NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PHP Discussion Digest> 2007-02

php-general Digest 9 Feb 2007 06:20:53 -0000 Issue 4616

php-general-digest-helplists.php.net
Date: Fri Feb 09 2007 - 00:20:53 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

php-general Digest 9 Feb 2007 06:20:53 -0000 Issue 4616

Topics (messages 248588 through 248624):

Re: Text Editor for Windows?
        248588 by: Myron Turner
        248597 by: Jay Blanchard
        248603 by: Silent1
        248612 by: tg-php.gryffyndevelopment.com

Re: Error compiling lib
248589 by: Roman Neuhauser

Re: [PHP-DB] help with mysql connect error
        248590 by: Stut
        248591 by: Stut
        248592 by: Tim McGeary

Re: is_dir reading a folder with a space in the name?
248593 by: T.Lensselink

Re: base64-encoding in cookies?
        248594 by: Fletcher Mattox
        248605 by: Jon Anderson
        248608 by: Fletcher Mattox
        248609 by: Robert Cummings
        248614 by: Fletcher Mattox
        248616 by: Robert Cummings
        248617 by: Roman Neuhauser

Re: Boolean-cast and arrays
248595 by: Youri LACAN-BARTLEY
248599 by: Robert Cummings

Question on virus/worms
248596 by: Seak, Teng-Fong
248598 by: Robert Cummings

keep SESSION using wget?
        248600 by: RalfGesellensetter
        248601 by: Jay Blanchard
        248602 by: Robert Cummings
        248604 by: RalfGesellensetter
        248607 by: Robert Cummings

Is there a way to redefine a constant?
248606 by: Khai
248624 by: Chris

Re: what do i need to disable
        248610 by: Don
        248611 by: Brad Fuller
        248615 by: Steffen Ebermann
        248619 by: Don
        248621 by: Robert Cummings
        248622 by: Steffen Ebermann

Re: Sorting issue
248613 by: tg-php.gryffyndevelopment.com

Making OpenSSL use A Verisign issued certificate for ecommerce
248618 by: Vandegrift, Ken

(DRW) Ordenar por fecha
248620 by: Anuack Luna

Re: Find midpoint between two points
248623 by: M5

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net

To post to the list, e-mail:
php-generallists.php.net

----------------------------------------------------------------------

attached mail follows:

Stephen wrote:
> I am finding that notepad is lacking when correcting syntax errors in my php code. No line numbers.
>
> What can people recommend for use under Windows?
>
> Thanks
> Stephen
>
>
I've recommended this before, Programmer's File Editor. I never leave
home without it and have been using it for years. It's free, though no
longer being developed, and while it doesn't do text highlighting, etc.
it does have many features needed by programmers, like line numbers,
matching braces and parenthesis, automatic indenting based on your own
style, code execution, creating macros, and it can be highly customized
for individual use. It will not, however, find syntax errors.

_____________________
Myron Turner
http://www.room535.org
http://www.bstatzero.org
http://www.mturner.org/XML_PullParser/

attached mail follows:

[snip]
I am finding that notepad is lacking when correcting syntax errors in my
php code. No line numbers.

What can people recommend for use under Windows?
[/snip]

Notepad++ and it is free

attached mail follows:

Another vote for gvim, with vim7's php omni-completion really becomes
a great editor for php.

On 2/7/07, Stephen <stephen-drogers.com> wrote:
> I am finding that notepad is lacking when correcting syntax errors in my php code. No line numbers.
>
> What can people recommend for use under Windows?
>
> Thanks
> Stephen
>

attached mail follows:

Lots of good recommendations have been made.. I just wanted to toss one more into the mix. It hasn't been updated in years, but does a fantastic job, and so far I havn't been lured by Notepad++ or any of the others enough (even after trying them) to switch. Check out Crimson Editor when you get a chance:
http://www.crimsoneditor.com/

At some point, these guys hope to make a new version of Crimson called Emerald:

http://www.emeraldeditor.com/

-TG

= = = Original message = = =

I am finding that notepad is lacking when correcting syntax errors in my php code. No line numbers.

What can people recommend for use under Windows?

Thanks
Stephen

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

# gamitogmail.com / 2007-02-08 15:56:25 +0000:
> Hi,
>
> I want to compile PHP with IMAP support.
>
> I've downloaded imap2006e and run:
>
> # make slx
>
> but i got this error:
>
> "make[2]: Entering directory `/usr/local/src/imap-2006e/mtest'
> `cat ../c-client/CCTYPE` -I../c-client `cat ../c-client/CFLAGS` -o mtest
> mtest.o ../c-client/c-client.a `cat ../c-client/LDFLAGS`
> .../c-client/c-client.a(osdep.o)(.text+0x87e4): In function
> `ssl_onceonlyinit':
> /usr/local/src/imap-2006e/c-client/osdep.c:301: warning: the use of
> `tmpnam' is dangerous, better use `mkstemp'
> mtest.o(.text+0x1680): In function `smtptest':
> /usr/local/src/imap-2006e/mtest/mtest.c:781: warning: the `gets'
> function is dan gerous and should not be used.
> /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x38): In function
> `dlfcn_load ':
> : undefined reference to `dlopen'

../c-client/LDFLAGS is missing -ldl or similar.

