|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general-digest-help
lists.php.net
Date: Fri Mar 21 2008 - 15:01:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 21 Mar 2008 20:01:12 -0000 Issue 5360
Topics (messages 271929 through 271955):
Re: question about customized error
271929 by: M. Sokolewicz
271934 by: Daniel Brown
Re: fwrite/fclose troubles
271930 by: Al
271931 by: Dave Goodchild
271933 by: Thijs Lensselink
Re: [PHP-INSTALL] I cant get php_gd.dll to work
271932 by: Daniel Brown
Re: [PHP-DB] ini_set ...
271935 by: Daniel Brown
spider
271936 by: tedd
271937 by: Wolf
271938 by: Robert Cummings
271939 by: Daniel Brown
271940 by: Wolf
271941 by: Børge Holen
271943 by: Børge Holen
271944 by: Wolf
271946 by: tedd
271947 by: Daniel Brown
271949 by: Ray Hauge
271951 by: Wolf
271953 by: Eric Butera
271954 by: TG
Re: Double click problem [SOLVED]
271942 by: tedd
271950 by: Eric Butera
pulling text from a file
271945 by: Richard Kurth
271948 by: Jay Blanchard
271952 by: Richard Kurth
Posting Summary for Week Ending 21 March, 2008: php-generallists.php.net
271955 by: PostTrack [Dan Brown]
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Jim Lucas wrote:
> Sudhakar wrote:
>> if a user by mistake types the wrong url directly in the address bar ex=
>> www.website.com/abou.php instead of
>> typing www.website.com/aboutus.php instead of the browser displaying File
>> not found or a 404 error message i would like to display a customized
>> page
>> which will still have the same look and feel of my website in terms of
>> the
>> layout and i would like to
>> a) display a message such as = "Page could not be found" and b) the
>> url that
>> the user originally typed should remain in the browser = I guess this
>> would
>> be the case anyway but i was wondering if something needs to be done in
>> order to reatin the original address the user typed.
>>
>> Does this have to be done from apache perspective or can it be done using
>> php. please suggest the procedure in either case apache OR php.
>
> Both will be involed.
>
> You will use what is referred to as the ErrorDocument entry.
>
> Have apache enforce a customer ErrorDocument for a 404 error.
>
> Then create a php script that is referred to by the ErrorDocument entry.
>
> error404.php
>
> <?php
>
> echo "Page not found, check your spelling and try again.";
>
> ?>
>
>>
>> please advice.
>>
>> thanks.
>>
>
>
With it being apache, you could also do it using SHTML (apache's subset
of some simple extra tags to make files dynamic without having to load
an entire PHP parser for it). But yes, it is as Jim Lucas posted; used
quite a lot even.
- Tuk
attached mail follows:
On Thu, Mar 20, 2008 at 6:54 PM, Sudhakar <sudhakararaoggmail.com> wrote:
> if a user by mistake types the wrong url directly in the address bar ex=
> www.website.com/abou.php instead of
> typing www.website.com/aboutus.php instead of the browser displaying File
> not found or a 404 error message i would like to display a customized page
> which will still have the same look and feel of my website in terms of the
> layout and i would like to
> a) display a message such as = "Page could not be found" and b) the url that
> the user originally typed should remain in the browser = I guess this would
> be the case anyway but i was wondering if something needs to be done in
> order to reatin the original address the user typed.
.htaccess:
ErrorDocument 404 /404.php
404.php:
<?php
// Whatever you want here.
?>
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
attached mail follows:
int file_put_contents ( string $filename, mixed $data [, int $flags [, resource $context]] )
This function is identical to calling fopen(), fwrite() and fclose() successively to write data to a
file.
This native function does it for you
Mark Weaver wrote:
> Hi all,
>
> I've been lurking and reading now for some time, but have decided to
> come out of the shadows cause I've got an issue that's gonna drive me
> crazy!
>
> I'm developing an application and within this application is a class
> that is very simple and only serves a singular purpose - to make log
> entries to help with debugging. Problem is, now I'm debugging the damned
> logging class that is supposed to be helping me debug the application as
> I'm putting it together! <sigh> I've looked and looked all over the
> place, but I don't seem to be able to find an answer to this problem.
> The only information that I have found so far deals with permissions and
> I don't think that's the problem. At first I was getting an access
> denied error but since setting dir perms and log file perms so that both
> apache and my user can right to both the directory and the file that one
> has gone away.
>
> Log Directory permissions: /mystuff/logs rwx-rwx-rwx (777)
> Log file permissions : /mystuff/logs/run.log rwx-rwx-rwx
> (777)
>
> At any rate, the following is the information I'm getting in the apache
> error_log while working on this particular portion of the application:
>
> PHP Warning: fwrite(): supplied argument is not a valid stream resource
> in /mystuff/inc/Log.inc on line 22,
> PHP Warning: fclose(): supplied argument is not a valid stream resource
> in /mystuff/inc/Log.inc on line 23,
>
> The Log class:
> -----------------------------
> class Log{
> public $path, $entry, $logfile;
>
> public function Log(){}
>
> public function setLog($path,$file){
> $this->path = $path;
> $this->logfile = $file;
> }
>
> public function writeLog($entry){
> // open the file, in this case the log file
> $h = "$this->path/$this->logfile";
> fopen($h, 'a+');
> fwrite($h,$entry);
> fclose($h);
> }
> }
>
> Code snippet where attempting to write log entry from program:
> --------------------------------------------------------------------------------------------
>
> $pl_log = new Log;
> $pl_log->setLog($logpath,"run.log");
>
> $usernanme = $_POST['username'];
> $password = $_POST['secret'];
>
> /**
> * (debugging) logging incoming values from form:
> */
> $pl_log->writeLog("getDateTime(): Incoming values from Login Form:
> blah...blah...blah\n");
>
> Any help with this would be most appreciated. (be gentle... I'm a PERL
> program learning PHP OOP)
>
attached mail follows:
Why are you writing a logging class? Why not use error_log and enable error
logging?
