|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 15 Oct 2005 07:10:43 -0000 Issue 3738
php-general-digest-help
lists.php.net
Date: Sat Oct 15 2005 - 02:10:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 15 Oct 2005 07:10:43 -0000 Issue 3738
Topics (messages 224137 through 224176):
Re: Question about including files and server load
224137 by: Dan Baker
224142 by: Greg Donald
Re: Help with logic :(
224138 by: aaronjw.martekbiz.com
224139 by: aaronjw.martekbiz.com
224141 by: Dan McCullough
automatic login..
224140 by: ganu
224143 by: Dan McCullough
224144 by: Greg Donald
Re: prevent user from getting scripts outside the web folder[this better?]
224145 by: Norbert Wenzel
224152 by: Richard Lynch
Re: Obsession with BC, take 2
224146 by: Richard Lynch
224164 by: GamblerZG
Re: prevent user from getting scripts outside the web folder
224147 by: Richard Lynch
224163 by: Graham Anderson
Still struggeling with my first script...
224148 by: twistednetadmin
224161 by: Chris W. Parker
224170 by: twistednetadmin
224171 by: twistednetadmin
224172 by: Chris W. Parker
224174 by: Ben
224175 by: twistednetadmin
Re: OPTIMIZING - The fastest way to open and show a file
224149 by: Richard Lynch
editor
224150 by: Hodicska Gergely
224153 by: Edward Vermillion
224155 by: Hodicska Gergely
network speed
224151 by: Richard Lynch
224154 by: John Nichel
224157 by: Greg Donald
224160 by: Brent Baisley
Re: Trouble moving directory
224156 by: Richard Lynch
fckeditor and PDF and pesky users
224158 by: Richard Lynch
224162 by: Ben
224167 by: Jason Kovacs
Re: chown function
224159 by: Daniele Palumbo
Re: ampersand in dom with utf-8
224165 by: jonathan
224166 by: jonathan
224169 by: Jasper Bryant-Greene
running mode
224168 by: Florent Monnier
Offseting Binary File Data with php
224173 by: Graham Anderson
Mail System Error - Returned Mail
224176 by: cf-talk.houseoffusion.com
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
"Jay Paulson" <jpaulsonsedl.org> wrote in message
news:1247.198.214.140.171.1129296117.squirrelwww.sedl.org...
>I just started working with a new company and they handed me some of their
> php code for me to look over. I noticed that they have a TON of include
> files being called into their scripts. For example, instead of having one
> file called functions.php and then having all their functions in that one
> file they have put each function into it's separate file and then have a
> define_functions.php file that creates each function. However, within the
> function itself it declared something like this:
>
> function xyz($abc) { return include(xyz_func.php); }
> function abc($xyz) { return include(abc_func.php); }
>
> I was wondering isn't this putting a bigger load on a server by including
> so many files for each function? Also, I was wondering what everyone's
> opinion was on this approach in terms of maintenance. Do you think it's
> better practice to put all your functions in one file or do it in this
> manner?
Fascinating!
The concept is that only the code that actually gets executed is ever
loaded/compiled. Pretty sneaky!
IF you had a gargantuan amount of code, that was tightly tied together --
yet, typically not much of it was really used on most pages -- this is a
pretty good design. I would be interested in some timing tests, but I'm
sure there is a point when this type of design would actually decrease the
load on the server (because, the only code that needs to be compiled is the
code that is executed).
DanB
attached mail follows:
On 10/14/05, Dan Baker <dbefcfuriousgames.com> wrote:
> The concept is that only the code that actually gets executed is ever
> loaded/compiled. Pretty sneaky!
I think that's the general idea behind PHP's autoload():
http://php.net/autoload
Using a caching tool like APC or Zend Optimizer would be helpful in
this area too:
http://pecl.php.net/package/APC
http://zend.com/store/products/zend-optimizer.php
I think putting each function in it's own file is a bit drastic.
There are simpler ways to gain performance.
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
attached mail follows:
Hi all,
Just wondering how one would do multiple rows?
Instead of me me copying and pasting the same row of code 15 times
(multiple data entry form), I just loop until it counts 15?
Loops are not a strong point for me at all :(
Thanks in advance!!!
Aaron
attached mail follows:
NEVERMIND.
Solved it.
Thanks!!!
A
> Hi all,
>
> Just wondering how one would do multiple rows?
>
> Instead of me me copying and pasting the same row of code 15 times
> (multiple data entry form), I just loop until it counts 15?
>
> Loops are not a strong point for me at all :(
>
> Thanks in advance!!!
>
> Aaron
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Not a problem, good to see.
On 10/14/05, aaronjwmartekbiz.com <aaronjwmartekbiz.com> wrote:
> NEVERMIND.
>
> Solved it.
>
> Thanks!!!
>
> A
>
> > Hi all,
> >
> > Just wondering how one would do multiple rows?
> >
> > Instead of me me copying and pasting the same row of code 15 times
> > (multiple data entry form), I just loop until it counts 15?
> >
> > Loops are not a strong point for me at all :(
> >
> > Thanks in advance!!!
> >
> > Aaron
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
hi,
I created one site , and i implemented the concept of mypage same like as google or yahoo
or excite.com,
now my problem is i just want to put a line{href} in my mypge as set as home page so when
the user will click on that , so it will set this page as default page..
And next time he/she will come then no need of login the mypage will open automatically,
I think i hv to track the cookies and store the ip into
the table or something like that,,,,,
plz any body can help me and gv some hint , for how it is possible...
any logic or ideas,
thnx..
Open Source Ki Jai..
~ ganu maharaj..
attached mail follows:
some logic and information.
set the cookie to expire after 120 days or so, or never. you will
have to set a cookie with the username and password, preferably a md5
encrypted password. also remember to have the logout function to
remember those cookies.
On 10/14/05, ganu <ganu.ullugmail.com> wrote:
> hi,
>
> I created one site , and i implemented the concept of mypage same like as google or yahoo
> or excite.com,
>
> now my problem is i just want to put a line{href} in my mypge as set as home page so when
> the user will click on that , so it will set this page as default page..
>
> And next time he/she will come then no need of login the mypage will open automatically,
> I think i hv to track the cookies and store the ip into
> the table or something like that,,,,,
>
> plz any body can help me and gv some hint , for how it is possible...
>
> any logic or ideas,
>
> thnx..
> Open Source Ki Jai..
> ~ ganu maharaj..
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
On 10/14/05, Dan McCullough <dan.mcculloughgmail.com> wrote:
> some logic and information.
> set the cookie to expire after 120 days or so, or never. you will
> have to set a cookie with the username and password, preferably a md5
> encrypted password. also remember to have the logout function to
> remember those cookies.