--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991

attached mail follows:

Please include the list in replies.

Tim McGeary wrote:
> Stut wrote:
>> Tim McGeary wrote:
>>> I am new to this list today, so if I should be sending this to another
>>> specific PHP list, please let me know.
>>>
>>> I am getting the following error via the PHP web page I am building:
>>>
>>>> Warning: mysql_connect(): Can't connect to local MySQL server through
>>>> socket '/var/lib/mysql/mysql.sock' (13) in
>>>> /var/www/html/software/index.php on line 18 Can't connect to local
>>>> MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
>>
>> Given that you can connect through the socket on the CLI, I'm gonna
>> guess that it's a permissions issue. Does the user that Apache (or
>> whatever web server you're using) runs as have access to mysql.sock?
>
> Currently mysql.sock is owned by mysql.mysql with S777 permissions.
> Should the ownership be different? Despite the ownership, wouldn't S777
> allow any user to access it?

Indeed it should. Have you tried writing a CLI script and seeing if that
works?

-Stut

attached mail follows:

Tim McGeary wrote:
>> Please include the list in replies.
>
> Sorry, I meant to, but hit the wrong button.

And I sent it to the wrong list!! Sorry folks.

-Stut

attached mail follows:

> Please include the list in replies.

Sorry, I meant to, but hit the wrong button.

> Tim McGeary wrote:
>> Stut wrote:
>>> Tim McGeary wrote:
>>>> I am new to this list today, so if I should be sending this to another
>>>> specific PHP list, please let me know.
>>>>
>>>> I am getting the following error via the PHP web page I am building:
>>>>
>>>>> Warning: mysql_connect(): Can't connect to local MySQL server through
>>>>> socket '/var/lib/mysql/mysql.sock' (13) in
>>>>> /var/www/html/software/index.php on line 18 Can't connect to local
>>>>> MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
>>>
>>> Given that you can connect through the socket on the CLI, I'm gonna
>>> guess that it's a permissions issue. Does the user that Apache (or
>>> whatever web server you're using) runs as have access to mysql.sock?
>>
>> Currently mysql.sock is owned by mysql.mysql with S777 permissions.
>> Should the ownership be different? Despite the ownership, wouldn't
>> S777 allow any user to access it?
>
> Indeed it should. Have you tried writing a CLI script and seeing if that
> works?

I confess I don't know what at CLI script is. What would I write?

Tim

attached mail follows:

:) You are right about the robustness part..

The directory i made by hand. So no need to create and remove it with
code. And using a test suit to show this simple example seems like a bit
of overkill to me. Just wanted to show directories with spaces
function properly when used with is_dir().

Roman Neuhauser wrote:
> # adminensifex.nl / 2007-02-08 16:14:57 +0100:
>> Like Roman said. I also don't see this behaviour.
>> Although my test is a lot more simple :)
>
> It's not complete:
>
>> <?php
>> $dir = "test dir";
>
> mkdir($dir);
>
>> if (is_dir($dir)) {
>> echo "It's a dir :)";
>> }
>
> rmdir($dir);
>
>
> But even with those two calls, your and my tests aren't on the same
> level of robustness. Sure, the OP didn't ask for tests of *any*
> robustness, I'm just saying that the increased verbosity gives the test
> properties your test does not have.
>

attached mail follows:

Thanks everyone, and especially TG, for taking time to reply to my
question. I have learned that apparently PHP silently runs urldecode()
on all cookies before copying them into the $_COOKIE variable, under
the assumption that all cookies have been urlencoded.

This seems like a bad assumption to me, and is perhaps an attempt to be
consistent with $_GET and $_REQUEST, which as Brad points out, have to
be url encoded. But cookies aren't urls. I thought their purpose was
to transfer data transparently, but maybe I am wrong about that.

If this is documented anywhere, I sure couldn't find it.

Morale: always get your cookies from $_SERVER["HTTP_COOKIE"], and *not*
from $_COOKIE.

