Re: [PHP] Re: [users@httpd] Favorite Linux Distribution
I would agree with the Mandrake recommendation. I first installed it a few years back, to help me get started in the Linux/Unix world, and had very little trouble with it. It's hardware recognition has always been very impressive. Since first installing Mandrake, I have often thought I should 'grow up' and try a more serious distribution, but I always end up coming back. Being Mandrake, it's as easy as you want to configure stuff, and being Linux, it's also as hard as you want. I've rarely had dependency problems, but then I don't really go in for exotic configurations. On 8 Feb 2005, at 08:21, [EMAIL PROTECTED] wrote: Pretty difficult question as it's a question of taste :-) If your are new to linux and want to keep your windows (dual-boot), Mandrake would be my advice: in a class with users without experience of linux, they all have been able to install Mandrake (10.1) dual booting windows without a problem in -/+ 2 hours. I also have it on my laptop since 2/3 years now and it works pretty well Fedora Core is really nice, but if I'm not wrong, there is no possibility in the graphical installation to redimension your windows partition (by the way always do a backup and a defrag before) gaël The Disguised Jedi <[EMAIL PROTECTED]> wrote on 08/02/2005 00.25.28: Hello all - I've been a list member for a while, helped out some people, and asked some questions. But, today I have a completely off topic, but somewhat relevant question for y'all. What is your favorite Linux distribution? What would you recommend for my situation? I'm brand new to Linux. I'm just trying to learn how it works, but I think I'll catch on quick. I'm looking for the one with the most capability, and also one to run my development instance of Apache 2.0 on. I've been looking at either RedHat or Fedora. Is this a good choice? I'm truly drawing a blank, and I've searched Google, but never really found anything extremely useful. Please help me, an old Windows veteran, escape the Microsoft box! Thanks a ton!! -- The Disguised Jedi [EMAIL PROTECTED] PHP rocks! "Knowledge is Power. Power Corrupts. Go to school, become evil" Disclaimer: Any disclaimer attached to this message may be ignored. This message is Certified Virus Free - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Highlighting a stored value as 'selected'
Is there an easier way to display/highlight the value stored in the database for a select option? Such as: Stored value is 'center'. The statement is: print ''; print 'Left'; print 'Center'; print 'Right'; print ''; I can have 3 sets of the above tied to 'if's but would rather ask for an easier or better way. Thanks in advance. Alp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
Greg Donald wrote: On Mon, 07 Feb 2005 22:25:46 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I think this is an extraordinary (and unjustified) level of paranoia. cat /dev/mem | strings | egrep "^[0-9]+$" cat: /dev/mem: Permission denied :) You need root access. If anyone gains root on your providers server, he has simpler ways to find the CCNs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
Marek Kilimajer wrote: Greg Donald wrote: On Mon, 07 Feb 2005 22:25:46 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I think this is an extraordinary (and unjustified) level of paranoia. This was aimed at me. I personally wouldn't touch a CCN with a barge pole, I did say it was 'best' not to accept them at all, although accepting them and immediately passing them on via an SSL link (e.g. with cURL) is probably 'good enough' - at least, apparently, 10,000s of merchant seem to think so. cat /dev/mem | strings | egrep "^[0-9]+$" nice bit of magic tho, Greg :-) cat: /dev/mem: Permission denied :) You need root access. If anyone gains root on your providers server, he has simpler ways to find the CCNs getting root is often quite trivial for anyone with a fair bit of knowledge & determination, mostly because for alot of vulnerabilities there are 'make'n'run' exploits which any numpty can use. besides which anyone ever here of 'an inside job' - i.e. when the CCNs go wandering from your DB/encrypted zipfile/index.html, its the sysadmin who you should be looking at first (e.g. its often alot easier to bribe a sysadmin than it is to hack into a server). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Highlighting a stored value as 'selected'
Hello Alp
Try something like,
'left',
'center' => 'center',
'right' => 'right');
function drop($array,$sel_name='',$sel_field='',$css=''){
$dropdown = "\n";
foreach($arr as $key => $val){
$sel = ($sel_field == $key)?' selected="selected"':'';
$dropdown .= "\t".''.$val.''."\n";
}
$dropdown .= "\n";
return $dropdown;
}
usage:
echo drop($db_fields,'test_select','center');
?>
HTH
Jarratt
On Tue, 8 Feb 2005 17:14:24 +0800, Alp <[EMAIL PROTECTED]> wrote:
> Is there an easier way to display/highlight the value stored in the database
> for a select option? Such as:
> Stored value is 'center'. The statement is:
> print '';
> print 'Left';
> print 'Center';
> print 'Right';
> print '';
>
> I can have 3 sets of the above tied to 'if's but would rather ask for an
> easier or better way.
>
> Thanks in advance.
>
> Alp
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] timestamp problem?
First of all, hello everybody,
I am having some problems generating timestamps.
I have a simple application, the user selects a month, a day and a year
and submits
it's data.
Now, I want that date to be stransformed into a unixtimestamp. To do
that
I use strtotime('m/d/y') for 01 January 2011 it would be:
strtotime('01/01/2011')
Now, a fiew days ago, the timestamp generated by this was: 129384
After a hardware failure, I reinstalled my linux with the same
settings...
now, a timestap of 01/01/2011 is returned as: 1293832800
What am I doing wrong?
# ls -al /etc/localtime
lrwxrwxrwx 1 root root 36 Feb 7 19:54 /etc/localtime ->
/usr/share/zoneinfo/Europe/Bucharest
# date
Tue Feb 8 13:29:15 EET 2005
# echo $TZ
Europe/Bucharest
#
Also mktime generates the second timestamp ...damn, I really don't know
why there are two different
timestamps for the same date.
--
Stefan, a simple CRUX Linux user.
Linux registered user: #272012
[Linux is Friendly. It's just selective about who his friends are.]
--
This message was scanned for spam and viruses by BitDefender
For more information please visit http://linux.bitdefender.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] reading/writing files outside of web root
Hi All, I am revisiting a previous question posted here as after lots of investigation and code testing I cannot get what I want. I want to use PHP to read/write files that are outside of the web root and not owned by apache. To be specific... $HOME/.procmailrc $HOME/.spamassassin/user_prefs .procmailrc must be owned by root.root and chmod'd to 600 or is does not work, user_prefs can be owned by anyone, it does not seem to care who or what the permissions are. The first problem is .procmailrc, someone on this list suggested to use chown/chmod in PHP to change the file so it can be read/written to by PHP, this I soon realized was not an option as the file owned by root cannot be changed. For some reason user_prefs will not open for read/write even when I tested it under apache.apache and chmod'd to 755, perhaps because /home is owned by root? So my question is can I easily/safely edit files outside of the web root using PHP or is there a 3rd party command line tool to do this? TIA --- Phil Ewington 43 Plc - Ashdale House 35 Broad Street, Wokingham Berkshire RG40 1AU T: +44 (0)1189 789 500 F: +44 (0)1189 784 994 E: mailto:[EMAIL PROTECTED] W: www.soyouthink.com -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading/writing files outside of web root
On Tuesday 08 February 2005 20:50, Phil Ewington - 43 Plc wrote: > So my question is can I easily/safely edit files outside of the web > root using PHP or is there a 3rd party command line tool to do this? Your real question is: "can I easily/safely edit files that [the user running] PHP has no access to, using PHP?" -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading/writing files outside of web root
Phil Ewington - 43 Plc wrote: Hi All, I am revisiting a previous question posted here as after lots of investigation and code testing I cannot get what I want. I want to use PHP to read/write files that are outside of the web root and not owned by apache. To be specific... $HOME/.procmailrc $HOME/.spamassassin/user_prefs .procmailrc must be owned by root.root and chmod'd to 600 or is does not work, user_prefs can be owned by anyone, it does not seem to care who or what the permissions are. The first problem is .procmailrc, someone on this list suggested to use chown/chmod in PHP to change the file so it can be read/written to by PHP, this I soon realized was not an option as the file owned by root cannot be changed. For some reason user_prefs will not open for read/write even when I tested it under apache.apache and chmod'd to 755, perhaps because /home is owned by root? So my question is can I easily/safely edit files outside of the web root using PHP or is there a 3rd party command line tool to do this? you can run PHP on the command line as root. you can also use sudo to allow your script to run as root if run by another user. you can call 'shell' commands (e.g. your command line php script via sudo) from inside php (e.g. a script run via a webserver). your webscript would act as a frontend to the cmdline script that runs as root... feeding it the required data. maybe that bit of freethought gives you some ideas as to how to tackle the problem? alternatively you can have your script work on a copy of .procmailrc and have a cronjob check that file periodically for changes (and correct syntax) and if changed replace the actual file. obviously you webscript frontend will need to be well secured however you decide/manage to solve the problem! doing it right won't be a piece of cake me thinks (based on my own experience of web security and the mailings on internals@ of late, mainly by Rasmus, which very much give the impression that securing a web app properly is some what beyond hard :-) ...cue new request filter extension.) TIA --- Phil Ewington 43 Plc - Ashdale House 35 Broad Street, Wokingham Berkshire RG40 1AU T: +44 (0)1189 789 500 F: +44 (0)1189 784 994 E: mailto:[EMAIL PROTECTED] W: www.soyouthink.com -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading/writing files outside of web root
On Tue, 8 Feb 2005 12:50:59 -, Phil Ewington - 43 Plc <[EMAIL PROTECTED]> wrote: > So my question is can I easily/safely edit files outside of the web root > using PHP or is there a 3rd party command line tool to do this? sudo can assist you with this task. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
On Tue, 08 Feb 2005 03:14:43 +0100, Niels <[EMAIL PROTECTED]> wrote: > I'm doing an intranet website for managing users. I need to be able to > change passwords, move files and folders around and that kind of thing. > What is the best way? sudo can assist you with this task. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [users@httpd] Favorite Linux Distribution
