RE: [PHP] How do I make an 'email this page' feature?
Hi,
Do you mean that I would have a different ID no. for different pages and
pass that variable to the 'email this page' page which will then send the
url according to the ID number? If that's what you mean it sounds like a
good idea, but unfortunately as this site has lots of dynamic URLs this
would be impossible to do.
Maybe I should get the info from the refering page and make sure that the
beginning of the url is the url of the website. However will all browsers
send this info?
-Original Message-
From: Andrew Kreps [mailto:[EMAIL PROTECTED]
Sent: 29 September 2004 23:20
To: PHP List
Subject: Re: [PHP] How do I make an 'email this page' feature?
On Wed, 29 Sep 2004 22:03:07 +0100, PHP Tech <[EMAIL PROTECTED]>
wrote:
>
> I thought by clicking the link this would be a form sending the url of the
> page to the next page and so I could then use $_GET to retrieve this. I
> also thought of using $_SERVER and getting the referer web address. Then I
> could use this in a hidden field and use the mail() function to mail it
off.
>
I would try to limit the list of items I'm sending via email. For
example, have a set list of keywords that you generate the emails
based on, such as a product id, or a category name. Then you generate
the email based on that id, rather than doing, say, an fopen
("http://yoursite.com/page.php";) with the referring page. The latter
option would be insecure, especially if you don't sanity check the
referrer first. If you're dealing with a static site, and have to
grab actual HTML files, passing the the page name as a variable and
then doing a local fopen would be a better option. Checking for
problems before using the form data is the key to keeping this secure.
I imagine having pre-built templates for whatever I'm sending via
email, as I likely wouldn't want the exact same page that's displayed
on my website to be sent via email. I'd love to hear more specifics
on what you're trying to accomplish.
As for chesternovello.com, there is an awful lot of Javascript magic
happening. Not to mention that suspicious looking __VIEWSTATE
variable in the form. There's definitely something happening behind
the scenes there, it's more than just HTML.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Two people working on the same app / script?
Hi List, Is there a simple solution for two or more people to work on the same php app /script without it turning into a mess of many tar / zip files with contributed additions. I want to keep it all in house, I have my own publicly available web server if that helps, so none of the online dev options are useful for us. If any of you good people have ideas or solution urls or pages for reading could you please let me know. I thank you fully in advance for any help with this Dave Carrera -- UK Web Hosting @ http://www.ephgroup.com --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Two people working on the same app / script?
There's a simple one abbreviation answer CVS. It's probably the widest used version control system in the world, and is integrated into XCode (if you are a Mac PHP developer). On 30 Sep 2004, at 10:24, Dave Carrera wrote: Hi List, Is there a simple solution for two or more people to work on the same php app /script without it turning into a mess of many tar / zip files with contributed additions. I want to keep it all in house, I have my own publicly available web server if that helps, so none of the online dev options are useful for us. If any of you good people have ideas or solution urls or pages for reading could you please let me know. I thank you fully in advance for any help with this Dave Carrera -- UK Web Hosting @ http://www.ephgroup.com --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Replace or regex?
Hi all I have a string: ##CODE## and I want to replace that with CODE can u help? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Replace or regex?
Well, if you can do it without a regex, then it's always best, because the regex engine slows things down. On 30 Sep 2004, at 10:39, mario wrote: Hi all I have a string: ##CODE## and I want to replace that with CODE can u help? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Two people working on the same app / script?
--- Dave Carrera <[EMAIL PROTECTED]> wrote: > Is there a simple solution for two or more people to work on the > same php app /script without it turning into a mess of many tar / > zip files with contributed additions. Any version control system that supports concurrent development will work for this. For example, Concurrent Versions System, CVS. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] World time convertor
Howdy Is there a time convertor written in php? I mean to convert a specific hour/date in all world countries.
RE: [PHP] Replace or regex?
If you can change the ##text## to say /#text#/ it would be easier as you could then do something like: $id = substr($orig_text,strpos($orig_text, '/#')+2,strpos($orig_text, '#/')-1); $new_text = str_replace( '/#', 'href="somewhere.php?id='.$id.'">', $orig_text); $new_text = str_replace( '#/', '', $new_text); see: http://www.php.net/manual/en/ref.strings.php HTH Graham -Original Message- From: Gareth Williams [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 09:38 To: mario Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Replace or regex? Well, if you can do it without a regex, then it's always best, because the regex engine slows things down. On 30 Sep 2004, at 10:39, mario wrote: > Hi all > > I have a string: ##CODE## and I want to replace that with href="somewhere.php?id=CODE">CODE > > can u help? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] include_path and safe_mode in virtualhost
Hello, I have a didecated server (linux redhat + apache 1.31.x and PHP 4.3.x). I'd like for a specific virualhost, set the include_path and safe_mode To do that, I did : . php_admin_value safe_mode on php_admin_value include_path ".:/design:/home:/manager:/login:/style" Then I make 2 tests with a test.php page placed on this server. 1. I try in a test page, include an HTML file. This file is on another server. I have in the test page . In the myfile.html there is only the text "MY TEST". When I call test.php, I see "MY TEST". It's not normal I thing because I include a file from outside the include_path. Do you have an idea what's happen ? 2. I do an another include but this time from a local file (/etc/my.cnf, it's the configuration file for MySQL, the owner is root) With php_admin_value values in the virtual host, impossible to include even if I specify the path of this file in the include_path. Is it normal ? For me the most important point is the first, why is it still possible ton include a remote file? Regards, Christian, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: World time convertor
Phpu wrote: Howdy Is there a time convertor written in php? I mean to convert a specific hour/date in all world countries. convert... in what way?? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include_path and safe_mode in virtualhost
Christian Ista wrote: Hello, I have a didecated server (linux redhat + apache 1.31.x and PHP 4.3.x). I'd like for a specific virualhost, set the include_path and safe_mode To do that, I did : . php_admin_value safe_mode on php_admin_value include_path ".:/design:/home:/manager:/login:/style" Then I make 2 tests with a test.php page placed on this server. 1. I try in a test page, include an HTML file. This file is on another server. I have in the test page . In the myfile.html there is only the text "MY TEST". When I call test.php, I see "MY TEST". It's not normal I thing because I include a file from outside the include_path. Do you have an idea what's happen ? 2. I do an another include but this time from a local file (/etc/my.cnf, it's the configuration file for MySQL, the owner is root) With php_admin_value values in the virtual host, impossible to include even if I specify the path of this file in the include_path. Is it normal ? For me the most important point is the first, why is it still possible ton include a remote file? Regards, Christian, because you've got allow_url_fopen = On. safe_mode doesn't stop that. You need to turn the allow_url_fopen Off to limit that ability... - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] World time convertor
I'm assuimg you mean you have a time in GMT such as 1:00am and want to convert it to GMT+10 where it would be 11AM? On Thu, 30 Sep 2004 12:19:43 +0300, Phpu <[EMAIL PROTECTED]> wrote: > Howdy > > Is there a time convertor written in php? > I mean to convert a specific hour/date in all world countries. > -- Fare thee well, Daniel "TheHeadSage" Spain *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ E-mail: [EMAIL PROTECTED] Mob: +61 0407 057 580 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] World time convertor
Well, I believe you can take a timestamp and use the date() function to display it in a different timezone. I dont know the specifics as it's been a while since I last did it. On Thu, 30 Sep 2004 14:36:21 +0300, Phpu <[EMAIL PROTECTED]> wrote: > Yes, in this way i want to convert but i have some diffilcuties. > > For example, in USA I have different time. > > > > - Original Message - > From: "Daniel Spain" <[EMAIL PROTECTED]> > To: "PHP General" <[EMAIL PROTECTED]> > Sent: Thursday, September 30, 2004 2:08 PM > Subject: Re: [PHP] World time convertor > > > I'm assuimg you mean you have a time in GMT such as 1:00am and want to > > convert it to GMT+10 where it would be 11AM? > > > > On Thu, 30 Sep 2004 12:19:43 +0300, Phpu <[EMAIL PROTECTED]> wrote: > > > Howdy > > > > > > Is there a time convertor written in php? > > > I mean to convert a specific hour/date in all world countries. > > > > > > > > > > > -- > > Fare thee well, > > Daniel "TheHeadSage" Spain > > *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ > > E-mail: [EMAIL PROTECTED] > > Mob: +61 0407 057 580 > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- Fare thee well, Daniel "TheHeadSage" Spain *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ E-mail: [EMAIL PROTECTED] Mob: +61 0407 057 580 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Two people working on the same app / script?