I wouldn't use md5 on anything even slightly important. Since the
initial hash collision discoveries were made earlier this year, md5
look-up sites are starting to pop up:
http://md5.crysm.net/
http://passcracking.com/
For those wanting to get up to speed on md5 history and the current
hash collisions work being done:
http://en.wikipedia.org/wiki/Md5
Md5 has been adequate for 15 or so years, but now it's time to move on.
Disclaimer: There are only 5 or 6 people in the entire world who know
anything about encryption. I am not one of them.
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
attached mail follows:
Ben wrote:
> My understanding is that mysql_real_escape_string will only work while
> you are connected to mysql. Not sure if that is the case in your
> situation.
At least it requires a connection to mysql. I had an error, when using
it without any connection opened before, that mysql_real_escape_string
wants to connect to the DB as ODBClocalhost without any password.
attached mail follows:
On Fri, October 14, 2005 8:20 am, John Nichel wrote:
> David Robley wrote:
>> Ben wrote:
> <snip>
>>>My understanding is that mysql_real_escape_string will only work
>>> while
>>>you are connected to mysql. Not sure if that is the case in your
>>>situation.
>>
>>
>> That is incorrect. mysql_real_escape_string is a php function, not
>> mysql.
>
> Actually, it's both. And yes, you *do* have to be connected to the
> mysql server.
There is, however, mysql_escape_string() which does not require a
connection -- but which also can't take into account the
language/locale settings *OF* the connection, which is why it's not a
"real" escape. It might, however, be useful in some circumstances.
I missed the beginning of this thread, so apologies it that's a repeat.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
On Thu, October 13, 2005 7:07 pm, GamblerZG wrote:
> Richard Lynch wrote:
> >> PHP developers assume that PHP5 will be frequently used to parse
> PHP4
> >> scripts. Why?
> > Because that's how the real world works.
>
> "The real world" works that way because, as you just said, installing
> 2
> php modules side by side is a "great deal of system administration".
There are more complications than that.
If it was JUST setting up a second server and providing clients with a
way to use 4 or 5, their choice, it would be a breeze.
The problem with changing a whole server over is that a BUNCH of
clients will come screaming because you broke their web-site.
>>>And what's so horrible about using separate engines to
>>>run
>>>php 4 and 5 scripts?
>>
>>
>> Nothing, if you can identify which are which, and have the
>> infrastructure to set up both and...
>>
>> It's a great deal of system administration
>
> Let me get it straight. There are two ways of running PHP four and
> five
> on one server. First one is by using five's compatibility mode, and it
> breaks some of the old scripts.
Breaking old scripts is clearly not an option.
> The second one is by using two
> different
> apache modules. It *does not break anything*, but it's a pain to
> setup.
>
> Judging sheerly by functionality and compatibility the second ways is
> better.
>
> However, judging from what I know about PHP, nobody tries to make that
> way easier, because everybody assume that everyone else use the first
> way. Is it good old catch 22 in action, or are there some design
> considerations I'm not aware of?
A great number of people have worked on, and are working on, ways to
make this easier.
Most people, however, find it more practical to simply have 2
different server configurations (old and new) and migrate clients onto
the new server slowly, at the CLIENT'S pace, instead of losing
customers by just trashing their site out from under them.
I don't think the largest host is the best measure of what's easy or
hard -- Presumably pair has more resources and different needs from
the company running a handful of shared servers for a few hundred, or
even a couple thousand clients all told.
Certainly if I had to choose between php5 CGI and php4 as Module, I'd
go with 4. PHP CGI has too many "gotchas" that always end up with my
nose grinding against a brick wall.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
>>The second one is by using two
>>different
>>apache modules. It *does not break anything*, but it's a pain to
>>setup.
>>
>>Judging sheerly by functionality and compatibility the second ways is
>>better.
>>
>>However, judging from what I know about PHP, nobody tries to make that
>>way easier, because everybody assume that everyone else use the first
>>way. Is it good old catch 22 in action, or are there some design
>>considerations I'm not aware of?
>
> A great number of people have worked on, and are working on, ways to
> make this easier.
>
> Most people, however, find it more practical to simply have 2
> different server configurations (old and new) and migrate clients onto
> the new server slowly, at the CLIENT'S pace, instead of losing
> customers by just trashing their site out from under them.
Actually, I was speaking about PHP developers. The sheer fact that they
bothered to write compatibility mode shows that they don't really count
on hosters using two engines side-by-side. On the other hand, the only
disadvantage of such approach is installation, and developers have the
power to remove this shortcoming. Since they preferred the first way of
handling compatibility, there must be some language design issues with
the second one. It would be interesting to know/discuss them.
--
Best regards,
Roman S.I.
http://sf.net/projects/naturalgine/
attached mail follows:
On Thu, October 13, 2005 4:05 pm, Graham Anderson wrote:
> How does a hacker get access to your scripts located outside the web
> folder?
Several obvious options:
1. Get an account on the machine, and write another PHP script to read
it.
2. Find some other script on the machine that will cheerfully dump out
any path you ask for:
<?php include $_GET['hack_me']?>
3. Guess/Get the username/password of the webmaster.
4. Find somebody hosted on a Windows box. Break the Windows security
with any of the 2 zillion scripts to do that.
5. Physical access to the box. If he can touch the hardware, it's
game over.
There are presumably more arcane and obscure methods that might have
been employed.
> I asked a friend to hack my php script within the web folder...
>
> all of my crucial function were called by:
> require_once("/home/siren/includes/fonovisa.inc");
> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>
> He was able to get access to the 'fonovisa.inc' php script [outside
> the web folder] and all the stuff inside
Ask your friend how they did it.
Plug that hole, and any similar-shaped holes.
Repeat.
> Based on my current knowledge, my security breaches are probably big
> enough to drive a truck through :(
>
> how can I prevent this ?
Without knowing which way they got in, nobody can answer this.
It's like this:
A burglar stole my silverware!
How do I stop this from happening again?
Nobody can answer that.
> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
> freadMovie($_REQUEST['path']);
Okay, this sure looks like it might be #2 from above. Depends on how
freadMovie() is written.
> //-------------------------
> // Santize the variables to prevent mysql injection and trim them
> function sanitizeVars()
You specifically protect against MySQL injection in a script that
doesn't seem to do anything with MySQL...
But do NOTHING to protect against shell arguments.
What's wrong in this picture? :-)
Or should I say what's wrong in this Movie? :-) :-) :-)
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Many thanks for everyone's advice :)
It is appreciated
Is this a bit better ?
In my 'cleaner' function, I amended the script to:
function cleanser( $value )
{
return mysql_real_escape_string( trim( escapeshellcmd($value ) )) ;
}
Instead of mysql_real_escape_string, I could use addslashes()
All of my $_REQUEST variables are contained within a case statement
The 'cmd' variable can ONLY be 'makesmil' or 'getmovie'
If it exists, the 'path' variable is run through the 'cleanser'
function and sent with the original encryption to the fread()
function located outside the web folder
The $path variable is decrypted in the fread function.