On Fri, Mar 21, 2008 at 1:11 PM, Al <newsridersite.org> wrote:
> int file_put_contents ( string $filename, mixed $data [, int $flags [,
> resource $context]] )
>
> This function is identical to calling fopen(), fwrite() and fclose()
> successively to write data to a
> file.
>
> This native function does it for you
>
> Mark Weaver wrote:
> > Hi all,
> >
> > I've been lurking and reading now for some time, but have decided to
> > come out of the shadows cause I've got an issue that's gonna drive me
> > crazy!
> >
> > I'm developing an application and within this application is a class
> > that is very simple and only serves a singular purpose - to make log
> > entries to help with debugging. Problem is, now I'm debugging the damned
> > logging class that is supposed to be helping me debug the application as
> > I'm putting it together! <sigh> I've looked and looked all over the
> > place, but I don't seem to be able to find an answer to this problem.
> > The only information that I have found so far deals with permissions and
> > I don't think that's the problem. At first I was getting an access
> > denied error but since setting dir perms and log file perms so that both
> > apache and my user can right to both the directory and the file that one
> > has gone away.
> >
> > Log Directory permissions: /mystuff/logs rwx-rwx-rwx
> (777)
> > Log file permissions : /mystuff/logs/run.log rwx-rwx-rwx
> > (777)
> >
> > At any rate, the following is the information I'm getting in the apache
> > error_log while working on this particular portion of the application:
> >
> > PHP Warning: fwrite(): supplied argument is not a valid stream resource
> > in /mystuff/inc/Log.inc on line 22,
> > PHP Warning: fclose(): supplied argument is not a valid stream resource
> > in /mystuff/inc/Log.inc on line 23,
> >
> > The Log class:
> > -----------------------------
> > class Log{
> > public $path, $entry, $logfile;
> >
> > public function Log(){}
> >
> > public function setLog($path,$file){
> > $this->path = $path;
> > $this->logfile = $file;
> > }
> >
> > public function writeLog($entry){
> > // open the file, in this case the log file
> > $h = "$this->path/$this->logfile";
> > fopen($h, 'a+');
> > fwrite($h,$entry);
> > fclose($h);
> > }
> > }
> >
> > Code snippet where attempting to write log entry from program:
> >
> --------------------------------------------------------------------------------------------
> >
> > $pl_log = new Log;
> > $pl_log->setLog($logpath,"run.log");
> >
> > $usernanme = $_POST['username'];
> > $password = $_POST['secret'];
> >
> > /**
> > * (debugging) logging incoming values from form:
> > */
> > $pl_log->writeLog("getDateTime(): Incoming values from Login
> Form:
> > blah...blah...blah\n");
> >
> > Any help with this would be most appreciated. (be gentle... I'm a PERL
> > program learning PHP OOP)
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Quoting Dave Goodchild <buddhamagnetgmail.com>:
> Why are you writing a logging class? Why not use error_log and enable error
> logging?
Maybe he wants to log user actions in an application? Can log so much
more then just errors.
But the answer to this problem was already given. :)
>
> On Fri, Mar 21, 2008 at 1:11 PM, Al <newsridersite.org> wrote:
>
>> int file_put_contents ( string $filename, mixed $data [, int $flags [,
>> resource $context]] )
>>
>> This function is identical to calling fopen(), fwrite() and fclose()
>> successively to write data to a
>> file.
>>
>> This native function does it for you
>>
>> Mark Weaver wrote:
>> > Hi all,
>> >
>> > I've been lurking and reading now for some time, but have decided to
>> > come out of the shadows cause I've got an issue that's gonna drive me
>> > crazy!
>> >
>> > I'm developing an application and within this application is a class
>> > that is very simple and only serves a singular purpose - to make log
>> > entries to help with debugging. Problem is, now I'm debugging the damned
>> > logging class that is supposed to be helping me debug the application as
>> > I'm putting it together! <sigh> I've looked and looked all over the
>> > place, but I don't seem to be able to find an answer to this problem.
>> > The only information that I have found so far deals with permissions and
>> > I don't think that's the problem. At first I was getting an access
>> > denied error but since setting dir perms and log file perms so that both
>> > apache and my user can right to both the directory and the file that one
>> > has gone away.
