, $pipes);

If you have any control at all over that other server, just set up a
password-protected web page *THERE* to run the process (known technology)
and then use cURL to access it (known technology) and call it done.

Beating your head against PHP -> exec -> SSH -> remotecommand will just
get you a headache, almost for sure.

You may want to look into RPC or even SOAP as well, if it's a whole mess
of commands.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

> can I install rpm for Fedora on RedHat9 server? I suppose those are
> almost similar systems.

I sure wouldn't count on it working, at all.

Do a backup first, just in case.

If RPM has any brains at all, it won't let you do that, or at least
require you to use --force to over-ride it and tell it you know what
you're doing, even if you don't :-)

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi,

I started using the IMAP functions and ran into a problem with some
headers for attachments.

The first one is:

Content-type: image/psd; x-unix-mode=0644; name=FinalVersion6.psd
Content-transfer-encoding: base64
Content-disposition: inline; filename=FinalVersion6.psd

Generated by Mac Mail. The filename wont show up in the result of for example imap_fetchstructure.

The second is:

Content-Type: text/plain
Content-Disposition: attachment;
        filename="Video(019).3gp"
Content-Transfer-Encoding: base64

I suspect this one has something to do with the linebreak. It's generated by a modern nokia (7650 I think)

I additionaly found a problem calling imap_fetchbody with a non-existent msg number. This will result in a segfault.

grt,
Evert

attached mail follows:

here is a script I use to get jpg attachments with IMAP.. good luck

<?php
//------+-- -------------------+------ -- -
# view the contents of an array in html format
#--- -+ -

// return the email account of the user so we can assign it to a user
account
function get_phone_address($i)
{
 global $mbox;
 $header=imap_header($mbox,$i);
 echo 'FROM: '.$header->from[0]->mailbox."".$header->from[0]->host.'<BR>';
 return $header->from[0]->mailbox."".$header->from[0]->host;

}

function get_structure($mbox,$i)
{
$structure = imap_fetchstructure($mbox, $i);
return $structure;
}

function no_attachments($structure)
{
global $mbox;
$attach = sizeof($structure->parts); //# OF ATTACHMENTS
echo '<BR><BR>'.$attach.' attachments <BR>';
return $attach;
}

function get_attached_file($structure, $username, $k,$i)
{
global $mbox;
$encoding = $structure->parts[$k]->encoding;
$Name = strtolower($structure->parts[$k]->dparameters[0]->value);
//$NewFile[$k-1] = $Name;
echo $Name.'<BR>';
if(strstr($Name, '.jpg') && !strstr($Name, 'masthead.jpg'))
{
 echo 'In File Loop<BR>';
 $File = base64_decode(imap_fetchbody($mbox, $i, $k+1));

 $fp = fopen("C:/TEMP/".$username.$Name ,"w+");
 fwrite ($fp, $File, 100000000);
 fclose($fp);
}
 return $Name;
}
/*
****************************************************************************
**********************************
****************************************************************************
**********************************
*/
// CONNECT TO IMAP SERVER
$mbox = imap_open("{mail.myserver.net:143}INBOX", "USERNAME", "PASSWORD");

if($mbox)
{
 echo 'CONNECTED TO INBOX...<BR>';
}

$error = imap_errors();
$alerts = imap_alerts();
/*
****************************************************************************
**********************************
****************************************************************************
**********************************
*/

$msg_cnt = imap_num_msg($mbox);
htm($msg_cnt);

for($msg_num=1; $msg_num<=$msg_cnt; $msg_num++)
{
 $structure = get_structure($mbox, $msg_num);

 $num_attach = no_attachments($structure);

 $phone_address = get_phone_address($msg_num);
 //get_attached_file($structure,1,1);

 for($i=0; $i<$num_attach; $i++)
 {
  get_attached_file($structure, 'jim_', $i, $msg_num);
 }

}

imap_close($mbox);

print_r($error);
print_r($alerts);