I use Subversion for that ... similar to CVS, but with new and interesting features and really easy to setup in any platform. But you can use any System to control versions and provide access to it to all developers. You can get Subversion at http://subversion.tigris.org/ Regards, Jordi. On Thu, 30 Sep 2004 09:24:24 +0100, Dave Carrera <[EMAIL PROTECTED]> wrote: > Is there a simple solution for two or more people to work on the same php > app /script without it turning into a mess of many tar / zip files with > contributed additions. > > I want to keep it all in house, I have my own publicly available web server > if that helps, so none of the online dev options are useful for us. > > If any of you good people have ideas or solution urls or pages for reading > could you please let me know. > > I thank you fully in advance for any help with this > > Dave Carrera -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] refresh page automaticly on PHP
how to make my page refresh automaticly? Can i use PHP function? what is it? - Do you Yahoo!? vote.yahoo.com - Register online to vote today!
RE: [PHP] refresh page automaticly on PHP
[snip] how to make my page refresh automaticly? Can i use PHP function? what is it? [/snip] You cannot do it with PHP, you use a meta refresh tag (http://www.w3.org) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] refresh page automaticly on PHP
Jay Blanchard wrote: [snip] how to make my page refresh automaticly? Can i use PHP function? what is it? [/snip] You cannot do it with PHP, you use a meta refresh tag (http://www.w3.org) Or header refresh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] refresh page automaticly on PHP
Try header(); On 30 Sep 2004, at 14:09, welly limston wrote: how to make my page refresh automaticly? Can i use PHP function? what is it? - Do you Yahoo!? vote.yahoo.com - Register online to vote today! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
one of the Israel company say thanks . the another from an arabs country (UAE) make fun of my write . what an unbelievable thing . On Thu, 30 Sep 2004 09:34:11 +0400, M Saleh EG <[EMAIL PROTECTED]> wrote: > God help arabs if they release books that easily ! n specialy from a > person who failed in ZCE.. > > > > > On Thu, 30 Sep 2004 04:03:22 +0300, Alawi Albaity <[EMAIL PROTECTED]> wrote: > > I purchase the guide before month and because I am outside US it will > > be inn my country after another month ( I actually bought it pdf > > version from phparch but because of the issue between Sams they cancel > > pdf version and sent the print on thier own charge for the shipment) > > , when I see Zend offer I take it directly but ofcourse I now must > > read from manual because the last day is 30th September , so I read > > hard , but of course not all the manual , but what I feel its > > important to read in the manual . > > I do not figure out that zend write the objective untill the last day > > , I take the self test and it make me feel better but the self test > > making you feel like if you get 3 from 5 you will success , I arrive > > at the center , do what it have to be done , and log in the room and I > > was very excited about exam when I get the test I found out its very > > simple and easy but because I read from manual I have confused in a > > lot of things in exam . > > > > Example 1 : they give 4 function and ask you to choose 2 , in all my > > life I was just one function and for first time now I hear there are > > another function which help you to calc the file size , so I choose > > random function . > > > > Example 2 : > > they give you some space to fill some text from your experience , I > > think I must write what they think its truth , inn example one of > > space I confuse what to write (object or class) because I do not get > > the situation of the code or thing they talk about , and think what if > > you write the spelling wrong but you get the idea. > > > > Example 3: > > they ask you about the possibility of validate user input if its for > > only unTrusted person or on the internet or also give you 2 choice, I > > think this thing is belong to me to decide on my work experience and > > not the opinion of the testers . > > > > at the final I feel and believe in my heart like I get 60 or 50 of > > exam at least correct but the I end I figure out my grade is FAILED . > > I have 3 years experience with php , I build a script of thousands of > > lines , but the really point that I do not read thing in manual untill > > I feel I must read and I need it, I make lot of scripts on php from 3 > > years , I do not work ever with streams , and i get what I need in > > regular expression by test and test and test for the code , if you > > want my advice read a lot about arrays and if the function will give > > you the new value or will do the process in the same array and which > > type of array the function must use and return and how much of arrays > > they can handle. > > > > I write a book in php in arabic of more than 100 and it was the first > > book for arabs, , I make scripts for writers , sellers , shops And now > > i figure out that I must read good and install manual in my brain to > > be success . > > > > but what the benefit of this when I read I figure out that there are a > > lot of thinngs usefel in php that I do not know about . > > and give me a keys for a new things in php that I was do not care > > about it in the past . > > > > I encourage the people have a good brain to save information to get > > the test , and encourage the people to complete thier road of > > development , your work is the strongest approve of your Exprience and > > your hardwork . the problem that youu will not be in the yellow pages > > in the Zend site . > > > > finally , thanks to the people who write the test they make it very > > good and very simple and easy , they was so fair , who got good > > knowldge will pass . > > > > -- > > Alawi Albaity > > Jeddah - KSA > > Mobile : +966506660442 > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > M.Saleh.E.G > 97150-4779817 > -- Alawi Albaity Jeddah - KSA Mobile : +966506660442 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Variable Security
Can anyone tell me how secure a session variable is. I realize that if someone wanted to take the time to break into my site they will eventually succeed, but I dont want to make it too easy. I have a database that stores a username and an encrypted password which both are verifyed when the user logs in to the site. Then I have a session variable that I am checking for on all other pages that tells the page that they are logged in. I also have a session variable that holds the users ID in the database. Certain pages reference that ID to show the user there data. Mainly used for a My Account page. But If I'm logged in, how easy would it be, if its even possible, to change the session variable that holds my ID to someone elses ID so I can get their data. I hope I have explained myself enough for someone to know what I am talking about. If anyone has some good web sites on session security I'd really like to read them. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
The first thing to do is to set your scripts to not allow session handling to be carried out through the URL if a person's browser won't accept cookies. It would be way too easy to change the ID. And also if the id numbers are sequential, you might also want to have a second, random identifier that is also a session variable. Thus you not only have the users id, but a random value that acts as a sort of password. This way there is more that a person attacking your script would have to do than simply changing the id number. Just some suggestions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
> Can anyone tell me how secure a session variable is. I realize that if > someone wanted to take the time to break into my site they will eventually > succeed, but I dont want to make it too easy. I have a database that stores > a username and an encrypted password which both are verifyed when the user > logs in to the site. Then I have a session variable that I am checking for > on all other pages that tells the page that they are logged in. I also have > a session variable that holds the users ID in the database. Certain pages > reference that ID to show the user there data. Mainly used for a My Account > page. But If I'm logged in, how easy would it be, if its even possible, to > change the session variable that holds my ID to someone elses ID so I can > get their data. all session data is stored on the server. The only thing on the client is the session id. So somone would have to change that session id to get someone elses info and you can make that harder to do. I found this link, it has some good info. http://shiflett.org/talks/phpworks2004-php-session-security/0 should give you some pointers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] World time convertor
Howdy, Check out the Date PEAR package, http://pear.php.net/package/Date -- Regards, Matthew Fonda On Thu, 2004-09-30 at 02:19, Phpu wrote: > Howdy > > Is there a time convertor written in php? > I mean to convert a specific hour/date in all world countries. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Attaching 2 files in Mail
Ave,
I'm facing a little problem.
I have this code which enables me to attach a file and send the file as an
attachment with the Mail.
What I need to do is slightly different.
Firstly, I want to send 2 files as attachment, and not one. Secondly, I
don't want the user to select & attach the file, I want the files to be
already attached in the script. I.e., 2 pre-determined, pre-attached files
should go along with the script.
Here's the code I am using thus far for attaching 1 file...
Can anyone suggest what I should do differently?
";
}
If ($emailto=="") {
$error = "1";
$error_text .= "You did not enter your email!";
}
If ($emailto) {
If
(!eregi("^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,4}\$",$emailto)
){
$error = "1";
$error_text .= "Invalid Email Address!";
}
}
If($allowattach) {
foreach($allowtypes as $it) {
$types .="*.".$it.",";
}
If($attachment) {
$ext=get_ext($_FILES[attachment][name]);
If(!in_array($ext, $allowtypes)) {
$error = "1";
$error_text .= "Invalid extension for your attchment,
only ".$types." are allowed!";
}
}
}
If($error=="1") {
$disperrors=$error_text;
} Else {
$headers = "From: ".$fromname." <".$fromemail.">\n";
$headers .= "Reply-To: ".$fromname." <".$fromemail.">\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: multipart/mixed;
boundary=\"MIME_BOUNDRY\"\n";
$headers .= "X-Sender: ".$_SERVER['REMOTE_ADDR']."\n";
$headers .= "X-Mailer: phMailerv1.3\n";
$headers .= "X-Priority: ".$priority."\n";
$headers .= "Return-Path: <".$emailto.">\n";
$headers .= "This is a multi-part message in MIME format.\n";
If($allowattach) {
If($attachment) {
[EMAIL PROTECTED]($attachment,"r");
[EMAIL PROTECTED]($fp, filesize($attachment));
[EMAIL PROTECTED](base64_encode($str));
}
}
$yourmessage = "The main body content";
$message = "--MIME_BOUNDRY\n";
$message .= "Content-Type: text/html; charset=\"iso-8859-1\"\n";
$message .= "Content-Transfer-Encoding: quoted-printable\n";
$message .= "\n";
$message .= "$yourmessage";
$message .= "\n";
If($allowattach) {
If($attachment) {
$message .= "--MIME_BOUNDRY\n";
$message .= "Content-Type: application/octet-stream;
name=\"" . $_FILES['attachment']['name'] . "\"\n";
$message .= "Content-disposition: attachment\n";
$message .= "Content-Transfer-Encoding: base64\n";
$message .= "\n";
$message .= "$str\n";
$message .= "\n";
$message .= "--MIME_BOUNDRY--\n";
}
}
If(!mail($emailto,$emailsubject,$message,$headers)) {
exit("There has been an error, please contact the admin");
}
Echo("".$thanksmessage."Send Another Mail");
exit();
}
}
function cp() {
Echo("...");
}
?>
Informed Sources Inc.