Thanks again,
Fletcher

-----Original Message-----

> From php-general-return-248512-fletcher=cs.utexas.edulists.php.net Wed Feb 7 14:21:14 2007
> To: <php-generallists.php.net>
> From: <tg-phpgryffyndevelopment.com>
> Subject: RE: [PHP] base64-encoding in cookies?
>
> Exactly what I was going to mention, Brad. Here's some more info.
>
> Quoted from PHP manual for urlencode():
>
> "Returns a string in which all non-alphanumeric characters except -_. have been replaced with a percent (%) sign followed by two hex digits and spaces encoded as plus (+) signs. It is encoded the same way that the posted data from a WWW form is encoded, that is the same way as in application/x-www-form-urlencoded media type. This differs from the RFC1738 encoding (see rawurlencode()) in that for historical reasons, spaces are encoded as plus (+) signs."
>
> Try this:
>
> $space = " ";
>
> echo "Urlencoded: " . urlencode($space) . " \n";
> echo "Rawurlencoded: " . rawurlencode($space) . " \n";
>
> And you get:
>
> Urlencoded: +
> Rawurlencoded: %20
>
> If the only issue the OP is having is that the spaces are being transformed from + to <space> then maybe just do a urlencode($_COOKIE['AUTH']) and try doing the base64 decode off of that. This assumes that urlencode() Doesn't mangle other data in the cookie data.
>
> Or a string replace " " to "+".
>
> Kind of a non-technical answer, so maybe there's a better way to do this. Maybe a setting in apache or PHP. Don't really have time to research it right now, just wanted to point out the urlencode() and rawurlencode() info.
>
> PHP manual pages here:
>
> http://us3.php.net/manual/en/function.urlencode.php
> http://us2.php.net/manual/en/function.rawurlencode.php
>
> -TG
>
> = = = Original message = = =
>
> > -----Original Message-----
> > From: Fletcher Mattox [mailto:fletchercs.utexas.edu]
> > Sent: Wednesday, February 07, 2007 2:49 PM
> > To: php-generallists.php.net
> > Subject: Re: [PHP] base64-encoding in cookies?
> >
> > I wrote:
> >
> > > A campus web server (not under my control) returns an authentication
> > > string in a cookie named AUTH. The cookie's value is an encrypted,
> > > base64 encoded string. Unfortunately, when I examine $_COOKIE['AUTH'],
> > > it is clear that all of the '+' characters have been replaced with a ' '
> > > character in the base64 string. Why is this? Obviously, this corrupts
> > > the data and makes it impossible to base64-decode the string correctly.
> > > I believe this is a php issue and not, say, an apache issue because a
> > > perl program can correctly authenticate the same cookie based on perl's
> > > $ENV'HTTP_COOKIE'. i.e., the perl cookie contains the original '+'.
> > > Does anyone know how to make php (v5.1.5) do the right thing with base64
> > > encoded cookies?
> >
> > This problem seems to be
> >
> > ~http://bugs.php.net/bug.php?id=35523
> >
> > where it was dismissed as "Bogus" without any explanation why. It seems
> > that '+' characters are intentionally converted to spaces in all cookies.
> > This makes no sense to me. Can someone explain it?
> >
> > Thanks,
> > Fletcher
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> Could it have something to do with url encoding?
>
> For example:
> http://example.com/page.php?foo=ABC+123
>
> echo $_GET['foo']; // should produce: ABC 123
>
> http://example.com/page.php?foo=ABC%2B123
>
> echo $_GET['foo']; // should produce: ABC+123
>
> HTH,
>
> Brad
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> ___________________________________________________________
> Sent by ePrompter, the premier email notification software.
> Free download at http://www.ePrompter.com.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

attached mail follows:

Fletcher Mattox wrote:
> I have learned that apparently PHP silently runs urldecode()
> on all cookies before copying them into the $_COOKIE variable, under
> the assumption that all cookies have been urlencoded.
>
> This seems like a bad assumption to me, and is perhaps an attempt to be
> consistent with $_GET and $_REQUEST, which as Brad points out, have to
> be url encoded. But cookies aren't urls. I thought their purpose was
> to transfer data transparently, but maybe I am wrong about that.
Warning: this is my opinion. :-)

I don't believe is is a bad assumption; I can see exactly why it would
have been done that way...

Cookies must be encoded somehow: Because a raw cookie will contain
"var=val; expires=time; path=/path/" type stuff, PHP would *have* to
encode it. If a user runs "setcookie('mycookie','this is my cookie; have
a bite!');", PHP has to pick some kind of encoding, and urlencoding
makes the most sense given its similarities to GET and POST.

Since PHP urlencodes values it sets, it follows logically that it would
also urldecode values it retrieves.

If you don't want PHP's automagic cookie handling you can do it manually
as well with header('Set-Cookie: ...') and $_SERVER['HTTP_COOKIE'] on
the other end - which I believe is what you decided on.

jon

attached mail follows:

Jon Anderson writes:

> Cookies must be encoded somehow: Because a raw cookie will contain
> "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> encode it.