?>

"Evert | Rooftop Solutions" <evertrooftopsolutions.nl> wrote in message
news:4230B04B.9060100rooftopsolutions.nl...
> Hi,
>
> I started using the IMAP functions and ran into a problem with some
> headers for attachments.
>
> The first one is:
>
> Content-type: image/psd; x-unix-mode=0644; name=FinalVersion6.psd
> Content-transfer-encoding: base64
> Content-disposition: inline; filename=FinalVersion6.psd
>
> Generated by Mac Mail. The filename wont show up in the result of for
example imap_fetchstructure.
>
> The second is:
>
> Content-Type: text/plain
> Content-Disposition: attachment;
> filename="Video(019).3gp"
> Content-Transfer-Encoding: base64
>
> I suspect this one has something to do with the linebreak. It's generated
by a modern nokia (7650 I think)
>
>
> I additionaly found a problem calling imap_fetchbody with a non-existent
msg number. This will result in a segfault.
>
> grt,
> Evert
>

attached mail follows:

Hi. I want to include an image on my home page that is dynamically created
from another website. The source code on a typical HTML page would be <img
src="http://www.othersite.com/returnedimage.aspx">

I don't trust their server will always be up/respond, so I want to use a PHP
function to determine whether a GIF has been returned (oppsed to an HTTP
error) before sending it to the browser. Any recommendations how to do this?

Thanks,
Cindy

attached mail follows:

Cindy Reeves wrote:
...
>
> I don't trust their server will always be up/respond, so I want to use a PHP
> function to determine whether a GIF has been returned (oppsed to an HTTP
> error) before sending it to the browser. Any recommendations how to do this?
>

Several ways to skin this cat. cURL is your friend.

http://php.net/manual/en/ref.curl.php

- Use cURL to check the headers for the image/gif header (though this
doesn't guarantee that it is a gif...)
- store the curl_exec() result (string) into a buffer and check for
actual GIF content. *Note* I have no clue what exactly makes up a GIF
file, but you can google "GIF file format" and check the file content if
you're paranoid.

--
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins

attached mail follows:

> <?php
> class c1 {
> public function __destruct() {
> echo '__destruct';
> }
> }
>
> class c2 {
> private static $_ref;
>
> public function __construct() {
> self::$_ref = new c1();
>
> //$this->_ref = new c1();
> }
> }
>
> $obj = new c2();
> unset($obj);
> ?>
>
> i thought this should display __destruct in both cases from
> c2::__construct, but only the one with non static access seems to call
> c1::destruct. and if i remove unsetting $obj from the end of code this
> one also doesn`t work. is it expected behaviour? or maybe when
> __destructor is called after script finishes execution than output is no
> longer possible? i tried also send some information to file and this
> also didn`t work. help please :)

Another take on this:

PHP can't destroy $_ref until the entire script, even with aute_append
files, is completely done and gone, because you *MIGHT* make another c2()
somewhere.

It's quite likely that your c1 *IS* getting destroyed, but long after any
output you can see, because STDOUT and STDERR are already shut down.

Change your echo statements to do an error_log() and you just might see
more things going on "behind the scenes" -- No promise though. PHP
might not be calling the destructors at that point, as a general script
cleanup might just be free()-ing big chunks of RAM instead of doing a full
descructor call.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Richard Lynch wrote:
>><?php
>>class c1 {
>> public function __destruct() {
>> echo '__destruct';
>> }
>>}
>>
>>class c2 {
>> private static $_ref;
>>
>> public function __construct() {
>> self::$_ref = new c1();
>>
>> //$this->_ref = new c1();
>> }
>>}
>>
>>$obj = new c2();
>>unset($obj);
>>?>
>>
>>i thought this should display __destruct in both cases from
>>c2::__construct, but only the one with non static access seems to call
>>c1::destruct. and if i remove unsetting $obj from the end of code this
>>one also doesn`t work. is it expected behaviour? or maybe when
>>__destructor is called after script finishes execution than output is no
>>longer possible? i tried also send some information to file and this
>>also didn`t work. help please :)
>
>
> Another take on this:
>
> PHP can't destroy $_ref until the entire script, even with aute_append
> files, is completely done and gone, because you *MIGHT* make another c2()
> somewhere.