First Name
:
Last Name :
Email
:
Subject
:
Attach
:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Two people working on the same app / script?
CVS is definitely something to check into. In addition to the Mac product mentioned before, Zend Studio and many other IDEs and editors have CVS compatibility built into them. CVS is similar to (but of course has differences to) Microsoft's Source Safe, if you're familiar with that product. (yeah, someone's going to hang me for making the comparison, but they serve the same function so I'm drawing a parallel). -TG > -Original Message- > From: Chris Shiflett [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 30, 2004 4:38 AM > To: Dave Carrera; [EMAIL PROTECTED] > Subject: Re: [PHP] Two people working on the same app / script? > > > --- Dave Carrera <[EMAIL PROTECTED]> wrote: > > Is there a simple solution for two or more people to work on the > > same php app /script without it turning into a mess of many tar / > > zip files with contributed additions. > > Any version control system that supports concurrent > development will work > for this. For example, Concurrent Versions System, CVS. :-) > > Chris > > = > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly HTTP Developer's Handbook - Sams > Coming December 2004http://httphandbook.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
I haven't done the exam, yet, but based on some of the practice questions, I'm getting worried. I'm finding sample questions whose answers are not covered in the book. One such question was a list(, $var) = whatever, and nowhere in the book could I find an explanation for same. I've also used count, and strlen many times, but I've never used count on a non-array, which is what strlen returns. I'm just don't think I've screwed up enough yet, although I've been using PHP on and off for four years. Regards Rory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
> I'm glad to hear that, cause some of them did seem a bit difficult. I > understood perfectly after seeing the correct answer and the > explanation, but they were a little tricky. I would be interested in feedback on the exam. I am looking into taking the test, just hoping Zend runs the $100 deal again. I know I am too late but good luck this morning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cURL and Proxy Servers
Hello everyone, I'm using cURL and have a question about this line (part of a function) curl_setopt($ch, CURLOPT_PROXY, $proxy2use); I know that *after* I curl_exec() i can find out if the proxy resolved or not with curl_errno() (it would return 5) but it seems that if it does fail to resolve, it will default to the users IP This is not acceptable ;-) I already check that the proxy is up and i can connect to it prior to running my curl function, but if the proxy still doesnt resolve, how might i prevent the curl function form executing? Much thanks for any insight on this... -- Nick W -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
[PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[snip] Subject: [PHP] UNSUBSCRIBE Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] [/snip] Oh goody! Hey Denise! Do you see that link at the bottom of the page that looks like this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php <--THIS ONE RIGHT HERE? Click it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
hey genius: To unsubscribe, visit: http://www.php.net/unsub.php - Original Message - From: [EMAIL PROTECTED] Date: Thursday, September 30, 2004 10:19 am Subject: [PHP] UNSUBSCRIBE > Thank you, > > Denise Holland > ITM - Network Support > 703-358-1823 > [EMAIL PROTECTED] > > __ > > Thank you, > > Denise Holland > ITM - Network Support > 703-358-1823 > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
If you were smart enough to get yourself on the list, you should be smart enough to get yourself off without inflicting yourself on the rest of us. You work in "network support", ever hear about e-mail headers? (clue for you) On Thu, 2004-09-30 at 10:19, [EMAIL PROTECTED] wrote: > Thank you, > > Denise Holland > ITM - Network Support > 703-358-1823 > [EMAIL PROTECTED] > > __ > > Thank you, > > Denise Holland > ITM - Network Support > 703-358-1823 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[snip] Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] [/snip] What we appear to have here is a rocket scientist. Are you going to keep sending this until you learn how to click the link? To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
stop sending this spam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 15:20 To: [EMAIL PROTECTED] Subject: [PHP] UNSUBSCRIBE Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] This message has been scanned for viruses by MailController - www.MailController.altohiway.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Test - Is the list working?
Odd stuff this morning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Can we start mass flaming this guy? Ok one nice one... http://www.php.net/mailing-lists.php goto the bottom of the page and unsubscribe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: [PHP] UNSUBSCRIBE Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED]
Re: [PHP] Replace or regex?
$var="##testcode##this is a ##code1## test of the ##code2## code
replacement system ##code3##";
$varParsed=strParse($var);
echo "$var";
echo $varParsed;
function strParse($origString)
{
while ( $offsetFALSE)
{
$tmpString=substr($origString, $lastEnd, $foundBeg-$lastEnd);
$tmpCode=substr($origString, $foundBeg+2, $foundEnd-($foundBeg+2));
$finalString=$finalString . $tmpString . "$tmpCode";
$offset=$foundEnd+2;
$lastEnd=$foundEnd+2;
} else {
echo "Parse Error";
break;
}
}
return $finalString;
}
On Thu, 30 Sep 2004 11:39:10 +0300, mario <[EMAIL PROTECTED]> wrote:
> Hi all
>
> I have a string: ##CODE## and I want to replace that with href="somewhere.php?id=CODE">CODE
>
> can u help?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
On Thursday 30 September 2004 10:18 am, [EMAIL PROTECTED] wrote: > Thank you, > You can't expect that people in government know how to read! Much less think! James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] refresh page automaticly on PHP
As the others said, this isn't a function of php, php is a server-side script and a refresh is on the client side. A meta-refresh tag is fine depending on how reliable you want your refresh to be as it'll stop working after a day or so. If you need it to refresh forever you'll need to use javascript. On Thu, 30 Sep 2004 05:09:09 -0700 (PDT), welly limston <[EMAIL PROTECTED]> wrote: > how to make my page refresh automaticly? > Can i use PHP function? > what is it? > > > - > Do you Yahoo!? > vote.yahoo.com - Register online to vote today! > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[EMAIL PROTECTED] wrote: Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] No Denise, thank you. Thank you for not following clear instructions. Thank you for spamming this list, because you fail to read. Thank you for restoring my faith in the intelligence of our government employees. Pssst, for future reference, this little link is provided at the end of every message sent to this list To unsubscribe, visit: http://www.php.net/unsub.php Need me to walk you thru it, or can you handle it from here? -- John C. Nichel ÃœberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What an ass ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
Along with the other tips people gave, make sure that if you have register globals turned on, do not ever reference a session variable that way, always use $_SESSION On Thu, 30 Sep 2004 08:39:42 -0400, Aaron Todd <[EMAIL PROTECTED]> wrote: > Can anyone tell me how secure a session variable is. I realize that if > someone wanted to take the time to break into my site they will eventually > succeed, but I dont want to make it too easy. I have a database that stores > a username and an encrypted password which both are verifyed when the user > logs in to the site. Then I have a session variable that I am checking for > on all other pages that tells the page that they are logged in. I also have > a session variable that holds the users ID in the database. Certain pages > reference that ID to show the user there data. Mainly used for a My Account > page. But If I'm logged in, how easy would it be, if its even possible, to > change the session variable that holds my ID to someone elses ID so I can > get their data. > > I hope I have explained myself enough for someone to know what I am talking > about. If anyone has some good web sites on session security I'd really > like to read them. > > Thanks, > > Aaron > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test - Is the list working?
Jay Blanchard wrote: Odd stuff this morning. I think it's overloaded with unsubscribe requests. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cURL and Proxy Servers
If you already resolve the proxy before the exec, just don't run the exec if it doesn't resolve, and set the proxy to the ip it resolved to so curl won't try to resolve it again. On Thu, 30 Sep 2004 16:27:52 +0200, Nick Wilson <[EMAIL PROTECTED]> wrote: > Hello everyone, > > I'm using cURL and have a question about this line (part of a function) > > curl_setopt($ch, CURLOPT_PROXY, $proxy2use); > > I know that *after* I curl_exec() i can find out if the proxy resolved > or not with curl_errno() (it would return 5) but it seems that if it > does fail to resolve, it will default to the users IP > > This is not acceptable ;-) > > I already check that the proxy is up and i can connect to it prior to > running my curl function, but if the proxy still doesnt resolve, how > might i prevent the curl function form executing? > > Much thanks for any insight on this... > > -- > Nick W > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[snip] Can we start mass flaming this guy? Ok one nice one... Denise Holland ITM - Network Support 703-358-1823 [/snip] I vote we all call her -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Best way to allow a user to indicate formatting to be displayed but stored.