I don't mean to be thick, Jon, but I don't understand why it has to be
encoded at all. Are you saying that the "path=/path/" has to be encoded?
Well, ok (I don't entirely understand that either), but why encode
the "val"? "val" can be arbitrary data and shoud be left uninterpreted,
in my opinion.

> If a user runs "setcookie('mycookie','this is my cookie; have
> a bite!');", PHP has to pick some kind of encoding, and urlencoding
> makes the most sense given its similarities to GET and POST.

Yes, it does seem like PHP does this because it wants to treat cookies
similarly to GET and POST urls. But cookies are intrinsically different,
it seems to me. In particular, they are not urls.

> Since PHP urlencodes values it sets, it follows logically that it would
> also urldecode values it retrieves.

But there many other applications which are not written in PHP, nor is
there a standard which specifies url encoding for cookies as far as I know
(if there is, then all bets are off--I'm wrong, and I will go away :)).
Shouldn't PHP be designed to interoperate with these applications?

> If you don't want PHP's automagic cookie handling you can do it manually
> as well with header('Set-Cookie: ...') and $_SERVER['HTTP_COOKIE'] on
> the other end - which I believe is what you decided on.

Yep. But is this fact documented somewhere? I missed it.

Fletcher

attached mail follows:

On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> Jon Anderson writes:
>
> > Cookies must be encoded somehow: Because a raw cookie will contain
> > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> > encode it.
>
> I don't mean to be thick, Jon, but I don't understand why it has to be
> encoded at all. Are you saying that the "path=/path/" has to be encoded?
> Well, ok (I don't entirely understand that either), but why encode
> the "val"? "val" can be arbitrary data and shoud be left uninterpreted,
> in my opinion.

If val can be any value then it can also be:

expires=time; path=/path/

Obviously, that would be an issue since that's part of the cookie
parameters. As such, it needs to be encoded. Now go away!

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

attached mail follows:

Robert Cummings writes:

> On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> > Jon Anderson writes:
> >
> > > Cookies must be encoded somehow: Because a raw cookie will contain
> > > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> > > encode it.
> >
> > I don't mean to be thick, Jon, but I don't understand why it has to be
> > encoded at all. Are you saying that the "path=/path/" has to be encoded?
> > Well, ok (I don't entirely understand that either), but why encode
> > the "val"? "val" can be arbitrary data and shoud be left uninterpreted,
> > in my opinion.
>
> If val can be any value then it can also be:
>
> expires=time; path=/path/
>
> Obviously, that would be an issue since that's part of the cookie
> parameters. As such, it needs to be encoded. Now go away!
>
> :)

I would argue that if someone were to embed these parameters inside
a cookie's "value" parameter, then they lose all rights to the original
semantics. But this is getting silly.

I find it interesting that nobody has been able to cite a standard
or even point to documentation of this "feature".

Fletcher

attached mail follows:

On Thu, 2007-02-08 at 15:23 -0600, Fletcher Mattox wrote:
> Robert Cummings writes:
>
> > On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> > > Jon Anderson writes:
> > >
> > > > Cookies must be encoded somehow: Because a raw cookie will contain
> > > > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> > > > encode it.
> > >
> > > I don't mean to be thick, Jon, but I don't understand why it has to be
> > > encoded at all. Are you saying that the "path=/path/" has to be encoded?
> > > Well, ok (I don't entirely understand that either), but why encode
> > > the "val"? "val" can be arbitrary data and shoud be left uninterpreted,
> > > in my opinion.
> >
> > If val can be any value then it can also be:
> >
> > expires=time; path=/path/
> >
> > Obviously, that would be an issue since that's part of the cookie
> > parameters. As such, it needs to be encoded. Now go away!
> >
> > :)
>
> I would argue that if someone were to embed these parameters inside
> a cookie's "value" parameter, then they lose all rights to the original
> semantics. But this is getting silly.
>
> I find it interesting that nobody has been able to cite a standard
> or even point to documentation of this "feature".

Dear numnutz, get off your lazy arse and read the doc for yourself:

http://wp.netscape.com/newsref/std/cookie_spec.html

It clearly states:

NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended,
though no encoding is defined or required.

There, it left the encoding up to whoever is decoding it. Now feel free
to take your troll ass and hide under a bridge someplace.

attached mail follows:

# fletchercs.utexas.edu / 2007-02-08 15:23:45 -0600:
> Robert Cummings writes:
> > If val can be any value then it can also be:
> >
> > expires=time; path=/path/
> >
> > Obviously, that would be an issue since that's part of the cookie
> > parameters. As such, it needs to be encoded. Now go away!
> >
> > :)
>
> I would argue that if someone were to embed these parameters inside
> a cookie's "value" parameter, then they lose all rights to the original
> semantics. But this is getting silly.
>
> I find it interesting that nobody has been able to cite a standard
> or even point to documentation of this "feature".

setcookie() follows no standard, it's just a high-level interface with a
quirk. The only standard to cite here is called "Histerical raisins".