>> >
>> > Log Directory permissions: /mystuff/logs rwx-rwx-rwx
>> (777)
>> > Log file permissions : /mystuff/logs/run.log rwx-rwx-rwx
>> > (777)
>> >
>> > At any rate, the following is the information I'm getting in the apache
>> > error_log while working on this particular portion of the application:
>> >
>> > PHP Warning: fwrite(): supplied argument is not a valid stream resource
>> > in /mystuff/inc/Log.inc on line 22,
>> > PHP Warning: fclose(): supplied argument is not a valid stream resource
>> > in /mystuff/inc/Log.inc on line 23,
>> >
>> > The Log class:
>> > -----------------------------
>> > class Log{
>> > public $path, $entry, $logfile;
>> >
>> > public function Log(){}
>> >
>> > public function setLog($path,$file){
>> > $this->path = $path;
>> > $this->logfile = $file;
>> > }
>> >
>> > public function writeLog($entry){
>> > // open the file, in this case the log file
>> > $h = "$this->path/$this->logfile";
>> > fopen($h, 'a+');
>> > fwrite($h,$entry);
>> > fclose($h);
>> > }
>> > }
>> >
>> > Code snippet where attempting to write log entry from program:
>> >
>> --------------------------------------------------------------------------------------------
>> >
>> > $pl_log = new Log;
>> > $pl_log->setLog($logpath,"run.log");
>> >
>> > $usernanme = $_POST['username'];
>> > $password = $_POST['secret'];
>> >
>> > /**
>> > * (debugging) logging incoming values from form:
>> > */
>> > $pl_log->writeLog("getDateTime(): Incoming values from Login
>> Form:
>> > blah...blah...blah\n");
>> >
>> > Any help with this would be most appreciated. (be gentle... I'm a PERL
>> > program learning PHP OOP)
>> >
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
attached mail follows:
On Thu, Mar 20, 2008 at 10:04 PM, Mark <mark76ghotmail.com> wrote:
> Hi,
>
> Im new to php and i cant get the gd graphics library to work.
> Im running Apache, Mysql, Windows xp
>
> I downloaded and installed php from php.net.
>
> After much screwing around I finally got in to work with mysql and wrote a
> few basic scripts.
> Im stuck on the gd libarary.
>
> I downloaded the file php_dg.dll and copied it to my ext directory. I know
> php can see it because
> the mysql files are there and they work fine.
>
[snip!]
> I try to run the following code fragment to test it out ....
>
>
> <?PHP
> $image=$imagecreate(100,100);
> ?>
That's not an install problem, it's a general PHP question, so for
the archives, it's being copied over to there as well. If you haven't
yet, please consider joining PHP-General
(http://php.net/mailinglists).
You're calling the imagecreate() function as a $variable. Simple
enough to fix:
<?php
$image = imagecreate(100,100);
?>
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
attached mail follows:
On Fri, Mar 21, 2008 at 10:20 AM, VanBuskirk, Patricia
<pvanbuskirkotc.fsu.edu> wrote:
>
> I have the line "ini_set('display_errors', 'on');" in my code, but it is
> not working. Does it need to be the first command on the page?
[merge]
> I have full access to the php.ini file, which is what I do now to
> test... go there, change the file, restart the IIS service, etc. I read
> somewhere recently where they used this line in their code, and I
> thought how convenient that would be ... just haven't been able to get
> it to work. I will try "true" instead of "on" and see if that works.
> Does it go back to the default on it's own, or do I need to hard-code
> that in the page when I'm done?
Trish, this is a general question rather than a database question,
so it's being forwarded to the PHP-General list as well. It will not
only get you some more detailed replies, but it helps keep the
archives organized. If you're not already subscribed, please consider
doing so: http://php.net/mailinglists
Try something like this at the head of your code:
<?
error_reporting(E_ALL);
ini_set('display_errors','On');
?>
Keep in mind that it will only be executed in the same script as
it's coded, and only if/when those lines are executed. It won't set
the system-wide (or even same-session) display_errors, it only enables
that option for that script at that time.
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
attached mail follows:
Hi gang:
How do you spider a remote web site in php?
I get the general idea, which is to take the root page, strip out the
links and repeat the process on those links. But, what's the code?
Does anyone have an example they can share or a direction for me to
take?
Also, is there a way to spider through a remote web site gathering
directory permissions?
I know there are applications, such as Site-sucker, that will travel
a remote web site looking for anything that it can download and if
found, do so. But is there a way to determine what the permissions
are for those directories?
If not, can one attempt to write a file and record the
failures/successes (0777 directories)?
What I am trying to do is to develop a way to test if a web site is
secure or not. I'm not trying to develop evil code, but if it can be
done then I want to know how.
Thanks and Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
---- tedd <teddsperling.com> wrote:
> Hi gang:
>
> How do you spider a remote web site in php?
>
> I get the general idea, which is to take the root page, strip out the
> links and repeat the process on those links. But, what's the code?
> Does anyone have an example they can share or a direction for me to
> take?
>
> Also, is there a way to spider through a remote web site gathering
> directory permissions?
>
> I know there are applications, such as Site-sucker, that will travel
> a remote web site looking for anything that it can download and if
> found, do so. But is there a way to determine what the permissions
> are for those directories?
>
> If not, can one attempt to write a file and record the
> failures/successes (0777 directories)?
>
> What I am trying to do is to develop a way to test if a web site is
> secure or not. I'm not trying to develop evil code, but if it can be
> done then I want to know how.
>
> Thanks and Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
In one word: CURL
In another word: WGET
Both are pretty effecitve and give pretty much the same results, however with the CURL you can pass other things alone (user:pass) which with wget you can not do.
HTH,
Wolf
attached mail follows:
On Fri, 2008-03-21 at 13:58 -0400, Wolf wrote:
> ---- tedd <teddsperling.com> wrote:
>
> In one word: CURL
>
> In another word: WGET
>
> Both are pretty effecitve and give pretty much the same results, however
> with the CURL you can pass other things alone (user:pass) which with
> wget you can not do.
You can pass user and password via wget also:
wget http://user:passwordinterjinn.com/privateCrud
Or:
--user=USER --password=PASSWORD
Or more specifically so it doesn't also count for FTP:
--http-user=USER --http-password=PASSWORD
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
attached mail follows:
On Fri, Mar 21, 2008 at 1:58 PM, Wolf <lonewolfnc.rr.com> wrote:
>
> In one word: CURL
>
> In another word: WGET
>
> Both are pretty effecitve and give pretty much the same results, however with the CURL you can pass other things alone (user:pass) which with wget you can not do.
pilotpigpilotpig.net [~/www/img]# wget --help|grep -i password
--password=PASS set both ftp and http password to PASS.
