|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 14 Oct 2005 03:44:32 -0000 Issue 3736
php-general-digest-help
lists.php.net
Date: Thu Oct 13 2005 - 22:44:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 14 Oct 2005 03:44:32 -0000 Issue 3736
Topics (messages 224053 through 224100):
Re: [PHP-WIN] Re: [PHP] Removing Items from an Array
224053 by: tg-php.gryffyndevelopment.com
Re: function to compare ip addr to a ip range
224054 by: tg-php.gryffyndevelopment.com
Re: Is DOM the right thing for the job?
224055 by: Stephen Leaf
Can't compare a decrypted variable to a string ?
224056 by: Graham Anderson
224063 by: Robin Vickery
224066 by: Jochem Maas
224078 by: Graham Anderson
Re: Problem with Javascript:...submit()
224057 by: Stephen Leaf
224070 by: Jochem Maas
Social Networking
224058 by: JM
Trouble figuring out a Walk through an Array
224059 by: Phillip S. Baker
224060 by: Greg Donald
224061 by: Phillip S. Baker
224062 by: Richard Davey
224064 by: Phillip S. Baker
Re: function to compare ip addr to a ip range>
224065 by: Richard Lynch
Re: What's the safest way to destory/wipe out the arrays within the associative arrays?
224067 by: Richard Lynch
Re: Obsession with BC, take 2
224068 by: Richard Lynch
224096 by: GamblerZG
224097 by: Richard Davey
Ardent Pursing help
224069 by: Chirantan Ghosh
224073 by: tg-php.gryffyndevelopment.com
Re: Connecting to MySQL Sever using PHP5
224071 by: Jochem Maas
224082 by: Edward Vermillion
224089 by: Jochem Maas
Re: Guide for C programmer
224072 by: Richard Lynch
Mark Email as Urgent
224074 by: Nathaniel Hall
224075 by: John Nichel
224076 by: Dan McCullough
224077 by: Richard Lynch
224092 by: Nathaniel Hall
Re: Run a php script as a separate thread/process
224079 by: Richard Lynch
Re: Removing Items from an Array
224080 by: Alan Lord
224081 by: Jochem Maas
224083 by: Alan Lord
prevent user from getting scripts outside the web folder
224084 by: Graham Anderson
224085 by: John Nichel
224086 by: Jochem Maas
224087 by: Robert Cummings
224088 by: Graham Anderson
Re: prevent user from getting scripts outside the web folder [this better?]
224090 by: Graham Anderson
224094 by: Ben
µç×Ó´«µ¥,×îÁ®¼ÛµÄÐû´«·½Ê½
224091 by: KOKOµç×Ó´«µ¥
224093 by: Stephen Johnson
Setting up Linux and SendMail for SMTP
224095 by: Todd Cary
Re: Obsession with BC
224098 by: Oliver Grätz
Login is not working. Please help....
224099 by: twistednetadmin
224100 by: David Robley
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
That works just as well, if you have only two levels of depth. Mostly I was trying to illustrate how to use $key => $value in a foreach and what to do if you need to go multiple levels down. Once you get to the bottom level, then you can use isset() certainly.
Just wanted to make sure that it was clear what to do with $key and $subkey relating to the main array ($alldataarr in this example)
-TG
= = = Original message = = =
Well to give my .02 here.
Why even go through the second foreach? By doing this you are making your code very inefficient in
that it must read through the entire set of arrays. Sure it works fine if you have only a few. But
if there are a few thousand it takes longer.
As the arrays are structures you have the key (Apples", "Oranges", "Apricots", "Couches",
"Chairs", "Benches")
so why not just something like:
<?php
$arrset1 = array("Apples" => 3, "Oranges" => 5, "Apricots" => 1);
$arrset2 = array("Couches" => 6, "Chairs" => 2, "Benches" => 5);
$alldataarr["Fruits"] = $arrset1;
$alldataarr["Furniture"] = $arrset2;
//Say we want to remove "Chairs", and let's do it the hard way:
// Debug
//echo "initial array<pre>";
//print_r($alldataarr);
//echo "</pre>";
$delete_key = "Chairs";
foreach ($alldataarr as $key => $data)
~if (isset($alldataarr[$key][$delete_key]))
~
~~unset($alldataarr[$key][$delete_key]);
~
// Debug
//echo "after array<pre>";
//print_r($alldataarr);
//echo "</pre>";
?>
--- tg-phpgryffyndevelopment.com wrote:
> Thanks for the addition Jochem.. one reason I post here, even if it's a basic example, is
> because if there's a better way or a chance to learn something new, I want to have that
> opportunity. Thanks again!
>
> -TG
>
> = = = Original message = = =
>
> Id like to continue where TG left off ...
>
> hth.
>
> tg-phpgryffyndevelopment.com wrote:
> > If I understand what you're asking, then maybe this will help:
> >
> > $arrset1 = array("Apples" => 3, "Oranges" => 5, "Apricots" => 1);
> > $arrset2 = array("Couches" => 6, "Chairs" => 2, "Benches" => 5);
> >
> > $alldataarr["Fruits"] = $arrset1;
> > $alldataarr["Furniture"] = $arrset2;
> >
> > Say we want to remove "Chairs", and let's do it the hard way:
> >
> > foreach ($alldataarr as $key => $data)
> > foreach ($data as $subkey => $subdata)
> > if ($subkey == "Chairs)
> > unset($alldataarr[$key][$subkey]);
> >
> >
> >
> >
> > using foreach $arr as $key => $data you can get the key/index name as well as the actual value
> stored in that part of your array. Then all you have to do is refer back up to the main array
> using the current $key/$subkey values as your indexes.
> >
>
> $filter = array(
> ~'Fruits' => array('Apples' => 1, 'Oranges' => 1),
> ~'Furniture' => array('Couches' => 1, 'Chairs' => 1),
> );
>
> $alldataarr = array();
> $alldataarr["Fruits"] = array("Apples" => 3, "Oranges" => 5, "Apricots" => 1);
> $alldataarr["Furniture"] = array("Couches" => 6, "Chairs" => 2, "Benches" => 5);
>
> foreach ($alldataarr as $key => $data)
> if (!isset($filter[$key])
> ~// we want it all;.
> ~continue;
>
> $alldataarr[$key]= array_intersect_keys($data, $filter[$key]);
>
>
>
> // heres one I prepared earlier:
>
>
> /**
> * array_intersect_keys()
> * ^--- the internal function (php5.x+?) has no 's'
> *
> * returns the all the items in the 1st array whose keys are found in any of the other arrays
> *
> * return array()
> */
> function array_intersect_keys()
>
> $args = func_get_args();
> $originalArray = $args[0];
> $res = array();
>
> if(!is_array($originalArray)) return $res;
>
> for($i=1;$i<count($args);$i++)
> if(!is_array($args[$i])) continue;
> foreach ($args[$i] as $key => $data)
> if (isset($originalArray[$key]) && !isset($res[$key]))
> $res[$key] = $originalArray[$key];
>
>
>
>
> return $res;
>
>
>
>
>
> >
> > Basic example, but I think you can modify this to work with what you're doing.
> >
> > Let me know if you have any questions about this example.
> >
> > -TG
> >
> >
> >
> > = = = Original message = = =
> >
> > Hi all,
> >
> > I'm really struggling here! I have a large, multi-dimensional array that
> > I want to "clean-up" a bit before committing to a database.
> >
> > I want to remove quite a bit of the array but using the KEYs not the
> > values. I know the keys I want to keep and I know the keys I want to get
> > rid of. I want to keep the structure and sequence of the array in tact.
> >
> > All of the array traversing functions in PHP seem to either: only work
> > on the values, or do not allow the removal of elements of the array!
> >
> > Can anyone offer a clue bat to a tired old array walker!
> >
> > Thanks
> >
> > Alan
> >
> >
> > ___________________________________________________________
> > Sent by ePrompter, the premier email notification software.
> > Free download at http://www.ePrompter.com.
> >
>
>
> ___________________________________________________________
> Sent by ePrompter, the premier email notification software.
> Free download at http://www.ePrompter.com.
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
attached mail follows:
You could try converting to long IP addresses and comparing that way:
<?php
// To actually get the long IP address that you can use in http://
// you sometimes need to use something like printf("%u\n", ip2long($ip));
// See also: http://us3.php.net/manual/en/function.ip2long.php
$startip = "192.168.0.5";
$endip = "192.168.0.16";
$targetip = "192.168.0.7";
$startlong = ip2long($startip);
$endlong = ip2long($endip);
$targetlong = ip2long($targetip);
if ($startlong <= $targetlong AND $targetlong <= $endlong)
echo "within range";
else
echo "out of range";
?>
= = = Original message = = =
Does anyone have a function that will check if an ip address falls with
a starting/ending ip address range>>
Thanks,
Dave
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
attached mail follows:
On Thursday 13 October 2005 12:30 am, Chris wrote:
> Snag #1)
> The DOMDocument seems to represent an entire page, all I'd like to do is
> represent a Form tag and it's internal HTML. I can actually get it to
> work that way, but it seems like it's the wrong way to go about things.
being how XML works you can only have 1 Document Node. So I don't see how this
would be an issue.
You can however create a form DOM Element. it will be associated with the
document node however again you can't really have more than 1 to begin with
so?
>
> Snag #2)
> The creation of a DOMElement object is very limited without being
> associated with a DOMDocument, I'd like to create an independent
> DOMElement inside the Element class, including possible sub-DOMElements,
> without having to create the DOMDocument in the Form object..
Why? I don't see any reason to have an Element be separate from the main
Document?
Even tho it will be associated with that Document. you still have full access
as to where it goes.
you could even make that form the main node.
$form = DOMDocument('form');
>
> I realize after writing this that these don't seem like very serious
> snags, but I jsut dont' have a fuzzy feeling about the way this would
> work if I implemented it knowing what I've stated here. Any assistance
> would be greatly appreciated.
>
> Thanks!
> Chris
attached mail follows:
For some reason,
I have to store a decrypted string as a variable before I can compare
it to another string.
The decrypt function is located in another php script
//Get variable
$cmd = $_REQUEST['cmd'];
echo $cmd; // uJy4p09z6bSR80eLNFnBWBj/EsRCfIz2C/WrcFNcZE8=
echo decrypt($cmd); // makesmil
$realcmd = decrypt($cmd); // 'makesmil'
if( decrypt($cmd)== 'makesmil') makesmil
(); // FAILS
elseif( decrypt($cmd)== $realcmd) makesmil(); //
SUCCEEDS
I'm sure it is something stupid
what am I doing wrong ?
g
attached mail follows:
On 10/13/05, Graham Anderson <grahamasiren.cc> wrote:
> $realcmd = decrypt($cmd);
[...]