self::$_ref is completely independent of any instance of that class.
but the rest of what you say is correct AFAIK - basically by the time PHP
gets round to cleaning up the class from the 'program space' there is nothing
to 'talk' to regardless.

but anyway a quick demonstration which might prove helpful:

<?php

class c1 {
        public function __destruct() {
                echo "__destruct";
        }
}

class c2 {
        private static $_ref;
        private static $_selfCnt = 0;

            public function __construct() {
                self::$_selfCnt++;
                if (self::$_selfCnt == 1) {
                        self::$_ref = new c1();
                }
                $this->_ref = new c1();
        }
        
        public function __destruct() {
                self::$_selfCnt++;
                if (!self::$_selfCnt) {
                        // the last samurai has fallen
                        unset(self::$_ref);
                }
        }
}

$obj = new c2();
$obj2 = new c2();
unset($obj,$obj2);

?>

gives me triple "__destruct".

>
> It's quite likely that your c1 *IS* getting destroyed, but long after any
> output you can see, because STDOUT and STDERR are already shut down.
>
> Change your echo statements to do an error_log() and you just might see
> more things going on "behind the scenes" -- No promise though. PHP
> might not be calling the destructors at that point, as a general script
> cleanup might just be free()-ing big chunks of RAM instead of doing a full
> descructor call.
>

attached mail follows:

> Richard Lynch wrote:
>>><?php
>>>class c1 {
>>> public function __destruct() {
>>> echo '__destruct';
>>> }
>>>}
>>>
>>>class c2 {
>>> private static $_ref;
>>>
>>> public function __construct() {
>>> self::$_ref = new c1();
>>>
>>> //$this->_ref = new c1();
>>> }
>>>}
>>>
>>>$obj = new c2();
>>>unset($obj);
>>>?>
>>>

> self::$_ref is completely independent of any instance of that class.

c2::$_ref has no value unless and until you create at least one (1) c2
instance.

That is the only dependency.

c2::$_ref cannot be destroyed by PHP unless and until the entire script is
dying because it is STATIC and if you create a second c2, it shouldn't
change, right?

So you only ever have, at most, one c1 running around.

You have no c1's until you create a c2.

Then you have 1 c1 until the script ends.

At least, that's what I'd expect from a STATIC property based on other OO
languages... Never actually used PHP's OO stuff for reasons we needn't
repeat.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Richard, OP,

Richard Lynch wrote:
>>Richard Lynch wrote:
>>
>>>><?php
>>>>class c1 {
>>>> public function __destruct() {
>>>> echo '__destruct';
>>>> }
>>>>}
>>>>
>>>>class c2 {
>>>> private static $_ref;
>>>>
>>>> public function __construct() {
>>>> self::$_ref = new c1();
>>>>
>>>> //$this->_ref = new c1();
>>>> }
>>>>}
>>>>
>>>>$obj = new c2();
>>>>unset($obj);
>>>>?>
>>>>
>
>>self::$_ref is completely independent of any instance of that class.
>
>
> c2::$_ref has no value unless and until you create at least one (1) c2
> instance.
>
> That is the only dependency.
>
> c2::$_ref cannot be destroyed by PHP unless and until the entire script is
> dying because it is STATIC and if you create a second c2, it shouldn't

the _var_ ;-) is defined static at the class level (and also defined as private
which means it happens to be only accessible from with the methods of the class
its defined) 'static' changes its scope to the class iso the object in this
situation.

> change, right?

not quite,...

private static $_ref;

is only read once (obviously?) when parsed, but the
constructor of the class sets it to a new object on each
invocation, I can explain it best with code:

<?

class Test {
        public static $_ref = 1;
        
        // "static" in a function:
        static public function myFunc()
        {
                static $v = false;
                if ($v === false) {
                        echo "init\n";
                        $v = 0;
                }

                echo ++$v . "\n";
        }
}

echo Test::$_ref . "\n";
Test::$_ref++;
echo Test::$_ref . "\n";

Test::myFunc();
Test::myFunc();
Test::myFunc();

// I like static class vars (or whatever the proper name is)

>
> So you only ever have, at most, one c1 running around.
>
> You have no c1's until you create a c2.
>

in the OPs code - true, but there could be static method
of the class to init the static class var.