--http-password=PASS set http password to PASS.
--proxy-password=PASS set PASS as proxy password.
--ftp-password=PASS set ftp password to PASS.
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
attached mail follows:
---- Daniel Brown <parasanegmail.com> wrote:
> On Fri, Mar 21, 2008 at 1:58 PM, Wolf <lonewolfnc.rr.com> wrote:
> >
> > In one word: CURL
> >
> > In another word: WGET
> >
> > Both are pretty effecitve and give pretty much the same results, however with the CURL you can pass other things alone (user:pass) which with wget you can not do.
>
> pilotpigpilotpig.net [~/www/img]# wget --help|grep -i password
> --password=PASS set both ftp and http password to PASS.
> --http-password=PASS set http password to PASS.
> --proxy-password=PASS set PASS as proxy password.
> --ftp-password=PASS set ftp password to PASS.
Nice, your guy's version of wget is better then mine! I tried that once (granted that was years ago now that I think about it) and it keeled over and died!
OK, so I stand corrected there... But has anyone seen a PHP port of wget or is curl the only one of the 2 which does it natively in a compiled version of php with curl? :)
If it works natively in PHP, then there are 2 choices and neither has to be executed outside of PHP. :)
Wolf
attached mail follows:
On Friday 21 March 2008 18:58:59 Wolf wrote:
> ---- tedd <teddsperling.com> wrote:
> > Hi gang:
> >
> > How do you spider a remote web site in php?
> >
> > I get the general idea, which is to take the root page, strip out the
> > links and repeat the process on those links. But, what's the code?
> > Does anyone have an example they can share or a direction for me to
> > take?
> >
> > Also, is there a way to spider through a remote web site gathering
> > directory permissions?
> >
> > I know there are applications, such as Site-sucker, that will travel
> > a remote web site looking for anything that it can download and if
> > found, do so. But is there a way to determine what the permissions
> > are for those directories?
> >
> > If not, can one attempt to write a file and record the
> > failures/successes (0777 directories)?
> >
> > What I am trying to do is to develop a way to test if a web site is
> > secure or not. I'm not trying to develop evil code, but if it can be
> > done then I want to know how.
> >
> > Thanks and Cheers,
> >
> > tedd
> >
> > --
> > -------
> > http://sperling.com http://ancientstones.com http://earthstones.com
>
> In one word: CURL
>
> In another word: WGET
>
> Both are pretty effecitve and give pretty much the same results, however
> with the CURL you can pass other things alone (user:pass) which with wget
> you can not do.
wget is fast and easy though... umm I'm on an direct 100mbit connection...
wget does it brute
>
> HTH,
> Wolf
--
---
Børge Holen
http://www.arivene.net
attached mail follows:
On Friday 21 March 2008 19:12:04 Wolf wrote:
> ---- Daniel Brown <parasanegmail.com> wrote:
> > On Fri, Mar 21, 2008 at 1:58 PM, Wolf <lonewolfnc.rr.com> wrote:
> > > In one word: CURL
> > >
> > > In another word: WGET
> > >
> > > Both are pretty effecitve and give pretty much the same results,
> > > however with the CURL you can pass other things alone (user:pass) which
> > > with wget you can not do.
> >
> > pilotpigpilotpig.net [~/www/img]# wget --help|grep -i password
> > --password=PASS set both ftp and http password to PASS.
> > --http-password=PASS set http password to PASS.
> > --proxy-password=PASS set PASS as proxy password.
> > --ftp-password=PASS set ftp password to PASS.
>
> Nice, your guy's version of wget is better then mine! I tried that once
> (granted that was years ago now that I think about it) and it keeled over
> and died!
>
> OK, so I stand corrected there... But has anyone seen a PHP port of wget
> or is curl the only one of the 2 which does it natively in a compiled
> version of php with curl? :)
>
> If it works natively in PHP, then there are 2 choices and neither has to be
> executed outside of PHP. :)
so natively isn't alway the best.
example: I've a hard time thinking php image handling is better than programs
designed for it, neither in speed & accuracy/quality.
lol notepad in windows ;D *ot but still a faint quantity of high altitude
oxygene loss during easter*
I've got to mention that I'm pretty unfamiliar with curl.
>
> Wolf
--
---
Børge Holen
http://www.arivene.net
attached mail follows:
---- "Børge Holen" <borgearivene.net> wrote:
> On Friday 21 March 2008 19:12:04 Wolf wrote:
> > ---- Daniel Brown <parasanegmail.com> wrote:
> > > On Fri, Mar 21, 2008 at 1:58 PM, Wolf <lonewolfnc.rr.com> wrote:
> > > > In one word: CURL
> > > >
> > > > In another word: WGET
> > > >
> > > > Both are pretty effecitve and give pretty much the same results,
> > > > however with the CURL you can pass other things alone (user:pass) which
> > > > with wget you can not do.
> > >
> > > pilotpigpilotpig.net [~/www/img]# wget --help|grep -i password
> > > --password=PASS set both ftp and http password to PASS.
> > > --http-password=PASS set http password to PASS.
> > > --proxy-password=PASS set PASS as proxy password.
> > > --ftp-password=PASS set ftp password to PASS.
> >
> > Nice, your guy's version of wget is better then mine! I tried that once
> > (granted that was years ago now that I think about it) and it keeled over
> > and died!