> elseif(decrypt($cmd) == $realcmd)
That's obviously going to succeed no matter what $cmd decrypts into.
It doesn't really tell you anything useful.
> $realcmd = decrypt($cmd); // 'makesmil'
[...]
> if( decrypt($cmd) == 'makesmil')
If this really fails, it means that $cmd doesn't decrypt into
'makesmil'. Are you sure that it's not been padded with spaces or
something?
-robin
attached mail follows:
Graham Anderson wrote:
> For some reason,
> I have to store a decrypted string as a variable before I can compare
> it to another string.
>
> The decrypt function is located in another php script
>
> //Get variable
> $cmd = $_REQUEST['cmd'];
>
> echo $cmd; // uJy4p09z6bSR80eLNFnBWBj/EsRCfIz2C/WrcFNcZE8=
> echo decrypt($cmd); // makesmil
try
var_dump() or print_r() for more info on the var in question. (
like for instance that is actually 8 chars long as you expect.)
as Robin Vickery pointed out you probably have blank space hanging around
somewhere.
>
> $realcmd = decrypt($cmd); // 'makesmil'
>
> if( decrypt($cmd)== 'makesmil') makesmil ();
> // FAILS
> elseif( decrypt($cmd)== $realcmd) makesmil(); //
> SUCCEEDS
>
> I'm sure it is something stupid
>
> what am I doing wrong ?
> g
>
attached mail follows:
many thanks :)
I'll try this
g
On Oct 13, 2005, at 10:27 AM, Jochem Maas wrote:
> Graham Anderson wrote:
>
>> For some reason,
>> I have to store a decrypted string as a variable before I can
>> compare it to another string.
>> The decrypt function is located in another php script
>> //Get variable
>> $cmd = $_REQUEST['cmd'];
>> echo $cmd; // uJy4p09z6bSR80eLNFnBWBj/EsRCfIz2C/WrcFNcZE8=
>> echo decrypt($cmd); // makesmil
>>
>
> try
> var_dump() or print_r() for more info on the var in question. (
> like for instance that is actually 8 chars long as you expect.)
>
> as Robin Vickery pointed out you probably have blank space hanging
> around
> somewhere.
>
>
>> $realcmd = decrypt($cmd); // 'makesmil'
>> if( decrypt($cmd)== 'makesmil') makesmil
>> (); // FAILS
>> elseif( decrypt($cmd)== $realcmd) makesmil
>> (); // SUCCEEDS
>> I'm sure it is something stupid
>> what am I doing wrong ?
>> g
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
On Thursday 13 October 2005 01:13 am, Johan Grobler wrote:
> while ($row = mysql_fetch_array($sql_result))
> {
> echo"<Form name=\"".$row['LITERATURE_title']."\" action=\"searchlit.php\"
> method=\"post\"> <font face=\"arial\" size=\"2\">
> <a href=\"javascript:".$row['LITERATURE_title'].".submit();\"
> >".$row['LITERATURE_title']." - ".$row['res_fname']."
> ".$row['res_lname']."</a> ...
>
> Everything works as long as $row['LITERATURE_title'] is one word, see this
> variable contains the names of books, and if the books name is "Heaven" for
> instance it works fine but as soon as the title is something like "PHP for
> Dummies" it doesnt work and i get a error on page message, I tried using
> numbers as the form name but then the same thing happens.
Another way you can access these is by using this function.
document.getElementByName('name');
or
document.getElementById('id');
As I recall w3 sees ByName as standard but Mozilla(and many others) only
support ById, the last time I checked.
>
> Any ways around this?
>
> thanx
> --------------------------------------------------------------------
> Disclaimer
> This e-mail transmission contains confidential information,
> which is the property of the sender.
> The information in this e-mail or attachments thereto is
> intended for the attention and use only of the addressee.
> Should you have received this e-mail in error, please delete
> and destroy it and any attachments thereto immediately.
> Under no circumstances will the Cape Peninsula University of
> Technology or the sender of this e-mail be liable to any party for
> any direct, indirect, special or other consequential damages for any
> use of this e-mail.
> For the detailed e-mail disclaimer please refer to
> http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
attached mail follows:
Stephen Leaf wrote:
> On Thursday 13 October 2005 01:13 am, Johan Grobler wrote:
>
>>while ($row = mysql_fetch_array($sql_result))
>>{
>>echo"<Form name=\"".$row['LITERATURE_title']."\" action=\"searchlit.php\"
>>method=\"post\"> <font face=\"arial\" size=\"2\">
>><a href=\"javascript:".$row['LITERATURE_title'].".submit();\"
>>
>>>".$row['LITERATURE_title']." - ".$row['res_fname']."
>>
>>".$row['res_lname']."</a> ...
>>
>>Everything works as long as $row['LITERATURE_title'] is one word, see this
>>variable contains the names of books, and if the books name is "Heaven" for
>>instance it works fine but as soon as the title is something like "PHP for
>>Dummies" it doesnt work and i get a error on page message, I tried using
>>numbers as the form name but then the same thing happens.
>
> Another way you can access these is by using this function.
Stephen is being polite - he means the 'correct' way ;-)
>
> document.getElementByName('name');
> or
> document.getElementById('id');
>
> As I recall w3 sees ByName as standard but Mozilla(and many others) only
> support ById, the last time I checked.
<script language="Javascript">
<!--
the value of a name attribute does not need to be unique, where as the value
of the id attribute _MUST_ be unique (according to the specs) ....
document.getElementsByName('name');
^-----------------------notice the 's'
that method returns an array of elements.
out of interest there is also:
document.getElementsByTagName('INPUT');
which also returns an array.
note that these DOM methods will not work in some older browsers, you
may not care but if you do you will probably want to look into
finding a browser compatibility library (some code) that will patch the
problem for you.
//-->
</script>
>
>
>>Any ways around this?
>>
>>thanx
>>--------------------------------------------------------------------
>>Disclaimer
>>This e-mail transmission contains confidential information,
>>which is the property of the sender.
>>The information in this e-mail or attachments thereto is
>>intended for the attention and use only of the addressee.
>>Should you have received this e-mail in error, please delete
>>and destroy it and any attachments thereto immediately.
>>Under no circumstances will the Cape Peninsula University of
>>Technology or the sender of this e-mail be liable to any party for
>>any direct, indirect, special or other consequential damages for any
>>use of this e-mail.
>>For the detailed e-mail disclaimer please refer to
>>http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
>
>
attached mail follows:
Hi all,
I've been looking for social networking software like you see on
myspace.com<http://myspace.com>or
hi5.com <http://hi5.com>. Does anyone know of any? I'd like to check out
some freeware first. TIA.
JM
attached mail follows:
Greetings All,
Having trouble figureing out a certain walk through an array.
And I am not finding the help I need in the manual or anything.
I have an associative arr ($arr) With about 20 elements in it.
Ten of which are required. So I have another associative array called
$required, with all the elements in the array that are required.
I have initaited a foreach loop on the $arr splitting things into $key and
$value.
Now the part I am having trouble with is this.
I want to see if $key matches any of the values in $required. If so do
something in particular. If not then do something else. It does not
particularly matter which value in the $required it matches, just so long as
it matches.
Thanks for any help.
Phillip
attached mail follows:
On 10/13/05, Phillip S. Baker <pbakerhwsinet.com> wrote:
> I want to see if $key matches any of the values in $required. If so do
> something in particular. If not then do something else. It does not
> particularly matter which value in the $required it matches, just so long as
> it matches.
in_array()
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
attached mail follows:
Greetings All,
Having trouble figureing out a certain walk through an array.
And I am not finding the help I need in the manual or anything.
I have an associative arr ($arr) With about 20 elements in it.
Ten of which are required. So I have another associative array called
$required, with all the elements in the array that are required.
I have initaited a foreach loop on the $arr splitting things into $key and
$value.
Now the part I am having trouble with is this.
I want to see if $key matches any of the values in $required. If so do
something in particular. If not then do something else. It does not
particularly matter which value in the $required it matches, just so long as
it matches.
Thanks for any help.
Phillip
attached mail follows:
Hi Phillip,
Thursday, October 13, 2005, 4:56:30 PM, you wrote:
> Having trouble figureing out a certain walk through an array.
> And I am not finding the help I need in the manual or anything.
> I have an associative arr ($arr) With about 20 elements in it.
> Ten of which are required. So I have another associative array called
> $required, with all the elements in the array that are required.
> I have initaited a foreach loop on the $arr splitting things into $key and
> $value.
> Now the part I am having trouble with is this.
> I want to see if $key matches any of the values in $required. If so do
> something in particular. If not then do something else. It does not
> particularly matter which value in the $required it matches, just so long as
> it matches.
While for-eaching through your $arr you could simply do an:
if (in_array($key, $required))
Unless you need something more complex than this?
Cheers,
Rich
--
Zend Certified Engineer
http://www.launchcode.co.uk
attached mail follows:
Greetings All,
Having trouble figureing out a certain walk through an array.
And I am not finding the help I need in the manual or anything.
I have an associative arr ($arr) With about 20 elements in it.
Ten of which are required. So I have another associative array called
$required, with all the elements in the array that are required.
I have initaited a foreach loop on the $arr splitting things into $key and
$value.
Now the part I am having trouble with is this.
I want to see if $key matches any of the values in $required. If so do
something in particular. If not then do something else. It does not
particularly matter which value in the $required it matches, just so long as
it matches.
Thanks for any help.
Phillip
attached mail follows:
On Thu, October 13, 2005 9:26 am, Bosky, Dave wrote:
> Does anyone have a function that will check if an ip address falls
> with
> a starting/ending ip address range>>
If you are using PostgreSQL, it has a built-in IP address data type
which almost for sure does this. :-)
Maybe what you want to do is just convert the IP to an integer.
function ipd($ip){
list($a, $b, $c, $c) = explode('.', $ip);
$ipd = $a * 0x1000000 + $b * 0x10000 + $c * 0x100 + $d;
return $ipd;
}
Now you can just compare idp() of any IP addresses to see if they are
in a 'range'
There's probably a better way.
And you should probably use bit-shifting operators (<< and >>) insted
of my * 0x1000000 method, as it might be faster.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, October 5, 2005 2:12 pm, Scott Fletcher wrote:
> What is the safest way to destroy or take out the
> $xml['NEWSFEED']['0']['MESSAGE']['2']..... associative arrays starting
> with
> ['2'] and those arrays inside of the ['2'] array path?
>
> The unset() would make it not possible to reassign the data to this
> array
> once again, that is what I do not want.