> Then you have 1 c1 until the script ends.

only if you don't unset it - which you can do - obviously the original
snippet didn't.
<not-particularly-for-richards-benefit>
as always you can only (optionally) set a var to a literal when defining
it as static. (i.e. in that statement), but afterwards you can set the
'static' to whatever.
</not-particularly-for-richards-benefit>

>
> At least, that's what I'd expect from a STATIC property based on other OO
> languages... Never actually used PHP's OO stuff for reasons we needn't
> repeat

<aural voice-type="pantomime-arch-villain">
I'm not finished with you yet m'laddie
</aural>

;-)

seriously tho, php5 is really nice, I hear it calling to you :-)

>

attached mail follows:

> OK, after a little more closer examination, it does
> appear that the 'urlencode' is being used. I did the
> encode/decode thingy. BUT, the only character that is
> being messed up (at least the ones I had) appears to
> be '+'.

This (and following) should make it pretty clear that PHP is doing urldecode:
http://lxr.php.net/source/php-src/main/php_variables.c#217

> After a lot of trial and error, I am fairly convinced
> that PHP parses the Cookie before 'urldecoding' it and
> for some reason the '+' character seems to be treated
> special. It could be that there may be some more
> 'filtering' going on before it reaches the 'urldecode'
> step.
> Richard, thanks for being with this thread so far. I
> will see if i can produce some output.

I'm not saying it isn't doing something with "+" as well -- But the source
is there for you to walk through to find out what it does...

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

> I want to read a number from an external (txt) file and increment it.then
> save the number back on the text file.
> I know this is possible but want a simple amd economical way to do this.

That's what you *THINK* you want to do :-)

But what happens when *TWO* users hit that same script at exactly the same
time.

At best, you get:

User1 User2
Reads 9 Reads 9
Writes 10 Writes 10

and when you should have 11, you've only got 10.

[aside] "My amp goes to 11!" [/aside]

But it's worse than that: It's entirely poassible that your script,
instead of having two users write "10" one after the other, will have two
users both trying to write "10" at EXACTLY the same time.

The result is comparable to a head-on collision between two trains. Your
file is TOAST.

This is why so many early "hit counter" scripts back in the day were
always getting messed up and reset to 0.

What you really want, almost for sure, is an SQL database with "sequences"

You have to forge those in MySQL by making a table with auto_increment.

You *can* use http://php.net/flock, but even that is a Bad Idea, because
flock under Un*x is self-imposed -- If some *other* program/script/user
decides not change that file and doesn't use flock, well, they're not
STOPPED from doing that.

flock is therefore all too subject to human fallibility when you re-work,
re-write, or add more code to your system.

The SQL guys have worked out this problem, in all respects.

This is one of those things that SEEMS so simple that turns out to be a
hell of a lot more involved than you thought at first. So it goes.

--
Like Music?
http://l-i-e.com/artists.htm

attached mail follows:

Hi, Jochem and everyone

This:
On 10 Mar 2005, at 15:23, Jochem Maas wrote:

> if (!isset($_GET['r']) || empty($_GET['r']) || !($r =
> intval($_GET['r'])))
> {
> // show a list of R's
> include('showlist.inc.php');
> }
> else
> {
> // process an R
> include('process.inc.php');
> }
>
Solved my issue entirely, as did Jochem's patient assistance for the
past three days and your tolerance. You'll all be pleased to know of my
recent purchase of PHP My Sql for Dummies and PHP5/MySql Programming
for the absolute beginner <note>I am not connected in any way with the
publishers, authors, distributors or retailers of these books and this
is not an endorsement </note>. Thanks for the help!

Jack

attached mail follows:

I am running Fedora core3 with Apache 2.0.52 (from default RPMs), MySQL
4.1.10 (from RPMs from MySQL site), and PHP 5.0.3 built from source.

I'm going through the PHP manual and trying some of the mysqli examples.
The last one I tried didn't work. The problem appears to be this line:

$row = $result->fetch_array(MYSQLI_ASSOC);

Using MYSQLI_BOTH also fails, and MYSQLI_NUM works.