//----------
As to my fread function:
//this function is located outside the web folder
function freadMovie($path)
{
$key = "myfakepassword";
$path = decrypt($path);
$filepath ="/home/path_to_includes/Library/multimedia/h264/".$path;
$fileSize = filesize($filepath);
$chunkSize = 32768;
header("ETag: ".md5(time()));
header("Accept-Ranges: bytes");
header ("Content-Length: ".$fileSize);
header('Content-Type: video/quicktime');
if( $fd = fopen($filepath, 'rb'))
{
while(!feof($fd)) {
echo (fread($fd, $chunkSize));
}
fclose ($fd);
exit;
}
}
anything more that comes to mind ?
part of the script......
if (array_key_exists('cmd', $_REQUEST)) {
switch($_REQUEST['cmd']) {
case 'makesmil':
// make an array of 'video src' urls from a database call
buildSMILArray($d='siren',$playlist="Show Reel",
$this_script_name);
// format the SMIL playlist
buildSMILPlaylist( /
*timeslider*/ "true",
/
*chaptermode*/ "clip",
/
*immediateinstantiation*/ "false",
/
*autoplay*/ "true",
/
*left*/ "0",
/
*top*/ "0",
/
*height*/ "208",
/*width
*/ "352",
/
*fit*/ "fill",
/*title
*/ "Commercial Reel 2005",
/
*regionid*/ "siren",
/
*bgcolor*/ "black",
/
*movieid*/ md5(time()),
/
*moviename*/ "Commercial Reel 2005",
/*the array of
movies*/ $movieArray);
break;
case 'getmovie':
// if the 'REQUEST variable, 'path' , exists:
$path = isset($_REQUEST['path']) ? cleanser($_REQUEST
['path']): $path="null";
// read the movie file [located outside the web folder]
from binary into QuickTime
freadMovie($path);
break;
}
}else{
.
.
.
.
many thanks
g
On Oct 14, 2005, at 12:37 PM, Richard Lynch wrote:
> On Thu, October 13, 2005 4:05 pm, Graham Anderson wrote:
>
>> How does a hacker get access to your scripts located outside the web
>> folder?
>>
>
> Several obvious options:
>
> 1. Get an account on the machine, and write another PHP script to read
> it.
>
> 2. Find some other script on the machine that will cheerfully dump out
> any path you ask for:
> <?php include $_GET['hack_me']?>
>
> 3. Guess/Get the username/password of the webmaster.
>
> 4. Find somebody hosted on a Windows box. Break the Windows security
> with any of the 2 zillion scripts to do that.
>
> 5. Physical access to the box. If he can touch the hardware, it's
> game over.
>
> There are presumably more arcane and obscure methods that might have
> been employed.
>
>
>> I asked a friend to hack my php script within the web folder...
>>
>> all of my crucial function were called by:
>> require_once("/home/siren/includes/fonovisa.inc");
>> the 'encrypt' functions are MCRYPT_RIJNDAEL_256
>>
>> He was able to get access to the 'fonovisa.inc' php script [outside
>> the web folder] and all the stuff inside
>>
>
> Ask your friend how they did it.
>
> Plug that hole, and any similar-shaped holes.
>
> Repeat.
>
>
>> Based on my current knowledge, my security breaches are probably big
>> enough to drive a truck through :(
>>
>> how can I prevent this ?
>>
>
> Without knowing which way they got in, nobody can answer this.
>
> It's like this:
> A burglar stole my silverware!
> How do I stop this from happening again?
>
> Nobody can answer that.
>
>
>> elseif(trim(decrypt($_REQUEST['cmd']))=="getmovie")
>> freadMovie($_REQUEST['path']);
>>
>
> Okay, this sure looks like it might be #2 from above. Depends on how
> freadMovie() is written.
>
>
>> //-------------------------
>> // Santize the variables to prevent mysql injection and trim them
>> function sanitizeVars()
>>
>
> You specifically protect against MySQL injection in a script that
> doesn't seem to do anything with MySQL...
>
> But do NOTHING to protect against shell arguments.
>
> What's wrong in this picture? :-)
> Or should I say what's wrong in this Movie? :-) :-) :-)
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
>
attached mail follows:
Here are all the scripts original. It still won't work. I can't see what's
wrong with it???
It's from the tutorial PHP5 and Mysql for dummies..... I have shorted it
down though, since I am the only one who will register the User with a
password. What I did was removing the Switch at the beginning of the
loginscript(Guildlogin1.php) and change it with an if statement instead.
Don't think that is the problem though. I use php5 with MySql 4.1.7 on my
testingserver(Apache 2.0)
--------------------------------------
Register.php(this works):
------------------------------
<html>
<head>
<title>HOoSRegisterpage for new membersHOoS</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#000000">
<?php
include ("connections/HOoStest.php");
if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "reg") {
$sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name, guilduser_pass)
VALUES ('%s', '%s')",
$_POST['guilduser_name'],
md5($_POST['guilduser_pass'])); // If I change md5 with password. I get
undefined function password() in Register.php
$reg = mysql_query($sql_reg) or die(mysql_error());
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
<td align="center">
<!--Mainlogo-->
<img src="guildimages/main_logo.jpg" alt="logo"></td>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
</tr>
<tr>
<td colspan="3" align="center">
<table>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td align="center" valign="middle" class="maintext">
New user:<input name="guilduser_name">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
Password:<input name="guilduser_pass" type="password"><br>
<input type="hidden" name="MM_insert" value="reg">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
<input name="submit" type="image" src="guildimages/register_btn.jpg"
value="update">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
-------------------------------------------------
Guildlogin1.php
-------------------------------------------------
<?php
include ("connections/HOoStest.php");
session_start();
if ($_GET['guildaction'] == "login")
{
$sql = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='".$_POST['guilduser_name']."'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num ==1) //loginname found
{
$sql = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='".$_POST['guilduser_name']."'
AND guilduser_pass=md5('".$_POST['guilduser_pass']."')";
// if I change the md5() to password() I get an error saying: Undefined
function password() in Guildlogin.php.
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['guilduser_name'];
$_SESSION['logname'] = $logname;
header("Location: HolyOrder1.php");
exit();
}
else //password is not correct
{
unset($guildaction);
$message="Login not correct";
header("Location: Guildloginerror.php");
}
}
elseif ($num == 0) // Wrong name. Name not in db
{
unset($guildaction);
$message="Login failed";
header("Location: Guildloginerror.php");
}
}
?>
----------------------------------------
form:
----------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd
">
<html>
<head>
<title>HOoSloginpage for membersHOoS</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#000000">
<table width="100%" border="0" cellspacing="0" cellpadding="0"
class="maintext">
<tr>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
<td align="center">
<!--Mainlogo-->
<img src="guildimages/main_logo.jpg" alt="logo"></td>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
</tr>
<tr>
<td colspan="3" align="center">
<table>
<form action="Guildlogin1.php?guildaction=login" method="post">
<?php
if (isset($message))
echo "$message";
?>
<tr>
<td align="center" valign="middle" class="maintext">
Login as:<input type=text name="guilduser_name">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
Password:<input type="password" name="guilduser_pass"><br>
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
<input name="log" type="submit" src="guildimages/login_btn.jpg"
value="Enter"></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
attached mail follows:
twistednetadmin <mailto:twistednetadmingmail.com>
on Friday, October 14, 2005 12:39 PM said:
> Here are all the scripts original. It still won't work. I can't see
> what's wrong with it???