Hunh?
<?php
$xml['NEWSFEED']['0']['MESSAGE']['2'] = array('whatever');
var_dump($xml);
unset($xml['NEWSFEED']['0']['MESSAGE']['2']);
$xml['NEWSFEED']['0']['MESSAGE']['2'] = array('something else');
var_dump($xml);
?>
You can reassign data any time you want.
I don't understand the problem you're having, personally...
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Wed, October 12, 2005 4:31 pm, GamblerZG wrote:
> Since nobody ansvered the real question my previous message, I will
> re-phrase it.
>
> PHP developers assume that PHP5 will be frequently used to parse PHP4
> scripts. Why?
Because that's how the real world works.
Somebody installs PHP5 on a server.
Somebody else installs code from PHP4 and expects it to work with
little or no modification.
> And what's so horrible about using separate engines to
> run
> php 4 and 5 scripts?
Nothing, if you can identify which are which, and have the
infrastructure to set up both and...
It's a great deal of system administration which, in most real-world
scenarios, doesn't happen.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch wrote:
>> PHP developers assume that PHP5 will be frequently used to parse PHP4
>> scripts. Why?
> Because that's how the real world works.
"The real world" works that way because, as you just said, installing 2
php modules side by side is a "great deal of system administration".
>>And what's so horrible about using separate engines to
>>run
>>php 4 and 5 scripts?
>
>
> Nothing, if you can identify which are which, and have the
> infrastructure to set up both and...
>
> It's a great deal of system administration
Let me get it straight. There are two ways of running PHP four and five
on one server. First one is by using five's compatibility mode, and it
breaks some of the old scripts. The second one is by using two different
apache modules. It *does not break anything*, but it's a pain to setup.
Judging sheerly by functionality and compatibility the second ways is
better.
However, judging from what I know about PHP, nobody tries to make that
way easier, because everybody assume that everyone else use the first
way. Is it good old catch 22 in action, or are there some design
considerations I'm not aware of?
--
Best regards,
Roman S.I.
http://sf.net/projects/naturalgine/
attached mail follows:
Hi,
Friday, October 14, 2005, 1:07:04 AM, you wrote:
> Let me get it straight. There are two ways of running PHP four and
> five on one server. First one is by using five's compatibility mode,
> and it breaks some of the old scripts. The second one is by using
> two different apache modules. It *does not break anything*, but it's
> a pain to setup.
There's another way - php4 runs as an Apache module, while php5 runs
as cgi (mapped to .php5, or to .php if you override it via htaccess).
Far less hassle to set-up. Probably why the largest independent
hosting company in the world* does it this way. If they can manage it
across their thousands of servers, any host can.
* www.pair.com
Cheers,
Rich
--
Zend Certified Engineer
http://www.launchcode.co.uk
attached mail follows:
Hi All,
My company is trying to send an offer email to all Ford dealers in USA.
We don't intend to send them unapproved emails i.e. sp*m hence, we will call then first.
Is there any way I can generate a PHP client/code that can search Google/Yahoo/MSN and grab the PR/Sales contacts ( e.g. address, phone number, email)?
I have e-grabber & can have it done manually but it hardly seems a solution. I could really use some help.
As for proof I am not a sp*mmer/ list seller you can visit or website www.primarywave.com and the number we intend to offer is 1-877-NEW FORD .
Thanks for the help,
CG
attached mail follows:
I would just go to Ford's dealership lookup page here:
http://www.fordvehicles.com/dealerships/index.asp
Pick a major city or two or three in each state and go down the list. that should get you a list of all the major Ford dealerships and be quicker than finding/implementing and/or using a PHP script to attempt to find the info.
Or just call Ford directly and ask for a directory of registered dealerships. They might be able to email you a complete list.
-TG
= = = Original message = = =
Hi All,
My company is trying to send an offer email to all Ford dealers in USA.
We don't intend to send them unapproved emails i.e. sp*m hence, we will call then first.
Is there any way I can generate a PHP client/code that can search Google/Yahoo/MSN and grab the PR/Sales contacts ( e.g. address, phone number, email)?
I have e-grabber & can have it done manually but it hardly seems a solution. I could really use some help.
As for proof I am not a sp*mmer/ list seller you can visit or website www.primarywave.com and the number we intend to offer is 1-877-NEW FORD .
Thanks for the help,
CG
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
attached mail follows:
Jay Blanchard wrote:
> [snip]
> I have just installed PHP5. I am using Windows XP and have already installed
>
> MySQL.
>
> When I try and make a connection to a database on MySQL via Dreamweaver I
can we make Dreamweaver illegal?
> get the following error message: "An unidentified error has occurred".
>
> What could be wrong and how can I fix this problem?
> [/snip]
>
> Since the error is "unidentified" I'll need to use ESPN to figure it out. My
> SWAG is that a solid whack on the top of the box will fix it. Yes, do that.
>
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> What version of MySQL are you using?
>
attached mail follows:
Jochem Maas wrote:
> Jay Blanchard wrote:
>
>> [snip]
>> I have just installed PHP5. I am using Windows XP and have already
>> installed
>>
>> MySQL.
>>
>> When I try and make a connection to a database on MySQL via Dreamweaver I
>
>
> can we make Dreamweaver illegal?
>
[snip]
But *I* use DW...
I know, I know... really it's just a *real* expensive text editor with
some nice ftp/project whizbang thingies...
but I've gotten used to it. ;)
attached mail follows:
Edward Vermillion wrote:
> Jochem Maas wrote:
>
>> Jay Blanchard wrote:
>>
>>> [snip]
>>> I have just installed PHP5. I am using Windows XP and have already
>>> installed
>>>
>>> MySQL.
>>>
>>> When I try and make a connection to a database on MySQL via
>>> Dreamweaver I
>>
>>
>>
>> can we make Dreamweaver illegal?
>>
> [snip]
>
> But *I* use DW...
>
> I know, I know... really it's just a *real* expensive text editor with
> some nice ftp/project whizbang thingies...
>
> but I've gotten used to it. ;)
you'll just have to start using it in secret.
>
attached mail follows:
On Thu, October 13, 2005 6:13 am, Turgut Hakký ÖZDEMÝR wrote:
> I'm looking for a document describing differences between C and PHP,
> important points for programmers who already know C,C++, and things
> that
> must be taken care.
> I'm googling for about an our but i can't find anything. Any
> suggestions.?
Try reading this:
http://www.php.net/manual/en/faq.languages.php
which compares PHP with other languages, which may be useful.
Other than that, things you should know:
Most of the grungy details of variable types, storage allocation, and
type-juggling is just plain a non-issue 99.9% of the time in PHP.
PHP classes are way more like stripped-down Java than C++. Or, think
of it as C++ 0.0.1 from Bjourne, which never actually existed, much
less got released, and that's about where it would be.
Probably the biggest learning tasks have nothing to do with
language/syntax per se.
PHP syntax pretty much fits in a small chapter:
http://www.php.net/manual/en/langref.php
Figuring out HTTP and client/server issues would be a book, if
somebody actually wrote it.
Browser oddities would be an encyclopedia, if a team actually wrote
that. And it would be chock-full of mistakes, mis-interpretations,
and mis-information anyway, and outdated before it went to press, much
less finished writing. Browsers suck. :-)
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
I have a PHP script that automatically sends an e-mail when accessed. Is there any way to mark the e-mail that is sent
as urgent or flagged?
Any help is appreciated.
--
Nathaniel Hall, GSEC
attached mail follows:
Nathaniel Hall wrote:
> I have a PHP script that automatically sends an e-mail when accessed. Is there any way to mark the e-mail that is sent
> as urgent or flagged?
Yes.
> Any help is appreciated.
http://us2.php.net/manual/en/function.mail.php
additional_headers
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
add a header in the mail function between 1 - 5, 1 being the highest
$headers .= "X-Priority: 1\n";
On 10/13/05, Nathaniel Hall <hallnotc.edu> wrote:
> I have a PHP script that automatically sends an e-mail when accessed. Is there any way to mark the e-mail that is sent
> as urgent or flagged?
>
> Any help is appreciated.
>
> --
> Nathaniel Hall, GSEC
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
On Thu, October 13, 2005 12:47 pm, Nathaniel Hall wrote:
> I have a PHP script that automatically sends an e-mail when accessed.
> Is there any way to mark the e-mail that is sent
> as urgent or flagged?
>
> Any help is appreciated.
Yes, but...
You can add a header "Priority: High" (I think it's "High")
But only spammers use that [1], so it increases the odds of getting
marked as spam.
The urgency of an email, as defined by the sender, has turned out to
be relatively useless, since the urgency, as defined by the recipient,
rarely matches. While you may have the luxury of knowing for sure
that the two urgencies (sender/recipient) *DO* match up, it's a rare
occurrence.
If you have sufficient control over sender and recipient accounts, you
could add URGENT to the Subject: and/or set up filtering on the email
client to force the message to be flagged there, based on criteria
that are less likely to get the email flagged as junk.
Maybe if Priority email cost more to send and bulk was cheaper, these
settings would become meaningful again. But, as it stands now, they
are largely useless to the sender. I'm sure some recipients
re-prioritize email based on filters, and that remains useful.
[1] This was an exaggeration, though not a huge one. Actually, savvy
spammers no longer use a Priority setting.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch wrote:
> On Thu, October 13, 2005 12:47 pm, Nathaniel Hall wrote:
>
>>I have a PHP script that automatically sends an e-mail when accessed.
>>Is there any way to mark the e-mail that is sent
>>as urgent or flagged?
>>
>>Any help is appreciated.
>
>
> Yes, but...
>
> You can add a header "Priority: High" (I think it's "High")
>
> But only spammers use that [1], so it increases the odds of getting
> marked as spam.
>
> The urgency of an email, as defined by the sender, has turned out to
> be relatively useless, since the urgency, as defined by the recipient,
> rarely matches. While you may have the luxury of knowing for sure
> that the two urgencies (sender/recipient) *DO* match up, it's a rare
> occurrence.
>
> If you have sufficient control over sender and recipient accounts, you
> could add URGENT to the Subject: and/or set up filtering on the email
> client to force the message to be flagged there, based on criteria
> that are less likely to get the email flagged as junk.
>
> Maybe if Priority email cost more to send and bulk was cheaper, these
> settings would become meaningful again. But, as it stands now, they
> are largely useless to the sender. I'm sure some recipients
> re-prioritize email based on filters, and that remains useful.
>
> [1] This was an exaggeration, though not a huge one. Actually, savvy
> spammers no longer use a Priority setting.