This question is as much about politics, and religion, as it is technical. I like mandrake, but I haven't used a distro yet, in which everything 'just worked'. Each distro I tried had some bug in it. Can't remember what they were, and they were easly circumvented, but if you don't know much about Linux, then it may not be the best choice. I haven't tried ubuntu yet, but if you can get it installed okay, it will probably pay off on the long run, since it is backed by the strength, and power of Debian. That means that you can use the same apt system as is used by debian for your package management. Mandrake does have urpmi, which makes package management much easier than it is in Fedora, SuSE, or any other rpm(redhat) based distro, but I think you should know a bit about Linux, before venturing into what is, if we're going to be honest about it, a buggy operating system. I haven't tried it myself(costs money), but if I were starting again, I might give Xandros a try. Make sure that whatever you do, that you choose one that has a reputation for being newbie friendly. On Tue, 8 Feb 2005 09:26:21 +0100, Gareth Williams <[EMAIL PROTECTED]> wrote: > > I would agree with the Mandrake recommendation. > > I first installed it a few years back, to help me get started in the > Linux/Unix world, and had very little trouble with it. It's hardware > recognition has always been very impressive. Since first installing > Mandrake, I have often thought I should 'grow up' and try a more > serious distribution, but I always end up coming back. Being Mandrake, > it's as easy as you want to configure stuff, and being Linux, it's > also as hard as you want. I've rarely had dependency problems, but > then I don't really go in for exotic configurations. > > > On 8 Feb 2005, at 08:21, [EMAIL PROTECTED] wrote: > > > Pretty difficult question as it's a question of taste :-) > > > > If your are new to linux and want to keep your windows (dual-boot), > > Mandrake would be my advice: in a class with users without experience > > of > > linux, they all have been able to install Mandrake (10.1) dual booting > > windows without a problem in -/+ 2 hours. I also have it on my laptop > > since 2/3 years now and it works pretty well > > Fedora Core is really nice, but if I'm not wrong, there is no > > possibility > > in the graphical installation to redimension your windows partition (by > > the way always do a backup and a defrag before) > > > > gaël > > > > The Disguised Jedi <[EMAIL PROTECTED]> wrote on 08/02/2005 > > 00.25.28: > > > >> Hello all - > >> > >> I've been a list member for a while, helped out some people, and asked > >> some questions. But, today I have a completely off topic, but > >> somewhat relevant question for y'all. > >> > >> What is your favorite Linux distribution? What would you recommend > >> for my situation? > >> > >> I'm brand new to Linux. I'm just trying to learn how it works, but I > >> think I'll catch on quick. I'm looking for the one with the most > >> capability, and also one to run my development instance of Apache 2.0 > >> on. > >> > >> I've been looking at either RedHat or Fedora. Is this a good choice? > >> I'm truly drawing a blank, and I've searched Google, but never really > >> found anything extremely useful. Please help me, an old Windows > >> veteran, escape the Microsoft box! > >> > >> Thanks a ton!! > >> > >> -- > >> The Disguised Jedi > >> [EMAIL PROTECTED] > >> > >> PHP rocks! > >> "Knowledge is Power. Power Corrupts. Go to school, become evil" > >> > >> Disclaimer: Any disclaimer attached to this message may be ignored. > >> This message is Certified Virus Free > >> > >> - > >> The official User-To-User support forum of the Apache HTTP Server > > Project. > >> See http://httpd.apache.org/userslist.html> for more info. > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>" from the digest: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
On 8 Feb 2005 Jochem Maas wrote: > This was aimed at me. I personally wouldn't touch a CCN with a barge pole, > I did say it was 'best' not to accept them at all, although accepting them and > immediately passing them on via an SSL link (e.g. with cURL) is probably > 'good enough' - at least, apparently, 10,000s of merchant seem to think so. That was my point. Also you personally might not want to deal with them -- but would you always advise a client who hired you to develop a web site the same way? Or would it depend on their needs and concerns and the functions of the site? > >> cat /dev/mem | strings | egrep "^[0-9]+$" > > nice bit of magic tho, Greg :-) I agree, but to me the issue here is these two views: - "I have analyzed the need to accept credit cards and the risks of doing so. The risks are too great compared to the value so I will not accept credit card numbers on my site". - "I can imagine a way someone could gain access to them so I will not accept credit card numbers on my site." The latter is being confused with the former. The latter, to me, is not a good reaosn. The former is. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using
Hello, all -
Being still fairly new to PHP, I thought I'd ask a few more questions
and get on to the right track here, developing correct coding habits
before I start to teah myself incorrect habits.
One of my biggest questions is how to go about writing an application
that uses a single file, i.e. all my html ACTION='s would go to, pretty
much, $_SERVER['PHP_SELF'].
From what I understand, I make a flat file (flat, as in, not using OOP
at this time), and then make one large procedural flow, flipping
"triggers" at various points to tell the script at which "stage" it's
at, something like the following:
if ($a = 1) {
// do first thing
} elseif ($a = 2) {
// do second thing
} elseif ($a = 3) {
// do final thing
}
Now, that all makes sense, but I'm wondering if it's the "correct" thing
to do, or would I be better off swapping out "// do x thing" for a
require() function to split things up into different files, calling a
different set appropriate for the "step" that we are on.
This may sound like a silly question, but like I said, I feel that I
should get myself off on the right foot as I start to do stuff that is
more infolved.
Any feedback would be greatly appreciated.
Best Regards
-Dan Trainor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using
[snip] ...stuff... [/snip] This is really a broad request, and you'll get as many opinions as there are posters. Instead of IFs you may want to use a SWITCH (http://www.php.net/switch). Why do you want to do the application all in one file? Is it small enough to be justified? Place common functions in an included file. Comment all of your code. Comment some more. Write a flowchart before you write even one line of code. Read an entire book on basic programming practices. Edit your flowchart. Then write some code and test. Eat lunch. Write some more code and test. Modify your flowchart. Read some more. Read each and every post to this list. Spend some time with the manual. You can use OOP in a single file application. Eat dinner. Take a nap. Look at your flowchart and make changes where needed. Add comments to the code when you change a section. Have fun, and when you get stuck and cannot find the answer in TFM or on TFW or in TFA send a specific request to the list and we'll all be glad to help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
[EMAIL PROTECTED] wrote: On 8 Feb 2005 Jochem Maas wrote: This was aimed at me. I personally wouldn't touch a CCN with a barge pole, I did say it was 'best' not to accept them at all, although accepting them and immediately passing them on via an SSL link (e.g. with cURL) is probably 'good enough' - at least, apparently, 10,000s of merchant seem to think so. That was my point. Also you personally might not want to deal with them -- but would you always advise a client who hired you to develop a web site the same way? Or would it depend on their needs and concerns and the functions of the site? I refuse to touch CCNs purely because I can't afford that kind of liability, unless the client signs a complete waiver (funnily enough they don't like to do that) cat /dev/mem | strings | egrep "^[0-9]+$" nice bit of magic tho, Greg :-) I agree, but to me the issue here is these two views: - "I have analyzed the need to accept credit cards and the risks of doing so. The risks are too great compared to the value so I will not accept credit card numbers on my site". - "I can imagine a way someone could gain access to them so I will not accept credit card numbers on my site." The latter is being confused with the former. The latter, to me, is not a good reaosn. The former is. don't agree - I'd rather be cautious on a hunch, especially given that I have no means to personally verify the risk other than in terms of total financial ruin if a real problem occurs even once. besides its a moot point there is no need to handle creditcard info in 99.999% of all cases (the rest being covered by amazons,paypals,etc) This may only be a php mailing list but there are still alot of pretty clever people here and they are all shouting 'run away from the CCNs' - I doubt they are trying to trick you out of business. besides checkout any crypto mailing list or serious security sites and the premise is confirmed. but hey if you have to handle them be prepared I guess. and don't store them anywhere but RAM. and them get rid of them asap... then again there are +-2billion people with limited/no access to running water... maybe we shouldn't blow the CCN thing out of proportion :-/ -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Favorite Linux Distribution
> -Original Message- > From: The Disguised Jedi [mailto:[EMAIL PROTECTED] > Sent: Monday, February 07, 2005 5:25 PM > To: PHP General List; users@httpd.apache.org > Subject: [PHP] Favorite Linux Distribution > > > Hello all - > > I've been a list member for a while, helped out some people, > and asked some questions. But, today I have a completely off > topic, but somewhat relevant question for y'all. > > What is your favorite Linux distribution? What would you > recommend for my situation? > > I'm brand new to Linux. I'm just trying to learn how it > works, but I think I'll catch on quick. I'm looking for the > one with the most capability, and also one to run my > development instance of Apache 2.0 on. > > I've been looking at either RedHat or Fedora. Is this a good choice? > I'm truly drawing a blank, and I've searched Google, but > never really found anything extremely useful. Please help > me, an old Windows veteran, escape the Microsoft box! > > Thanks a ton!! > > -- > The Disguised Jedi > [EMAIL PROTECTED] > > PHP rocks! > "Knowledge is Power. Power Corrupts. Go to school, become evil" > This is one of those questions were you can ask 100 people and get 102 answers. I have recently found the joys of slackware linux. It has been the most stable performer of the 10+ distributions I have tried. Plus it has a totally smooth logo (how can you beat a penguin with a pipe?) Check it out at http://www.slackware.org I would stay away from the Fedora Core territory as they seem to be headed into the auto-magic windows-esque area. Jesse R. Castro Happy Mardi Gras -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [users@httpd] Favorite Linux Distribution
On Tue, 8 Feb 2005 14:19:38 +, Rory Browne <[EMAIL PROTECTED]> wrote: > This question is as much about politics, and religion, as it is technical. In all my years of attending Church I never once heard anyone discussing Linux. Must be a denominational thing. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using
Jay Blanchard wrote: [snip] ...stuff... [/snip] This is really a broad request, and you'll get as many opinions as there are posters. Instead of IFs you may want to use a SWITCH (http://www.php.net/switch). Why do you want to do the application all in one file? Is it small enough to be justified? Place common functions in an included file. Comment all of your code. Comment some more. Write a flowchart before you write even one line of code. Read an entire book on basic programming practices. Edit your flowchart. Then write some code and test. Eat lunch. Write some more code and test. Modify your flowchart. Read some more. Read each and every post to this list. Spend some time with the manual. You can use OOP in a single file application. Eat dinner. Take a nap. Look at your flowchart and make changes where needed. Add comments to the code when you change a section. Have fun, and when you get stuck and cannot find the answer in TFM or on TFW or in TFA send a specific request to the list and we'll all be glad to help. I don't know, I just always thought of it as "clean" to write an application inside of a single file itself. While I'm still fairly new to procedural programming, this may not be the proper way to do things. I've used switch statements to do this, which I've found to work quite well - but again, I ust didn't know if this was common or correct. I know that this could be split a million different ways, but those million different ways we what I am after. I'd like to find a way that is both easy and useful for me to use, as well as a way that may conform to some sort of standard. Sorry for the dumb topic, I sent the mail before I finished the subject, and didn't feel like spamming others with more mail for a simple mistake such as that. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using
Dan Trainor wrote:
Hello, all -
Being still fairly new to PHP, I thought I'd ask a few more questions
and get on to the right track here, developing correct coding habits
before I start to teah myself incorrect habits.