--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991

attached mail follows:

Tim wrote:
> First thank you all for your input on "all-in-one" classes.
>
> Reading the php manual on boolean types and casts, and came accros the
> following:
>
> <quote>
> When converting to boolean, the following values are considered FALSE:
>
> ...
>
> an array with zero elements
>
> ...
> </quote>
>
> So here I am sitting and wondering if after all this while doing:
>
> $arr = array();
> If (count($arr) == 0) {}
>
> Shouldn't have been simply doing:
>
> $arr = array();
> If (!arr) {}

I'm afraid I can't bring in any insight, I just wanted to mention that's
a nice "feature" you've brought up. The only issue I can see popping up
is that !$arr doesn't explicitly indicate that you are checking for an
empty array ... Other than that, I guess it's yet another way to get of
a few bytes worth of code.

I'm curious to find out what others have to say.
>
>
> Is the latter problematic in any programming standards?
> Does it take longer to process?
> Is it using count()?
> Is "Type-Juggling" considered good practise?
>
> Regards,
>
> Tim
>

attached mail follows:

On Thu, 2007-02-08 at 18:36 +0100, Youri LACAN-BARTLEY wrote:
> Tim wrote:
> > First thank you all for your input on "all-in-one" classes.
> >
> > Reading the php manual on boolean types and casts, and came accros the
> > following:
> >
> > <quote>
> > When converting to boolean, the following values are considered FALSE:
> >
> > ...
> >
> > an array with zero elements
> >
> > ...
> > </quote>
> >
> > So here I am sitting and wondering if after all this while doing:
> >
> > $arr = array();
> > If (count($arr) == 0) {}
> >
> > Shouldn't have been simply doing:
> >
> > $arr = array();
> > If (!arr) {}
>
> I'm afraid I can't bring in any insight, I just wanted to mention that's
> a nice "feature" you've brought up. The only issue I can see popping up
> is that !$arr doesn't explicitly indicate that you are checking for an
> empty array ... Other than that, I guess it's yet another way to get of
> a few bytes worth of code.

It simplifies code and also speeds it up. Instead of incurring the cost
of a function call overhead the time is instead reduced to the
evaluation of an opcode.

attached mail follows:

My company's got a web site using PHP. But the server is actually
an IIS 5 sitting inside a Win2K server. So naturally, I'm using php dll
filter. (Please don't tell me to use Apache because we need IIS for
other services). This server also has got an anti-virus installed
(McAfee to be exact).

Since more than a year, I've got several warnings from McAfee
telling me that it was able to catch some virus/worms which were inside
the computer. Here're their names:
PHP/Chaploit
Perl/BackDoor-CXY.gen
PHP/BackDoor.gen
BackDoor-CUS!php Trojan

Do they mean anything to anyone of you? Do you know how they've got
inside the computer? Is there anything to do to prevent that? Are they
known PHP virus/worms to PHP community?

Thanks in advance.

Seak

----------
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! www.zoner.com/zps
You can download your free version.

attached mail follows:

On Thu, 2007-02-08 at 18:44 +0100, Seak, Teng-Fong wrote:
> My company's got a web site using PHP. But the server is actually
> an IIS 5 sitting inside a Win2K server. So naturally, I'm using php dll
> filter. (Please don't tell me to use Apache because we need IIS for
> other services). This server also has got an anti-virus installed
> (McAfee to be exact).
>
> Since more than a year, I've got several warnings from McAfee
> telling me that it was able to catch some virus/worms which were inside
> the computer. Here're their names:
> PHP/Chaploit
> Perl/BackDoor-CXY.gen
> PHP/BackDoor.gen
> BackDoor-CUS!php Trojan
>
> Do they mean anything to anyone of you? Do you know how they've got
> inside the computer? Is there anything to do to prevent that? Are they
> known PHP virus/worms to PHP community?

Did you bother to google any of them? I just punched PHP/BackDoor.gen
into Google and got a wealth of information.

attached mail follows:

Dear list,

I wrote a php script to keep track of a remote server. This script is
called every 10 minutes via http by a cronjob using wget. The cronjob
calls (from the remote server) open a new session each time.

This way I cannot use session variables to limit mail notifications to
cases where the IP of the remote server has changed.

Is there any way to
- either make wget to stay within its session
- or store the IP in a static variable that is persistent?

Thanks
Ralf

attached mail follows:

[snip]
- or store the IP in a static variable that is persistent?
[/snip]

Like a constant? http://www.php.net/define

attached mail follows:

On Thu, 2007-02-08 at 19:28 +0100, RalfGesellensetter wrote:
> Dear list,
>
> I wrote a php script to keep track of a remote server. This script is
> called every 10 minutes via http by a cronjob using wget. The cronjob
> calls (from the remote server) open a new session each time.
>
> This way I cannot use session variables to limit mail notifications to
> cases where the IP of the remote server has changed.
>
> Is there any way to
> - either make wget to stay within its session

I don't suppose you checked the man page for wget did you?

attached mail follows:

Hi Rob, thanks for your quick reply!