>
This is all for internal use. The PHP webpage is used as a honeypot on our website. When people visit the appropriate
page, I would like an Urgent e-mail to be sent to my e-mail and my cell phone (to the phones email address). I am able
to send text messages as urgent and they vibrate and ring differently already. I have the page working now, but it does
not mark anything as urgent or high priority.
attached mail follows:
On Wed, October 12, 2005 10:23 am, cc wrote:
> On 10/12/05, Tommy Jensehaugen <tommy_jensehaugenhotmail.com> wrote:
>> Thank you very much. This is what I ended up with if anyone needs
>> it:
>>
>> <?php
>> function runSeparateThread($strHost, $strPath="/") {
>> $fFile = fsockopen($strHost, 80, $intError, $strError);
>> if ($fFile) {
>> $out = "GET ".$strPath." HTTP/1.1\r\n";
>> $out .= "Host: ".$strHost."\r\n";
>> $out .= "Connection: Close\r\n\r\n";
>> if(!fwrite($fFile, $out)){
>> $result = "runSeparateThread():fwrite(). Could not
>> write:'".$out."'.
>> Host:'".$strHost."'. Path:'".$strPath."'";
>> } else {
>> $result = true;
>> }
>> fclose($fFile);
>> } else {
>> $result = "runSeparateThread():fsockopen(): Could not connect to
>> ".$strHost." (".$intError.") ".$strError.".";
>> }
>> return $result;
>> }
>> ?>
I missed the original question...
One thing to consider would be to have a list of hosts/urls you want,
and to open up all the sockets non-blocking, and then loop through
each socket and fread() data in a convenient-sized chunk and snag it.
This will make all the remote computers run "in parallel" to some degree.
This is most useful if the GETs you are doing are dynamic and take
awhile for the remote server to generate the output.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hi TG and others,
I think I must be missing something here.
Your example doesn't seem to traverse "down" into a multidim array.
Also, it appears as though your script assumes that the structure of the
array is known. It isn't and it is retrieved from "far away" and I have
no control over it's structure/depth/size etc... I can take a good guess
at the keys I want to keep and keep those in an array in my config.inc.
But I would ideally like to be able to have a function which is as
"array agnostic" as possible.
I tried to do an "unset($arr[key])" in one of my other attempts at
solving this problem. But from what I read in the manual (if I
understood correctly :-)), it seems as though you can't really do this
from within a function/routine which is walking through the array at
that time as the array is not re-ordered...
Thanks and no offence intended, I am just trying to understand... :-)
Alan
--
Tg wrote:
That works just as well, if you have only two levels of depth. Mostly I
was trying to illustrate how to use $key => $value in a foreach and what
to do if you need to go multiple levels down. Once you get to the
bottom level, then you can use isset() certainly.
Just wanted to make sure that it was clear what to do with $key and
$subkey relating to the main array ($alldataarr in this example)
---------snip-----------------
attached mail follows:
Alan Lord wrote:
> Hi TG and others,
>
> I think I must be missing something here.
>
> Your example doesn't seem to traverse "down" into a multidim array.
>
> Also, it appears as though your script assumes that the structure of the
> array is known. It isn't and it is retrieved from "far away" and I have
> no control over it's structure/depth/size etc... I can take a good guess
> at the keys I want to keep and keep those in an array in my config.inc.
> But I would ideally like to be able to have a function which is as
> "array agnostic" as possible.
shouldn't be 'array paragnostic' or maybe 'array gnostic' -
psychic hypertext processor. does what you mean.
>
> I tried to do an "unset($arr[key])" in one of my other attempts at
> solving this problem. But from what I read in the manual (if I
> understood correctly :-)), it seems as though you can't really do this
> from within a function/routine which is walking through the array at
> that time as the array is not re-ordered...
right so you have to write your own function. and/or maybe combine it with
array_map() and/or array_filter() ... here is a routine that drills
into an array given an array of values that act as the 'path'
into the array your 'drilling' (can you handle php5?), may be that
inspires you a bit:
/*
* eg
$yourDataSet = array();
$yourDataSet['A'] = array();
$yourDataSet['B'] = array();
$yourDataSet['A']['A'] = array();
$yourDataSet['B']['B'] = array();
$yourDataSet['B']['B']['coolstuff'] = array(
'foo' => 'bar',
'bar' => 'qux',
);
ArrayDriller::setSource( $yourDataSet );
$somedata = ArrayDriller::get( array('B','B','coolstuff') )
*/
class ArrayDriller
{
static private $source;
static public function setSource($var)
{
// do a check to make sure the keys are associative?
if (is_array($var) && count($var)) self::$source = $var;
}
static public function set($varName, $value = null)
{
if (is_array(self::$source) && $varName && !is_numeric($varName)) {
if (is_array( $varName )) {
$tmpArr =& self::$source;
while ( 1 ) {
self::chkVarName($k = array_shift( $varName ));
if ( !count( $varName )) {
return ($tmpArr[ $k ] = $value);
break;
} else if (! isset($tmpArr[ $k ]) || ! is_array($tmpArr[ $k ])) {
$tmpArr[ $k ] = array();
}
$tmpArr =& $tmpArr[ $k ];
}
} else {
self::chkVarName($varName);
return (self::$source[ $varName ] = $value);
}
}
}
static public function get($varName)
{
if (is_array(self::$source) && $varName) {
if (is_array( $varName )) {
$tmpArr =& self::$source;
while ( 1 ) {
self::chkVarName($k = array_shift( $varName ));
/* endpoint */
if ( !count( $varName )) {
if (is_array($tmpArr) && array_key_exists($k, $tmpArr)) {
return $tmpArr[ $k ];
}
break;
}
else if (!array_key_exists($k, $tmpArr) ||
!is_array($tmpArr[ $k ]))
{
// we can go no deeper
break;
}
$tmpArr =& $tmpArr[ $k ];
}
} else {
self::chkVarName( $varName );
if (array_key_exists($varName, self::$source)) {
return self::$source[ $varName ];
}
}
}
return null;
}
static private function chkVarName($varName)
{
if (strval( $varName )) {
return;
} else {
throw new Exception('backup buster, call that an assoc key?');
// trigger_error(); // er? php4 anyone?
}
}
}
>
> Thanks and no offence intended, I am just trying to understand... :-)
>
> Alan
> --
> Tg wrote:
>
> That works just as well, if you have only two levels of depth. Mostly I
> was trying to illustrate how to use $key => $value in a foreach and what
> to do if you need to go multiple levels down. Once you get to the
> bottom level, then you can use isset() certainly.
>
> Just wanted to make sure that it was clear what to do with $key and
> $subkey relating to the main array ($alldataarr in this example)
> ---------snip-----------------
>
attached mail follows:
Blimey...
That's going to take some de-ciphering... It looks fascinating :-)
Thanks!
Alan
> -----Original Message-----
> From: Jochem Maas [mailto:jochemiamjochem.com]
> Sent: 13 October 2005 20:53
> To: Alan Lord
> Cc: php-generallists.php.net
> Subject: Re: [PHP] RE: Removing Items from an Array
>
> Alan Lord wrote:
> > Hi TG and others,
> >
> > I think I must be missing something here.
> >
> > Your example doesn't seem to traverse "down" into a multidim array.
> >
> > Also, it appears as though your script assumes that the
> structure of
> > the array is known. It isn't and it is retrieved from "far
> away" and I
> > have no control over it's structure/depth/size etc... I can take a
> > good guess at the keys I want to keep and keep those in an
> array in my config.inc.
> > But I would ideally like to be able to have a function which is as
> > "array agnostic" as possible.
>
> shouldn't be 'array paragnostic' or maybe 'array gnostic' -
> psychic hypertext processor. does what you mean.
>
> >
> > I tried to do an "unset($arr[key])" in one of my other attempts at
> > solving this problem. But from what I read in the manual (if I
> > understood correctly :-)), it seems as though you can't
> really do this
> > from within a function/routine which is walking through the
> array at
> > that time as the array is not re-ordered...
>
> right so you have to write your own function. and/or maybe
> combine it with
> array_map() and/or array_filter() ... here is a routine that
> drills into an array given an array of values that act as the 'path'
> into the array your 'drilling' (can you handle php5?), may be
> that inspires you a bit:
>
> /*
> * eg
>
> $yourDataSet = array();
> $yourDataSet['A'] = array();
> $yourDataSet['B'] = array();
> $yourDataSet['A']['A'] = array();
> $yourDataSet['B']['B'] = array();
> $yourDataSet['B']['B']['coolstuff'] = array(
> 'foo' => 'bar',
> 'bar' => 'qux',
> );
>
> ArrayDriller::setSource( $yourDataSet ); $somedata =
> ArrayDriller::get( array('B','B','coolstuff') )
> */
>
> class ArrayDriller
> {
> static private $source;
>
> static public function setSource($var)
> {
> // do a check to make sure the keys are associative?
> if (is_array($var) && count($var)) self::$source = $var;
> }
>
> static public function set($varName, $value = null)
> {
> if (is_array(self::$source) && $varName &&
> !is_numeric($varName)) {
> if (is_array( $varName )) {
> $tmpArr =& self::$source;
> while ( 1 ) {
> self::chkVarName($k = array_shift( $varName ));
> if ( !count( $varName )) {
> return ($tmpArr[ $k ] = $value);
> break;
> } else if (! isset($tmpArr[ $k ]) || !
> is_array($tmpArr[ $k ])) {
> $tmpArr[ $k ] = array();
> }
>
> $tmpArr =& $tmpArr[ $k ];
> }
> } else {
> self::chkVarName($varName);
> return (self::$source[ $varName ] = $value);
> }
> }
> }
>
> static public function get($varName)
> {
> if (is_array(self::$source) && $varName) {
> if (is_array( $varName )) {
> $tmpArr =& self::$source;
> while ( 1 ) {
> self::chkVarName($k = array_shift( $varName ));
>
> /* endpoint */
> if ( !count( $varName )) {
> if (is_array($tmpArr) &&
> array_key_exists($k, $tmpArr)) {
> return $tmpArr[ $k ];
> }
> break;
> }
> else if (!array_key_exists($k, $tmpArr) ||
> !is_array($tmpArr[ $k ]))
> {
> // we can go no deeper
> break;
> }
>
> $tmpArr =& $tmpArr[ $k ];
> }
> } else {
> self::chkVarName( $varName );
> if (array_key_exists($varName, self::$source)) {
> return self::$source[ $varName ];
> }
> }
> }
>
> return null;
> }
>
> static private function chkVarName($varName)
> {
> if (strval( $varName )) {
> return;
> } else {
> throw new Exception('backup buster, call that an
> assoc key?');
> // trigger_error(); // er? php4 anyone?