One of my biggest questions is how to go about writing an application
that uses a single file, i.e. all my html ACTION='s would go to, pretty
much, $_SERVER['PHP_SELF'].
From what I understand, I make a flat file (flat, as in, not using OOP
at this time), and then make one large procedural flow, flipping
"triggers" at various points to tell the script at which "stage" it's
at, something like the following:
if ($a = 1) {
// do first thing
} elseif ($a = 2) {
// do second thing
} elseif ($a = 3) {
// do final thing
}
Now, that all makes sense, but I'm wondering if it's the "correct" thing
to do, or would I be better off swapping out "// do x thing" for a
require() function to split things up into different files, calling a
different set appropriate for the "step" that we are on.
This may sound like a silly question, but like I said, I feel that I
should get myself off on the right foot as I start to do stuff that is
more infolved.
for a 'newbie' you state a decent 'plan' - thats good. there is nothing
intrinsically wrong with your approach but it may become a bottleneck when
you applications start to grow, that is the main reason for trying to
split code up into modules/files/whatever.
again there is nothing wrong with a purely procedural approach as apposed
to OO. both methods allow you to create spaghetti if you want ;-).
a few tips (maybe):
1. dont let you files get too long - it makes them difficult to read
2. get religious about CS (coding standards), decide upon a CS for yourself
and stick to it - it make code easier to read. http://pear.php.net is a good
place
to get ideas on CS
3. focus on readability and maintainability - let speed be a secondary
concern (at least for now)
4. don't get too hung up on webapplication paradigms
(front-controller,MVC,whatever), but look at what other people do also.
(try http://phppatterns.net and http://sitepoint.com for more info on those)
5. take time to think about _your_ application structure, and how you would
logically break it apart.
6. tackle one piece at a time.
7. let others review your code if you can (that's not an invite to post
your complete codebase to the list ;-).
8. if your code works, it works, right? who is to say your way is incorrect.
9. break it down, break it down. keep the bits of code managable that one
reason I prefer OO - I find it much easier (& neater) to encapsulate
functionality
into a class that a function (or set of functions).
10. nearly all of is personal preference, most of the rest is ReadingTheManual
and being consistent in your coding practices/style (at least within the scope
of a single project - you practices/style will adapt/mutate as time goes by).
11. and the eleventh commandment: COMMENT YOUR CODE (maybe check out
phpDocumentor).
I dare you to try for 50%comments/50%code, it does not matter how 'bad' the
code is
if its that well commented anyone should be able to maintain/change it - thats
a good thing - especially when the anybody is you 18months from now :-).
Any feedback would be greatly appreciated.
Best Regards
-Dan Trainor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Using
[snip] >Is it small enough to be justified? I don't know, I just always thought of it as "clean" to write an application inside of a single file itself. While I'm still fairly new to procedural programming, this may not be the proper way to do things. [/snip] A. It's not a dumb topic, just very broad. 2. Again, using a single file is OK if the size does not get out of hand. Otherwise it becomes a management issue. III. 'Proper', 'correct' and anything such as this is not applicable really in PHP because there are so many ways to solve a problem (read the archives and you'll see) such as your use of a giant nested IF to do the same thing a SWITCH. If I ask you to add 1 to any number you might do (provided we know that $a is numeric)... $a = $a + 1; I might do $a++; Is one better? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] timestamp problem?
On Tuesday 08 February 2005 19:30, Balu Stefan wrote:
> Also mktime generates the second timestamp ...damn, I really don't know
> why there are two different
> timestamps for the same date.
A few of PHP's date/time functions take into account the local time zone
of the server.
So:
> I use strtotime('m/d/y') for 01 January 2011 it would be:
> strtotime('01/01/2011')
> Now, a fiew days ago, the timestamp generated by this was: 129384
means your original setup had the server set to UTC because:
echo strtotime('1st Jan 2011 UTC'); // 129384
Now
> After a hardware failure, I reinstalled my linux with the same
> settings...
> now, a timestap of 01/01/2011 is returned as: 1293832800
> What am I doing wrong?
Suggests that your server is now set to a timezone that is UTC+0200
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
New Year Resolution: Ignore top posted posts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
On 8 Feb 2005 Jochem Maas wrote: > don't agree - I'd rather be cautious on a hunch, especially given that I > have no means to personally verify the risk other than in terms of total > financial ruin if a real problem occurs even once. besides its a moot point > there is no need to handle creditcard info in 99.999% of all cases > (the rest being covered by amazons,paypals,etc) Well OK, there is no urgent *need*. But accepting credit cards is a valid and useful approach for many sites. The worst-case imagined distasters do not make this less true. I cannot verify in advance that a car driven by a drunk driver will not drive down my street at the moment I walk out of the house, hit me on the sidewalk, and kill me. I do not *need* to leave my house in most cases, I could order almost everything I need to be delivered. But it still does not make sense to stay in the house all the time (and there are other dangers there anyway). The possibility of catastrophic consequences which you cannot control is not a reason to always opt for the most cautious possible approach. However I would agree it is a reason to thoughtfully assess the risks and make a choice. > then again there are +-2billion people with limited/no access to running > water... > maybe we shouldn't blow the CCN thing out of proportion :-/ Good point. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Problem using return from a class.
I am having a really odd problem. I have a class and if I do a return nothing is returned. If I do an echo of the variable that is being returned I can see it so there is something to return. Is there some strange bug in PHP? Ben -- Ben Edwards - Poole, UK, England If you have a problem sending me email use this link http://www.gurtlush.org.uk/profiles.php?uid=4 (email address this email is sent from may be defunct) -- Ben Edwards - Poole, UK, England If you have a problem sending me email use this link http://www.gurtlush.org.uk/profiles.php?uid=4 (email address this email is sent from may be defunct) signature.asc Description: This is a digitally signed message part
Re: [PHP] Storing CCN's Again...
I AM going to accept CC's on my site. I am NOT going to store them anywhere... and I DO think the original question is valid. If a hacker is able to gain root access they may be able to obtain a CCN from memory on my server... Perhaps a hacker breaks into a number of sites and harvests 1 or 2 numbers from each a day... It is not nearly as bad as having someone get full access to all the CCN's you have stored in DB (if you were dumb enough to do that), but it could still cause lots of problems... So, it doesn't seem like anyone is aware of a way to make PHP paranoid about such things... Perhaps their is a lower level way to get linux to scrub an address space when a process exits? I will google On Tue, 08 Feb 2005 10:57:16 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On 8 Feb 2005 Jochem Maas wrote: > > > don't agree - I'd rather be cautious on a hunch, especially given that I > > have no means to personally verify the risk other than in terms of total > > financial ruin if a real problem occurs even once. besides its a moot point > > there is no need to handle creditcard info in 99.999% of all cases > > (the rest being covered by amazons,paypals,etc) > > Well OK, there is no urgent *need*. But accepting credit cards is a > valid and useful approach for many sites. The worst-case imagined > distasters do not make this less true. > > I cannot verify in advance that a car driven by a drunk driver will not > drive down my street at the moment I walk out of the house, hit me on > the sidewalk, and kill me. I do not *need* to leave my house in most > cases, I could order almost everything I need to be delivered. But it > still does not make sense to stay in the house all the time (and there > are other dangers there anyway). > > The possibility of catastrophic consequences which you cannot control > is not a reason to always opt for the most cautious possible approach. > However I would agree it is a reason to thoughtfully assess the risks > and make a choice. > > > then again there are +-2billion people with limited/no access to running > > water... > > maybe we shouldn't blow the CCN thing out of proportion :-/ > > Good point. > > -- > Tom > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] excel -> ( csv -> ) mysql ?!?
Hi to all!
Have to create a script to select excel file and store info from the
file in existing table (mysql).
After some research found the best way will be save excel (xls) file as
csv comma delimited file and then store info in table.
For first step I just used in Excel app File > Save As.. > CSV (Comma
delimited) *.csv
Then, copy the file to server and then read info and store them in table
using this script:
#names of columns in products table
$column_names = array('ITEM NUMBER', 'ITEM NAME', 'DESCRIPTION',
'COLORS', 'INCLUDES', 'QTY', 'PRICE', 'IMAGE', 'THUMB', 'CATALOG',
'STATUS', 'SUPPLIER', 'EXP_DATE');
if(isset($_POST['SubmitExcelFile']))
{
#VALIDATING UPLOADED FILE
if($_FILES['NewItems']['type'] != 'text/x-csv')
$alert = 'Uploaded file is not csv file.';
elseif($_FILES['NewItems']['size'] > 100)
$alert = 'File you are uploading is bigger then 1MB. Please
contact administrator';
else
{
#IF THERE IS NO TEMP DIR CREATE ONE
#COPY SELECTED FILE TO TEMP DIR
copy($_FILES['NewItems']['tmp_name'],
"temp/".$_FILES['NewItems']['name']) or die (mysql_error());
#READING UPLOADED CSV FILE
$row = 1;
$handle = fopen('temp/'.$_FILES['NewItems']['name'], "r");
$data = fgetcsv($handle, 1, ",");
#checking if number of columns in csv file and number of columns of
table ($column_names) are the same
if(count($data) != count($column_names))
$alert = 'CSV file is not correct. Number of columns in
database and number of columns in file are not the same.';
else
{
for($i=0; $i
{
#checking if the order of columns in csv file is the same as order
in table
if($data[$i] != $column_names[$i])
{
$alert .= $data[$i] .' - '. $column_names[$i].' <---
Columns in database and CSV file are not in the same order';
}
}
}
if(!isset($alert))
{
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE)
{
$query = "select itemNumber from products_test where
itemNumber='".$data[0]."'";
$query = mysql_query($query) or die (mysql_error());
if(mysql_num_rows($query) > 0)
{
$duplicates[] = $data[0];
}
else
{
$num = count($data);
$insert_item_query = 'insert into products_test values (';
for ($c=1; $c < $num; $c++)#starting from 1
beacause first row are column names
{
$c == 1 ?$insert_item_query .=
"'".addslashes($data[$c])."'" : $insert_item_query .= ",
'".addslashes($data[$c])."'" ;
}
$insert_item_query .= ')';
echo 'QUERY: '.$insert_item_query.'';
mysql_query($insert_item_query) or die (mysql_error());
++$row;
}
}
fclose($handle);
#list of all items already exist in table
echo 'no. of duplicates:
'.count($duplicates).'duplicates: '.print_array($duplicates).'';
}
}
}
if(!isset($_POST['SubmitExcelFile']) or isset($alert))
{
echo ''.$alert.'';
?>
Select Excel file:
Problem I have is actually making csv file from xls file. Last two
columns in xls file are 99% empty and when I Save As xls as csv and open
then csv in TextPad some of rows don't have last two (empty) values
entered? It says 11 instead 13 elements of row. And then it breaks the code.