> >
> > OK, so I stand corrected there... But has anyone seen a PHP port of wget
> > or is curl the only one of the 2 which does it natively in a compiled
> > version of php with curl? :)
> >
> > If it works natively in PHP, then there are 2 choices and neither has to be
> > executed outside of PHP. :)
>
> so natively isn't alway the best.
> example: I've a hard time thinking php image handling is better than programs
> designed for it, neither in speed & accuracy/quality.
> lol notepad in windows ;D *ot but still a faint quantity of high altitude
> oxygene loss during easter*
> I've got to mention that I'm pretty unfamiliar with curl.
>
True, but some sites require natively running instead of running things via exec, system, etc...
Heck, I use Editpad, the version from circa 1993... ;)
attached mail follows:
At 1:52 PM -0400 3/21/08, tedd wrote:
>Hi gang:
>
>How do you spider a remote web site in php?
You guys are always doing this. I ask a simple question like what's a
+ b and you guys high-jack the thread and start discussing the
quadratic equation. :-)
I knew sometime I would have to figure out what CURL is, but now WGET
(WETFTI) as well. I was hoping for something simple that wouldn't
hurt my brain.
Thanks a lot guys! :-)
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
On Fri, Mar 21, 2008 at 1:52 PM, tedd <teddsperling.com> wrote:
> Hi gang:
>
> How do you spider a remote web site in php?
>
> I get the general idea, which is to take the root page, strip out the
> links and repeat the process on those links. But, what's the code?
I make absolutely no warranty whatsoever, and haven't even looked
back at the code since 4 February when I started screwing with the
idea (except to package it today), so I don't know what's done, what's
not, what works, what doesn't, et cetera.
Take a look. If you can use it, great. If not, great.
http://www.pilotpig.net/code-library/downloads/htmlspider-core-unfinished.tar.gz
--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
attached mail follows:
tedd wrote:
> Hi gang:
>
> How do you spider a remote web site in php?
>
> I get the general idea, which is to take the root page, strip out the
> links and repeat the process on those links. But, what's the code? Does
> anyone have an example they can share or a direction for me to take?
>
> Also, is there a way to spider through a remote web site gathering
> directory permissions?
>
> I know there are applications, such as Site-sucker, that will travel a
> remote web site looking for anything that it can download and if found,
> do so. But is there a way to determine what the permissions are for
> those directories?
>
> If not, can one attempt to write a file and record the
> failures/successes (0777 directories)?
>
> What I am trying to do is to develop a way to test if a web site is
> secure or not. I'm not trying to develop evil code, but if it can be
> done then I want to know how.
>
> Thanks and Cheers,
>
> tedd
>
Have a look at something like this:
http://simplehtmldom.sourceforge.net/
I haven't used it, but if it works you should be able to pull up a list
of all the <a> tags quite easily through the DOM ala:
foreach($dom->find('a') as $node)
echo $node->href . '<br>';
--
Ray Hauge
www.primateapplications.com
attached mail follows:
> I knew sometime I would have to figure out what CURL is, but now WGET
> (WETFTI) as well. I was hoping for something simple that wouldn't
> hurt my brain.
>
> Thanks a lot guys! :-)
For hijacking the thread? No Problem!
For making your brain hurt? Anytime!!
We're just here to help! ;)
attached mail follows:
On Fri, Mar 21, 2008 at 1:52 PM, tedd <teddsperling.com> wrote:
> Also, is there a way to spider through a remote web site gathering
> directory permissions?
I should hope not.
>
> If not, can one attempt to write a file and record the
> failures/successes (0777 directories)?
I don't know if you've thought about it like this, but can people just
upload files to your site? It has to run through a form somewhere.
> What I am trying to do is to develop a way to test if a web site is
> secure or not. I'm not trying to develop evil code, but if it can be
> done then I want to know how.
People do "pen tests" using fuzzers and such but most people agree the
only real way to do it is by having a human attempting different
things.
You might want to take a look at the OWASP Top 10 [1] to get a better
idea of what to look for.
[1] http://www.owasp.org/index.php/Top_10_2007
attached mail follows:
Ok, so the CURL and WGET stuff has been mentioned, but I don't think that
really addresses your question. You didn't ask what the "best way" to do
this, you asked how you would do it in PHP.
Here's what I would consider to be the 'theory' of the exercise:
* Do we obey robots.txt? If so, get the specs for that and keep it in mind
during your code building
* Get parameters: Starting point, how 'deep' to go, stay within that
domain/subdomain or is it ok to leave? Are we retrieving content or just
structure or info (like permissions)?
* Go to starting point, retrieve links. Figure out the best way to 'crawl'.
Maybe check out recursive directory crawling routines. I made a duplicate
file scanner in PHP and probably did it the hard way, but bsaically I
created an array of directory paths and marked them scanned or not. In
this case, if you already scanned a link, you could skip it. Keep going
through your link list until none come up as "not scanned". So retrieve
links from current page, add links to scan array (if they match allowable
criteria), check link array to see if anything is unscanned. Later, rinse,
repeat.
Since you're talking about a remote site, you're limited to what the remote
web server is going to give you as far as info goes. You might get an
"HTTP Auth Required" code, but there probably won't be a link to something
that is in a restricted directory, so that's kind of a moot point.
To get directory permissions, you'd really have to go through either FTP or a
terminal connection (telnet, etc).
If you're doing it as a coding exercise, have fun. If not, there are already
tons of tools that could help you. Years ago I used a program called
Teleport Pro (for Windows) that could either retrieve or create a sitemap
or any number of variations. I did use it once or twice to check for bad
links on the website (bad = going to invalid pages but also bad = pointing
to old/restricted parts of the website without requiring authorization).