> }
> }
> }
>
>
> >
> > Thanks and no offence intended, I am just trying to
> understand... :-)
> >
> > Alan
> > --
> > Tg wrote:
> >
> > That works just as well, if you have only two levels of
> depth. Mostly
> > I was trying to illustrate how to use $key => $value in a
> foreach and
> > what to do if you need to go multiple levels down. Once you get to
> > the bottom level, then you can use isset() certainly.
> >
> > Just wanted to make sure that it was clear what to do with $key and
> > $subkey relating to the main array ($alldataarr in this example)
> > ---------snip-----------------
> >
>
>
attached mail follows:
How does a hacker get access to your scripts located outside the web
folder?
I asked a friend to hack my php script within the web folder...
all of my crucial function were called by:
require_once("/home/siren/includes/fonovisa.inc");
the 'encrypt' functions are MCRYPT_RIJNDAEL_256
He was able to get access to the 'fonovisa.inc' php script [outside
the web folder] and all the stuff inside
Based on my current knowledge, my security breaches are probably big
enough to drive a truck through :(
how can I prevent this ?
I am VERY new at the whole 'security' thing so any help is appreciated
this is the script within the web folder:
<?php
require_once("/home/siren/includes/fonovisa.inc");
$thisScriptURL = ThisScriptsAbsoluteHTTPLocation($_SERVER
['SCRIPT_NAME']);
qtversiondetect($_SERVER['HTTP_USER_AGENT']);
//////////////////////////////////////////
// This PHP script is performing three tasks
// 1) Creates a SMIL playlist of Quicktime movies from a database
call
// 2) Reads each requested movie file from outside the web folder
// Movies are downloaded by passing the GET variable, 'path',
to the 'freadMovie()' function
// This function is located in the script,
'fonovisa.inc', located outside the web folder
// The movie files are fread chunk by chunk in
binary format and loaded into the the Quicktime Player
// 3) Build the Actual Quicktime Media Link with all the EMBED
attributes like KIOSKMODE and QUITWHENDONE
//
//
////////////////////////
// Flow of the Code:
// If the GET variable, 'cmd', equals 'makesmil'
// Build the SMIL playlist
// ElseIf the GET variable, 'cmd', equals 'getmovie'
// Send the requested url [with the encrypted movie file
path] to the freadmovie() function
// which freads the requested movie file data to the
Quicktime Player
// Else
// Build the Quicktime Media Link that generated the
Headers and Embed tags
// where the 'src' attribute points to the SMIL Playlist
Movie function in THIS script
// Endif
//////////////////////
// any variable there ?
if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
{
////////////
// Ok, there is a 'cmd' and/or 'path' variable, what are they ?
////////////
//make the SMIL playlist of movie
if( trim(decrypt( $_REQUEST['cmd'])) =="makesmil")
makesmil($thisScriptURL);
//fread a movie file in the playlist and send to QuickTime
elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
freadMovie($_REQUEST['path']);
}else{
///////////
// No commands were given
// So make the Quicktime Media Link with all the EMBED attributes
// The 'src' attribute is going to call the 'makesmil'
function to generate the SMIL playlist movie
//////////
buildQTMediaLinkForSMILPlaylist( $autoplay="true",
$cache="false",
$kioskmode="true",
$quitwhendone="true",
$movieid=md5(time()),
$moviename="Commercial Reel 2005",
$src="$thisScriptURL?cmd=".encrypt('makesmil')
);
///////////
// Output the Correct QuickTime Headers and the Embed Tags
and send the movie to QuickTime
///////////
OutputHeaders($_SERVER['HTTP_USER_AGENT']);
echo $finalQTMovie;
}
/////////////////////////////////////
// Local Functions
/////////////////////////////////////
function makesmil($thisScriptURL)
{
buildSMILArray($thisScriptURL,$d='siren',$playlist="Show Reel");
// format the SMIL playlist
buildSMILPlaylist( $timeslider="true",
$chaptermode="all",
$immediateinstantiation="false",
$autoplay="true",
$left="1",
$top="1",
$height="208",
$width = "352",
$fit= "fill",
$title = "Commercial
Reel 2005",
$regionid="siren",
$bgcolor="black",
$movieid=md5(time()),
$moviename="Commercial
Reel 2005",
$movieArray);
}
//-------------------------
// Santize the variables to prevent mysql injection and trim them
function sanitizeVars()
{
$path = getGetVarProcessed( 'path', 'cleanser', 'unknown' );
$cmd = getGetVarProcessed( 'cmd', 'cleanser', 'unknown' );
}
//-------------------------
// Output Player or Browser Content-Type Header
function OutputHeaders($userAgent)
{
global $finalQTMovie;
if(strstr($userAgent,"qtver")){
// Player
header('Content-Type: application/x-quicktimeplayer');
}else{
//Browser
header('Content-Type: video/quicktime');
}
//output any of the other headers
header ("Content-Length:".strlen($finalQTMovie));
}
?>
attached mail follows:
Graham Anderson wrote:
> How does a hacker get access to your scripts located outside the web
> folder?
> I asked a friend to hack my php script within the web folder...
>
>
> all of my crucial function were called by:
> require_once("/home/siren/includes/fonovisa.inc");
> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>
> He was able to get access to the 'fonovisa.inc' php script [outside
> the web folder] and all the stuff inside
> Based on my current knowledge, my security breaches are probably big
> enough to drive a truck through :(
>
>
> how can I prevent this ?
> I am VERY new at the whole 'security' thing so any help is appreciated
Just looking briefly at the below script; NEVER trust user input!
Sanatize it, escape it, check to see it's what you expect, and do it
again. Doing things like this...
freadMovie($_REQUEST['path']);
is just asking for trouble.
> this is the script within the web folder:
> <?php
> require_once("/home/siren/includes/fonovisa.inc");
> $thisScriptURL = ThisScriptsAbsoluteHTTPLocation($_SERVER ['SCRIPT_NAME']);
> qtversiondetect($_SERVER['HTTP_USER_AGENT']);
>
>
>
>
> //////////////////////////////////////////
> // This PHP script is performing three tasks
> // 1) Creates a SMIL playlist of Quicktime movies from a database call
> // 2) Reads each requested movie file from outside the web folder
> // Movies are downloaded by passing the GET variable, 'path', to
> the 'freadMovie()' function
> // This function is located in the script,
> 'fonovisa.inc', located outside the web folder
> // The movie files are fread chunk by chunk in binary
> format and loaded into the the Quicktime Player
> // 3) Build the Actual Quicktime Media Link with all the EMBED
> attributes like KIOSKMODE and QUITWHENDONE
> //
> //
> ////////////////////////
> // Flow of the Code:
> // If the GET variable, 'cmd', equals 'makesmil'
> // Build the SMIL playlist
> // ElseIf the GET variable, 'cmd', equals 'getmovie'
> // Send the requested url [with the encrypted movie file path]
> to the freadmovie() function
> // which freads the requested movie file data to the
> Quicktime Player
> // Else
> // Build the Quicktime Media Link that generated the Headers
> and Embed tags
> // where the 'src' attribute points to the SMIL Playlist
> Movie function in THIS script
> // Endif
> //////////////////////
>
>
> // any variable there ?
> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
> {
>
> ////////////
> // Ok, there is a 'cmd' and/or 'path' variable, what are they ?
> ////////////
>
> //make the SMIL playlist of movie
> if( trim(decrypt( $_REQUEST['cmd'])) =="makesmil")
> makesmil($thisScriptURL);
>
> //fread a movie file in the playlist and send to QuickTime
> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
> freadMovie($_REQUEST['path']);
>
>
> }else{
> ///////////
> // No commands were given
> // So make the Quicktime Media Link with all the EMBED attributes
> // The 'src' attribute is going to call the 'makesmil' function
> to generate the SMIL playlist movie
> //////////
> buildQTMediaLinkForSMILPlaylist( $autoplay="true",
>
> $cache="false",
>
> $kioskmode="true",
>
> $quitwhendone="true",
>
> $movieid=md5(time()),
>
> $moviename="Commercial Reel 2005",
>
> $src="$thisScriptURL?cmd=".encrypt('makesmil')
> );
>
> ///////////
> // Output the Correct QuickTime Headers and the Embed Tags and
> send the movie to QuickTime
> ///////////
> OutputHeaders($_SERVER['HTTP_USER_AGENT']);
> echo $finalQTMovie;
>
>
> }
>
>
> /////////////////////////////////////
> // Local Functions
> /////////////////////////////////////
>
> function makesmil($thisScriptURL)
> {
> buildSMILArray($thisScriptURL,$d='siren',$playlist="Show Reel");
>
> // format the SMIL playlist
> buildSMILPlaylist( $timeslider="true",
> $chaptermode="all",
>
> $immediateinstantiation="false",
> $autoplay="true",
> $left="1",
> $top="1",
> $height="208",
> $width = "352",
> $fit= "fill",
> $title = "Commercial Reel
> 2005",
> $regionid="siren",
> $bgcolor="black",
> $movieid=md5(time()),
> $moviename="Commercial Reel
> 2005",
> $movieArray);
> }
>
>
> //-------------------------
> // Santize the variables to prevent mysql injection and trim them
> function sanitizeVars()
> {
> $path = getGetVarProcessed( 'path', 'cleanser', 'unknown' );
> $cmd = getGetVarProcessed( 'cmd', 'cleanser', 'unknown' );
> }
>
>
> //-------------------------
> // Output Player or Browser Content-Type Header
>
> function OutputHeaders($userAgent)
> {
> global $finalQTMovie;
> if(strstr($userAgent,"qtver")){
> // Player
> header('Content-Type: application/x-quicktimeplayer');
> }else{
> //Browser
> header('Content-Type: video/quicktime');
> }
> //output any of the other headers
> header ("Content-Length:".strlen($finalQTMovie));
> }
>
> ?>
>
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
Graham Anderson wrote:
> How does a hacker get access to your scripts located outside the web
> folder?
> I asked a friend to hack my php script within the web folder...
>
er. why don't you *#%*&#(%*&!#^%(_*^#()% % er ask him.
>
> all of my crucial function were called by:
> require_once("/home/siren/includes/fonovisa.inc");
> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>
> He was able to get access to the 'fonovisa.inc' php script [outside
> the web folder] and all the stuff inside
> Based on my current knowledge, my security breaches are probably big
> enough to drive a truck through :(
>
>
> how can I prevent this ?
santize your input - make sure your webserver is secure.
don't give php files a .inc extension if you don't know what your doing.
your probably doing the equivelant of (although some what less obviously):
<?
echo get_file_contents( $_GET['anyfileyoulike'] );
attached mail follows:
On Thu, 2005-10-13 at 17:05, Graham Anderson wrote:
> How does a hacker get access to your scripts located outside the web
> folder?