Thank you all for the information... however at a second look I realized that I failed to better describe my needs... My current plan is to have a series of articles and information stored in my database... The table will have a ID, Title, Author, Image, Content, Date/Time What I would like to have is say someone needs to do a sub heading... I would like to have it automatically be the same subheading format for all of the content... in addition to the formatting... Also... I saw one refer to PEAR, since I am on a shared server is there a way to test if pear is available... (never worked with it and am still new to PHP sorry) thanks On Wed, 29 Sep 2004 13:51:41 -0400, GH <[EMAIL PROTECTED]> wrote: > I am looking for the best way to have a user enter information and > format it ... i.e. Bold, Italics, etc... with out havng to use the > HTML commands... > > Using PHP4. > > Any suggestions... > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Replace or regex?
Hi,
> > I have a string: ##CODE## and I want to replace that with > href="somewhere.php?id=CODE">CODE
I handle %code% tags in some templates I use... here's the code I have..
function show ($template, $tag) {
$file = fopen ($template, "r") or
die($error_string());
while (!feof($file)) {
$line_in = fgets($file, 1024);
$line_out .= $line_in;
}
if ($tag != 0) {
foreach ($tag as $name => $value) {
$line_out = str_replace ("%$name%",
$value, $line_out);
}
}
return $line_out;
fclose ($file);
}
Hope that helps..
-Dan Joseph
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Test - Is the list working?
sheesh.. ok, who is going to sign that denise character back up to the list :P Jason Marek Kilimajer <[EMAIL PROTECTED]> wrote: > > Jay Blanchard wrote: > > Odd stuff this morning. > > > > I think it's overloaded with unsubscribe requests. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] alphabetic comparison
Is there any way you can use the numerical comparisons < or > to see if one word comes first alphabetically to another ? what can I use to see if "oranges" comes after or before "apples" alphabetically for instance. -- Diana Castillo Global Reservas, S.L. C/Granvia 22 dcdo 4-dcha 28013 Madrid-Spain Tel : 00-34-913604039 Ext 216 Fax : 00-34-915228673 email: [EMAIL PROTECTED] Web : http://www.hotelkey.com http://www.destinia.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
did anyone call? On Thu, 30 Sep 2004 10:26:08 -0500, Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > Can we start mass flaming this guy? Ok one nice one... > > Denise Holland > ITM - Network Support > 703-358-1823 > [/snip] > > I vote we all call her > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Great, I needed some humour today, thanks all :) Graham -Original Message- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 16:26 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] UNSUBSCRIBE [snip] Can we start mass flaming this guy? Ok one nice one... Denise Holland ITM - Network Support 703-358-1823 [/snip] I vote we all call her -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Children: how do you make your parents __sleep() ?
Hey
I'm building a webapp with tons of objects all over the place, a lot
of which are quite complex, meaning they could have many subclasses
and many nested object members. I'm implementing a memory caching
mechanism to store these objects between requests and share them
between different user sessions.
In order for my memory caching mechanism to work, objects must be
serialised before they are placed into the cache. In PHP5, this
presents some problems for me, mostly to do with having multiple
copies of the same object floating around after an object is returned
from the cache (unserialised). I'm getting around this by preparing my
objects for caching using the __sleep() method: serialising only
certain instance variables and then using __wakeup() to ensure I'm
still only working with one copy of any object.
My question is: how do you use __sleep() in conjunction with a parent
class whose members are private?
I'm having problems as I've declared most of the instance variables in
the classes of my inheritance hierarchy to be private. This means that
I cannot recursively call __sleep() on parent classes in order to
merge the variables together and return a complete array of variable
names from the top-level function.
An example:
class MyParent
{
private $var1; // serialise
private $var2; // don't' serialise
function __construct()
{
$this -> var1 = "Hello World";
$this -> var2 = "Goodbye World";
}
function __sleep()
{
return array("var1");
}
}
class MyChild extends MyParent
{
private $var3; // serialise
private $var4; // don't serialise
function __construct()
{
$this -> var3 = "Hello World II";
$this -> var4 = "Goodbye World II";
}
function __sleep()
{
return array_merge(parent::__sleep(), array("var3"));
}
}
$mc = new MyChild();
$mcSerialised = serialize($mc);
When I try to serialise $mc I get the following notice due to $var1's
access modifier in MyParent:
Notice: serialize() [function.serialize]: "var1" returned as member
variable
from __sleep() but does not exist in /var/www/...
So now I'm thinking that if I just call parent::__sleep() in the
__sleep() function of MyChild then PHP will figure out that I'm
trying to serialise the instance members of my parent class too.
Doesn't work. In fact I can't think of any way to do this, other than
with some horrendous hacks, or just by declaring all my instance
variables to be protected.
Has anyone seen this before? Can anyone think of a workaround?
Obviously it wouldn't have been a problem in PHP4, as there were no
private/protected access modifiers. Perhaps this means that __sleep()
and __wakeup() don't really work for inherited objects in PHP5?
Thanks,
Rob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to allow a user to indicate formatting to be displayed but stored.
GH wrote: Thank you all for the information... however at a second look I realized that I failed to better describe my needs... My current plan is to have a series of articles and information stored in my database... The table will have a ID, Title, Author, Image, Content, Date/Time What I would like to have is say someone needs to do a sub heading... I would like to have it automatically be the same subheading format for all of the content... in addition to the formatting... The answer is CSS. Also... I saw one refer to PEAR, since I am on a shared server is there a way to test if pear is available... (never worked with it and am still new to PHP sorry) If that does not give you error, PEAR is installed. Not necessarily all packages. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to allow a user to indicate formatting to be displayed but stored.
On Thu, 30 Sep 2004 18:17:05 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
> GH wrote:
> > Thank you all for the information... however at a second look I
> > realized that I failed to better describe my needs...
> >
> > My current plan is to have a series of articles and information stored
> > in my database...
> >
> > The table will have a ID, Title, Author, Image, Content, Date/Time
> >
> > What I would like to have is say someone needs to do a sub heading...
> > I would like to have it automatically be the same subheading format
> > for all of the content... in addition to the formatting...
>
> The answer is CSS.
from what I understand it phpBB works only for BBcode... so how would
I be able to make is so that they do not manually have to change the
CSS or apply the CSS?
>
> >
> > Also... I saw one refer to PEAR, since I am on a shared server is
> > there a way to test if pear is available... (never worked with it and
> > am still new to PHP sorry)
>
> require('PEAR.php');
> ?>
>
> If that does not give you error, PEAR is installed. Not necessarily all
> packages.
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Wed, 29 Sep 2004 15:55:29 -0700 (PDT), Chris Shiflett <[EMAIL PROTECTED]> wrote: > I'd be interested in hearing your honest feedback after you take it, > whether privately or on this list. Hopefully ZCE becomes a respected > acronym, unlike MCSE. :-) I passed. I thought the test was very challenging. The areas I found most difficult were the regular expressions, and the fill in the blank questions. I didn't feel like anything in there was 'tricky' in the sense that it was purposely misleading me to the wrong answer. But at the same time I'm pretty sure you can't just study the Zend guide for a couple weeks and expect to pass. You definatly have to have some years of hands-on PHP experience. I made heavy use of the 'mark for review' feature of the test. I marked about 15 questions going through, then came back at the end and actually answered them. This helped a lot because the pressure was off once I had seen all 70 questions and still had about 40 minutes to think through the ones I marked. I admit I guessed on a few of them. I just couldn't see a clear answer on some of the regex questions. But I knew going in that was a weak area for me personally. I'm sure glad it's done. :) -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to allow a user to indicate formatting to be displayed but stored.