> It's from the tutorial PHP5 and Mysql for dummies.....
What exactly is the problem? "It still won't work" is not the problem,
nor is "I can't see what's wrong with it???".
> I have shorted
> it down though, since I am the only one who will register the User
> with a password. What I did was removing the Switch at the beginning
> of the loginscript(Guildlogin1.php) and change it with an if
> statement instead. Don't think that is the problem though.
Did it work before you made these changes?
Chris.
attached mail follows:
All: Sorry..... I forgot to write what's wrong....stupid me...
Mike:1) I'm not sure how to indent the code...
2) I'm using Dreamweaver, but not to write the code for me. I'm not that
lazy :). And that's not the way for me to learn.
It's just rather annoying that all the tutorials I have tried seems to fail.
How can I learn when I'm apparently given the wrong information.
I am searching php.net <http://php.net> for the right code, but it can be
rather overwhelming at some points....
Chris: No, it did not work before I made these changes.
The way it should work:
---------------------------------------
Register.php
-------------------------
Sends the information from the form(guilduser_name and guilduser_pass) to
the DB, encrypting the password with md5 encryption.
This works as intended. No need for any security since am the only one with
access to this.
----------------------------------------
Code for Register.php:
----------------------------------------
<html>
<head>
<title>HOoSRegisterpage for new membersHOoS</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#000000">
<?php
include ("connections/HOoStest.php");
if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "reg") {
$sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name, guilduser_pass)
VALUES ('%s', '%s')",
$_POST['guilduser_name'],
md5($_POST['guilduser_pass']));
$reg = mysql_query($sql_reg) or die(mysql_error());
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
<td align="center">
<!--Mainlogo-->
<img src="guildimages/main_logo.jpg" alt="logo"></td>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
</tr>
<tr>
<td colspan="3" align="center">
<table>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<tr>
<td align="center" valign="middle" class="maintext">
New user:<input name="guilduser_name">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
Password:<input name="guilduser_pass" type="password"><br>
<input type="hidden" name="MM_insert" value="reg">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
<input name="submit" type="image" src="guildimages/register_btn.jpg"
value="update">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
-----------------------------------
Guildlogin.php
-----------------------------------
This should create a session variable for the authentication, but it fails
at some point. I have checked the sessiondata on my testserver, and that
shows blank. So it's clear for me that I don't get the information saved in
the variable $_SESSION.
I don't get any sql errors, so I don't think that is the problem. But then
again....it is my first script, and I could offcourse be wrong.
I'm not sure where I should put the echo $sql; to check the query.Since the
Guildlogin.php sends me directly to the error page at the end of execution.
The script sends me to the loginerror.php even if the username and the
password is correct.
The point here is that this happens every time I press the button "login" in
the form, regardless of the input in the form.
--------------------
Code for Guildlogin.php:
----------------------
<?php
include ("connections/HOoStest.php");
session_start();
if ($_GET['guildaction'] == "login");
{
$sql = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='$_POST[guilduser_name]'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num ==1) //loginname found
{
$sql = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='$_POST[guilduser_name]'
AND guilduser_pass=password('$_POST[guilduser_pass]')";
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['guilduser_name'];
$_SESSION['logname'] = $logname;
header("Location: HolyOrder1.php");
exit();
}
else //password is not correct
{
unset($guildaction);
$message="Login not correct";
header("Location: Guildloginerror.php");
}
}
elseif ($num == 0) // Wrong name. Name not in db
{
unset($guildaction);
$message="Login failed";
header("Location: Guildloginerror.php");
}
}
?>
-------------------------------------------
The form:
-------------------------------------------
I don't feel it's nessesary to explain this...
-------------------------------------------
Code for loginform:
-------------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "
http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>HOoSloginpage for membersHOoS</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#000000">
<table width="100%" border="0" cellspacing="0" cellpadding="0"
class="maintext">
<tr>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
<td align="center">
<!--Mainlogo-->
<img src="guildimages/main_logo.jpg" alt="logo"></td>
<td width="200" align="center"><img src="guildimages/tabard.jpg"
alt="pic1"></td>
</tr>
<tr>
<td colspan="3" align="center">
<table>
<form action="Guildlogin1.php?guildaction=login" method="post">
<tr>
<td align="center" valign="middle" class="maintext">
Login as:<input type=text name="guilduser_name">
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
Password:<input type="password" name="guilduser_pass"><br>
</td>
</tr>
<tr>
<td align="center" valign="middle" class="maintext">
<input name="log" type="image" src="guildimages/login_btn.jpg"
value="Enter"></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
-----------------------------------------------
End
-----------------------------------------------
I hope this was a better explanation than the last one...hehe...
I guess I was busy pulling out my hair...
-TW-
attached mail follows:
Did one change in the script guildregister.php:
Changed the md5 part in the INSERT query to:
$sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name, guilduser_pass)
VALUES ('%s', password('%s'))",
$_POST['guilduser_name'],
$_POST['guilduser_pass']);
$reg = mysql_query($sql_reg) or die(mysql_error());
On 10/15/05, twistednetadmin <twistednetadmingmail.com> wrote:
>
> All: Sorry..... I forgot to write what's wrong....stupid me...
> Mike:1) I'm not sure how to indent the code...
> 2) I'm using Dreamweaver, but not to write the code for me. I'm not that
> lazy :). And that's not the way for me to learn.
> It's just rather annoying that all the tutorials I have tried seems to
> fail. How can I learn when I'm apparently given the wrong information.
> I am searching php.net <http://php.net> for the right code, but it can be
> rather overwhelming at some points....
>
> Chris: No, it did not work before I made these changes.
>
>
>
> The way it should work:
> ---------------------------------------
> Guildregister.php
> -------------------------
> Sends the information from the form(guilduser_name and guilduser_pass) to
> the DB, encrypting the password with md5 encryption.
> This works as intended. No need for any security since am the only one
> with access to this.