Once I put "fake" column on the end of xls file, after EXP_DATE and put
1 as value in each row - everything looks ok.
Ok, it looks like it's for EXCEL forum but I need a code that would read
content of the xls file, to avoid saving xls file in Excel and need
opinions about the code (code is from php.net), to improve it for my case.
Thanks for any help.
-afan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem using return from a class.
[snip] I am having a really odd problem. I have a class and if I do a return nothing is returned. If I do an echo of the variable that is being returned I can see it so there is something to return. Is there some strange bug in PHP? [/snip] What is it you are doing - are you echoing the call i.e. echo $myclass->function(); Or something else? Maybe you should post a bit of code to illustrate your problem ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
On Tue, 8 Feb 2005 08:37:32 -0800, Tony Di Croce <[EMAIL PROTECTED]> wrote: > So, it doesn't seem like anyone is aware of a way to make PHP paranoid > about such things... Perhaps their is a lower level way to get linux > to scrub an address space when a process exits? I will google It's pretty simple to scrub the data away. $cc = '1234123412341234'; // do processing $cc = md5( time() ); -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
Greg Donald wrote:
> On Tue, 8 Feb 2005 08:37:32 -0800, Tony Di Croce <[EMAIL PROTECTED]>
> wrote:
>> So, it doesn't seem like anyone is aware of a way to make PHP paranoid
>> about such things... Perhaps their is a lower level way to get linux
>> to scrub an address space when a process exits? I will google
>
> It's pretty simple to scrub the data away.
>
> $cc = '1234123412341234';
>
> // do processing
>
> $cc = md5( time() );
There's no guarantee that will re-use the same bytes for the new string in
the low-level C malloc/alloc/???alloc calls, I don't think...
*MAYBE* using the {} operator on a char-by-char basis would be more likely
to wipe the bytes...
I suspect that if somebody is skilled enough to read your un-malloced RAM
for CC#s, they are probably skilled enough to peek into your current
in-use RAM for CC#s... I'm no expert, though, so maybe not.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using
Jochem Maas wrote:
> Dan Trainor wrote:
>> Hello, all -
>>
>> Being still fairly new to PHP, I thought I'd ask a few more questions
>> and get on to the right track here, developing correct coding habits
>> before I start to teah myself incorrect habits.
>>
>> One of my biggest questions is how to go about writing an application
>> that uses a single file, i.e. all my html ACTION='s would go to, pretty
>> much, $_SERVER['PHP_SELF'].
They would then be sending the data to each HTML file, not to one big PHP
script.
It's MUCH better to not create that giant choke-point of a single
monolithic PHP script for all data-processing, if you ask me.
That giant script won't scale up well, and you'll find more and more cruft
accumulating in it to handle weird cases, and, in order to get GOOD
modularized code out of it, you'll essentially be loading in all the code
to process dozens/hundreds/thousands of files, when you really only need
10%, or even 1% of the code you are loading. That's just Bad Design, if
you ask me.
>> From what I understand, I make a flat file (flat, as in, not using OOP
>> at this time), and then make one large procedural flow, flipping
>> "triggers" at various points to tell the script at which "stage" it's
>> at, something like the following:
What you are describing, with all the if/else stuff, or without, could
easily be done with or without OOP or Procedural programming.
They are completely independent decisions.
>> if ($a = 1) {
>> // do first thing
>> } elseif ($a = 2) {
>> // do second thing
>> } elseif ($a = 3) {
>> // do final thing
>> }
Be sure to use == instead of = there... You'll get real confused real
fast otherwise.
>> Now, that all makes sense, but I'm wondering if it's the "correct" thing
>> to do, or would I be better off swapping out "// do x thing" for a
>> require() function to split things up into different files, calling a
>> different set appropriate for the "step" that we are on.
I think you'd be better off putting the code to handle HTML file X in file X:
Present form and/or results here
As a general rule, when I process a form for the user, I provide them the
same form again, with a status message and a request to double-check the
submission.
You'd be amazed how many people fill out a form quickly, and then review
it slowly and go "Duh" and re-do it, increasing the quality of your data.
Oooh. I just realized that maybe you were referring to the if/else stuff
just to handle the one single form, in all its variations:
Initial presentation with NEW item,
completion of NEW creation,
editing existing item,
notification of successful completion of editing
I believe it's a GOOD THING to put all that in one file, with the if/else,
and to NOT bother with the include files for things like the etc.
I tried the include style for that, at first, but found myself messing up
when I tried to edit the form, or the processing or whatever, and would
too often mis-type my global search and replace in one but not the other
and...
My general rule of thumb is to use an include file ONLY when I would be
typing the same exact (or template-like) code twice, and ONLY if the code
is more than a couple lines. If it's only a couple lines of code, the
include doesn't "save" me anything in typing.
Exceptions:
Database connection goes in an include.
A font function (if you're not using CSS yet) is in my global include.
A spaminator function to obscure emails is in my global include.
These are all only a couple lines, but the db-connection needs to hide the
password, and the font() thing needs to be used on every TD (grrr!) and
spaminator is too likely to need a swift change to beat the harvesters in
the arms race.
But for processing a simple form, a single PHP file to handle all aspects
has worked best for me, because:
1) When I want to add a field/input, I change only one file (and the db)
2) When I rename some field, I change only one file (and the db)
3) I can structure it to use only one (1) for insert/edit, so the
HTML for that form only exists in one place
4) If something goes wrong, I don't have to dig through a half-dozen files
to find the offending code. 99.9% of the time I know it's *GOT* to be in
that one file, if that one form is the only one mis-behaving.
Even though I understand OOP very well, I really would not recommend a
beginner to use it for "real" code on a site. Sure, experiment with it
and learn, but stick to procedural at first.
There's a reason why the construction industry has a lot more builders
than architects... Stick to the easier procedural stuff until you're
experienced enough to become an architect.
Honestly, for your basic PHP form in/out site, I'd always stick to
procedural.
If you need to release a Module for others to plug into their sites, or
you have an extremely large site with more than 2 or 3 programmers, hell
yeah, go for the OOP. But for a solo job of a single site, you're just
adding com
Re: [PHP] Storing CCN's Again...
On 8 Feb 2005 Greg Donald wrote: > It's pretty simple to scrub the data away. > > $cc = '1234123412341234'; > > // do processing > > $cc = md5( time() ); This only works if PHP uses the same storage for both strings. If it reallocates the storage, for example because the md5 result is longer, then the number may remain in RAM. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading/writing files outside of web root
Phil Ewington - 43 Plc wrote:
> For some reason user_prefs will not open
> for read/write even when I tested it under apache.apache and chmod'd to
> 755,
> perhaps because /home is owned by root?
Something went wrong with this test.
You SHOULD have been able to read/write that file in PHP, assuming
'apache' is the user PHP runs as. Use http://php.net/phpinfo to confirm
that it really *IS* 'apache' user that's running apache/php.
As far as the sudo stuff goes, just be sure you give the PHP user as
LITTLE power as you can to get the job done.
To that end, I think the idea of the PHP user editing a copy of the files,
and then a cron job from root to double-check the files and copy them over
if they seem valid is the best solution.
You can even run all kinds of extra checks in the routine that checks the
syntax of the files.
For example, it's one thing for the .procmailrc to be valid syntax: But
you could add some extra PHP code to check for some very specific things
you do NOT want to happen. You could even check that the top part of the
files "match" and only a few (no more than X) new lines have been added by
PHP.
And you could check for specific things in the new lines, like 'root' if
you wanted to disallow somebody messing with 'root' account.
As many extra pieces of armour you can add to make SURE that the file is
being changed in the way you intended is good.
You can even intentionally write the code in a way that makes it easy for
you to add more checks.
Something as simple as:
if (...){
error_log("Hack attempt: trying to break sendmail with 'root' acces");
exit;
}
if (...){
error_log("Hack attempt: ...");
exit;
}
.
.
.
will let you add in new tests as they occur to you.
When you're done, put yourself in the shoes of a Bad Guy, and pretend your
worst enemy -- the person on this Earth you most dislike, has written this
code, and ask yourself: "How can I break in to this?" :-)
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Problem using return from a class.
On Tue, 2005-02-08 at 16:47 +, Chris Ramsay wrote: > [snip] > I am having a really odd problem. I have a class and if I do a return > nothing is returned. If I do an echo of the variable that is being > returned I can see it so there is something to return. Is there some > strange bug in PHP? > [/snip] > What is it you are doing - are you echoing the call i.e. > echo $myclass->function(); > Or something else? > > Maybe you should post a bit of code to illustrate your problem ;) I'me just doing:- return $radio_html; as the last line of the method. If I do echo $radio_html; The condense of the variable gets outputted. I could post the method here but its a bit long. Ben -- Ben Edwards - Poole, UK, England If you have a problem sending me email use this link http://www.gurtlush.org.uk/profiles.php?uid=4 (email address this email is sent from may be defunct) signature.asc Description: This is a digitally signed message part
Re: [PHP] timestamp problem?
Balu Stefan wrote:
> First of all, hello everybody,
> I am having some problems generating timestamps.
> I have a simple application, the user selects a month, a day and a year
> and submits
> it's data.