GH wrote: On Thu, 30 Sep 2004 18:17:05 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote: GH wrote: Thank you all for the information... however at a second look I realized that I failed to better describe my needs... My current plan is to have a series of articles and information stored in my database... The table will have a ID, Title, Author, Image, Content, Date/Time What I would like to have is say someone needs to do a sub heading... I would like to have it automatically be the same subheading format for all of the content... in addition to the formatting... The answer is CSS. from what I understand it phpBB works only for BBcode... so how would I be able to make is so that they do not manually have to change the CSS or apply the CSS? I'm not sure how you format subheading in bb code, but I guess you will need to modify the function or class that converts bb code to html and change the rule for subheading tag Also... I saw one refer to PEAR, since I am on a shared server is there a way to test if pear is available... (never worked with it and am still new to PHP sorry) If that does not give you error, PEAR is installed. Not necessarily all packages. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
Brian: What way should you not reference session variables? I seem to have missed that part of the discussion... Sorry. Gary On Thu, 30 Sep 2004 10:17:51 -0500, Brian <[EMAIL PROTECTED]> wrote: > Along with the other tips people gave, make sure that if you have > register globals turned on, do not ever reference a session variable > that way, always use $_SESSION > > > > > On Thu, 30 Sep 2004 08:39:42 -0400, Aaron Todd <[EMAIL PROTECTED]> wrote: > > Can anyone tell me how secure a session variable is. I realize that if > > someone wanted to take the time to break into my site they will eventually > > succeed, but I dont want to make it too easy. I have a database that stores > > a username and an encrypted password which both are verifyed when the user > > logs in to the site. Then I have a session variable that I am checking for > > on all other pages that tells the page that they are logged in. I also have > > a session variable that holds the users ID in the database. Certain pages > > reference that ID to show the user there data. Mainly used for a My Account > > page. But If I'm logged in, how easy would it be, if its even possible, to > > change the session variable that holds my ID to someone elses ID so I can > > get their data. > > > > I hope I have explained myself enough for someone to know what I am talking > > about. If anyone has some good web sites on session security I'd really > > like to read them. > > > > Thanks, > > > > Aaron > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] refresh page automaticly on PHP
--- welly limston <[EMAIL PROTECTED]> wrote: > how to make my page refresh automaticly? You can use a Refresh header: Refresh: 3; url=http://example.org/ > Can i use PHP function? http://www.php.net/header Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] alphabetic comparison
[snip]
Is there any way you can use the numerical comparisons < or > to see if
one
word comes first alphabetically to another ?
what can I use to see if
"oranges" comes after or before "apples" alphabetically for instance.
[/snip]
**mumble grumble**
You should just try dinky questions like this out for yourself...
Try this code:
"oranges" )
{
echo "apples";
}else{
echo "oranges";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Best way to allow a user to indicate formatting to be displayed but stored.
GH wrote:
Are there anyother methods besides BBCode/phpBB that one can use?
Especially if I do not have pear available on my host?
I'm sure there are. For example you can convert the string using
htmlspecialchars, and then convert only allowed tags back:
$text = htmlspecialchars($_POST['text']);
$replace_to = array('', '');
$replace_from = array();
foreach($replace_to as $tag) {
$replace_from[] = htmlspecialchars($tag);
}
$text = str_replace($replace_from, $replace_to, $text);
You can install pear in your account, just unpack the archive and set
include_path.
On Thu, 30 Sep 2004 18:27:52 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
GH wrote:
On Thu, 30 Sep 2004 18:17:05 +0200, Marek Kilimajer <[EMAIL PROTECTED]> wrote:
GH wrote:
Thank you all for the information... however at a second look I
realized that I failed to better describe my needs...
My current plan is to have a series of articles and information stored
in my database...
The table will have a ID, Title, Author, Image, Content, Date/Time
What I would like to have is say someone needs to do a sub heading...
I would like to have it automatically be the same subheading format
for all of the content... in addition to the formatting...
The answer is CSS.
from what I understand it phpBB works only for BBcode... so how would
I be able to make is so that they do not manually have to change the
CSS or apply the CSS?
I'm not sure how you format subheading in bb code, but I guess you will
need to modify the function or class that converts bb code to html and
change the rule for subheading tag
Also... I saw one refer to PEAR, since I am on a shared server is
there a way to test if pear is available... (never worked with it and
am still new to PHP sorry)
If that does not give you error, PEAR is installed. Not necessarily all
packages.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] alphabetic comparison
if ( "apples" < "oranges" ) {echo "apples comes before oranges";}
On Thu, 30 Sep 2004 17:59:39 +0200, Diana Castillo <[EMAIL PROTECTED]> wrote:
> Is there any way you can use the numerical comparisons < or > to see if one
> word comes first alphabetically to another ?
> what can I use to see if
> "oranges" comes after or before "apples" alphabetically for instance.
>
> --
> Diana Castillo
> Global Reservas, S.L.
> C/Granvia 22 dcdo 4-dcha
> 28013 Madrid-Spain
> Tel : 00-34-913604039 Ext 216
> Fax : 00-34-915228673
> email: [EMAIL PROTECTED]
> Web : http://www.hotelkey.com
> http://www.destinia.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Images in PHP and MySQL
If you're uploading a file then you can make a script that reads the temp file into the database (otherwise you need to muck around with image functions and I'm not the one to ask about that), something like: $image = mysql_escape_string(fread(fopen($_FILES['file']['tmp_name'], "r"), filesize($_FILES['file']['tmp_name']))); Then you just put $image in the db under a BLOG field type. This is what I did when I needed to save some images to a db and it seemed to work fine. Make sure you save the file type to the database so you can display the image properly. When you are ready to display an image, just create the html for an image and set the source to a php script that will output the image: And in the display_image.php script do something like this: That code was modified a bit from its origional function (forcing download of the file) but I think it should just work, but there's always the chance I messed it up somehow. hope that works for someone, -Jasper Howard On Mon, 27 Sep 2004 19:05:16 -0500, Jim Grill <[EMAIL PROTECTED]> wrote: > > 1) there is no need to fiddle with directory permissions to write images. > > 2) if the content is sensitive you have the added security of the database > > password (and the fact that the database is ususally not directly > > accessible). > > 3) a mysqldump gives a backup of all images along with other persistent > data > > > > Other disadvantages follow: > > 1) excessive load on the server for loading each image > > 2) the load mentioned above causes a slow down in the script > > 3) images usually need to be written to file before using GD for > > manipulation, inclusion in PDFs, etc. > > > That's a very good list. > > I just wanted to pipe in on this one thing: > > "3) images usually need to be written to file before using GD for > manipulation, inclusion in PDFs, etc." > > There is actually a function for this: imagecreatefromstring() > > I'll don't want to touch the rest of this topic though. :-) > > Jim Grill > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- << Jasper Howard - Database Administration ApexEleven.com 530 559 0107 --->> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
--- Aaron Todd <[EMAIL PROTECTED]> wrote: > Can anyone tell me how secure a session variable is. It's 93% secure. :-) Seriously, session data is generally more secure than other data that you're likely to use. If you try to consider your data as being either local or foreign, I think you'll start to understand why. Things in $_POST, $_GET, $_COOKIE, $_FILES, and even some of $_SERVER come from the client, and therefore you are not guaranteed that any of it is valid. Session data is stored on the server, and unless you send it to the client (like echo a session variable), it isn't exposed like other data. What is stored in the session is up to you. As long as you have good data filtering rules prior to setting a session variable, then you can trust its format. There are, of course, caveats, but they are minor and distract from the point. One that is worth considering is whether you are on a shared host and store your session data in /tmp, which is the default. I have an article available that discusses such shared hosting concerns: http://shiflett.org/articles/security-corner-mar2004 > I have a database that stores a username and an encrypted > password which both are verifyed when the user logs in to the site. This is a good practice but actually falls under the topic of authentication. A good idea is to use a one-way algorithm, such as MD5, so that there is no risk of reversal (these algorithms must be broken by going "forward" and trying to find a collision). > But If I'm logged in, how easy would it be, if its even possible, to > change the session variable that holds my ID to someone elses ID > so I can get their data. Practically impossible. As I understand your implementation, this ID is a session variable, and these cannot be arbitrarily set by the user. The risk is more along the lines of things like session fixation and session hijacking. While I can't set the ID associated with my session, I can attempt to hijack someone else's session that has the ID that I want. Focus on this risk, because it's much more important. > If anyone has some good web sites on session security I'd really > like to read them. I try to write a lot on security and make my work available for free. I'm tired of seeing PHP being associated with poor security. Here are some articles related to session security: http://shiflett.org/articles/the-truth-about-sessions http://shiflett.org/articles/security-corner-feb2004 There is a better one published in the Aug 2004 issue of php|architect, but I can't offer it for free until 26 Feb 2005. If you happen to be reading this message after that date, you can try this link: http://shiflett.org/articles/security-corner-aug2004 I've also given a couple of presentations on session security, and the slides are available here: http://shiflett.org/talks/oscon2004/securing-php-sessions http://shiflett.org/talks/phpworks2004/php-session-security Another talk had information on session security and other popular topics: http://shiflett.org/talks/oscon2004/php-security This was the talk that had the PHP Security Workbook (which I will likely update for future talks): http://shiflett.org/php-security.pdf I hesitate to point people to slides, because I think they leave a lot of gaps. I only use them to highlight major points, and sometimes I'll even ask, "Does anyone know what's wrong with this code?" When you're only looking at the slides, you don't get such questions, and so you might think the code on the slide is good stuff. :-) Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security Question (from Chris's OSCON 2004 talk)
Hi folks. Thanks to all for the replies to my question about security on shared hosting the other day. I've contacted my hosting provider and they will be fixing the issues I've pointed out to them. I've got a question about a section of Chris's article on PHP security from his OSCON 2004 talk. When talking about protecting database credentials, Chris mentions creating a file (readable only by root) with the following: SetEnv DB_USER "myuser" SetEnv DB_PASS "mypass" and then using this: Include "/path/to/secret-stuff" in the httpd.conf file such that they show up in your $_SERVER array. I assume that the include directive would be declared inside the section of the httpd.conf file which defines everything for my site? This is probably a stupid question but I want to make sure of what I'm asking my hosting provider before I send my email. I'm also going to be asking them to set another environment variable, INC_PATH, and then I'll use this to reference the files which I'm including from outside my webroot, such that even if someone reads the files within my webroot, they won't see either the db username or password, nor will they see the path from which I am including sensitive files. Thoughts? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