> ----------------------------------------
> Code for Register.php:
> ----------------------------------------
>
> <html>
> <head>
> <title>HOoSRegisterpage for new membersHOoS</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> <link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
> </head>
>
> <body bgcolor="#000000">
> <?php
> include ("connections/HOoStest.php");
>
>
>
> if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "reg") {
> $sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name,
> guilduser_pass) VALUES ('%s', '%s')",
> $_POST['guilduser_name'],
> md5($_POST['guilduser_pass']));
> $reg = mysql_query($sql_reg) or die(mysql_error());
> }
>
> ?>
> <table width="100%" border="0" cellspacing="0" cellpadding="0">
> <tr>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> <td align="center">
> <!--Mainlogo-->
>
> <img src="guildimages/main_logo.jpg" alt="logo"></td>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> </tr>
> <tr>
> <td colspan="3" align="center">
> <table>
> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> <tr>
> <td align="center" valign="middle" class="maintext">
> New user:<input name="guilduser_name">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Password:<input name="guilduser_pass" type="password"><br>
> <input type="hidden" name="MM_insert" value="reg">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> <input name="submit" type="image" src="guildimages/register_btn.jpg"
> value="update">
> </td>
> </tr>
> </form>
> </table>
> </td>
> </tr>
>
> </table>
>
> </body>
> </html>
>
> -----------------------------------
> Guildlogin.php
> -----------------------------------
> This should create a session variable for the authentication, but it fails
> at some point. I have checked the sessiondata on my testserver, and that
> shows blank. So it's clear for me that I don't get the information saved in
> the variable $_SESSION.
> I don't get any sql errors, so I don't think that is the problem. But then
> again....it is my first script, and I could offcourse be wrong.
> I'm not sure where I should put the echo $sql; to check the query.Sincethe
> Guildlogin.php sends me directly to the error page at the end of
> execution.
> The script sends me to the loginerror.php even if the username and the
> password is correct.
> The point here is that this happens every time I press the button "login"
> in the form, regardless of the input in the form.
> --------------------
> Code for Guildlogin.php:
> ----------------------
> <?php
> include ("connections/HOoStest.php");
>
>
>
> session_start();
> if ($_GET['guildaction'] == "login");
> {
>
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'";
> $result = mysql_query($sql) or die("Couldn't execute query.");
> $num = mysql_num_rows($result);
> if ($num ==1) //loginname found
> {
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'
> AND guilduser_pass=password('$_POST[guilduser_pass]')";
> $result2 = mysql_query($sql) or die("Couldn't execute query 2.");
> $num2 = mysql_num_rows($result2);
> if ($num2 > 0) //password is correct
> {
> $_SESSION['auth']="yes";
> $logname=$_POST['guilduser_name'];
> $_SESSION['logname'] = $logname;
> header("Location: HolyOrder1.php");
> exit();
> }
> else //password is not correct
> {
> unset($guildaction);
> $message="Login not correct";
> header("Location: Guildloginerror.php");
> }
> }
> elseif ($num == 0) // Wrong name. Name not in db
> {
> unset($guildaction);
> $message="Login failed";
> header("Location: Guildloginerror.php");
> }
>
> }
>
> ?>
> -------------------------------------------
> The form:
> -------------------------------------------
> I don't feel it's nessesary to explain this...
> -------------------------------------------
> Code for loginform:
> -------------------------------------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "
> http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> <title>HOoSloginpage for membersHOoS</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> <link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
> </head>
>
> <body bgcolor="#000000">
>
>
>
>
>
> <table width="100%" border="0" cellspacing="0" cellpadding="0"
> class="maintext">
> <tr>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> <td align="center">
> <!--Mainlogo-->
>
> <img src="guildimages/main_logo.jpg" alt="logo"></td>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> </tr>
> <tr>
> <td colspan="3" align="center">
>
>
> <table>
> <form action="Guildlogin1.php?guildaction=login" method="post">
>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Login as:<input type=text name="guilduser_name">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Password:<input type="password" name="guilduser_pass"><br>
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> <input name="log" type="image" src="guildimages/login_btn.jpg"
> value="Enter"></td>
> </tr>
> </form>
> </table>
>
>
>
> </td>
> </tr>
>
> </table>
>
> </body>
> </html>
> -----------------------------------------------
> End
> -----------------------------------------------
> I hope this was a better explanation than the last one...hehe...
> I guess I was busy pulling out my hair...
>
> -TW-
>
>
>
>
attached mail follows:
twistednetadmin <mailto:twistednetadmingmail.com>
on Friday, October 14, 2005 5:15 PM said:
> All: Sorry..... I forgot to write what's wrong....stupid me...
No problem. You'll get used to it. (I don't mean you'll get used to
being stupid! I mean you'll get used to including all the relevant
info!)
> It's just rather annoying that all the tutorials I
> have tried seems to fail. How can I learn when I'm apparently given
> the wrong information.
The best way to learn is start with the very basics (which according to
this one example you are not). First try to simply connect to a database
and execute a simple query.
> -----------------------------------
> Guildlogin.php
> -----------------------------------
> This should create a session variable for the authentication, but it
> fails at some point.
The way to debug this is by adding simple echo statements in each block
of code. This will tell you what path the code is taking while
processing.
<?php
if (this)
{
echo "1";
}
else
{
echo "2";
if(this and that and the other)
{
echo "3";
}
}
?>
> I have checked the sessiondata on my testserver,
> and that shows blank.
Does every page that uses the $_SESSION variable have session_start() at
beginning?
> I don't get any sql
> errors, so I don't think that is the problem. But then again....it is
> my first script, and I could offcourse be wrong. I'm not sure where I
> should put the echo $sql; to check the query. Since the Guildlogin.php
> sends me directly to the error page at the end of execution.
You should place the echo statement immediately before the SQL query is
executed. (See below.)
> --------------------
> Code for Guildlogin.php:
> ----------------------
> <?php
> include ("connections/HOoStest.php");
>
>
>
> session_start();
> if ($_GET['guildaction'] == "login");
> {
>
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'";
$_POST[guilduser_name] should look like {$_POST['guilduser_name']}.
When an array is within a string it needs to be wrapped in curly braces.
You should also always quote all your keys with ' so that the parser
doesn't get confused with constants.
Put the echo statement immediately before the following line.
> $result = mysql_query($sql) or die("Couldn't execute query.");
That's all I have time for right now.
HTH,
Chris.
attached mail follows:
twistednetadmin said the following on 10/14/05 17:15:
> All: Sorry..... I forgot to write what's wrong....stupid me...
> Mike:1) I'm not sure how to indent the code...
By putting spaces in front of some of the lines, it will make your code
much easier to read and your life much, much easier. At its most basic
you want to group lines within braces using indents so that you can
easily tell what code is included in a particular loop/conditional
statement. Here's a totally nonsensical example:
<?php
if($this==$that) {
// This is that, do something
print("<p>This is equal to that</p>\n");
foreach($otherThing AS $key => $value) {
// Now we're looping through all the other things
if($value!=$that) {
print("<p>That's the wrong value!</p>\n");
}
}
// After looping through all the other things do something else here
print("<p>Finished with all those other things</p>\n");
}
else {
// This is NOT that
print("<p>This is not that... how was I to know?</p>\n");
}
?>
> 2) I'm using Dreamweaver, but not to write the code for me. I'm not that
> lazy :). And that's not the way for me to learn.