This is what is in my httpd error log:

[Thu Mar 10 17:07:06 2005] [error] jk2_init() Can't find child 29980 in
scoreboard
[Thu Mar 10 17:07:06 2005] [notice] workerEnv.init() ok
/etc/httpd/conf/workers2.properties
[Thu Mar 10 17:07:06 2005] [error] mod_jk child init 1 -2
[Thu Mar 10 17:07:06 2005] [notice] child pid 29903 exit signal
Segmentation fault (11)

As I said, removing the second fetch_array() call allows the script to run.

Here is the entire script:

<?php

include "../../secrets/rootmysqlpass.inc.php"; // only defines $rootpass

$mysqli = new mysqli("localhost", "root", $rootpass, "World");

echo "<pre>";
printf("Host information: %s\n", $mysqli->host_info);

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$query = "SELECT Name, CountryCode FROM City ORDER by ID LIMIT 3";
$result = $mysqli->query($query);

/* numeric array */
$row = $result->fetch_array(MYSQLI_NUM);
printf ("%s (%s)\n", $row[0], $row[1]);

/* associative array */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ("%s (%s)\n", $row["Name"], $row["CountryCode"]);

/* free result set */
$result->close();

$mysqli->close();

echo "</pre>";
?>

attached mail follows:

On Wed, 9 Mar 2005 15:11:11 -0800 (PST), Richard Lynch <ceol-i-e.com> wrote:
> Any newbie could RTFM and not "get" that when you see:
> bool arsort ( array &array [, int sort_flags] )
>
> the "bool" up front tells you that the function returns a boolean
> (true/false) value.
>
> That should in the future be an important fact to note.
>
> Another thing to watch for is the & in the docs.
>
> That generally means that the function is going to *CHANGE* the value you
> pass in, in some way, and you can't rely on it being the same as what you
> handed off to the function.
>
> In the case of arsort, that's exactly what you want, of course.
>
> In other cases, it might mean that you need to only give the function a
> *COPY* of the data, so you can keep your copy safe and un-altered.
>
> These are all consistent usage throughout the manual, so you might as well
> get used to them.
>
> More info about this is buried here:
> http://us4.php.net/manual/en/about.prototypes.php
>
> in Appendix Q, way the hell at the end of the manual...
>

Thank you very much for this info! I RTFM and STFA while I SMFB
(anyone care to guess what that is?) often, but have never gone
through Appendix Q. I very much appreciate that bit of insight, I am
sure that will save me a post sometime or later. Maybe someone (me?)
should consider writing a newbie-guide to TFM, with tips such as this.
Any one else has a tip that I should include?

Dotan Cohen
http://English-Lyrics.com
http://Song-Lyriks.com

attached mail follows:

How do you increase the execution time in php?

 

I have set max_execution_time to 360 and setting set_time_limit(0);
nothing works.

I still get Fatal Error: maximum execution time of 60 seconds.

 

Please Help.

attached mail follows:

Message-ID: <20050310223331.51707.qmaillists.php.net>
To: php-generallists.php.net
Date: Thu, 10 Mar 2005 17:31:07 -0500
From: Jason Barnett <jason.barnetttelesuite.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig1C9FB54605A3A9A671FD0690"
Subject: Re: Increase execution time

--------------enig1C9FB54605A3A9A671FD0690
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Jeremy Schreckhise wrote:
> How do you increase the execution time in php?
>

A better question: why is it taking so long to execute? Most web
requests should be far less than 360 seconds. Or is this some kind of
CLI script???

>
>
> I have set max_execution_time to 360 and setting set_time_limit(0);
> nothing works.
>
> I still get Fatal Error: maximum execution time of 60 seconds.
>

Is your server running in safe mode?

--
Teach a man to fish...

NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
LAZY |
http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins

--------------enig1C9FB54605A3A9A671FD0690
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)

iD8DBQFCMMqxGK7BL3TShWoRAo+YAJ9EBWGgCBTHzWGdZcCv+93+qGhBQQCgidGu
YfOkQmDIEwwIO20ijMf5oAs=
=YVa8
-----END PGP SIGNATURE-----

--------------enig1C9FB54605A3A9A671FD0690--

attached mail follows:

Hello, all -

I am building a script that basically records some data on the local
server for a period of about one hour. At that time, the data is sent
to another server by means of HTTP POST.