Am Donnerstag 08 Februar 2007 19:22 schrieb Robert Cummings:
> I don't suppose you checked the man page for wget did you?

shame on me: I didn't RTFM ;)

Now having done so, I wonder if I can store the cookie file with every
call or if I should store it once manually and use the file with every
cronjob call?

Something like:

getcookie_once:
wget --save-cookies cookies.txt \
--keep-session-cookies http://my.domain/tracker.php

refresh_hourly:
wget --load-cookies cookies.txt http://my.domain/tracker.php

Thanks again
Ralf

attached mail follows:

On Thu, 2007-02-08 at 19:56 +0100, RalfGesellensetter wrote:
> Hi Rob, thanks for your quick reply!
>
> Am Donnerstag 08 Februar 2007 19:22 schrieb Robert Cummings:
> > I don't suppose you checked the man page for wget did you?
>
> shame on me: I didn't RTFM ;)
>
> Now having done so, I wonder if I can store the cookie file with every
> call or if I should store it once manually and use the file with every
> cronjob call?
>
> Something like:
>
> getcookie_once:
> wget --save-cookies cookies.txt \
> --keep-session-cookies http://my.domain/tracker.php
>
> refresh_hourly:
> wget --load-cookies cookies.txt http://my.domain/tracker.php

Or...

wget --save-cookies cookies.txt --load-cookies cookies.txt
--keep-session-cookies http://my.domain/tracker.php

You only need one cumulative call.

You will also need to ensure that the remote server allows sessions to
live longer than an hour so that it doesn't expire on wget.

attached mail follows:

STDERR and STDOUT are defined as constants. Is there a way to redefine
these constants?

Thanks
Khai

attached mail follows:

Khai wrote:
> STDERR and STDOUT are defined as constants. Is there a way to redefine
> these constants?

Nope. Once they're set, they're set.

--
Postgresql & php tutorials
http://www.designmagick.com/

attached mail follows:

I asked this question awhile ago and never really visited the issue till
now. The response I got showed me how to disable everything, but I want to
allow basic html tags.

~My original question~

My next task is disable harmful tags/scripts in a full text field.

I want to store a bio type field and I am considering allowing html (to
allow a MySpace type of customization to the page), but I am really new to
this so I really don't know what kind of trouble I am asking for.

I'm sure that I need to block JavaScript, but are there other things (tags,
scripting, etc.) that can be input into my DB that will cause problems
either being stored as such or when accessed?

I'm thinking along the lines outlined below, I just need to complete the
list and would like some assistance form the seasoned vets here.

Again, thanks for the advice in advance.

Don

Here is what I have come up with so far, I guess my question is whether
str_replace is case sensitive. (i.e. javascript == JavaScript)

Also, will this catch character encoding like
javascript

Also, is there anything else that I should add to the list?

$bio =
str_replace('/<script|<%|<?|.js|vbscript|.php|object|xss|xml|.css|javascript
|script|meta|stylesheet|.swf|redirect|<\?|\?>|<%|%>/', "", $bio);

attached mail follows:

> -----Original Message-----
> From: Don [mailto:don.rzeszutgmail.com]
> Sent: Thursday, February 08, 2007 3:28 PM
> To: php-generallists.php.net
> Subject: RE: [PHP] what do i need to disable
>
>
> I asked this question awhile ago and never really visited the issue till
> now. The response I got showed me how to disable everything, but I want to
> allow basic html tags.

http://us3.php.net/strip_tags

You can use the optional second parameter to specify tags which should not
be stripped.

HTH,

Brad

attached mail follows:

It's more secure to begin with converting the string using
htmlentities() and reconverting allowed tags afterwards.

See
http://alistapart.com/articles/secureyourcode
http://alistapart.com/articles/secureyourcode2

attached mail follows:

> I asked this question awhile ago and never really visited the issue till
> now. The response I got showed me how to disable everything, but I want to
> allow basic html tags.

http://us3.php.net/strip_tags

You can use the optional second parameter to specify tags which should not
be stripped.

HTH,

Brad

I ended up using strip_tags (thanks Brad)

But to disable other ways of getting javascript to run I also included
this....