That's a really basic site security check. I know you know you should use
good coding practices and use more intensive site security scanning tools.
-TG
----- Original Message -----
From: tedd <teddsperling.com>
To: php-generallists.php.net
Date: Fri, 21 Mar 2008 13:52:38 -0400
Subject: [PHP] spider
> Hi gang:
>
> How do you spider a remote web site in php?
>
> I get the general idea, which is to take the root page, strip out the
> links and repeat the process on those links. But, what's the code?
> Does anyone have an example they can share or a direction for me to
> take?
>
> Also, is there a way to spider through a remote web site gathering
> directory permissions?
>
> I know there are applications, such as Site-sucker, that will travel
> a remote web site looking for anything that it can download and if
> found, do so. But is there a way to determine what the permissions
> are for those directories?
>
> If not, can one attempt to write a file and record the
> failures/successes (0777 directories)?
>
> What I am trying to do is to develop a way to test if a web site is
> secure or not. I'm not trying to develop evil code, but if it can be
> done then I want to know how.
>
> Thanks and Cheers,
>
> tedd
attached mail follows:
Hi gang:
This is probably trivial for most of you, but here's my solution to
the problem I presented earlier.
The problem was, I just wanted to be certain that if a use clicked a
button that they could only do it once. Sounds simple enough, huh?
Certainly, one can use javascript, but I wanted something that was
basic php and html -- here's my solution with code (please provide
critical review):
http://www.webbytedd.com/cc/submit-once/index.php
If the user clicks "Submit once", then that's the way it is until
they quit their browser. If they don't quit their browser, then no
amount of refresh will allow them to click the button again.
The "Reset Submit", of course, resets this condition but it's for
demo purposes.
What I have not solved, and I don't think there is a solution (I
could be wrong) is to prohibit the user from clicking the back button
on their browser to reset this condition.
I've done a considerable amount of javascript reading, testing, and
code search and have not found anything that works -- and -- I have
even found places where the js community says that nothing will work
to solve the back-button problem.
So, does anyone here know better? If so, please start a different thread.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
attached mail follows:
On Fri, Mar 21, 2008 at 2:24 PM, tedd <tedd.sperlinggmail.com> wrote:
> Hi gang:
>
> This is probably trivial for most of you, but here's my solution to
> the problem I presented earlier.
>
> The problem was, I just wanted to be certain that if a use clicked a
> button that they could only do it once. Sounds simple enough, huh?
>
> Certainly, one can use javascript, but I wanted something that was
> basic php and html -- here's my solution with code (please provide
> critical review):
>
> http://www.webbytedd.com/cc/submit-once/index.php
>
> If the user clicks "Submit once", then that's the way it is until
> they quit their browser. If they don't quit their browser, then no
> amount of refresh will allow them to click the button again.
>
> The "Reset Submit", of course, resets this condition but it's for
> demo purposes.
>
> What I have not solved, and I don't think there is a solution (I
> could be wrong) is to prohibit the user from clicking the back button
> on their browser to reset this condition.
>
> I've done a considerable amount of javascript reading, testing, and
> code search and have not found anything that works -- and -- I have
> even found places where the js community says that nothing will work
> to solve the back-button problem.
>
> So, does anyone here know better? If so, please start a different thread.
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Tedd,
Web pages are supposed to be stateless. Therefore it is your burden
to deal with the back button because each URI should be able to be
requested in any order at any time with or without sessions. Just
because a shopping cart has a checkout.php page that requires certain
steps doesn't mean that Google can't stumble upon it and index it to
try and hit it over and over.
So the real question is why is clicking the back button so terrible?
Your workflow might be like this:
form
create crumb and hide in token field & store in session
if (post) re-show form with error message from gateway
show payment form
submit will post to processing
processing:
validate post token == session token, if not then re-display payment
form via require w/ error message
if payment declined then re-display payment form via require w/ error message
if payment accepted then save order, clear cart, and say thank you
If I am on the form and I click process, then it posts to processing
and does some stuff. If somehow I am fast enough to click the back
button you think there might be an issue of the card transaction being
sent to the merchant but the results not returned? If that is the
case, on the processing page do this:
- set a session variable saying you have started card processing
- use ignore_user_abort
- continue as normal
then on the form page
- check for started card processing session existance, if it exists
then say please wait a moment and refresh again or however you want to
handle that.
- continue as normal
The web is stateless and we're always going to have to deal with that.
Just make everyone play by your rules.
BTW Javascript is just fluff, a convenience for the end user. Your
script should work perfectly without it because googlebot snooping
around will not have it and also any of those rogue spam scripts will
also not have it.
attached mail follows:
I have a text file that looks like the one below. I need to read the
file into a database.
I was trying the script below but is not working can you help?
$lines = file_get_contents('clientlist1.txt');
$find="Address:";
$f= strstr($f,$find);
$separat="City:";
$ADDRESS = substr($f, 0, strpos($f,$separat));
$ADDRESS=ltrim($ADDRESS,"Address:");
$ADDRESS=trim($ADDRESS);
echo $ADDRESS;
echo "<br>";
$find="City:";
$f= strstr($f,$find);
$separat="State:";
$CITY = substr($f, 0, strpos($f,$separat));
$CITY=ltrim($CITY,"City:");
$CITY=trim($CITY);
echo $CITY;
echo "<br>";
Text File
Address: 5070 myaddress.
City: mycity State: mystate Zip: 97268
County:
Signers
Name: my name
Address: 3925 myaddress.
City: mycity2 State: mystate2 Zip: 97268
County:
Signers
Name: my name2
attached mail follows:
[snip]
I have a text file that looks like the one below. I need to read the
file into a database.