> It's just rather annoying that all the tutorials I have tried seems to fail.
> How can I learn when I'm apparently given the wrong information.
Are you 100% certain that your php install is working properly? What
error messages are you receiving?
Make a page with only the following:
<?php phpinfo(); ?>
What do you see when you open it?
- Ben
attached mail follows:
Well. I have figured out that the login is working as it should.
The query brings back both the username and the userpass and stores them in
$_SESSION as: auth|yes|logname|Test
When I echoed the query with both user and pass, I got both back as they
should be. In this case I ran user:Test Pass:Testing
Both came back. JOY!! :)
What I did:
if ($_GET['guildaction'] == "login");
{
$guilduser = $_POST['guilduser_name'];
$guildpass = $_POST['guilduser_pass'];
$sql = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='$_POST[guilduser_name]'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) //loginname found
{
$sql1 = "SELECT guilduser_name FROM guildlogin
WHERE guilduser_name='$guilduser'
AND guilduser_pass=password('$guildpass')";
$result2 = mysql_query($sql1) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
Thanks Michael! I must have written something wrong the first time I tried
it. It seems though that it was all I needed to do.
And offcourse all the others! Thanks alot! Don't think it will be the last
time I ask about this session thing though.
-TW-
attached mail follows:
On Fri, October 14, 2005 6:29 am, Ruben Rubio Rey wrote:
> if(file_exists($filename)){
> $modified_date=filemtime($filename);
> if(time()<($modified_date+1 * 24 * 60 * 60)){
> $handle = fopen($filename, "r");
> $contents = fread($handle, filesize($filename));
> fclose($handle);
> echo $contents;
> }
> }
Checking both file_exists and then doing fopen seems a bit silly.
Trap the error from fopen, and just use that as your file_exists test.
I suspect http://php.net/file_get_contents will be SLIGHTLY faster
than doing all of this code, though:
if (filemtime($filename) > time()) $contents =
file_get_contents($filename);
if ($contents === false){
//error-handling code
}
else{
echo $contents;
}
Then, of course, we have to wonder if you NEED $contents for later use
in the script.
If not, something like this will clock in better:
$bytes = readfile($filename);
if ($bytes === false){
//error-handling code
}
The difference here is that you don't even stuff the file into the PHP
string. It's all read and passed out to stdout in low-level internal
PHP C code, and the data never needs to hit "PHP" variables which are
"more expensive" to setup and maintain.
Note that which is REALLY fastest will probably depend on the size of
the files, your OS system cache, your hardware, and maybe which
version of PHP you are using, if the underlying functions changed.
Must be nice to be worried about 0.0x milliseconds -- I'm fighting a
mystery 3.0 seconds in a data feed for a search engine myself :-)
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Hi!
In advance, this is not a yet another editor question. :)
I read somewhere about an editor, which has built in support for
phpdocumentator and creating unit test. Now I could not find it, I tried
a lot using Google without success.
Can anybody find out from this little descrition which one could it be?
Thx,
Felhő
attached mail follows:
Hodicska Gergely wrote:
> Hi!
>
>
> In advance, this is not a yet another editor question. :)
>
> I read somewhere about an editor, which has built in support for
> phpdocumentator and creating unit test. Now I could not find it, I tried
> a lot using Google without success.
>
> Can anybody find out from this little descrition which one could it be?
>
>
> Thx,
> Felhő
>
Dunno about the unit test stuff, but I believe Zend Studio still has the
phpDoc stuff.
http://www.zend.com/store/products/zend-studio/
attached mail follows:
Hi!
> http://www.zend.com/store/products/zend-studio/
Thx, I know this one, but I'm really curious about this unit test support.
Regards,
Felhő
attached mail follows:
I've been spinning my wheels for weeks now on this, so am turning to
the geniuses...
My code has/had various combinations of:
file_get_contents()
fopen/fread
fsockopen/fread
to suck down some XML from a search engine feed
The feed runs on Windows in .NET and I think it's written in C#.
None of which SHOULD matter, but...
So, here's the problem.
file_get_contents is taking about 7-9 seconds to run.
The vendor claims they can get results in 4-6 seconds.
Somewhere, somehow, I'm losing 3 seconds of time, just in slurping
down this XML file.
This is not good.
This is completely independent of processing the XML, displaying the
results, etc. Which takes about 0.8 seconds, usually.
Actually, there's an occasional 3-second "spike" in XML processing --
not tied to any particular search term nor in any pattern I can
find...
But that's, hopefully, irrelevant.
I've tried the following:
time wget [URL]
surf to [URL]
running a PHP bench on the Windows server (local to XML engine)
surfing to [URL] on the Windows server
Nothing I do seems to make much difference, though the tests on the
Windows box are a second or so "faster" than the remote.
These tests have all been too ad hoc to have a nice chart of numbers
or anything pretty for you to look at... So far.
The one sticking point is that another site, using the same feed, is
faster than we are, though also not as fast as the feed vendor says it
should be.
I can understand that file_get_contents is going to add SOME overhead,
but 3 seconds sounds a bit "too much"
Is it just me?
Any ideas where 3 seconds could be taken up, just in file_get_contents?
Is it just that the Linux box and Windows box don't like each other?
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch wrote:
> I've been spinning my wheels for weeks now on this, so am turning to
> the geniuses...
>
> My code has/had various combinations of:
> file_get_contents()
> fopen/fread
> fsockopen/fread
> to suck down some XML from a search engine feed
>
> The feed runs on Windows in .NET and I think it's written in C#.
>
> None of which SHOULD matter, but...
>
> So, here's the problem.
>
> file_get_contents is taking about 7-9 seconds to run.
> The vendor claims they can get results in 4-6 seconds.
>
> Somewhere, somehow, I'm losing 3 seconds of time, just in slurping
> down this XML file.
>
> This is not good.
>
> This is completely independent of processing the XML, displaying the
> results, etc. Which takes about 0.8 seconds, usually.
>
> Actually, there's an occasional 3-second "spike" in XML processing --
> not tied to any particular search term nor in any pattern I can
> find...
> But that's, hopefully, irrelevant.
>
> I've tried the following:
> time wget [URL]
> surf to [URL]
> running a PHP bench on the Windows server (local to XML engine)
> surfing to [URL] on the Windows server
>
> Nothing I do seems to make much difference, though the tests on the
> Windows box are a second or so "faster" than the remote.
>
> These tests have all been too ad hoc to have a nice chart of numbers
> or anything pretty for you to look at... So far.
>
> The one sticking point is that another site, using the same feed, is
> faster than we are, though also not as fast as the feed vendor says it
> should be.
>
> I can understand that file_get_contents is going to add SOME overhead,
> but 3 seconds sounds a bit "too much"
>
> Is it just me?