--- j kensler <[EMAIL PROTECTED]> wrote: > The first thing to do is to set your scripts to not allow session > handling to be carried out through the URL if a person's browser > won't accept cookies. It would be way too easy to change the ID. While true, it is only barely more convenient to change the session identifier on the URL. I wouldn't rely on this recommendation for any type of security - anything from the client can be spoofed, and there are tools that let people easily manage their cookies. > And also if the id numbers are sequential My advice is to not generate your own session identifiers. It is highly unlikely that you know more about entropy than those who developed the algorithm used to generate a session identifier in PHP's native implementation. If you are an expert on such things and think you can make some improvements to the entropy, please contribute your implementation back to PHP. :-) > you might also want to have a second, random identifier that is also > a session variable. This is a good suggestion. It's basically to generate a random string of some sort (I usually call this thing a token, but you can call it whatever). What you want to do is propagate this using a different method than the session identifier is propagated (when possible - if the user disables support for cookies, then you have no choice in the matter). For example, propagate the session identifier in a cookie and the token on the URL. Why different methods? If the session identifier is compromised, then it is possible that the method used to compromise it can compromise the token as well (if the same method is used). Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- Rory Browne <[EMAIL PROTECTED]> wrote: > I haven't done the exam, yet, but based on some of the practice > questions, I'm getting worried. I'm finding sample questions whose > answers are not covered in the book. If you're talking about the questions in the back of the Zend Certification Guide, don't worry - those questions are much more difficult and obscure than what you'll find on the actual exam. If it makes you feel better, several of us from the advisory board looked through those at OSCON, and we all missed most of the first few questions. :-) > One such question was a list(, $var) = whatever, and nowhere in > the book could I find an explanation for same. Yeah, I got that one, but the other guys thought it would be a parse error or something. Having the comma first just skips the first argument - it's like you don't want to assign the first value to a variable. Not knowing this is fine. > I've also used count, and strlen many times, but I've never used > count on a non-array, which is what strlen returns. I think this is something you should be able to answer, but that's just me. It's true that most people who use count() use it on an array, but it's not really an array function. It just happens to not make much practical sense to count something that's only going to have one value (or null, which will return 0). However, while practicality is great, I think some theoretical foundation is also important. I didn't write this question, so that's not why I'm defending it. :-) Some of the questions in the guide require you to deduce the correct answer from what you've learned. This can rarely be achieved if the guide is your only exposure to a topic, and this is somewhat intentional. We tried to target developers who have at least 6 months of professional PHP experience (e.g., you've been writing non-trivial PHP applications every day for at least 6 months). The guide was written to help people expose themselves to a broader range of topics than their practical experience might have exposed them to, because the exam is pretty thorough. I think a very experienced developer can pass the exam without using the guide with little trouble, but I don't think an inexperienced developer can read the guide and hope to pass. You need more than that. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
--- "Matt M." <[EMAIL PROTECTED]> wrote: > I am looking into taking the test, just hoping Zend runs the $100 > deal again. You can win a free pass to take the exam by being the first to solve this puzzle: http://shiflett.org/archive/55 Enjoy. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
> > > I passed. > > > > Greg Donald > Zend Certified Engineer > http://gdconsultants.com/ > http://destiney.com/ Congratulations Greg. Like the new sig ! ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] alphabetic comparison
put all the values you want sorted into an array, $array =
array("orange","apple"); and use sort($array);, it should list the
values alphabetically.
On Thu, 30 Sep 2004 17:59:39 +0200, Diana Castillo <[EMAIL PROTECTED]> wrote:
> Is there any way you can use the numerical comparisons < or > to see if one
> word comes first alphabetically to another ?
> what can I use to see if
> "oranges" comes after or before "apples" alphabetically for instance.
>
> --
> Diana Castillo
> Global Reservas, S.L.
> C/Granvia 22 dcdo 4-dcha
> 28013 Madrid-Spain
> Tel : 00-34-913604039 Ext 216
> Fax : 00-34-915228673
> email: [EMAIL PROTECTED]
> Web : http://www.hotelkey.com
> http://www.destinia.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
<<
Jasper Howard - Database Administration
ApexEleven.com
530 559 0107
--->>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] UNSUBSCRIBE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Just prove's the saying "Make something idiot proof and someone will invent a better idiot" Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: [PHP] UNSUBSCRIBE Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] __ Thank you, Denise Holland ITM - Network Support 703-358-1823 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Security
--- GH <[EMAIL PROTECTED]> wrote: > Brian: > > What way should you not reference session variables? I seem to have > missed that part of the discussion... Sorry. I think he meant to be wary of register_globals and thinking you're referencing a session variable when you use $foo rather than $_SESSION['foo']. With register_globals enabled, you can't be sure of the data's origin. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Two people working on the same app / script?
Please correct me if I'm wrong, but I didn't think SourceSafe allowed for versioning/branching, simply 'locking' a file until it was checked in, but I haven't used it for a while. This is actually the basic functionality I'm looking for, and possibly what the OP requires too, I don't (currently) need versioning/branching just a way to ensure that I can't change some code being worked on by a colleague. Can CVS or Subversion operate in this 'basic' mode? If not, does anyone know of a free/open source app that provides this? Dreamweaver offers a simple locking functionality but would require all developers on a project to use Dreamweaver, which can get expensive and I would like each developer to be able to use the IDE they feel most comfortable with. Thanks Graham -Original Message- From: Gryffyn, Trevor [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 14:44 To: [EMAIL PROTECTED] Cc: Dave Carrera Subject: RE: [PHP] Two people working on the same app / script? CVS is definitely something to check into. In addition to the Mac product mentioned before, Zend Studio and many other IDEs and editors have CVS compatibility built into them. CVS is similar to (but of course has differences to) Microsoft's Source Safe, if you're familiar with that product. (yeah, someone's going to hang me for making the comparison, but they serve the same function so I'm drawing a parallel). -TG > -Original Message- > From: Chris Shiflett [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 30, 2004 4:38 AM > To: Dave Carrera; [EMAIL PROTECTED] > Subject: Re: [PHP] Two people working on the same app / script? > > > --- Dave Carrera <[EMAIL PROTECTED]> wrote: > > Is there a simple solution for two or more people to work on the > > same php app /script without it turning into a mess of many tar / > > zip files with contributed additions. > > Any version control system that supports concurrent > development will work > for this. For example, Concurrent Versions System, CVS. :-) > > Chris > > = > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly HTTP Developer's Handbook - Sams > Coming December 2004http://httphandbook.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security Question (from Chris's OSCON 2004 talk)
Hi folks. Sorry if this gets posted twice, but I sent it originally almost an hour ago and it hasn't shown up on the list yet. Thanks to all for the replies to my question about security on shared hosting the other day. I've contacted my hosting provider and they will be fixing the issues I've pointed out to them. I've got a question about a section of Chris's article on PHP security from his OSCON 2004 talk. When talking about protecting database credentials, Chris mentions creating a file (readable only by root) with the following: SetEnv DB_USER "myuser" SetEnv DB_PASS "mypass" and then using this: Include "/path/to/secret-stuff" in the httpd.conf file such that they show up in your $_SERVER array. I assume that the include directive would be declared inside the section of the httpd.conf file which defines everything for my site? This is probably a stupid question but I want to make sure of what I'm asking my hosting provider before I send my email. I'm also going to be asking them to set another environment variable, INC_PATH, and then I'll use this to reference the files which I'm including from outside my webroot, such that even if someone reads the files within my webroot, they won't see either the db username or password, nor will they see the path from which I am including sensitive files. Thoughts? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
Hi, > > I'd be interested in hearing your honest feedback after you take it, > > whether privately or on this list. Hopefully ZCE becomes a respected > > acronym, unlike MCSE. :-) > > I passed. > > I thought the test was very challenging. The areas I found most Congrats! -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Question (from Chris's OSCON 2004 talk)
--- Pablo Gosse <[EMAIL PROTECTED]> wrote: > I've got a question about a section of Chris's article on PHP > security from his OSCON 2004 talk. > > When talking about protecting database credentials, Chris > mentions creating a file (readable only by root) with the > following: > > SetEnv DB_USER "myuser" > SetEnv DB_PASS "mypass" > > and then using this: > > Include "/path/to/secret-stuff" > > in the httpd.conf file such that they show up in your $_SERVER > array. The credit for this approach belongs to David Sklar and Adam Trachtenberg, not me. I just happen to think it's a good approach. :-) I know you weren't explicitly giving me credit, but I wanted to make sure. > I assume that the include directive would be declared inside > the section of the httpd.conf file which defines everything for > my site? Yes, and I think this is a point that I left out. I probably thought it was obvious, but many people have emailed me about this. If the Apache Include directive given is not within your VirtualHost block or otherwise restricted to one user, then every user on the server can access that data. So, you want to make sure this directive only applies to you. > I'm also going to be asking them to set another environment > variable, INC_PATH, and then I'll use this to reference the > files which I'm including from outside my webroot, such that > even if someone reads the files within my webroot, they won't > see either the db username or password, nor will they see the > path from which I am including sensitive files. > > Thoughts? This is obscurity, which can be somewhat helpful, but don't rely on this for any sort of protection. While it's true that someone can't easily determine where you have your modules stored, this discovery isn't challenging enough to be considered a safeguard. I think it's best to keep anything that you consider sensitive in the database (this is for shared hosts only, mind you), and use the technique described above to protect your database access credentials. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I make an 'email this page' feature?