> Now, I want that date to be stransformed into a unixtimestamp. To do
> that
> I use strtotime('m/d/y') for 01 January 2011 it would be:
> strtotime('01/01/2011')
> Now, a fiew days ago, the timestamp generated by this was: 129384
> After a hardware failure, I reinstalled my linux with the same
> settings...
> now, a timestap of 01/01/2011 is returned as: 1293832800
> What am I doing wrong?
>
> # ls -al /etc/localtime
> lrwxrwxrwx 1 root root 36 Feb 7 19:54 /etc/localtime ->
> /usr/share/zoneinfo/Europe/Bucharest
> # date
> Tue Feb 8 13:29:15 EET 2005
> # echo $TZ
> Europe/Bucharest
> #
>
> Also mktime generates the second timestamp ...damn, I really don't know
> why there are two different
> timestamps for the same date.
As a guy who ALWAYS screws this up when building a machine...
I can't really be sure, and I clearly don't understand it, but there's
this UTC setting in the BIOS thingie thing thing, and when I mess it up
(every time) I usually end up with everything being "off" by the same
(opposite?) number of hours as my time-zone.
Maybe you did the same thing...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] excel -> ( csv -> ) mysql ?!?
Afan Pasalic wrote:
> #names of columns in products table
> $column_names = array('ITEM NUMBER', 'ITEM NAME', 'DESCRIPTION',
> 'COLORS', 'INCLUDES', 'QTY', 'PRICE', 'IMAGE', 'THUMB', 'CATALOG',
> 'STATUS', 'SUPPLIER', 'EXP_DATE');
>
> if(isset($_POST['SubmitExcelFile']))
> {
> #VALIDATING UPLOADED FILE
> if($_FILES['NewItems']['type'] != 'text/x-csv')
This is not a Good Thing.
The MIME type sent by the browser is browser-dependent. So IE will send
text/x-csv and Netscape will sent text/csv and Mozilla will send
text/plain and...
You should just remove this test entirely.
> $alert = 'Uploaded file is not csv file.';
> elseif($_FILES['NewItems']['size'] > 100)
> $alert = 'File you are uploading is bigger then 1MB. Please
> contact administrator';
> else
> {
> #IF THERE IS NO TEMP DIR CREATE ONE
> #COPY SELECTED FILE TO TEMP DIR
> copy($_FILES['NewItems']['tmp_name'],
> "temp/".$_FILES['NewItems']['name']) or die (mysql_error());
Use http://php.net/move_uploaded_file instead. Safer.
> #READING UPLOADED CSV FILE
> $row = 1;
> $handle = fopen('temp/'.$_FILES['NewItems']['name'], "r");
>
> $data = fgetcsv($handle, 1, ",");
"," is the default, so adding it here is cruft.
I believe the 1 is optional in recent versions of PHP, and while you
might want to limit lines to 10K, it's not needed, and if you ever NEED a
line bigger than 10K...
> #checking if number of columns in csv file and number of columns of
> table ($column_names) are the same
> if(count($data) != count($column_names))
> $alert = 'CSV file is not correct. Number of columns in
> database and number of columns in file are not the same.';
This should probably be $alert .= instead of = and you should initialize
$alert = '' at the tip-top of your script.
Because A) this is in a loop, so you may have LOTS of lines with too many
columns, and B) you may need to add an alert earlier in your script some
day.
Also consider using an array for $alert, and using:
$alert[] = 'Alert message here.';
You can then use something like:
echo '', implode("\n", $alert), '';
if your SAPI is *not* CLI nor CGI, but use just
echo implode("\n", $alert);
if your SAPI is CLI/CGI (in a cron job or something some day)
> else
> {
> for($i=0; $i {
> #checking if the order of columns in csv file is the same as order
> in table
> if($data[$i] != $column_names[$i])
You might want to use http://php.net/strtolower on each, in case different
CSV engines decide to use upper/lower case on the column names...
Also be aware that some folks don't put the first line with column names
when they do CSV dumps...
Maybe you can force your users to do that, maybe not.
> {
> $alert .= $data[$i] .' - '. $column_names[$i].' <---
> Columns in database and CSV file are not in the same order';
> }
> }
> }
>
>
> if(!isset($alert))
This will change to !count($alert)
> {
> while (($data = fgetcsv($handle, 1000, ",")) !== FALSE)
> {
> $query = "select itemNumber from products_test where
> itemNumber='".$data[0]."'";
> $query = mysql_query($query) or die (mysql_error());
Ouch. If two people are uploading CSV files, then they will most likely
be generating duplicate itemNumber values for the same data...
If you're just uploading your own data, this is fine, though.
Although I think there's a PHP application "out there" that is designed to
synchronize ODBC and MySQL databases. You may want to look around for it
instead of rolling you rown.
> if(mysql_num_rows($query) > 0)
> {
> $duplicates[] = $data[0];
> }
> else
> {
> $num = count($data);
> $insert_item_query = 'insert into products_test values
> (';
> for ($c=1; $c < $num; $c++)#starting from 1
> beacause first row are column names
But this is not counting ROWS, it's counting COLUMNS.
You've ALREADY completely and thoroughly processed that first bogus row
with the field names...
Maybe eXcel dumps out some bogus first column you don't want?
> {
> $c == 1 ?$insert_item_query .=
> "'".addslashes($data[$c])."'" : $insert_item_query .= ",
> '".addslashes($data[$c])."'" ;
> }
> $insert_item_query .= ')';
> echo 'QUERY: '.$insert_item_query.'';
> mysql_query($insert_item_query) or die
> (mysql_error());
> ++$row;
> }
> }
> fclose($handle);
>
> #list of all items already exist in table
> echo 'no. of duplicates:
> '.count($duplicates).'duplicates: '.print_array
Re: [PHP] Storing CCN's Again...
[EMAIL PROTECTED] wrote:
> No the most secure way, but I had a client who was determined not to use
> paypal and store cc'sand do them offline. I am using SSL + Mysql encode to
> do this. Ie
> encode(cc_number,md5('secret'))
This is rife with potential problems...
Stored *where* off-line?
Who can get to the storage area?
Who has access to the "secret decoder ring"? :-)
How easily could that be copied/duplicated/reversed?
Maybe this all occurs in a locked bank vault, with armed guards outside.
Maybe it's just the back office of some grocery store, where any stock-boy
could waltz in on break and snarf himself a bunch of CC#s.
Most likely, it's somewhere between those two.
Alas, it's probably a lot closer to the grocery office than the bank
vault, and that's awfully risky to your client and their customers, and,
ultimately, yourself.
If he's got an off-line point-of-sale merchant account, he can probably
add an on-line up-sell through his merchant account vendor for "not much"
money, and you can do this without storing CC#s and without PayPal.
Plus, instead of having to spend time running the stuff through his
point-of-sale swiper, he'll just have the same reports/processing he is
already using, only the on-line stuff will just show up automatically.
Sell it to him this way: His TIME has to be worth more than the cost of
the on-line merchant account extra fees.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cerauno Technologies announces the release of DocGuru Professional 1.0
Cerauno Technologies proudly announces the release of DocGuru Professional 1.0. DocGuru is our brand new source code documentation system. It helps you to generate documentation right from your source code, understanding naturally formed in-source comments, thereby making the entire documentation process a lot simpler for you. DocGuru currently works with PHP scripts. DocGuru comes with an easy-to-use GUI for authoring and managing your documentation projects. - Features - 1. Requires very little overhead from the author of the documentation. Plain text will do, but creates more fancy or structured output using HTML tags . 2. Supports documentation of files, classes, variables, functions, typedefs and defines. 3. Automatically generates class hierarchy in HTML (as clickable link maps). 4. Can generate a list of all members of a class (including any inherited members). 5. Automatically generates references to documented classes, files, namespaces and members. 6. Documentation of global functions, globals variables, typedefs and defines is also supported. 7. References to base/super classes and inherited members are generated automatically. 8. Can cope with large projects easily. For more information and to download DocGuru Professional 1.0 please visit the DocGuru home page at http://www.cerauno.com. If you have any questions about DocGuru please send mail to [EMAIL PROTECTED] Best Regards Akhil Dhanuka Cerauno Technologies -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
On Tue, 8 Feb 2005 09:23:46 -0800 (PST), Richard Lynch <[EMAIL PROTECTED]> wrote: > There's no guarantee that will re-use the same bytes for the new string in > the low-level C malloc/alloc/???alloc calls, I don't think... Your right. In fact this script proves just how wrong I was: #!/usr/bin/php -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
Greg Donald wrote: > sudo can assist you with this task. Thank you for your answer. Can you be more specific? Is sudo the best way to go? What are the pros and cons? Should I wrap my system calls in a C program or a bash script? Do you know of any websites with articles or tutorials about this? Thanks, Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ncurses woes...