$pattern =
array('/(javascript)/','/([jJ(&#106)][aA(&#97)][vV(&#118)][aA(&#97)][sS(&#11
5)][cC(&#99)][rR(&#114)][iI(&#105)][pP(&#112)][tT(&#116)])/','/(\.[jJ(&#106)
][sS(&#115)])/','/([xX][sS(&#115)][sS(&#115)])/','/([xX][mM][lL])/');

$candidateNewBio = preg_replace($pattern, '', $candidateNewBio);

Is this worthwhile or a waste of time, because it seems to really protect
your site, you need have a contingency for every possible attack.... And I
don't even know how some of this stuff is even working with my level of
understanding

attached mail follows:

On Thu, 2007-02-08 at 15:32 -0700, Don wrote:
> > I asked this question awhile ago and never really visited the issue till
> > now. The response I got showed me how to disable everything, but I want to
> > allow basic html tags.
>
>
> http://us3.php.net/strip_tags
>
> You can use the optional second parameter to specify tags which should not
> be stripped.
>
> HTH,
>
> Brad
>
>
> I ended up using strip_tags (thanks Brad)
>
> But to disable other ways of getting javascript to run I also included
> this....
>
> $pattern =
> array('/(javascript)/','/([jJ(&#106)][aA(&#97)][vV(&#118)][aA(&#97)][sS(&#11
> 5)][cC(&#99)][rR(&#114)][iI(&#105)][pP(&#112)][tT(&#116)])/','/(\.[jJ(&#106)
> ][sS(&#115)])/','/([xX][sS(&#115)][sS(&#115)])/','/([xX][mM][lL])/');
>
> $candidateNewBio = preg_replace($pattern, '', $candidateNewBio);
>
> Is this worthwhile or a waste of time, because it seems to really protect
> your site, you need have a contingency for every possible attack.... And I
> don't even know how some of this stuff is even working with my level of
> understanding

Like a previous poster said... you need to be smarter than that. Markup
the entire document via htmlspecialchars() then replace basic tags with
real tags. So...

<?php

$safe = htmlspecialchars( $content );
$safe = str_replace( '', '', $safe );

Better yet, switch to something like BBCode. Why you ask... because
let's say you do the following:

<?php

$safe = strip_tags( $content, '' );

All Joe Hacker needs to do is submit the following:

-----
This is tricky 
-----

This line of attack is clearly warned about in the documentation for
strip_tags().

attached mail follows:

By using something like

$var = preg_replace(
 "!<(i|b|small|big|code)>(.+)</\\1>!isU",
 "<\\1>\\2</\\1>", $var);

you can accomplish a solution where only closed tags
will be reconverted.

attached mail follows:

Paul's probably right.. putting the sorting values in a table would be eaiser to maintain. I don't know what I was thinking with the whole "then you don't HAVE to create a table". Both ways work.. but especially if you think the positions may change, then it'll be tons easier to update if they're in a table.

-TG

= = = Original message = = =

>= = = Original message = = =
>I need to sort the results of a DB query based on the hierarchy of positions
>within an organization. Since they are not necessarily alphabetical, the
>best I can come up with is to assign a numerical value in a separate table
>to each position, and reference that to sort it.

At 2/7/2007 01:10 PM, tg-phpgryffyndevelopment.com wrote:
>Well, kind of ugly but you can do something like this:
>
>SELECT Position, CASE Position WHEN 'CEO' THEN 1 WHEN 'COO' THEN 2
>WHEN 'CFO' THEN 3 WHEN 'HR' THEN 4 ELSE 99 END AS PositionSort
>FROM SomeTable
>ORDER BY PositionSort
>
>That way you're not creating a whole new table to store the sorting values.

If I might offer alternative advice, I *would* create a separate
table of positions & sort sequence values, so that all the data can
be edited in one mode (e.g., phpMyAdmin). If some of your data is in
MySQL and some of it's embedded in a query in a PHP script, it will
be a little bit more of a hassle to maintain and a little more
cryptic for the next developer who has to figure out what you've done
after you abruptly run off to Tahiti.

SELECT Positions.Sort, Employees.Position, Employees.LastName, etc
FROM Employees, Positions
WHERE Employees.Position = Positions.Position
ORDER BY Positions.Sort, Employees.LastName

(Assuming more than one employee per position, I figure you'd want a
secondary sort criterion.)

Regards,

Paul
__________________________

Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com

___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

attached mail follows:

Hello All,

I am currently switching to a basic shopping cart system that I created
to a more robust PHP X-Cart system that my company purchased, but I am
having an issue getting transactions to go through Verisign's payflow
pro.

I have OpenSSL 0.9.8d installed, but when the OpenSSL module is called
by X-Cart to send the transaction request (using XMLPay), Verisign
reports back that it cannot verify the certificate. Do I need to to add
a command line switch to tell OpenSSL to use the Verisign issued
certificate?

(e.g. -CAfile /path/to/verisign/cert)

Statement used to send payment request to Verisign (in test mode):

C:\OpenSSL\bin\openssl.exe s_client -connect
test-payflow.verisign.com:443 -quiet < C:\path\to\xct10.tmp
2>C:\path\to\xct11.tmp

Any help would be appreciated.