I was trying the script below but is not working can you help?
[/snip]
Loop through with fopen and fgets
http://www.php.net/fopen
http://www.php.net/fgets
attached mail follows:
Richard Kurth wrote:
> I have a text file that looks like the one below. I need to read the
> file into a database.
> I was trying the script below but is not working can you help?
>
> $lines = file_get_contents('clientlist1.txt');
>
> $find="Address:";
> $f= strstr($f,$find);
> $separat="City:";
> $ADDRESS = substr($f, 0, strpos($f,$separat));
> $ADDRESS=ltrim($ADDRESS,"Address:");
> $ADDRESS=trim($ADDRESS);
> echo $ADDRESS;
> echo "<br>";
>
> $find="City:";
> $f= strstr($f,$find);
> $separat="State:";
> $CITY = substr($f, 0, strpos($f,$separat));
> $CITY=ltrim($CITY,"City:");
> $CITY=trim($CITY);
> echo $CITY;
> echo "<br>";
>
> Text File
>
> Address: 5070 myaddress.
> City: mycity State: mystate Zip: 97268
> County:
> Signers
> Name: my name
>
> Address: 3925 myaddress.
> City: mycity2 State: mystate2 Zip: 97268
> County:
> Signers
> Name: my name2
>
Never mined I forgot to change $line to $f
attached mail follows:
Posting Summary for PHP-General List
Week Ending: Friday, 21 March, 2008
Messages | Bytes | Sender
--------------------+--------------------+------------------
349 (100%) 782080 (100%) EVERYONE
27 (7.7%) 33609 (4.3%) Daniel Brown <parasane at gmail dot com>
16 (4.6%) 30215 (3.9%) Nathan Nobbe <quickshiftin at gmail dot com>
16 (4.6%) 20689 (2.6%) Stut <stuttle at gmail dot com>
14 (4%) 50030 (6.4%) Jason Pruim <japruim at raoset dot com>
14 (4%) 14062 (1.8%) tedd <tedd dot sperling at gmail dot com>
13 (3.7%) 12157 (1.6%) John Taylor-Johnston <John dot Taylor-Johnston at cegepsherbrooke dot qc dot ca>
11 (3.2%) 20661 (2.6%) Jim Lucas <lists at cmsws dot com>
10 (2.9%) 15444 (2%) Robert Cummings <robert at interjinn dot com>
8 (2.3%) 15412 (2%) TG <tg-php at gryffyndevelopment dot com>
8 (2.3%) 13696 (1.8%) George J <georgejamieson at btconnect dot com>
8 (2.3%) 7881 (1%) Per Jessen <per at computer dot org>
7 (2%) 4284 (0.5%) Richard Heyes <richardh at phpguru dot org>
6 (1.7%) 19270 (2.5%) Shawn McKenzie <nospam at mckenzies dot net>
6 (1.7%) 9096 (1.2%) jeffry s <paragasu at gmail dot com>
6 (1.7%) 5681 (0.7%) Shelley <myphplist at gmail dot com>
6 (1.7%) 6939 (0.9%) Andrew Ballard <aballard at gmail dot com>
5 (1.4%) 9255 (1.2%) Lamp Lists <lamp dot lists at yahoo dot com>
5 (1.4%) 5831 (0.7%) Wolf <lonewolf at nc dot rr dot com>
5 (1.4%) 6138 (0.8%) Mikey <frak at upcore dot net>
5 (1.4%) 8195 (1%) Ray Hauge <ray dot hauge dot lists at gmail dot com>
5 (1.4%) 10913 (1.4%) Thijs Lensselink <dev at lenss dot nl>
5 (1.4%) 3479 (0.4%) Donn Ingle <donn dot ingle at gmail dot com>
5 (1.4%) 4780 (0.6%) Edward Kay <edward at labhut dot com>
5 (1.4%) 9344 (1.2%) Philip Thompson <philthathril at gmail dot com>
5 (1.4%) 9278 (1.2%) Larry Garfield <larry at garfieldtech dot com>
5 (1.4%) 15804 (2%) Eric Butera <eric dot butera at gmail dot com>
4 (1.1%) 18259 (2.3%) Jochem Maas <jochem at iamjochem dot com>
4 (1.1%) 17247 (2.2%) Børge Holen <borge at arivene dot net>
4 (1.1%) 6027 (0.8%) M dot Sokolewicz <tularis at php dot net>
4 (1.1%) 3507 (0.4%) Sudhakar <sudhakararaog at gmail dot com>
4 (1.1%) 6305 (0.8%) Aschwin Wesselius <aschwin at illuminated dot nl>
3 (0.9%) 6026 (0.8%) Chris <dmagick at gmail dot com>
3 (0.9%) 6483 (0.8%) Dotan Cohen <dotancohen at gmail dot com>
3 (0.9%) 4415 (0.6%) Robin Vickery <robinv at gmail dot com>
3 (0.9%) 4624 (0.6%) Colin Guthrie <gmane at colin dot guthr dot ie>
3 (0.9%) 3209 (0.4%) Casey <heavyccasey at gmail dot com>
3 (0.9%) 3238 (0.4%) Manuel Lemos <mlemos at acm dot org>
3 (0.9%) 5250 (0.7%) Al <news at ridersite dot org>
2 (0.6%) 50180 (6.4%) Evone Wong<fnywzt at 163 dot com>
2 (0.6%) 50180 (6.4%) Evone Wong<dirwbj at tm dot net>