Grimes, Dean wrote: > Anybody out there doing any work with ncurses? I've been playing around > with > ncurses trying to figure it all out. I have had pretty good luck but I am > finding a few issues and would like to know if other users are having the > same problems. One of the problems I'm having is with function keys and > arrow keys. I can trap on them OK but I haven't been able to keep the > system > from displaying their escape sequences on the screen. When this happens it > corrupts the screen and skews the display. I've got machines that do that even with vi, because I forced them to upgrade that one thingie (readline?) you need for the arrow keys to work for command history in MySQL/PostgreSQL, which means I had for force a glibc upgrade. G. I think I'm lucky the damn thing works at all, from what I understand (or don't) of glibc. Anyway, I forget what it's called, but you might have a mis-match in the glibc and that readline software versions... > Also, I'm having some weirdness > with mvwaddstr, I logged a bug on bugs.php.net #31876. I have test > programs > for anyone interested in taking a stab at some of the problems I've > encountered. I've read all the documentation I could get my handsthat > took about 10 minutes! If ncurses is continues to give you trouble, you may want to consider PHP GTK -- There is possibly a larger community of users working on that. Or are you the guy needing to duplicate the green-on-black terminal stuff?... I was gonna say GTK wouldn't do so hot at that, but, actually, it MIGHT be not that hard, now that I think about it. http://gtk.php.net/ PS If anybody knows how I can fix my glibc and readline issue on RedHat 9.x I'd surely welcome some input. I use control-L a lot, but it's not much fun. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cannot upload a file greater than 500 KB
I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error "The document contains no data" with any file over 500 KB. What is creating the error? Many thanks. Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: [PHP-DB] mysqli connection problem
> > Hello, > > > > This question was asked many times, but I can't find a good answer. > > I am getting this error message while trying to connect to MySQL server > (PHP > > + PEAR::DB_DataObject): > > > > "Can't connect to local MySQL server through socket '' (111)" > > > > (notice '' - is that right?) > > > > Does anyone have any ideas about how to get rid of this error? > > > > Configuration: > > * RedHat Enterprise Linux AS3 > > * Apache 2.0.46 > > * PHP 5.0.2 > > * MySQL 4.1.9, mysqli ext. > > > > Thanks! > > [Note: reply-to set to php-db as it's multimailed and I don't see this > as a mysql general issue, nor php general, but feh.] Well, I don't know the possible reasons for this, so I mailed it to all suitable lists. > > Looks to be set blank/null/etc. > > You may be slightly tricked by the existence of both of these - from > your standard php.ini... > - > ; Default socket name for local MySQL connects. If empty, uses the built- > in > mysql.default_socket = > > ; Default socket name for local MySQL connects. If empty, uses the built- > in > ; MySQL defaults. > mysqli.default_socket = Didn't help me. MySQL socket does exist - /var/lib/mysql/mysql.sock (default location). mysqli.default_socket is NOT set to null but to this value (manually, as you advised) Again, 1. Connection to localhost still fails with message "Can't connect to local MySQL server through socket '' (111)" 2. Connection to server's domain name fails too (!) with message "Access denied for user 'user'@'example.com' (using password: YES)" 3. Connection to localhost through mysql shows the following config mysql> status -- mysql Ver 14.7 Distrib 4.1.9, for pc-linux-gnu (i686) Connection id: 42 Current database: Current user: [EMAIL PROTECTED] SSL:Not in use Current pager: stdout Using outfile: '' Using delimiter:; Server version: 4.1.9-standard Protocol version: 10 Connection: Localhost via UNIX socket Server characterset:latin1 Db characterset:latin1 Client characterset:latin1 Conn. characterset:latin1 UNIX socket:/var/lib/mysql/mysql.sock Uptime: 1 day 3 hours 1 min 7 sec Threads: 3 Questions: 272 Slow queries: 0 Opens: 64 Flush tables: 1 Open tables: 26 Queries per second avg: 0.003 -- Seems to be a security issue... Any more ideas about these symptoms? > - > I can't see any reason why you wouldn't be able to use the same socket - > you're connecting to the same exact server, it's just a path. You > should be perfectly able to set your mysqli.default_socket to the same > as the mysql.default_socket. I can't tell you what the default for your > system is, but there are php functions to get configuration options, if > you don't have it in any obvious places. > > Cheers, > -- > - Martin Norland, Database / Web Developer, International Outreach x3257 > The opinion(s) contained within this email do not necessarily represent > those of St. Jude Children's Research Hospital. > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cerauno Technologies announces the release of DocGuru Professional 1.0
On Tue, 8 Feb 2005 23:22:05 -0800, Akhil Dhanuka <[EMAIL PROTECTED]> wrote: > > Cerauno Technologies proudly announces the release of DocGuru Professional > 1.0. Did you happen to have a comparison doc comparing this with the free, open source PHPDocumentor: http://www.phpdoc.org/ ? Thanks, -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strange key behaviour
Johannes Reichardt wrote:
> Hey there!
>
> i have a routine like this:
>
> $myarray['1'] = 'aösldfjkasöldkjf';
>
> foreach($myarray as $key => $value) {
> echo $key{0}; // outputs nothing
> echo substr($key,0); // outputs 1 like intended
> }
>
> Any ideas why this is like that? I am using
>
> php 4.3.11-dev
At first glance, I though this was a bug as well.
http://us3.php.net/types.string
clearly states that you can access a string's individual characters with
{} much like an array.
So, contrary to what somebody else posted, $key should be '1' and $key{0}
should be '1', if $key is a string, as they posted.
But a bit of investigation turned up this fact:
Even though you used '1' as your index, PHP is forcing it to be an integer.
Add this line in the loop to prove it to yourself:
echo "key type: ", getttype($key), "\n";
This is happening at the construction of the array, as documented at:
http://us3.php.net/manual/en/language.types.array.php
The paragraph after the first two blue boxes of sample code states it
quite clearly:
-- excerpt from manual ---
If a key is the standard representation of an integer, it will be
interpreted as such (i.e. "8" will be interpreted as 8, while "08" will be
interpreted as "08").
--
If this is a real problem in real code, I'd suggest NOT using '1' for
starters, since PHP is gonna make it be 1 anyway when it builds the array.
Then, knowing that your keys are integers, you can act on them
appropriately in your loop to do what you want.
You can convert them to string, or use substr() to let PHP convert them to
string.
I can see how you may think this is bogus behaviour on PHP's part, but
given that HTTP data/keys are always strings and how PHP automatically
builds the hashes for you from incoming GET/POST data, and given that the
integer data from MySQL ends up being a string before PHP sees it, and you
often build indexed arrays out of that, it's a pragmatic approach to
handling the construction of an array.
Hopefully that helps de-mystify what's going on.
It can seem confusing and annoying and downright "wrong" at first that PHP
just silently prefers integer types for indices in arrays, but it has its
benefits as well (see above) and once you get used to it, it's no big
deal, really.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] mysqli connection problem
My intention of setting the reply-to was not to offend, or claim you were wrong - merely to move the discussion to the list I felt (and still feel - as I've done it again) is most appropriate for the question. anyway, back to the task at hand ( first: I'm assuming you restarted apache after changing your php.ini - otherwise, that's your problem. ) Whatever the case, the error message clearly shows that it is not reading the value, however it's set - because the error is still showing a blank string for the socket. If it were a permissions problem with the socket, you wouldn't be getting that exact error - at the very least, it would still show the correct socket path. More likely, it would also error with a "cannot open socket" or equivalent. You may wish to examine ini_get(), ini_get_all(), phpinfo(), or php_ini_scanned_files(), to verify if it is set, or to see if it's being overwritten somewhere. Cheers, Denis Gerasimov wrote: Didn't help me. MySQL socket does exist - /var/lib/mysql/mysql.sock (default location). mysqli.default_socket is NOT set to null but to this value (manually, as you advised) Again, 1. Connection to localhost still fails with message "Can't connect to local MySQL server through socket '' (111)" 2. Connection to server's domain name fails too (!) with message "Access denied for user 'user'@'example.com' (using password: YES)" 3. Connection to localhost through mysql shows the following config mysql> status -- mysql Ver 14.7 Distrib 4.1.9, for pc-linux-gnu (i686) Connection id: 42 Current database: Current user: [EMAIL PROTECTED] SSL:Not in use Current pager: stdout Using outfile: '' Using delimiter:; Server version: 4.1.9-standard Protocol version: 10 Connection: Localhost via UNIX socket Server characterset:latin1 Db characterset:latin1 Client characterset:latin1 Conn. characterset:latin1 UNIX socket:/var/lib/mysql/mysql.sock Uptime: 1 day 3 hours 1 min 7 sec Threads: 3 Questions: 272 Slow queries: 0 Opens: 64 Flush tables: 1 Open tables: 26 Queries per second avg: 0.003 -- Seems to be a security issue... Any more ideas about these symptoms? - I can't see any reason why you wouldn't be able to use the same socket - you're connecting to the same exact server, it's just a path. You should be perfectly able to set your mysqli.default_socket to the same as the mysql.default_socket. I can't tell you what the default for your system is, but there are php functions to get configuration options, if you don't have it in any obvious places. Cheers, -- - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Retrieving an URL paramter via fsockopen
> I have to get an URL parameter via fsockopen connection.
> I shall connect with fsockopen to a given link and get back this link
> with an URL parameter cnr=xx
> Who can I do this?
> And who can I "read" this URL parameter?
What's "cnr" ???
If you can get the fsockopen to work, and it doesn't return FALSE, then
you should be able to use http://php.net/fread (and other file functions)
to read and write data.
The "cnr" bit is not clear... Do you just mean:
http://example.com/?cnr=xx";) or die("Could not
open URL");
?>
That should work just fine.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
> :-( The downside would be, IMHO, that I would need to pro-actively check > everything that is going on concerning PHP, in order to prevent any major > problems. (one and a halve month ago, some clients on an other > installation > who hadn't mainted phpBB also caused me the necessary problems). Also, > when > clients are non-commercial, a good programmer is out of the question > (which > applies to this case too). I wonder how mass hosting companies get arround > these issue's? To add to this -- I suspect some good hosts actively check the directories of their clients, and search for known security flawed software, such as specific versions of phpBB and formmail.pl and so on. When you find a client running known security flawed software, you deal with them, quickly and politely, but with clear cut no nonsense requirements: Upgrade it now or lose the account. Who owns the box? You, or your friend? Non-profits can always find a free programmer or a donor to hire the programmer or... There are even organizations that exist solely to provide services like this to non-profits. One small one I know of run by guys in Chicago is here: http://npotechs.org/ I'm sure that there are others. Perhaps you could donate some training to the non-profit, to get their programmer up to speed, even. Your other option is to not allow PHP, nor Perl, nor any kind of CGI, nor... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP/5.0.3 & MySQL 5.0.2 Stored procedure (OUT)
Curt Zirzow wrote:
> * Thus wrote Ian Porter:
>> Hi,
>>
>> I am just wondering how to obtain the result from a mysql procedure OUT
>> parameter within PHP e.g.
>>
>> MYSQL
>> create procedure test_out(OUT testvar int)
>> BEGIN
>> select max_connections into testvar from mysql.user limit 1;
>> END
>>
>> PHP
>>
>> $query = 'call test_out('.$test_val.')';
>> $query_handle = mysql_query($query);
>
> You should really be using the mysqli* interface to mysql. It
> provides better ways to execute things like that.
>
> http://php.net/mysqli
Thanks very much, that did the trick.