The problem I'm faced with is how to store the data locally. There are
a few things that we're going to have to assume, due to options that are
not under my control:

Solution has to rely on internal PHP functions, i.e. nothing compiled
into PHP (I was hoping a DMB-style database would be good, but cannot be
used since it has to be compiled into PHP)

Solution has to store data in a public place, i.e. /tmp/somedata/, as
the person using the script may not have access to change permissions.

I would like to store data in a public folder, but would also like for
this data to be encoded somehow. serialize()'d data can still be
visually decoded, else I'd use that, as well.

Solution cannot assume that MySQL, PGSQL, or any other database
application is available to use.

I guess the problem is, how would one go about making multiple secured
read/writes to a file, such as a mini-database, without relying on any
options that are compiled into PHP? We're talking on a bare-bones
vanilla PHP installation, with no DBM, MySQL, PGSQL, dbm, or otherwise
"real" database support in it.

Any input on this would be very greatly appreciated.

Thanks
-dant

attached mail follows:

dan wrote:
> Hello, all -
>
> I am building a script that basically records some data on the local
> server for a period of about one hour. At that time, the data is sent
> to another server by means of HTTP POST.
>
> The problem I'm faced with is how to store the data locally. There are
> a few things that we're going to have to assume, due to options that are
> not under my control:
>
> Solution has to rely on internal PHP functions, i.e. nothing compiled
> into PHP (I was hoping a DMB-style database would be good, but cannot be
> used since it has to be compiled into PHP)
>
> Solution has to store data in a public place, i.e. /tmp/somedata/, as
> the person using the script may not have access to change permissions.
>
> I would like to store data in a public folder, but would also like for
> this data to be encoded somehow. serialize()'d data can still be
> visually decoded, else I'd use that, as well.
>
> Solution cannot assume that MySQL, PGSQL, or any other database
> application is available to use.
>
> I guess the problem is, how would one go about making multiple secured
> read/writes to a file, such as a mini-database, without relying on any
> options that are compiled into PHP? We're talking on a bare-bones
> vanilla PHP installation, with no DBM, MySQL, PGSQL, dbm, or otherwise
> "real" database support in it.
>
> Any input on this would be very greatly appreciated.
>
> Thanks
> -dant
>

Ah, we're also going to have to assume that system() and exec()
functions and all those related will not be available, as well.

I'm sure this is a problem that many have faced before, especially when
making "dummy" and/or "drop-in" scripts where you would not want the
Administrator to make any modifications to ease installation.

Thanks again
-dant

attached mail follows:

I was recently visiting a commercial site and suddunly a window chat popped up
and some assistant asked me if I needed some help. I thought this was pretty
cool and I was wondering if such a thing existed in php, i know there are
lots of php live chat script out there but I'm not sure if they allow to
monitor visitors on your webpage and launch a window chat to the visitor of
your choice. does anyone know of such a thing in PHP? I think the application
on that site I visited was a java applet.

thanx in advance

Pat

attached mail follows:

On Wed, Mar 09, 2005 at 02:52:52PM -0800, Richard Lynch wrote:
> > Agreed, initially I thought of that but I also need to use transactions
> > in my business logic and MySQL doesn't support nested transactions, so
> > I'd have to open a separate connection to the DB to handle the session
> > transaction while another connection handles the business
> > transaction(s). I'm hoping to find a solution that uses locking in the
> > application level instead of the database. Were I using a DB that
> > supported nested transactions, it would be a different story. maybe
> > it's time to switch databases.
>
> Since the data only changes when you write it, at the end of the script,
> you could maybe get away with the transaction only being in the
> session_save handler, and be sure to rollback or commit your business
> logic before that.
>
> That would for sure take a lot of discipline, and might even be downright
> impossible for what you need, but it's worth pondering.

well the trouble is not in the writing at the end of the request, which
would likely only be a single query and therefore not need a transaction
in itself. the trouble is the lack of locking out other requests from
reading the data when you're using it during the main body of
the request.

so... no luck finding a concurrency-aware database session handler?

i'm going to try to roll my own, and i'll certainly share what i come up
with on the list.

thanks though, for the help up to this point!