2 (0.6%) 3237 (0.4%) Børge Holen <borge at arivene dot net>
2 (0.6%) 1318 (0.2%) Eric Gorr <mailist at ericgorr dot net>
2 (0.6%) 2397 (0.3%) Michael Horowitz <michael at yourcomputerconsultant dot com>
2 (0.6%) 50180 (6.4%) Quennie<entdvg at streamyx dot com>
2 (0.6%) 1213 (0.2%) cool7 at hosting4days dot com <cool7 at hosting4days dot com>
2 (0.6%) 1796 (0.2%) Brady Mitchell <mydarb at gmail dot com>
2 (0.6%) 50180 (6.4%) Evone Wong<zludmv at msa dot hinet dot net>
2 (0.6%) 2034 (0.3%) Richard Kurth <richardkurth at centurytel dot net>
2 (0.6%) 2016 (0.3%) tedd <tedd at sperling dot com>
2 (0.6%) 1494 (0.2%) George Pitcher <george dot pitcher at ingenta dot com>
2 (0.6%) 2728 (0.3%) It Maq <itmaqurfe at yahoo dot com>
2 (0.6%) 4337 (0.6%) Jeremy Mcentire <jmcentire at zootoo dot com>
2 (0.6%) 2514 (0.3%) bruce <bedouglas at earthlink dot net>
2 (0.6%) 3324 (0.4%) Greg Bowser <topnotcher at gmail dot com>
2 (0.6%) 3323 (0.4%) Dan <frozendice at gmail dot com>
2 (0.6%) 3678 (0.5%) Zoltán Németh <znemeth at alterationx dot hu>
2 (0.6%) 2310 (0.3%) Rod Clay <rclay at columbus dot rr dot com>
2 (0.6%) 8873 (1.1%) Hui Chen <usa dot chen at gmail dot com>
2 (0.6%) 7280 (0.9%) Mark Weaver <mdw1982 at mdw1982 dot com>
2 (0.6%) 1731 (0.2%) Ryan A <genphp at yahoo dot com>
2 (0.6%) 8893 (1.1%) Dietrich Bollmann <diresu at web dot de>
2 (0.6%) 1946 (0.2%) nihilism machine <nihilismmachine at gmail dot com>
2 (0.6%) 668 (0.1%) David Giragosian <dgiragosian at gmail dot com>
1 (0.3%) 6478 (0.8%) Suamya Srivastava <suamya dot srivastava at connexios dot com>
1 (0.3%) 897 (0.1%) Kai Kauer <kai dot kauer at web dot de>
1 (0.3%) 3438 (0.4%) Dave Goodchild <buddhamagnet at gmail dot com>
1 (0.3%) 1760 (0.2%) Shawn McKenzie <shawn at mckenzies dot net>
1 (0.3%) 1110 (0.1%) admin at buskirkgraphics dot com
1 (0.3%) 591 (0.1%) chetan rane <chetan dot d dot rane at gmail dot com>
1 (0.3%) 366 (0%) Jay Blanchard <jblanchard at pocket dot com>
1 (0.3%) 1471 (0.2%) Rick Pasotto <rick at niof dot net>
1 (0.3%) 292 (0%) Robert Burdo <robertburdo at gmail dot com>
1 (0.3%) 3898 (0.5%) Peter Ford <pete at justcroft dot com>
1 (0.3%) 1941 (0.2%) Thiago Pojda <thiago dot pojda at softpartech dot com dot br>
1 (0.3%) 4682 (0.6%) Greg Donald <gdonald at gmail dot com>
1 (0.3%) 1518 (0.2%) Sören Auer <soeren dot auer at gmail dot com>
1 (0.3%) 2910 (0.4%) Salem Mccarther <tolu at 56thfg dot org>
1 (0.3%) 983 (0.1%) Rob Richards <rrichards at ctindustries dot net>
1 (0.3%) 1077 (0.1%) dav <fsafs at bluebottle dot com>
1 (0.3%) 9715 (1.2%) PostTrack [Dan Brown] <listwatch-php-general at pilotpig dot net>
1 (0.3%) 6987 (0.9%) Chino Aureus <chino dot aureus at gmail dot com>
1 (0.3%) 2323 (0.3%) Benjamin Darwin <bddarwin at gmail dot com>
1 (0.3%) 669 (0.1%) ros <ros at palivoda dot id dot lv>
1 (0.3%) 604 (0.1%) Carlo Carbone <c dot carbone84 at gmail dot com>
1 (0.3%) 673 (0.1%) Jonathan Crawford <jcrawf02 at baker dot edu>
1 (0.3%) 1185 (0.2%) Khaled Mamdouh <phpghost at hotmail dot com>
1 (0.3%) 1470 (0.2%) Dan Joseph <dmjoseph at gmail dot com>
1 (0.3%) 210 (0%) alexus <alexus at gmail dot com>
1 (0.3%) 968 (0.1%) michaelh613 <michael at yourcomputerconsultant dot com>
1 (0.3%) 2201 (0.3%) Per Jessen <per at computer dot org>
1 (0.3%) 967 (0.1%) Chris <cwilli14 at rochester dot rr dot com>
1 (0.3%) 765 (0.1%) viraj <kalinga at gmail dot com>
1 (0.3%) 941 (0.1%) John Taylor-Johnston <jt dot johnston at USherbrooke dot ca>
1 (0.3%) 1184 (0.2%) Donn <donn dot ingle at gmail dot com>
1 (0.3%) 3243 (0.4%) Andrés Robinet <agrobinet at bestplace dot biz>
NOTE: Numbers may not add up to 100% due to protection of names and addresses upon request.
DISCLAIMER: If you want your email address omitted from future weekly reports,
please email me privately at parasanegmail.com and it will be removed.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]