Cheers
Ian
>
>
> Curt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] updating php
blackwater dev wrote: > I have installed php5 fine on my Fedora 3 box. I know need to > recompile to add in a feature and did the same steps as the install > ./configure, make, make install which went fine but when restart > apache and go to the php.ini, my new configuration is not shown and Go to php.ini, or did you look at The compilation process won't change your php.ini for you -- It's too likely that you've already customized it, and you wouldn't want them to write over it. should show you what you typed for configure. If it's not the most recent thing you typed, then your make install didn't work, or you didn't really re-start Apache. > the code throws errors because it isn't there. Is the process to > upgrade different? Not a LOT different, but if you have compiled your new extension as a Module of PHP, then you may need to uncomment the line in PHP that enables that extension. If you compiled it as static (the default for almost all) then it should "just work" when you re-start Apache. Always check to see if you've got what you think you've got, and if the configure line matches what you typed. There are error logs in the PHP source directory (config.log) that will tell you more about what happened. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
Tony Di Croce wrote: > First I should say that I have NO plans to store CCN's on my site, but > I do have a related question: > > Right now I accept CC info from a posted form and then from a PHP > script submit that to authorize.net... Is their any way to get PHP to > clean up any remnants of any variables that might be in memory after a > script is run? IE, is their a way to get PHP to overwrite the memory > used by variables at the termination of a script? > > I wasn't worried about this before but I think the paranoia regarding > CCN's on this site has gotten to me... Better safe than sorry! I don't think there is any way to do this... There may be an external library one could compile into PHP, and maybe one could then write their script do scrub their data... Even so, what about $_POST and $_GET and whatever temporary C strings/structs that PHP uses internally to store data. You may want to look at the Hardened PHP site, and see what they've got -- If anybody has done this, they'd be the ones. You could also ask them what they think of the idea from a feasibility stand-point and how useful it would be. I suspect that you'd have to do it at a much lower level than your PHP script, though, to be useful. If I can manage to read your script variables, I can also manage to read the PHP source code's C variables, so scrubbing just the $cc in PHP won't be enough. You'd also need to consider page faults and swap space while you're at it. Scrubbing your RAM does no good at all if the data got swapped to disk and the Bad Guy can read that. There's a low-level C function to force memory to *NOT* get swapped... I forget its name, but run cdrecord as non-root and you'll run into right quick-like, as I did the other night :-) I think, perhaps, though, that this is all going beyond what would be considered expected practice at this juncture in history. As I said earlier, anybody skilled enough to fish in your RAM to get credit card numbers, is probably skilled enough to get them much easier than that. That doesn't mean this won't change tomorrow, if PHP provides an interface to that low-level C function for your variables, or the Hardened PHP guys decided to implement this sort of stuff. Perhaps running Hardened PHP would be a good step to consider for a server handling CC numbers. Even if it's not feasible/needed to scrub RAM today, I'm guessing they'd be the first to implement it if it was feasible/needed. YMMV IANAL NAIAA -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting To Multiple MySQL Databases
Silvio Porcellana wrote: > Richard Lynch wrote: > > >> > > >> Actually, you want a few SPARE MySQL connections, so you can use the >> mysql >> command line monitor to do things -- Particularly in case of a run-away >> PHP/MySQL script which slams the server into over-drive... If you don't >> have a connection available cuz they're all used up by Apache/_pconnect, >> you can't log into mysql monitor and you can't use mysqladmin to bring >> it >> down nicely and... Don't do that. :-) > > >> >> > Actually, MySQL already takes care of that as it allows 'max_connections + > 1' clients to > connect, leaving the '+1' connection for the user(s) with SUPER privilege > (that can > therefore issue a "SHOW PROCESSLIST" or nicely bring down the server). > > http://dev.mysql.com/doc/mysql/en/too-many-connections.html True. However, there's often somebody with a mysql monitor left open/hanging tying up a resource, and ... Actually, to be sure it's clear: Apache will hold a connection for EACH username/password used to _pconnect. So if you've got, say, two different username/passwords using _pconnect to the database, you need twice as many max_connections in /etc/my.cnf as you have Apache children, plus your spares. The re-usable _pconnect data structures are tied to username/password to be sure they don't "leak" data from one username to the other for security reasons, I think. And I reckon a lot of the username-based access is built into the connection structure, so it wouldn't be efficient to scrap all that and re-build -- It wouldn't be _pconnect any more. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
[EMAIL PROTECTED] wrote: >>That's definitely not good. >> >>But there is only so much you, and PHP, can do to stop a bad programmer >>from chewing up resources. >> > I'm pretty sure that you can prevent this somehow! > There is no way any OS with respect for themself, will > allow any user installed programs (like PHP) to crash the > server! > > You should try check out the freebsd mailling lists. I'm pretty sure > they can help you out! :) Please also make sure you run the latest > versions > of apache and php. > > Good luck finding the error! > Simon > > > Btw I run FreeBSD 5.3-STABLE, Apache 2.0.52_4 and PHP 5.0.3_2 > when i try to run an endless loop, using a lot of memory, I get an > Allowed memory size of 8388608 bytes exhausted (tried to allocate > 256 bytes) > And absolutely no effect on the system! Try this: I think that compiles down into such a tight loop that PHP interrupts never get a chance to check on Memory usage or cpu usage... At least, it USED to... PHP may very well be much "better" at this, but I'm willing to bet that somebody can always find a way to break this. Plus, some things are out of PHP's control -- If you use GD to create an image that's too large, PHP relies on GD to cope with that, as it must, by design. I believe GD and PHP play well together in this regard, but can you guarantee that EVERY extension always will? I doubt it. Unless your PHP install is *really* boring, with none of the fun/powerful extensions that make PHP so incredibly useful, then, most likely, somewhere in the realm of all possible PHP code a user can type, there is at least one (1) script that will somehow bring the server to its knees. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot upload a file greater than 500 KB
Todd Cary wrote: > I am using php 4 and Apache 1.3 on a RH 9 box. > > upload_max_filesize is set to 5M > > post_max_size is set to 8M > > MAX_FILE_SIZE in the HTML upload page is set to 500 > > I get the error "The document contains no data" with any file over 500 KB. > > What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get "The document contains no data" in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
-- Original message -- From: Niels <[EMAIL PROTECTED]> > Hi list, > > I'm doing an intranet website for managing users. I need to be able to > change passwords, move files and folders around and that kind of thing. > What is the best way? > I wouldn't use system calls to move files around. PHP has built in file system functions. Why shell out to do something that is built in? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
This article may help: http://www.onlamp.com/pub/a/php/2003/08/28/php_foundations.html On Tue, 08 Feb 2005 20:38:48 +, Jennifer Goodie <[EMAIL PROTECTED]> wrote: > -- Original message -- > From: Niels <[EMAIL PROTECTED]> > > Hi list, > > > > I'm doing an intranet website for managing users. I need to be able to > > change passwords, move files and folders around and that kind of thing. > > What is the best way? > > > > I wouldn't use system calls to move files around. PHP has built in file > system functions. Why shell out to do something that is built in? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stream_set_timeout() stream_get_meta_data() etc...
How can I detect that a remote server is hung up on transmitting a http page and
gracefully handle it?
The connect is made OK, all I want to do is to make certain that I receive the
data stream in a given amount of time. For example, if the remote server is
incredibly slow or hangs in the middle of transmitting the data.
e.g.
$fp= fopen("http://www.anything.com/foo.html, 'rb');
if(!fp) {do something different}
stream_set_timeout($fp, 2);
$status= stream_get_meta_data($fp);
if($status[timed_out] {do something};
$status[timed_out] never shows anything but 0. I've tried it with a 4mb file
and the timeout = 1sec.
error reporting shows nothing. It's as if socket connections don't trigger
timeout errors, including the max_execution_time.
I've spent some time poking around the php manual and Googling and can't find
anything appropriate. One ref I found said there is no way to do this.
Anyone have a suggestion?
Al.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stream_set_timeout() stream_get_meta_data() etc...
Al wrote:
> How can I detect that a remote server is hung up on transmitting a http
> page and
> gracefully handle it?
>
> The connect is made OK, all I want to do is to make certain that I receive
> the
> data stream in a given amount of time. For example, if the remote server
> is
> incredibly slow or hangs in the middle of transmitting the data.
That's exactly what stream_set_timeout does, *IF* more than 2 seconds goes
by with *NO* data coming through.
If you want to put a cap on the total time spent, regardless of the file
size, then do more like:
> e.g.
>> $fp= fopen("http://www.anything.com/foo.html, 'rb');
>> if(!fp) {do something different}
>>
>> stream_set_timeout($fp, 2);
>>
// >> $status= stream_get_meta_data($fp);
$start = time();
while (!feof($fp)){
$data = fread($fp, 1); //10K chunks, change to suit
if (time() - $start > 10){
die("That's too slow!");
}
}
>>
>> if($status[timed_out] {do something};
>
> $status[timed_out] never shows anything but 0. I've tried it with a 4mb
> file
> and the timeout = 1sec.
>
> error reporting shows nothing. It's as if socket connections don't trigger
> timeout errors, including the max_execution_time.
>
> I've spent some time poking around the php manual and Googling and can't
> find
> anything appropriate. One ref I found said there is no way to do this.
>
> Anyone have a suggestion?
Please review this exact same issue in the archives from the past week or
two.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] is_dir & is_file bugs?
I have script that create directories after item's name and each
directory has 2 images: big image and it's thumbnail (both jpgs)
But, when I run this code:
$path = 'product_images';
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file))
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
I'm getting "<-- ???" for every folder created by script, and "<--
folder" for folders created manualy.
What could cause a problem?
-afan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Highlighting a stored value as 'selected'
Hi Jarratt,
Thank you for your advice. I will try that and come back with the result.
Alp
"RaTT" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello Alp
>
> Try something like,
>
>
> //DB fields as an array
>
> $db_fields = array('left' => 'left',
>'center' => 'center',
>'right' => 'right');
>
> function drop($array,$sel_name='',$sel_field='',$css=''){
> $dropdown = "\n";
> foreach($arr as $key => $val){
> $sel = ($sel_field == $key)?' selected="selected"':'';
> $dropdown .= "\t".''.$val.''."\n";
> }
> $dropdown .= "\n";
> return $dropdown;
> }
> usage:
> echo drop($db_fields,'test_select','center');
> ?>
>
> HTH
> Jarratt
>
>
>
> On Tue, 8 Feb 2005 17:14:24 +0800, Alp <[EMAIL PROTECTED]>
wrote:
> > Is there an easier way to display/highlight the value stored in the
database
> > for a select option? Such as:
> > Stored value is 'center'. The statement is:
> > print '';
> > print 'Left';
> > print 'Center';
> > print 'Right';
> > print '';
> >
> > I can have 3 sets of the above tied to 'if's but would rather ask for an
> > easier or better way.