>
> Any ideas where 3 seconds could be taken up, just in file_get_contents?
>
> Is it just that the Linux box and Windows box don't like each other?
Could it be a DNS issue? It's taking the extra time to resolve the name
maybe? You could try putting an entry in /etc/hosts to see if that
speeds it up.
*just throwin' things out there
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
johnkegworks.com
attached mail follows:
On 10/14/05, Richard Lynch <ceol-i-e.com> wrote:
> I can understand that file_get_contents is going to add SOME overhead,
> but 3 seconds sounds a bit "too much"
Yeah, it's like half a second or so of overhead when I test it against wget:
> for x in 1 2 3 4 5; do php -r 'system( "time `wget yahoo.com >/dev/null 2>&1`" );'; time php -r 'file_get_contents( "http://yahoo.com" );'; done
real 0m0.462s
user 0m0.006s
sys 0m0.011s
real 0m0.999s
user 0m0.164s
sys 0m0.222s
real 0m0.343s
user 0m0.009s
sys 0m0.006s
real 0m0.976s
user 0m0.162s
sys 0m0.225s
real 0m0.337s
user 0m0.007s
sys 0m0.010s
real 0m1.182s
user 0m0.158s
sys 0m0.230s
real 0m0.340s
user 0m0.007s
sys 0m0.010s
real 0m0.969s
user 0m0.159s
sys 0m0.226s
real 0m0.336s
user 0m0.011s
sys 0m0.007s
real 0m0.978s
user 0m0.160s
sys 0m0.225s
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
attached mail follows:
Once you involve the network, there are all sorts of delays that can
crop up. Each network hop is going to add a bit of overhead unless
every single step along the way has high end routers that can route
at line speed. Otherwise the routers are doing a store and forward,
which means they wait until the whole packets arrives, analyze where
it needs to go, then sends it out. This happens very quickly, but say
it take 2 ms. Five non-highend routers with add .1 seconds, each way.
And that's with zero packet loss. Unless your server is hosted on a
tier network, your biggest problem will be latency. You can do a
trace route to find out how many hops you are away from the other
server, and maybe even tell where the biggest delay is.
Read this article to get an understanding of what effect a network
and your geographical location can have on your website performance.
http://www.samag.com/documents/s=9894/sam0511a/0511a.htm
On Oct 14, 2005, at 4:03 PM, Richard Lynch wrote:
> I've been spinning my wheels for weeks now on this, so am turning to
> the geniuses...
>
> My code has/had various combinations of:
> file_get_contents()
> fopen/fread
> fsockopen/fread
> to suck down some XML from a search engine feed
>
> The feed runs on Windows in .NET and I think it's written in C#.
>
> None of which SHOULD matter, but...
>
> So, here's the problem.
>
> file_get_contents is taking about 7-9 seconds to run.
> The vendor claims they can get results in 4-6 seconds.
>
> Somewhere, somehow, I'm losing 3 seconds of time, just in slurping
> down this XML file.
>
> This is not good.
>
> This is completely independent of processing the XML, displaying the
> results, etc. Which takes about 0.8 seconds, usually.
>
> Actually, there's an occasional 3-second "spike" in XML processing --
> not tied to any particular search term nor in any pattern I can
> find...
> But that's, hopefully, irrelevant.
>
> I've tried the following:
> time wget [URL]
> surf to [URL]
> running a PHP bench on the Windows server (local to XML engine)
> surfing to [URL] on the Windows server
>
> Nothing I do seems to make much difference, though the tests on the
> Windows box are a second or so "faster" than the remote.
>
> These tests have all been too ad hoc to have a nice chart of numbers
> or anything pretty for you to look at... So far.
>
> The one sticking point is that another site, using the same feed, is
> faster than we are, though also not as fast as the feed vendor says it
> should be.
>
> I can understand that file_get_contents is going to add SOME overhead,
> but 3 seconds sounds a bit "too much"
>
> Is it just me?
>
> Any ideas where 3 seconds could be taken up, just in
> file_get_contents?
>
> Is it just that the Linux box and Windows box don't like each other?
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
attached mail follows:
On Fri, October 14, 2005 8:28 am, Miles Thompson wrote:
> One of the "nice" things MSFT did was to allow spaces in directory and
> file
> names. It created more work for programmers.
I'm not familiar with MSFT...
It must be a new acronym for Apple MacOS :-), circa 1984, which
(AFAIK) was the first consumer OS to allow human-centric filenames.
It was considered a big boon to many users, who were sick and tired of
8.3 at that point.
Of course, Unix and Vax and various mainframes allowed all kinds of
characters in filenames...
Including control-characters, which led to some interesting effects
and pranks when crossed with various utilities that did not plan for
such characters.
But I digress...
To some degree, the current filename problem is compounded here by PHP
which works under so many different OSes.
There's no problem with spaces or apostrophes in Mac filenames or the
routines that operate upon them *IF* they are all Mac-based. The only
character most humans want to use that is illegal is the colon (:)
Similarly, if you stick solely to Windows or Linux, the rules are
fairly straight-forward. Well, as straight-forward as anything is in
Windows.
But once you start writing multi-OS code, you've got : on Mac, / on
Linux, \ on Windows, just in the directory separators. Then you start
talking about path separaters and shell arguments, and life gets
incredibly more complicated.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
This is more of a user education problem than anything, I suspect, but...
Okay, so I'm kind of like a closing pitcher on this project where the
original developer is, errr, surfing in California or something...
Anyway, he's got a bunch of custom back-end CMS pages using fckEditor
(sp?) and I'm pretty much just leaving those alone as a "black box --
don't touch" :-)
Unfortunately, I've recently received a bug report, to whit:
"We can upload GIFs okay, but we get an error message about wrong file
type when we try to upload PDFs"
I was at first befuddled about this, as there is no file upload
functionality AT ALL in this project...
So I dunno where they thought they were uploadings GIFs.
[Sure, *you* know it now cuz you got forshadowing about fckEditor in
the first paragraph. Cheater.]
Eventually, I realized they were talking about what they call the
"Microsoft-like editor" (which you and I know as fckEditor) and that
they were attempting to cram a PDF file into it.
Since they are often using the fckEditor to cram in a Poster for
theatre productions, this is not as weird as it sounds...
Actually, from the end user perspective, I can completely understand
that they expect to be able to cram a PDF in there, just like they do
Posters in GIF and JPG format.
To them, the end user, it's really all the same thing.
To me, of course, it's so totally not the same thing, I don't even
know how to proceed.
The problem I have now is that they NEED PDF support. We're talking
here about pre-existing documents such as floor charts for ticket
sales, brochures, Technical Specifications (for potential renters or
theatre production companies) and (some day) Legal Contracts.
So...
Do I:
A) Attempt to hack fckEditor to "allow" a PDF to get uploaded, and
then display a link to the PDF instead of alink to the fckEditor
output.