On Thu, 30 Sep 2004 08:33:45 +0100, PHP Tech <[EMAIL PROTECTED]> wrote: > Do you mean that I would have a different ID no. for different pages and > pass that variable to the 'email this page' page which will then send the > url according to the ID number? If that's what you mean it sounds like a > good idea, but unfortunately as this site has lots of dynamic URLs this > would be impossible to do. If you have dynamic URL's, I would use the same logic that builds the page to build the email. There's something about reading the page via HTTP from PHP that gives me pause. Don't let me stop you from getting the job done quickly, though. :) > Maybe I should get the info from the refering page and make sure that the > beginning of the url is the url of the website. However will all browsers > send this info? I can't think of any reason that a browser wouldn't send the referring page, I think it's part of the HTTP spec. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Thu, 30 Sep 2004 10:17:53 -0700 (PDT), Chris Shiflett <[EMAIL PROTECTED]> wrote: > I think a very experienced developer can pass the exam without using the > guide with little trouble, but I don't think an inexperienced developer > can read the guide and hope to pass. You need more than that. I agree. At the same time, I actually learned a few things from the guide. Like how useful preg_match_all() is for example. I never used it before, but I definitely will in the future. Everyone has their weak points, and the guide will point those out to you. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
This is very interesting reading. I've been using PHP (almost) daily for the past 7 months so Chris' comments do encourage me to consider the possibility of going for the certification in time. I do think I would need the study guide though as there are many topics being discussed on this list that are new to me and my experience has been with only one application at present. My problem (as I'm sure is true with many others) is that I need to get the job done ASAP and rarely have time to research the 'best' way of doing things. This list is very good at getting me to see alternatives to how I am doing things. Thanks Graham -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: 30 September 2004 18:18 To: Rory Browne; PHP General Subject: Re: [PHP] Zend PHP Certification test --- Rory Browne <[EMAIL PROTECTED]> wrote: > I haven't done the exam, yet, but based on some of the practice > questions, I'm getting worried. I'm finding sample questions whose > answers are not covered in the book. If you're talking about the questions in the back of the Zend Certification Guide, don't worry - those questions are much more difficult and obscure than what you'll find on the actual exam. If it makes you feel better, several of us from the advisory board looked through those at OSCON, and we all missed most of the first few questions. :-) > One such question was a list(, $var) = whatever, and nowhere in > the book could I find an explanation for same. Yeah, I got that one, but the other guys thought it would be a parse error or something. Having the comma first just skips the first argument - it's like you don't want to assign the first value to a variable. Not knowing this is fine. > I've also used count, and strlen many times, but I've never used > count on a non-array, which is what strlen returns. I think this is something you should be able to answer, but that's just me. It's true that most people who use count() use it on an array, but it's not really an array function. It just happens to not make much practical sense to count something that's only going to have one value (or null, which will return 0). However, while practicality is great, I think some theoretical foundation is also important. I didn't write this question, so that's not why I'm defending it. :-) Some of the questions in the guide require you to deduce the correct answer from what you've learned. This can rarely be achieved if the guide is your only exposure to a topic, and this is somewhat intentional. We tried to target developers who have at least 6 months of professional PHP experience (e.g., you've been writing non-trivial PHP applications every day for at least 6 months). The guide was written to help people expose themselves to a broader range of topics than their practical experience might have exposed them to, because the exam is pretty thorough. I think a very experienced developer can pass the exam without using the guide with little trouble, but I don't think an inexperienced developer can read the guide and hope to pass. You need more than that. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] register globals changed to off, script breaks
I had a couple pages that had used a few 'a href' links to create a URL like this: http://mydomain.com/profile.php?cid=6 When you clicked the link, it went to the profile.php page, which had the following code snippet: foreach($_GET as $varname => $value) $formVars[$varname] = trim($value); This worked great when the server had 'register globals' set to on. However, desiring to tighten up the security of the server a bit, I turned register globals to off. Now the above code snippet doesn't work. I've done quite a bit of searching and reading and haven't yet come up with a similar substitute (and I'm still learning PHP) for creating the variable array from the GET. What does work is: $cid = $_GET($varname); But that is only for when a single variable is passed, not when a bunch of them get passed and need to be put into an array. Would appreciate any tips. Thanks Kevin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: cURL and Proxy Servers
Hello, On 09/30/2004 11:27 AM, Nick Wilson wrote: I'm using cURL and have a question about this line (part of a function) curl_setopt($ch, CURLOPT_PROXY, $proxy2use); I know that *after* I curl_exec() i can find out if the proxy resolved or not with curl_errno() (it would return 5) but it seems that if it does fail to resolve, it will default to the users IP This is not acceptable ;-) I already check that the proxy is up and i can connect to it prior to running my curl function, but if the proxy still doesnt resolve, how might i prevent the curl function form executing? You may want to try this HTTP client class instead. It supports requests via proxies and does not use Curl. http://www.phpclasses.org/httpclient -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
Hi, > You can win a free pass to take the exam by being the first to solve this > puzzle: > > http://shiflett.org/archive/55 Which part on this page is the puzzle? -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] what syntax error are they talking about?
I need help understand the error following message I got. The related
script is below. I also have a separate question about dots that
appear in the script. I am using Julie Meloni's PHP Essentials 2nd
Edition to learn the language, and this is taken from page 119.
(I was trying to create a new table with 4 fields to store userids and
passwords. I used the same script successfully to create a different
table and am confused why it is not working this time.)
Error message:
"You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near '(20),username text (10),password varchar (10))' at line 1"
A separate question:
What is the meaning of the "." on each end of the
".$_POST[field_length][$i]." ?
Here's the relevant part of the script:
$sql = "create table $_POST[table_name] (";
//to create the fields you specified in Step 2
//create loop to populate the remainer of the sql statement
for ($i =0;$i < count($_POST[field_name]); $i++) {
$sql .= $_POST[field_name][$i]." ".$_POST[field_type][$i];
if ($_POST[field_length][$i] != "") {
$sql .= " (".$_POST[field_length][$i]."),";
} else {
$sql .= ",";
}
}
$sql = substr($sql, 0, -1);
//close the SQL statement
$sql .= ")";
$conn = mysql_connect("localhost", "userid", "password") or
die(mysql_error());
$db = mysql_select_db ("aroDB", $conn) or die(mysql_error());
$sql_result = mysql_query($sql, $conn) or die(mysql_error());
if ($sql_result) {
echo "$_POST[table_name] has been created.";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Question (from Chris's OSCON 2004 talk)
On Friday 01 October 2004 00:59, Pablo Gosse wrote: > When talking about protecting database credentials, Chris mentions > creating a file (readable only by root) with the following: > > SetEnv DB_USER "myuser" > SetEnv DB_PASS "mypass" > > and then using this: > > Include "/path/to/secret-stuff" > > in the httpd.conf file such that they show up in your $_SERVER array. > > I assume that the include directive would be declared inside the section > of the httpd.conf file which defines everything for my site? This is > probably a stupid question but I want to make sure of what I'm asking my > hosting provider before I send my email. You can also have the following inside your virtual hosts containers: php_value mysql.default_host localhost php_value mysql.default_user db_user_name php_value mysql.default_password db_passwd Then simply use: $link = mysql_connect(); to connect to your database. Obviously your host should make sure httpd.conf is readable only by root. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Grelb's Reminder: Eighty percent of all people consider themselves to be above average drivers. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Suggestion for "IN()"
I'm sure I'll be flamed for this, but it seems to me that there should be a
shortcut way to write:
If ($a == 1 || $a == 4 || $a == 20 || ...) {}
To something more like what SQL has...