> I asked a friend to hack my php script within the web folder...
Ummm, the obvious thing to do is ask your friend how he did it, then
we'll tell you how to prevent it in the future. Otherwise we're all just
shooting in the dark.
Cheers,
Rob.
>
>
> all of my crucial function were called by:
> require_once("/home/siren/includes/fonovisa.inc");
> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>
> He was able to get access to the 'fonovisa.inc' php script [outside
> the web folder] and all the stuff inside
> Based on my current knowledge, my security breaches are probably big
> enough to drive a truck through :(
>
>
> how can I prevent this ?
> I am VERY new at the whole 'security' thing so any help is appreciated
>
>
>
> this is the script within the web folder:
> <?php
> require_once("/home/siren/includes/fonovisa.inc");
> $thisScriptURL = ThisScriptsAbsoluteHTTPLocation($_SERVER
> ['SCRIPT_NAME']);
> qtversiondetect($_SERVER['HTTP_USER_AGENT']);
>
>
>
>
> //////////////////////////////////////////
> // This PHP script is performing three tasks
> // 1) Creates a SMIL playlist of Quicktime movies from a database
> call
> // 2) Reads each requested movie file from outside the web folder
> // Movies are downloaded by passing the GET variable, 'path',
> to the 'freadMovie()' function
> // This function is located in the script,
> 'fonovisa.inc', located outside the web folder
> // The movie files are fread chunk by chunk in
> binary format and loaded into the the Quicktime Player
> // 3) Build the Actual Quicktime Media Link with all the EMBED
> attributes like KIOSKMODE and QUITWHENDONE
> //
> //
> ////////////////////////
> // Flow of the Code:
> // If the GET variable, 'cmd', equals 'makesmil'
> // Build the SMIL playlist
> // ElseIf the GET variable, 'cmd', equals 'getmovie'
> // Send the requested url [with the encrypted movie file
> path] to the freadmovie() function
> // which freads the requested movie file data to the
> Quicktime Player
> // Else
> // Build the Quicktime Media Link that generated the
> Headers and Embed tags
> // where the 'src' attribute points to the SMIL Playlist
> Movie function in THIS script
> // Endif
> //////////////////////
>
>
> // any variable there ?
> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
> {
>
> ////////////
> // Ok, there is a 'cmd' and/or 'path' variable, what are they ?
> ////////////
>
> //make the SMIL playlist of movie
> if( trim(decrypt( $_REQUEST['cmd'])) =="makesmil")
> makesmil($thisScriptURL);
>
> //fread a movie file in the playlist and send to QuickTime
> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
> freadMovie($_REQUEST['path']);
>
>
> }else{
> ///////////
> // No commands were given
> // So make the Quicktime Media Link with all the EMBED attributes
> // The 'src' attribute is going to call the 'makesmil'
> function to generate the SMIL playlist movie
> //////////
> buildQTMediaLinkForSMILPlaylist( $autoplay="true",
>
> $cache="false",
>
> $kioskmode="true",
>
> $quitwhendone="true",
>
> $movieid=md5(time()),
>
> $moviename="Commercial Reel 2005",
>
> $src="$thisScriptURL?cmd=".encrypt('makesmil')
> );
>
> ///////////
> // Output the Correct QuickTime Headers and the Embed Tags
> and send the movie to QuickTime
> ///////////
> OutputHeaders($_SERVER['HTTP_USER_AGENT']);
> echo $finalQTMovie;
>
>
> }
>
>
> /////////////////////////////////////
> // Local Functions
> /////////////////////////////////////
>
> function makesmil($thisScriptURL)
> {
> buildSMILArray($thisScriptURL,$d='siren',$playlist="Show Reel");
>
> // format the SMIL playlist
> buildSMILPlaylist( $timeslider="true",
> $chaptermode="all",
>
> $immediateinstantiation="false",
> $autoplay="true",
> $left="1",
> $top="1",
> $height="208",
> $width = "352",
> $fit= "fill",
> $title = "Commercial
> Reel 2005",
> $regionid="siren",
> $bgcolor="black",
> $movieid=md5(time()),
> $moviename="Commercial
> Reel 2005",
> $movieArray);
> }
>
>
> //-------------------------
> // Santize the variables to prevent mysql injection and trim them
> function sanitizeVars()
> {
> $path = getGetVarProcessed( 'path', 'cleanser', 'unknown' );
> $cmd = getGetVarProcessed( 'cmd', 'cleanser', 'unknown' );
> }
>
>
> //-------------------------
> // Output Player or Browser Content-Type Header
>
> function OutputHeaders($userAgent)
> {
> global $finalQTMovie;
> if(strstr($userAgent,"qtver")){
> // Player
> header('Content-Type: application/x-quicktimeplayer');
> }else{
> //Browser
> header('Content-Type: video/quicktime');
> }
> //output any of the other headers
> header ("Content-Length:".strlen($finalQTMovie));
> }
>
> ?>
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
attached mail follows:
Ok, I just heard back from him and feel like an idiot
my htaccess file for the folder containing the php script was not
set properly
guess at this point, I'll take all of the advice you guys gave and
implement it :)
g
On Oct 13, 2005, at 2:21 PM, Robert Cummings wrote:
> On Thu, 2005-10-13 at 17:05, Graham Anderson wrote:
>
>> How does a hacker get access to your scripts located outside the web
>> folder?
>> I asked a friend to hack my php script within the web folder...
>>
>
> Ummm, the obvious thing to do is ask your friend how he did it, then
> we'll tell you how to prevent it in the future. Otherwise we're all
> just
> shooting in the dark.
>
> Cheers,
> Rob.
>
>
>>
>>
>> all of my crucial function were called by:
>> require_once("/home/siren/includes/fonovisa.inc");
>> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>>
>> He was able to get access to the 'fonovisa.inc' php script [outside
>> the web folder] and all the stuff inside
>> Based on my current knowledge, my security breaches are probably big
>> enough to drive a truck through :(
>>
>>
>> how can I prevent this ?
>> I am VERY new at the whole 'security' thing so any help is
>> appreciated
>>
>>
>>
>> this is the script within the web folder:
>> <?php
>> require_once("/home/siren/includes/fonovisa.inc");
>> $thisScriptURL = ThisScriptsAbsoluteHTTPLocation($_SERVER
>> ['SCRIPT_NAME']);
>> qtversiondetect($_SERVER['HTTP_USER_AGENT']);
>>
>>
>>
>>
>> //////////////////////////////////////////
>> // This PHP script is performing three tasks
>> // 1) Creates a SMIL playlist of Quicktime movies from a database
>> call
>> // 2) Reads each requested movie file from outside the web folder
>> // Movies are downloaded by passing the GET variable, 'path',
>> to the 'freadMovie()' function
>> // This function is located in the script,
>> 'fonovisa.inc', located outside the web folder
>> // The movie files are fread chunk by chunk in
>> binary format and loaded into the the Quicktime Player
>> // 3) Build the Actual Quicktime Media Link with all the EMBED
>> attributes like KIOSKMODE and QUITWHENDONE
>> //
>> //
>> ////////////////////////
>> // Flow of the Code:
>> // If the GET variable, 'cmd', equals 'makesmil'
>> // Build the SMIL playlist
>> // ElseIf the GET variable, 'cmd', equals 'getmovie'
>> // Send the requested url [with the encrypted movie file
>> path] to the freadmovie() function
>> // which freads the requested movie file data to the
>> Quicktime Player
>> // Else
>> // Build the Quicktime Media Link that generated the
>> Headers and Embed tags
>> // where the 'src' attribute points to the SMIL Playlist
>> Movie function in THIS script
>> // Endif
>> //////////////////////
>>
>>
>> // any variable there ?
>> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
>> {
>>
>> ////////////
>> // Ok, there is a 'cmd' and/or 'path' variable, what are they ?
>> ////////////
>>
>> //make the SMIL playlist of movie
>> if( trim(decrypt( $_REQUEST['cmd'])) =="makesmil")
>> makesmil($thisScriptURL);
>>
>> //fread a movie file in the playlist and send to QuickTime
>> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
>> freadMovie($_REQUEST['path']);
>>
>>
>> }else{
>> ///////////
>> // No commands were given
>> // So make the Quicktime Media Link with all the EMBED
>> attributes
>> // The 'src' attribute is going to call the 'makesmil'
>> function to generate the SMIL playlist movie
>> //////////
>> buildQTMediaLinkForSMILPlaylist( $autoplay="true",
>>
>> $cache="false",
>>
>> $kioskmode="true",
>>
>> $quitwhendone="true",
>>
>> $movieid=md5(time()),
>>
>> $moviename="Commercial Reel 2005",
>>
>> $src="$thisScriptURL?cmd=".encrypt('makesmil')
>> );
>>
>> ///////////
>> // Output the Correct QuickTime Headers and the Embed Tags
>> and send the movie to QuickTime
>> ///////////
>> OutputHeaders($_SERVER['HTTP_USER_AGENT']);
>> echo $finalQTMovie;
>>
>>
>> }
>>
>>
>> /////////////////////////////////////
>> // Local Functions
>> /////////////////////////////////////
>>
>> function makesmil($thisScriptURL)
>> {
>> buildSMILArray($thisScriptURL,$d='siren',$playlist="Show Reel");
>>
>> // format the SMIL playlist
>> buildSMILPlaylist( $timeslider="true",
>> $chaptermode="all",
>>
>> $immediateinstantiation="false",
>> $autoplay="true",
>> $left="1",
>> $top="1",
>> $height="208",
>> $width = "352",
>> $fit= "fill",
>> $title = "Commercial
>> Reel 2005",
>> $regionid="siren",
>> $bgcolor="black",
>> $movieid=md5(time()),
>> $moviename="Commercial
>> Reel 2005",
>> $movieArray);
>> }
>>
>>
>> //-------------------------
>> // Santize the variables to prevent mysql injection and trim them
>> function sanitizeVars()
>> {
>> $path = getGetVarProcessed( 'path', 'cleanser', 'unknown' );
>> $cmd = getGetVarProcessed( 'cmd', 'cleanser', 'unknown' );
>> }
>>
>>
>> //-------------------------
>> // Output Player or Browser Content-Type Header
>>
>> function OutputHeaders($userAgent)
>> {
>> global $finalQTMovie;
>> if(strstr($userAgent,"qtver")){
>> // Player
>> header('Content-Type: application/x-quicktimeplayer');
>> }else{
>> //Browser
>> header('Content-Type: video/quicktime');
>> }
>> //output any of the other headers
>> header ("Content-Length:".strlen($finalQTMovie));
>> }
>>
>> ?>
>>
> --
> .------------------------------------------------------------.