B) Give them a separate, possibly confusing, input to upload files to
tie in as links to the fckEditor area
C) Dump fckEditor and only allow file upload, requiring them to
compose HTML pages in some external application
Has anybody faced this, and with VERY non-technical users had better
luck one way or another?
Which of these fit in best with PHP, and why?
I'm mostly used to educable users who can flex on functionality to get
what they want, but this is more a case of needing to make this WORK
for them their way.
THANKS!
PS
He's also using some kind of template language -- I don't even know
which one, as I'm just copy/pasting the bits of that to make it work,
rather than actually diving into it. That probably doesn't matter,
but if it does, I'll dig out the template name/version.
--
Like Music?
http://l-i-e.com/artists.htm
attached mail follows:
Richard Lynch said the following on 10/14/05 13:39:
> So...
>
> Do I:
>
> A) Attempt to hack fckEditor to "allow" a PDF to get uploaded, and
> then display a link to the PDF instead of alink to the fckEditor
> output.
Good luck!
> B) Give them a separate, possibly confusing, input to upload files to
> tie in as links to the fckEditor area
If you can teach them how to use it this would work well. Perhaps you
could have them upload the file and then on the page with fckEditor on
it you could provide them with the URL to use for creating the link.
> C) Dump fckEditor and only allow file upload, requiring them to
> compose HTML pages in some external application
I'd stay away from this if they are already used to using fckEditor,
especially if they can't figure out option B.
> Has anybody faced this, and with VERY non-technical users had better
> luck one way or another?
>
> Which of these fit in best with PHP, and why?
>
> I'm mostly used to educable users who can flex on functionality to get
> what they want, but this is more a case of needing to make this WORK
> for them their way.
There are a number of PDF conversion programs available for pretty much
every platform. http://jeff.cs.mcgill.ca/~luc/PSto.html You could
convert the file to jpeg or gif and then make the graphic available for
using in fckeditor.
- Ben
attached mail follows:
Richard Lynch said the following on Friday, October 14, 2005 3:39 PM:
> So...
>
> Do I:
>
> A) Attempt to hack fckEditor to "allow" a PDF to get uploaded, and
> then display a link to the PDF instead of alink to the fckEditor
> output.
>
> B) Give them a separate, possibly confusing, input to upload files to
> tie in as links to the fckEditor area
I've had success with this, creating a seperate utility to upload documents
to the filesystem and keeping track of them in mysql. I chose to allow
displaying the PDF's and Doc's through links in the FCKEditor content,
because I have never found a way to embed the PDF data into pages.
I added a custom drop-down menu to FCKEditor's Link window that fills
in the URL upon selecting the menu item, but this url consisted of just a
path to a redirect.php script where I set a GET variable to the ID of the
document, then passing through the PDF or DOC data. Though you could
link the full path to the PDF in the URL, I just had my documents stored
behind the web-accessible address. Every time a new document was
uploaded, I decided to write the URL's statically to a file that the
FCKEditor script (changed fck_link.html to fck_link.php) will read into
Javascript arrays, as opposed to accessing the DB every time this Link
window was viewed. I added about 50 lines of Javascript code to
fck_link.php to do what I wanted in setting the URL from the Select list.
I must warn you though, every time that I upgrade FCKEditor, I have to
reapply the changes I've done and there is the possibility that the
FCKEditor scripts may change to cause compatibility problems. Let me
know if you are interested in this route and I can post my alterations to
FCKEditor, but the PDF file management is up to you. I've had many
non-technical users working with this utility just fine for about 6 months,
so it works and though its not the most graceful implementation from a
developer's standpoint, it makes the user interface easiest to work with.
-Jason Kovacs
attached mail follows:
Alle 17:25, giovedì 13 ottobre 2005, John Nichel ha scritto:
> nobody:nobody.
nobody:nonexistant (random number abs() really high), at least for apache2.
my personal suggestion is:
- chown all files (avoid suid) and dir root
- chgrp apache all files and dir
- chmod 750 all dir, 640 all files
- chmod 640, chown apache all files that apache or php need to modify.
HTH,
d.
attached mail follows:
are there php functions to change from these different formats as
&#e8; doesn't seem to render correctly in a browser. ugghhh.....
-jonathan
On Oct 13, 2005, at 4:53 AM, cc wrote:
> è
attached mail follows:
the real characters (presumably è) won't render correctly.
it seems like there should be a set of functions for encoding this to
a different but understandable format and then another function for
decoding and display within a browser.
it makes me not want to use DOM for creating xml files.
-jonathan
On Oct 13, 2005, at 1:53 AM, Marcus Bointon wrote:
> On 13 Oct 2005, at 07:24, cc wrote:
>
>
>> both `è' and `î' are not entities in charset utf-8, use
>> `&egrave;' and `&icirc;' instead.
>>
>
> I would expect that to result in unconverted entities in the
> output. If you're intending to send that content as HTML, then I
> guess that would be OK. However, if you're using UTF-8 anyway, why
> not just use the real characters?
>
> Marcus
> --
> Marcus Bointon
> Synchromedia Limited: Putting you in the picture
> marcussynchromedia.co.uk | http://www.synchromedia.co.uk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
attached mail follows:
jonathan wrote:
> the real characters (presumably è) won't render correctly.
Are you outputting the correct character set information (UTF-8), and
are you sure that UTF-8 is being used throughout the entire process?
--
Jasper Bryant-Greene
General Manager
Album Limited
a: Freepost Album, PO Box 579, Christchurch 8015, New Zealand
p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303
e: jasperalbum.co.nz
w: http://www.album.co.nz/
attached mail follows:
Hello,
How to test if the current script is running in CLI, CGI or Apache mode?
thanks
attached mail follows:
I need to figure out a way to iterate through a binary file and
offset values between two address by a fixed number
//-------
Why ?
I am attempting to add file data to a pre-existing Quicktime file....
In the Quicktime file format, the 'stco' atom stores the location of
all the track data in the Quicktime file
If I add new data, all the 'stco' locations will be incorrect
So, basically, I need to change all the offsets
here is a picture of the stco data that needs to be offset
http://www.siren.cc/code/stcoTable.gif
here is the HEX data representation of the stco atom in a hex editor:
http://www.siren.cc/code/stco_data.gif
//------
Are there any good php tutorials out there that deal with binary/hex
operations of this sort ?
Thus far, I have not seen many tutorials featuring functions like
bin2hex(), pack, and unpack
I am a bit new to binary so any help is appreciated :)
g
attached mail follows:
This message was undeliverable due to the following reason:
Your message could not be delivered because the destination computer was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.
Your message was not delivered within 6 days:
Host 47.236.152.37 is not responding.
The following recipients could not receive this message:
<php-generallists.php.net>
Please reply to postmasterlists.php.net
if you feel this message to be in error.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]