If ( $a IN(1,4,20,...) ) {}
And same with the very helpful SQL BETWEEN 'function'.
Instead of
If ($a > 1 && $a < 20) {}
Why not
If ($a BETWEEN (1,20)) {}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Zend PHP Certification test
[snip] > You can win a free pass to take the exam by being the first to solve this > puzzle: > > http://shiflett.org/archive/55 Which part on this page is the puzzle? [/snip] The clock. BEWARE - real time eater-upper! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] what syntax error are they talking about?
[snip] Error message: "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '(20),username text (10),password varchar (10))' at line 1" [/snip] We'd have to see the whole query. Can you echo $sql and give us the whole thing? [snip] A separate question: What is the meaning of the "." on each end of the ".$_POST[field_length][$i]." ? [/snip] Those are concatenation operators. If I say foo . bar it becomes foobar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Suggestion for "IN()"
[snip]
I'm sure I'll be flamed for this, but it seems to me that there should
be a
shortcut way to write:
If ($a == 1 || $a == 4 || $a == 20 || ...) {}
To something more like what SQL has...
If ( $a IN(1,4,20,...) ) {}
And same with the very helpful SQL BETWEEN 'function'.
Instead of
If ($a > 1 && $a < 20) {}
Why not
If ($a BETWEEN (1,20)) {}
[/snip]
You could write a function and share it with the rest of us!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Suggestion for "IN()"
you could try in_array()
if (in_array(1,2,3,4,5), 6)
On Thu, 2004-09-30 at 22:10, Daevid Vincent wrote:
> I'm sure I'll be flamed for this, but it seems to me that there should be a
> shortcut way to write:
>
> If ($a == 1 || $a == 4 || $a == 20 || ...) {}
>
> To something more like what SQL has...
>
> If ( $a IN(1,4,20,...) ) {}
>
> And same with the very helpful SQL BETWEEN 'function'.
>
> Instead of
>
> If ($a > 1 && $a < 20) {}
>
> Why not
>
> If ($a BETWEEN (1,20)) {}
--
http://cosminb.blogspot.com/
c3f7bc9d7683857572da3d1fa3d31af17bde4ebbc5c0f0dc2b7f6f
RE: [PHP] Zend PHP Certification test
--- Dan Joseph <[EMAIL PROTECTED]> wrote: > Hi, > > > You can win a free pass to take the exam by being the first to > solve this > > puzzle: > > > > http://shiflett.org/archive/55 > > Which part on this page is the puzzle? Maybe that's the puzzle... :^) > > -Dan Joseph > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > = Mark Weinstock [EMAIL PROTECTED] *** You can't demand something as a "right" unless you are willing to fight to death to defend everyone else's right to the same thing. *** __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Suggestion for "IN()"
On Friday 01 October 2004 03:10, Daevid Vincent wrote:
> I'm sure I'll be flamed for this, but it seems to me that there should be a
> shortcut way to write:
>
> If ($a == 1 || $a == 4 || $a == 20 || ...) {}
>
> To something more like what SQL has...
>
> If ( $a IN(1,4,20,...) ) {}
in_array() or make your own IN() function.
> And same with the very helpful SQL BETWEEN 'function'.
>
> Instead of
>
> If ($a > 1 && $a < 20) {}
>
> Why not
>
> If ($a BETWEEN (1,20)) {}
Ditto, make your own BETWEEN() function.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Please don't put a strain on our friendship by asking me to do something
for you.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] refresh page automaticly on PHP
or u can use this method from JS You could refresh the page in various ways 1- make a rerequest to the server to give u the same page again: using the PHP Header function. 2-using the html Header refresh tag 3-Java Script to reload the document Since the 1st and 2nd methods are discussed in the earlier posts I'll show another way of doing it by Javascript. This is useful if you're using a templated based markup rendering to replace ur Head JS tags or Body JS tags. Javascript redirection and reloading is done as the following: -if u want to reload the page after showing the page write this in body tag echo " location.reload();"; -if u want to reload the page the moment the page is requested then do this in the head tag echo " window.onload = location.reload(); "; Hope this is usefull. On Thu, 30 Sep 2004 09:32:50 -0700 (PDT), Chris Shiflett <[EMAIL PROTECTED]> wrote: > --- welly limston <[EMAIL PROTECTED]> wrote: > > how to make my page refresh automaticly? > > You can use a Refresh header: > > Refresh: 3; url=http://example.org/ > > > Can i use PHP function? > > http://www.php.net/header > > Hope that helps. > > Chris > > = > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly HTTP Developer's Handbook - Sams > Coming December 2004http://httphandbook.org/ > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- M.Saleh.E.G Web Developer www.buzinessware.com 97150-4779817 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Suggestion for "IN()"
...sorry, that should have been
if (in_array(array(1,2,3,4), 6))
On Thu, 2004-09-30 at 22:10, Daevid Vincent wrote:
> I'm sure I'll be flamed for this, but it seems to me that there should be a
> shortcut way to write:
>
> If ($a == 1 || $a == 4 || $a == 20 || ...) {}
>
> To something more like what SQL has...
>
> If ( $a IN(1,4,20,...) ) {}
>
> And same with the very helpful SQL BETWEEN 'function'.
>
> Instead of
>
> If ($a > 1 && $a < 20) {}
>
> Why not
>
> If ($a BETWEEN (1,20)) {}
--
c3f7bc9d7683857572da3d1fa3d31af17bde4ebbc5c0f0dc2b7f6f
[PHP] Stored procedures in Mysql
Hi folks, I wonder whether Mysql supports procedures and triggers :? /sagar
Re: [PHP] Images in PHP and MySQL
HEre is a question that I have been wondering about:
- Does the image file use more space in the db or as a file itself
(Do Not count the extra data that one would store in the db along with
the image... ie. ID number)
Thanks
On Thu, 30 Sep 2004 09:55:30 -0700, Jasper Howard <[EMAIL PROTECTED]> wrote:
> If you're uploading a file then you can make a script that reads the
> temp file into the database (otherwise you need to muck around with
> image functions and I'm not the one to ask about that), something
> like:
>
> $image = mysql_escape_string(fread(fopen($_FILES['file']['tmp_name'],
> "r"), filesize($_FILES['file']['tmp_name'])));
>
> Then you just put $image in the db under a BLOG field type. This is
> what I did when I needed to save some images to a db and it seemed to
> work fine. Make sure you save the file type to the database so you can
> display the image properly. When you are ready to display an image,
> just create the html for an image and set the source to a php script
> that will output the image:
>
>
>
> And in the display_image.php script do something like this:
>
> ...DB QUERY...
>
> $type = $row['file_type'];
> $dfile = $row['file_data'];
> header("Content-Type: $type");
> header("Content-Disposition: filename=".basename($dfile).";");
> header("Content-Length: ".filesize($dfile));
> readfile("$dfile");
> exit;
> ?>
>
> That code was modified a bit from its origional function (forcing
> download of the file) but I think it should just work, but there's
> always the chance I messed it up somehow.
>
> hope that works for someone,
> -Jasper Howard
>
>
>
>
> On Mon, 27 Sep 2004 19:05:16 -0500, Jim Grill <[EMAIL PROTECTED]> wrote:
> > > 1) there is no need to fiddle with directory permissions to write images.
> > > 2) if the content is sensitive you have the added security of the database
> > > password (and the fact that the database is ususally not directly
> > > accessible).
> > > 3) a mysqldump gives a backup of all images along with other persistent
> > data
> > >
> > > Other disadvantages follow:
> > > 1) excessive load on the server for loading each image
> > > 2) the load mentioned above causes a slow down in the script
> > > 3) images usually need to be written to file before using GD for
> > > manipulation, inclusion in PDFs, etc.
> > >
> > That's a very good list.
> >
> > I just wanted to pipe in on this one thing:
> >
> > "3) images usually need to be written to file before using GD for
> > manipulation, inclusion in PDFs, etc."
> >
> > There is actually a function for this: imagecreatefromstring()
> >
> > I'll don't want to touch the rest of this topic though. :-)
> >
> > Jim Grill
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> <<
> Jasper Howard - Database Administration
> ApexEleven.com
> 530 559 0107
> --->>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: cURL and Proxy Servers
* and then Manuel Lemos declared > You may want to try this HTTP client class instead. It supports requests > via proxies and does not use Curl. > > http://www.phpclasses.org/httpclient Hmmm.. good point Manuel, i have seen the class, in fact it was the original way i /was/ going to build the script. Wouldnt be hard to rip out the cURL function and replace it with an http method, thanks... -- Nick W -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