> | InterJinn Application Framework - http://www.interjinn.com |
> :------------------------------------------------------------:
> | An application and templating framework for PHP. Boasting |
> | a powerful, scalable system for accessing system services |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for |
> | creating re-usable components quickly and easily. |
> `------------------------------------------------------------'
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
Is this a bit better ?
As directed, I 'sanitized' all user input variables with trim and
mysql_real_escape_string.
thanks for everyone's patience as I am starting at ground zero
concerning security.
if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
{
// decrypt and santize variables
$cmd = isset($_REQUEST['cmd']) ? cleanser(decrypt($_REQUEST
['cmd'])) : $cmd="null";
$path = isset($_REQUEST['path']) ? cleanser(decrypt($_REQUEST
['path'])) : $path="null";
.
.
.
the cleanser script:
function cleanser( $value )
{
return mysql_real_escape_string( trim( $value ) ) ;
}
the 'decrypt' function uses MCRYPT_RIJNDAEL_256 with a $key stored
outside the web folder.
many thanks :)
g
On Oct 13, 2005, at 2:36 PM, Graham Anderson wrote:
>
> Ok, I just heard back from him and feel like an idiot
>
> my htaccess file for the folder containing the php script was not
> set properly
> guess at this point, I'll take all of the advice you guys gave and
> implement it :)
>
> g
>
> On Oct 13, 2005, at 2:21 PM, Robert Cummings wrote:
>
>
>> On Thu, 2005-10-13 at 17:05, Graham Anderson wrote:
>>
>>
>>> How does a hacker get access to your scripts located outside the web
>>> folder?
>>> I asked a friend to hack my php script within the web folder...
>>>
>>>
>>
>> Ummm, the obvious thing to do is ask your friend how he did it, then
>> we'll tell you how to prevent it in the future. Otherwise we're
>> all just
>> shooting in the dark.
>>
>> Cheers,
>> Rob.
>>
>>
>>
>>>
>>>
>>> all of my crucial function were called by:
>>> require_once("/home/siren/includes/fonovisa.inc");
>>> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>>>
>>> He was able to get access to the 'fonovisa.inc' php script [outside
>>> the web folder] and all the stuff inside
>>> Based on my current knowledge, my security breaches are probably big
>>> enough to drive a truck through :(
>>>
>>>
>>> how can I prevent this ?
>>> I am VERY new at the whole 'security' thing so any help is
>>> appreciated
>>>
>>>
>>>
>>> this is the script within the web folder:
>>> <?php
>>> require_once("/home/siren/includes/fonovisa.inc");
>>> $thisScriptURL = ThisScriptsAbsoluteHTTPLocation($_SERVER
>>> ['SCRIPT_NAME']);
>>> qtversiondetect($_SERVER['HTTP_USER_AGENT']);
>>>
>>>
>>>
>>>
>>> //////////////////////////////////////////
>>> // This PHP script is performing three tasks
>>> // 1) Creates a SMIL playlist of Quicktime movies from a database
>>> call
>>> // 2) Reads each requested movie file from outside the web folder
>>> // Movies are downloaded by passing the GET variable, 'path',
>>> to the 'freadMovie()' function
>>> // This function is located in the script,
>>> 'fonovisa.inc', located outside the web folder
>>> // The movie files are fread chunk by chunk in
>>> binary format and loaded into the the Quicktime Player
>>> // 3) Build the Actual Quicktime Media Link with all the EMBED
>>> attributes like KIOSKMODE and QUITWHENDONE
>>> //
>>> //
>>> ////////////////////////
>>> // Flow of the Code:
>>> // If the GET variable, 'cmd', equals 'makesmil'
>>> // Build the SMIL playlist
>>> // ElseIf the GET variable, 'cmd', equals 'getmovie'
>>> // Send the requested url [with the encrypted movie file
>>> path] to the freadmovie() function
>>> // which freads the requested movie file data to the
>>> Quicktime Player
>>> // Else
>>> // Build the Quicktime Media Link that generated the
>>> Headers and Embed tags
>>> // where the 'src' attribute points to the SMIL Playlist
>>> Movie function in THIS script
>>> // Endif
>>> //////////////////////
>>>
>>>
>>> // any variable there ?
>>> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
>>> {
>>>
>>> ////////////
>>> // Ok, there is a 'cmd' and/or 'path' variable, what are they ?
>>> ////////////
>>>
>>> //make the SMIL playlist of movie
>>> if( trim(decrypt( $_REQUEST['cmd'])) =="makesmil")
>>> makesmil($thisScriptURL);
>>>
>>> //fread a movie file in the playlist and send to QuickTime
>>> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
>>> freadMovie($_REQUEST['path']);
>>>
>>>
>>> }else{
>>> ///////////
>>> // No commands were given
>>> // So make the Quicktime Media Link with all the EMBED
>>> attributes
>>> // The 'src' attribute is going to call the 'makesmil'
>>> function to generate the SMIL playlist movie
>>> //////////
>>> buildQTMediaLinkForSMILPlaylist( $autoplay="true",
>>>
>>> $cache="false",
>>>
>>> $kioskmode="true",
>>>
>>> $quitwhendone="true",
>>>
>>> $movieid=md5(time()),
>>>
>>> $moviename="Commercial Reel 2005",
>>>
>>> $src="$thisScriptURL?cmd=".encrypt('makesmil')
>>> );
>>>
>>> ///////////
>>> // Output the Correct QuickTime Headers and the Embed Tags
>>> and send the movie to QuickTime
>>> ///////////
>>> OutputHeaders($_SERVER['HTTP_USER_AGENT']);
>>> echo $finalQTMovie;
>>>
>>>
>>> }
>>>
>>>
>>> /////////////////////////////////////
>>> // Local Functions
>>> /////////////////////////////////////
>>>
>>> function makesmil($thisScriptURL)
>>> {
>>> buildSMILArray($thisScriptURL,$d='siren',$playlist="Show
>>> Reel");
>>>
>>> // format the SMIL playlist
>>> buildSMILPlaylist( $timeslider="true",
>>> $chaptermode="all",
>>>
>>> $immediateinstantiation="false",
>>> $autoplay="true",
>>> $left="1",
>>> $top="1",
>>> $height="208",
>>> $width = "352",
>>> $fit= "fill",
>>> $title = "Commercial
>>> Reel 2005",
>>> $regionid="siren",
>>> $bgcolor="black",
>>> $movieid=md5(time()),
>>> $moviename="Commercial
>>> Reel 2005",
>>> $movieArray);
>>> }
>>>
>>>
>>> //-------------------------
>>> // Santize the variables to prevent mysql injection and trim them
>>> function sanitizeVars()
>>> {
>>> $path = getGetVarProcessed( 'path', 'cleanser', 'unknown' );
>>> $cmd = getGetVarProcessed( 'cmd', 'cleanser', 'unknown' );
>>> }
>>>
>>>
>>> //-------------------------
>>> // Output Player or Browser Content-Type Header
>>>
>>> function OutputHeaders($userAgent)
>>> {
>>> global $finalQTMovie;
>>> if(strstr($userAgent,"qtver")){
>>> // Player
>>> header('Content-Type: application/x-quicktimeplayer');
>>> }else{
>>> //Browser
>>> header('Content-Type: video/quicktime');
>>> }
>>> //output any of the other headers
>>> header ("Content-Length:".strlen($finalQTMovie));
>>> }
>>>
>>> ?>
>>>
>>>
>> --
>> .------------------------------------------------------------.
>> | InterJinn Application Framework - http://www.interjinn.com |
>> :------------------------------------------------------------:
>> | An application and templating framework for PHP. Boasting |
>> | a powerful, scalable system for accessing system services |
>> | such as forms, properties, sessions, and caches. InterJinn |
>> | also provides an extremely flexible architecture for |
>> | creating re-usable components quickly and easily. |
>> `------------------------------------------------------------'
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
attached mail follows:
Graham Anderson said the following on 10/13/05 15:31:
> Is this a bit better ?
> As directed, I 'sanitized' all user input variables with trim and
> mysql_real_escape_string.
>
> thanks for everyone's patience as I am starting at ground zero
> concerning security.
>
>
> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
> {
> // decrypt and santize variables
> $cmd = isset($_REQUEST['cmd']) ? cleanser(decrypt($_REQUEST
> ['cmd'])) : $cmd="null";
> $path = isset($_REQUEST['path']) ? cleanser(decrypt($_REQUEST
> ['path'])) : $path="null";
> .
> .
> .
>
> the cleanser script:
> function cleanser( $value )
> {
> return mysql_real_escape_string( trim( $value ) ) ;
> }
>
> the 'decrypt' function uses MCRYPT_RIJNDAEL_256 with a $key stored
> outside the web folder.
>
> many thanks :)
My understanding is that mysql_real_escape_string will only work while
you are connected to mysql. Not sure if that is the case in your situation.