/jw

attached mail follows:

Hi,

I am just learning php, and am currently converting some jsp pages to php.
I used the follwing code in jsp to toggle between two images

<SCRIPT type="text/javascript" language=javascript>
function toggle(imagename,src1,src2){
     if(document.images && document.images[imagename])
         {
         image1=new Image;
         image1.src=src1;
         if(document.images[imagename].src !=
image1.src){document.images[imagename].src = image1.src}
         else{document.images[imagename].src=src2}
         }
}
</SCRIPT>

start code snippet.............
out.println("<A");
out.println("onclick=\"toggle('" + child + "image','images/" + type
+ ".jpg','images/" + childimg "');return(false);\"");
out.println("><img src='images/" + type + ".jpg' alt='' name=" + child
+ "image></a>");
out.println("<input type=hidden name=" + child + " value='" + childimg
+ "'>");
end code snippet...............

I have tried many different ways to achieve this in php, but nothing
works. This is my latest attempt

start code snippet.............
print("<A href=\"javascript:;\" onclick=");
echo "\"if(document.images && document.images[" . $child . "image])\n";
echo " {\n";
echo " image1=new Image;\n";
echo " image1.src=images/$type.jpg;\n";
echo " if(document.images[" . $child . "image].src !=
image1.src){document.images[" . $child . "image].src = image1.src}\n";
echo " else{document.images[" . $child . "image].src=images/$childimg}\n";
echo " }\n";
echo "};\n";
echo "return(false);\">\n";
print("<img src='images/$type.jpg' alt='' name=" . $child .
"image>\n</a>\n");
print("<input type=hidden name=$child value='$childimg'>\n");
end code snippet.............

Could someone please let me know how to do this

Cheers
Barb

--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/

attached mail follows:

Hello,

 

I am having a small issue with posting from forms;

 

It goes like such:

 

I have a form in which a user can type in a message and in a hidden text
field a link is sent, then in the page the form goes to it sends and email
to a mailing list with the message and a link underneath bottom.

 

However when I submit a hyperlink in a form like

<input type="hidden" name="link" value=<a
href="http://localhost/knewsl/<?php echo $row_Recordset1['path']; ?>" >

 

It is received in the next page with a "\" before every " " " for example:

<a href=\"http://localhost/knewsl/file.pdf\">Click here to view
newsletter</a> - Which obviously doesn't work.

 

I would be most grateful if anyone could help.

 

Cheers,

Simon

attached mail follows:

Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <e59841236149b9c1b95871085ac59d6ethelonecoder.com>
Content-Transfer-Encoding: 7bit
Cc: <php-generallists.php.net>
From: Stephen Johnson <phpthelonecoder.com>
Date: Thu, 10 Mar 2005 21:31:50 -0800
To: "stg" <stgiinet.net.au>
Subject: Re: [PHP] PHP help Quotations, Quotations, Quotations

http://www.php.net/stripslashes

On Mar 10, 2005, at 9:17 PM, stg wrote:

> Hello,
>
>
>
> I am having a small issue with posting from forms;
>
>
>
> It goes like such:
>
>
>
> I have a form in which a user can type in a message and in a hidden
> text
> field a link is sent, then in the page the form goes to it sends and
> email
> to a mailing list with the message and a link underneath bottom.
>
>
>
> However when I submit a hyperlink in a form like
>
> <input type="hidden" name="link" value=<a
> href="http://localhost/knewsl/<?php echo $row_Recordset1['path']; ?>" >
>
>
>
> It is received in the next page with a "\" before every " " " for
> example:
>
> <a href=\"http://localhost/knewsl/file.pdf\">Click here to view
> newsletter</a> - Which obviously doesn't work.
>
>
>
> I would be most grateful if anyone could help.
>
>
>
> Cheers,
>
> Simon
>
>
*********
Stephen Johnson
stephenthelonecoder.com
http://www.thelonecoder.com

--continuing the struggle against bad code--
*********