Thanks

Ken Vandegrift
kvandegriftsharis.com <mailto:kvandegriftsharis.com>
Web Administrator
Sharis Mgmt. Corp

attached mail follows:

Hola Foreros

Tengo la siguiente pregunta.

Como puedo darle la orden a un juego de registro que me lo ordene por fecha?

SELECT *
FROM mi_sitio_personal_menu
ORDER BY id DESC

Si le digo Orden by fecha Desc... Me lo ordena por números, no por fecha.

La fecha de la siguiente forma: "DIA/MES/AÑO"

Alguna sugerencia... Adjunto database

--
-- Estructura de tabla para la tabla `mi_sitio_personal`
--

CREATE TABLE `mi_sitio_personal` (
  `id` int(11) NOT NULL auto_increment,
  `publico_privado` varchar(10) default '0',
  `usuario` varchar(255) default NULL,
  `fecha` varchar(100) default NULL,
  `categoria` varchar(100) default NULL,
  `pequena_comentario` text,
  `comentario` text,
  `archivo` varchar(255) default NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT;

--
-- Volcar la base de datos para la tabla `mi_sitio_personal`
--

attached mail follows:

Thanks for pointing out the PHP's deg2rad requirement. That was the
problem.

...Rene

On 7-Feb-07, at 7:30 PM, Gregory Beaver wrote:

> M5 wrote:
>> I found a nice javascript function that takes two points of
>> latitude and
>> longitude and returns a midpoint. I'm now trying to rewrite in
>> PHP, but
>> having some problems. Here's the original javascript function, taken
>> from http://www.movable-type.co.uk/scripts/LatLong.html :
>>
>> LatLong.midPoint = function(p1, p2) {
>> var dLon = p2.lon - p1.lon;
>>
>> var Bx = Math.cos(p2.lat) * Math.cos(dLon);
>> var By = Math.cos(p2.lat) * Math.sin(dLon);
>>
>> lat3 = Math.atan2(Math.sin(p1.lat)+Math.sin(p2.lat),
>>
>> Math.sqrt((Math.cos(p1.lat)+Bx)*(Math.cos(p1.lat)+Bx) + By*By ) );
>> lon3 = p1.lon + Math.atan2(By, Math.cos(p1.lat) + Bx);
>>
>> if (isNaN(lat3) || isNaN(lon3)) return null;
>> return new LatLong(lat3*180/Math.PI, lon3*180/Math.PI);
>> }
>>
>>
>> And here's my PHP variant, which isn't working:
>>
>> function midpoint ($lat1, $lng1, $lat2, $lng2) {
>> $dlng = $lng2 - $lng1;
>> $Bx = cos($lat2) * cos($dlng);
>> $By = cos($lat2) * sin($dlng);
>> $lat3 = atan2( sin($lat1)+sin($lat2),
>> sqrt((cos($lat1)+$Bx)*(cos($lat1)+$Bx) + $By*$By ));
>> $lng3 = $lng1 + atan2($By, (cos($lat1) + $Bx));
>> $pi = pi();
>> return ($lat3*180)/$pi .' '. ($lng3*180)/$pi;
>> }
>>
>> Any ideas why it's returning wrong values?
>
> Are you converting from degrees to radians? With identical input, the
> javascript function is identical to the PHP function (I tested to
> verify)
>
> I got this by reading at the bottom of the page:
>
> " * Notes: trig functions take arguments in radians, so latitude,
> longitude, and bearings in degrees (either decimal or
> degrees/minutes/seconds) need to be converted to radians, rad =
> ¹.deg/180. When converting radians back to degrees (deg = 180.rad/¹),
> West is negative if using signed decimal degrees. For bearings, values
> in the range -¹ to +¹ (-180¡ to +180¡) need to be converted to 0 to
> +2¹
> (0¡Ð360¡); this can be done by (brng+2.¹)%2.¹ where % is the modulo
> operator. View page source to see JavaScript functions to handle these
> conversions.
> * The atan2() function widely used here takes two arguments,
> atan2(y, x), and computes the arc tangent of the ratio y/x. It is more
> flexible than atan(y/x), since it handles x=0, and it also returns
> values in all 4 quadrants -¹ to +¹ (the atan function returns
> values in
> the range -¹/2 to +¹/2).
> * If you implement any formula involving atan2 in Microsoft Excel,
> you will need to reverse the arguments, as Excel has them the opposite
> way around from JavaScript Ð conventional order is atan2(y, x), but
> Excel uses atan2(x, y)
> * For miles, divide km by 1.609344
> * For nautical miles, divide km by 1.852
> * Thanks to Ed WilliamsÕ Aviation Formulary for many of the
> formulae
> "
>
> Greg
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]