- Ben
attached mail follows:
¡¡¡¡ÄϺ£öùÉñÎÞ·¨¿ÉÊ©£¬ÐÄÏ룺¡°ÎҼȲ»ÄÜɱËû£¬ËûÓÖ²»¿ÏÇóÎÒ£¬Õâ¾ÍÄÑÁË¡£¡±Ò»Æ³ÑÛ£¬¼ûľÍñÇåÂúÁ³¹ØÇеÄÉñÉ«£¬Áé»úÒ»¶¯£¬Ã͵Ø×ÝÉí¹ýÈ¥£¬×¥×¡ËýºóÁ죬½«ËýÉí×Ӹ߸ßÌáÆ𣬷´Éí¼¸ÏÂÌøÔ¾£¬Òѵ½ÁËѱߣ¬×ó×ãÇÌÆð£¬ÓÒ×ãʹÕС®½ð¼¦¶ÀÁ¢¡¯ÊÆ£¬ÔÚÄÇǧØð±ÚÁ¢µÄ¸ßÑÂÉÏÒ¡Ò¡»Ï»Ï£¬±ãËÆÒªºÍľÍñÇåÒ»Æëˤ½«ÏÂÈ¥¡£
¡¡¡¡ÊÖÕƸÕÒªÅöµ½³ÌÓ¢ºóÐÄ£¬Ò»Æ³¼ä¼ûËý¾±ÖÐϵ×ÅÒ»Ìõ½õÅÁ£¬Ëص׶Ð×ÓÉÏÐåן컨ÂÌÒ¶£¬ÕýÊǵ±Äê×Ô¼º¾«ÐÄÐå¾Í¡¢Ôù¸øÒâÖÐÈËÖ®Î²»½ûÒ»´ô£¬Ù¿µØÊÕ»ØÕÆÁ¦£¬ÍùÈÕµÄÈáÇéÃÜÒâ˲Ϣ¼äÔÚÐÄÖйöÁ˼¸×ª£¬ÐÄÏ룺¡°ËûËäÓëÄÇÐպεÄС¼úÈ˳ÉÇ×£¬ÐÄÏÂʼÖÕûÍüÁËÎÒ£¬Õâ¿éÅÁ¶ùÒ²Ò»Ö±ºÃºÃ·Å×Å¡£ËûÇóÎÒÈÄËûºóÈË£¬È´ÈÄÊDz»ÈÄ£¿¡±Ò»Ê±ÐÄÒâÄѾö£¬¾ö¶¨ÏȱÐÁ˽ÎÞË«ÔÙ˵¡£·÷³¾¶¶´¦£¬ÒøË¿»÷Ïò½ÎÞË«ºóÐÄ£¬Ñô¹âÒ«ÑÛ֮ϣ¬È´¼ûËý¾±ÖÐҲϵ×ÅÒ»Ìõ½õÅÁ£¬ÀîĪ³î¡°ßס±ÁËÒ»Éù£¬ÐĵÀ£º¡°ÔõµØÓÐÁ½¿éÅÁ¶ù£¿¶¨ÓÐÒ»¿éÊǼٵġ£¡±·÷³¾¸Ä»÷Ϊ¾í£¬¹üס½ÎÞË«Í·¾±£¬½«Ëýµ¹ÀתÀ´¡£
attached mail follows:
ÇëÍ£Ö¹·¢Ë͵ç×ÓÓʼþµ½Õâ¸öÁбí, »òÎÒ½«±»ÆÈʹ½â¿ªÒ»Ç§Í·ÂæÍÕÔéÈëÄúµÄÒ¸ÎÑ¡£
<?php
/*
Stephen Johnson c | eh
The Lone Coder
http://www.ouradoptionblog.com
Join our journey of adoption
http://www.thelonecoder.com
stephenthelonecoder.com
continuing the struggle against bad code
*/
?>
> From: KOKOµç×Ó´«µ¥ <dm_74_0032vip60.3268.cn>
> Date: Fri, 14 Oct 2005 06:33:57 +0800
> To: <php-generallists.php.net>
> Subject: [PHP] µç×Ó´«µ¥,×îÁ®¼ÛµÄÐû´«·½Ê½
>
> ¡¡¡¡ÄϺ£öùÉñÎÞ·¨¿ÉÊ©£¬ÐÄÏ룺¡°ÎҼȲ»ÄÜɱËû£¬ËûÓÖ²»¿ÏÇóÎÒ£¬Õâ¾ÍÄÑÁË¡£¡±Ò»Æ³ÑÛ£¬¼ûľÍñÇåÂúÁ³¹ØÇеÄÉñ
> É«£¬Áé»úÒ»¶¯£¬Ã͵Ø×ÝÉí¹ýÈ¥£¬×¥×¡ËýºóÁ죬½«ËýÉí×Ӹ߸ßÌáÆ𣬷´Éí¼¸ÏÂÌøÔ¾£¬Òѵ½ÁËѱߣ¬×ó×ãÇÌÆð£¬ÓÒ
> ×ãʹÕС®½ð¼¦¶ÀÁ¢¡¯ÊÆ£¬ÔÚÄÇǧØð±ÚÁ¢µÄ¸ßÑÂÉÏÒ¡Ò¡»Ï»Ï£¬±ãËÆÒªºÍľÍñÇåÒ»Æëˤ½«ÏÂÈ¥¡£
>
> ¡¡¡¡ÊÖÕƸÕÒªÅöµ½³ÌÓ¢ºóÐÄ£¬Ò»Æ³¼ä¼ûËý¾±ÖÐϵ×ÅÒ»Ìõ½õÅÁ£¬Ëص׶Ð×ÓÉÏÐåן컨ÂÌÒ¶£¬ÕýÊǵ±Äê×Ô¼º¾«
> ÐÄÐå¾Í¡¢Ôù¸øÒâÖÐÈËÖ®Î²»½ûÒ»´ô£¬Ù¿µØÊÕ»ØÕÆÁ¦£¬ÍùÈÕµÄÈáÇéÃÜÒâ˲Ϣ¼äÔÚÐÄÖйöÁ˼¸×ª£¬ÐÄÏ룺¡°Ëû
> ËäÓëÄÇÐպεÄС¼úÈ˳ÉÇ×£¬ÐÄÏÂʼÖÕûÍüÁËÎÒ£¬Õâ¿éÅÁ¶ùÒ²Ò»Ö±ºÃºÃ·Å×Å¡£ËûÇóÎÒÈÄËûºóÈË£¬È´ÈÄÊDz»
> ÈÄ£¿¡±Ò»Ê±ÐÄÒâÄѾö£¬¾ö¶¨ÏȱÐÁ˽ÎÞË«ÔÙ˵¡£·÷³¾¶¶´¦£¬ÒøË¿»÷Ïò½ÎÞË«ºóÐÄ£¬Ñô¹âÒ«ÑÛ֮ϣ¬È´¼ûËý¾±ÖÐ
> Ҳϵ×ÅÒ»Ìõ½õÅÁ£¬ÀîĪ³î¡°ßס±ÁËÒ»Éù£¬ÐĵÀ£º¡°ÔõµØÓÐÁ½¿éÅÁ¶ù£¿¶¨ÓÐÒ»¿éÊǼٵġ£¡±·÷³¾¸Ä»÷Ϊ¾í£¬¹üס½
> ÎÞË«Í·¾±£¬½«Ëýµ¹ÀתÀ´¡£
attached mail follows:
I have a Linux server on my network, however my main mail is handled by
Thunderbird on my PC which uses my ISP's SMTP server (UserName and PW).
Can I configure SendMail to send mail to my ISP's SMTP server using
the built in mail() function of PHP?
If I use one of the Mail Classes, I can do it and on my client's Linux
server, mail() works (but they are not using an outside SMTP server).
Many thanks...
attached mail follows:
GamblerZG schrieb:
> Recently, I asked my hosting provider when they are going to switch to
> PHP5. They replied that it will not happen any time soon, since they
> will install PHP5 only on new servers. Their reasoning was simple: PHP5
> will inevitably break some old scripts, and it's just not worh all the
> trouble.
Must be the same reason why we are all still using DOS since some of the
best games just refuse to run on WinXP !? Noo...
There are a whole lot of new scripts that don't work with PHP4 so I
guess chances are the problem is already bigger in this direction (PHP5
code not running on PHP4) than in the other.
The provider arguments are FALSE! If they don't want to break old
scripts they can easily deploy both PHP4 and PHP5 as parallel
installation, either one of them as CGI or by using two Apache servers
and a proxy. The real arguemnts for the providers are
a) They are too lazy to do this
b) Two PHP versions in parallel might need more
computing power which they refuse to invest for
AllOLLi
____________
The answer is 42.
[Douglas Adams]
attached mail follows:
When I fill in the form with user and password, it goes to the
loginerror.php anyway.
Is this because I use switch with only one case(I'm going to make more
later), and if it is. What should I use instead?
This is my first php-script. I have tested this on both php4 and php5.
Please help.
(login.php)
<?php
include ("connection"); // obvious
session_start();
switch ($_GET['action']) // Gets set by the form action
{
case "login":
$sql = "SELECT name FROM DB
WHERE name='$_POST[user]'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num ==1) // loginname found
{
$sql = "SELECT name FROM DB
WHERE name='$_POST[user]'
AND pass=password('$_POST[pass]')";
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['user'];
$_SESSION['logname'] = $logname;
header("Location: page1.php");
}
else // password is not correct
{
unset($action);
header("Location: loginerror.php");
}
}
elseif ($num == 0) // Wrong name. Name not in db
{
unset($action);
header("Location: loginerror.php");
}
}
?>
--------------------------------------------
(form.php)
<table>
<form action="login.php?action=login" method="post">
<tr>
<td align="center" valign="middle" class="maintext">
Login as:<input type=text name="name">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
Password:<input type="password" name="pass"><br>
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
<input name="log" type="submit" value="Enter"></td>
</tr>
</form>
</table>
----------------------------
attached mail follows:
twistednetadmin wrote:
> When I fill in the form with user and password, it goes to the
> loginerror.php anyway.
> Is this because I use switch with only one case(I'm going to make more
> later), and if it is. What should I use instead?
> This is my first php-script. I have tested this on both php4 and php5.
> Please help.
>
> (login.php)
> <?php
>
>
> include ("connection"); // obvious
>
>
>
> session_start();
> switch ($_GET['action']) // Gets set by the form action
> {
> case "login":
> $sql = "SELECT name FROM DB
> WHERE name='$_POST[user]'";
> $result = mysql_query($sql) or die("Couldn't execute query.");
> $num = mysql_num_rows($result);
> if ($num ==1) // loginname found
> {
> $sql = "SELECT name FROM DB
> WHERE name='$_POST[user]'
> AND pass=password('$_POST[pass]')";
> $result2 = mysql_query($sql) or die("Couldn't execute query 2.");
> $num2 = mysql_num_rows($result2);
> if ($num2 > 0) // password is correct
> {
> $_SESSION['auth']="yes";
> $logname=$_POST['user'];
> $_SESSION['logname'] = $logname;
> header("Location: page1.php");
> }
> else // password is not correct
> {
> unset($action);
> header("Location: loginerror.php");
> }
> }
> elseif ($num == 0) // Wrong name. Name not in db
> {
> unset($action);
> header("Location: loginerror.php");
> }
>
> }
>
> ?>
> --------------------------------------------
> (form.php)
>
>
> <table>
> <form action="login.php?action=login" method="post">
>
> <tr>
> <td align="center" valign="middle" class="maintext">
>
> Login as:<input type=text name="name">
>
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
>
> Password:<input type="password" name="pass"><br>
>
> </td>
> </tr>
> <tr>
>
> <td align="center" valign="middle" class="maintext">
>
> <input name="log" type="submit" value="Enter"></td>
>
> </tr>
> </form>
> </table>
> ----------------------------
Seems to me that you are passing a value 'name' as the username, but when
you search the database, you are using a value of $_POST[user] which does
not exist.
Note that the correct syntax should be $_POST['varname']
Cheers
--
David Robley
What goes up has probably been doused with petrol.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]