> >
> > Thanks in advance.
> >
> > Alp
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_dir & is_file bugs?
> $path = 'product_images';
> $handle = opendir($path);
> while (false !== ($file = readdir($handle)))
> {
> if ($file != "." && $file != "..")
> {
> echo $file;
> if (is_dir($file))
> {
> echo ' <-- folder';
> $folders[] = $file;
> }
> elseif (is_file($file))
> {
> echo ' <-- image';
> $images[] = $file;
> }
> else
> {
> echo ' <-- ???';
> }
> }
> }
try the absolute path in is_dir and is_file
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_dir & is_file bugs?
Matt M. wrote:
$path = 'product_images';
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file))
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
try the absolute path in is_dir and is_file
or at least the correct one.
Right now, what's hapenning is this:
imagine you have this layout:
/
/product_images/
/product_images/dir1/
/product_images/file1.ext
What your script is doing:
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
// $file = '.' // on first run
// $file = '..' // on 2nd run
// $file = 'dir1' // on 3rd run
// $file = 'file1.ext' // on 4th run
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file)) // it's not, since that file doesn't
exist in the place PHP is looking for it.
// because, does ./dir1/ exist? no! does ./product_images/dir1/
exist? yes!
// But that's not what you're checking ;)
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
// same thing as with is_dir()
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_dir & is_file bugs?
Nope! It doesnt work either...
:(
Matt M. wrote:
$path = 'product_images';
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file))
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
try the absolute path in is_dir and is_file
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is_dir & is_file bugs?
Yup! That's the one! I was missing PATH...
:)
Thank you very much for such a nice explanation!
-afan
M. Sokolewicz wrote:
Matt M. wrote:
$path = 'product_images';
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file))
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
try the absolute path in is_dir and is_file
or at least the correct one.
Right now, what's hapenning is this:
imagine you have this layout:
/
/product_images/
/product_images/dir1/
/product_images/file1.ext
What your script is doing:
$handle = opendir($path);
while (false !== ($file = readdir($handle)))
{
// $file = '.' // on first run
// $file = '..' // on 2nd run
// $file = 'dir1' // on 3rd run
// $file = 'file1.ext' // on 4th run
if ($file != "." && $file != "..")
{
echo $file;
if (is_dir($file))// it's not, since that file doesn't
exist in the place PHP is looking for it.
// because, does ./dir1/ exist? no! does
./product_images/dir1/ exist? yes!
// But that's not what you're checking ;)
{
echo ' <-- folder';
$folders[] = $file;
}
elseif (is_file($file))
// same thing as with is_dir()
{
echo ' <-- image';
$images[] = $file;
}
else
{
echo ' <-- ???';
}
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: stream_set_timeout() stream_get_meta_data() etc...
Darn, I left out an important function, the fread(). Code snip should be:
$fp= fopen("http://www.anything.com/foo.html, 'rb');
if(!fp) {do something different}
stream_set_timeout($fp, 2);
$contents= fread($fp, 20);
$status= stream_get_meta_data($fp);
if($status[timed_out] {do something};
It appears to me there is a basic logic problem. The script must get past the
fread() function before it gets to the stream_get_meta_data($fp). But, it hangs
up on fread() and the script times out.
Al
Al wrote:
How can I detect that a remote server is hung up on transmitting a http
page and gracefully handle it?
The connect is made OK, all I want to do is to make certain that I
receive the data stream in a given amount of time. For example, if the
remote server is incredibly slow or hangs in the middle of transmitting
the data.
e.g.
$fp= fopen("http://www.anything.com/foo.html, 'rb');
if(!fp) {do something different}
stream_set_timeout($fp, 2);
$status= stream_get_meta_data($fp);
if($status[timed_out] {do something};
$status[timed_out] never shows anything but 0. I've tried it with a 4mb
file and the timeout = 1sec.
error reporting shows nothing. It's as if socket connections don't
trigger timeout errors, including the max_execution_time.
I've spent some time poking around the php manual and Googling and can't
find anything appropriate. One ref I found said there is no way to do
this.
Anyone have a suggestion?
Al.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stream_set_timeout() stream_get_meta_data() etc...
Richard Lynch wrote:
Al wrote:
How can I detect that a remote server is hung up on transmitting a http
page and
gracefully handle it?
The connect is made OK, all I want to do is to make certain that I receive
the
data stream in a given amount of time. For example, if the remote server
is
incredibly slow or hangs in the middle of transmitting the data.
That's exactly what stream_set_timeout does, *IF* more than 2 seconds goes
by with *NO* data coming through.
How do I test the results of stream_set_timeout(). I've tried everything I can
think of and nothing shows, no error reports, nothing.
If you want to put a cap on the total time spent, regardless of the file
size, then do more like:
e.g.
$fp= fopen("http://www.anything.com/foo.html, 'rb');
if(!fp) {do something different}
stream_set_timeout($fp, 2);
// >> $status= stream_get_meta_data($fp);
$start = time();
while (!feof($fp)){
$data = fread($fp, 1); //10K chunks, change to suit
if (time() - $start > 10){
die("That's too slow!");
}
}
I tried something like this earlier, at your suggestion. Problem was that if
the server stalls in the middle of a chunk, it just hangs.
if($status[timed_out] {do something};
$status[timed_out] never shows anything but 0. I've tried it with a 4mb
file
and the timeout = 1sec.
error reporting shows nothing. It's as if socket connections don't trigger
timeout errors, including the max_execution_time.
I've spent some time poking around the php manual and Googling and can't
find
anything appropriate. One ref I found said there is no way to do this.
Anyone have a suggestion?
Please review this exact same issue in the archives from the past week or
two.
That was my thread. I didn't find a solution then and am back to it.
I seems as if stream_set_timeout() ought to be the right function; but, I can't
find a way to use it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot upload a file greater than 500 KB
Richard - It turned out that the following was missing from Apache's httpd.conf file: SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error "The document contains no data" with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get "The document contains no data" in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Changing PHP properties (Previously: Cannot upload a file greater than 500 KB)
Todd Cary wrote: Richard - It turned out that the following was missing from Apache's httpd.conf file: SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error "The document contains no data" with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get "The document contains no data" in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? While we're touching base on this subject, I know that you don't know much about this Todd, but does anyone else know where we can find more information about making modifications to PHP's operations inline in a configuration file such as this? Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Changing PHP properties (Previously: Cannot upload a file greater
Dan - Keep in mind that the change I made was within Apache on my server - not in the php.ini file. The changes to the php.ini file are well documented and have been covered within messages on this NewNet. However, s I stated, I am not sure why that change needs to be made...more reading for me I am sure! Todd Dan Trainor wrote: Todd Cary wrote: Richard - It turned out that the following was missing from Apache's httpd.conf file: SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error "The document contains no data" with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get "The document contains no data" in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? While we're touching base on this subject, I know that you don't know much about this Todd, but does anyone else know where we can find more information about making modifications to PHP's operations inline in a configuration file such as this? Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Changing PHP properties (Previously: Cannot upload a file greater
Todd Cary wrote: Dan - Keep in mind that the change I made was within Apache on my server - not in the php.ini file. The changes to the php.ini file are well documented and have been covered within messages on this NewNet. However, s I stated, I am not sure why that change needs to be made...more reading for me I am sure! Todd Dan Trainor wrote: Todd Cary wrote: Richard - It turned out that the following was missing from Apache's httpd.conf file: SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 500 Not sure what that does or where I should have read about it, but I did find that in an email I got with Google. Todd Richard Lynch wrote: Todd Cary wrote: I am using php 4 and Apache 1.3 on a RH 9 box. upload_max_filesize is set to 5M post_max_size is set to 8M MAX_FILE_SIZE in the HTML upload page is set to 500 I get the error "The document contains no data" with any file over 500 KB. What is creating the error? Are you sure the HTML one isn't 50?... :-) Also double-check your settings in to be sure that the php.ini you changed is the one PHP reads... Actually, though, you shouldn't get "The document contains no data" in any of these, unless your BROWSER is getting tired of waiting for a response from the server. The PHP script should still be invoked, and it should be able to detect the over-sized file uploaded, and it should print some kind of error message about that. It's quite possible your script does absolutely NOTHING when the file is over-sized, and then it prints nothing out, and so the document is completely empty, and you get that message. Review the PHP you wrote and see what you did for an over-sized check on the file uploaded, or any other kind of upload error. Are you printing SOMETHING out in that case? While we're touching base on this subject, I know that you don't know much about this Todd, but does anyone else know where we can find more information about making modifications to PHP's operations inline in a configuration file such as this? Thanks -dant Todd - I understand that, yes, which is why I'm more interested in changing this on a per-virtualhost basis, specifically within Apache. Thanks for keeping an eye out for me though. -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpBB alternatives?
Due to the recent vulnerabilities discovered in phpBB and the content of this page: http://www.phpbb.com/ I have decided to consider other options for my forum needs... Does anyone have any reccomendations for a PHP based forum software? -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpBB alternatives?
Tony Di Croce wrote: Due to the recent vulnerabilities discovered in phpBB and the content of this page: http://www.phpbb.com/ I have decided to consider other options for my forum needs... Does anyone have any reccomendations for a PHP based forum software? I'm not an advocate for phpBB by any means, but I am an advocate for correct information. If you clearly read that page, you will see how it is explained that the site was popped using a vulnerability in AWStats. Yes, this vulnerability exists, because two of the sites that I admin were hit by it :/ Just thought I'd pass that around. Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpBB alternatives?
On Tue, 2005-02-08 at 17:16 -0800, Tony Di Croce wrote: > Due to the recent vulnerabilities discovered in phpBB and the content > of this page: > http://www.phpbb.com/ > I have decided to consider other options for my forum needs... Does > anyone have any reccomendations for a PHP based forum software? > -- > Send REAL USPS letters from the Web! > http://www.quickymail.com > > e attacked phpbb.com did indeed use a vulnerability in awstats to gain > entry to our server > -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development * --- Now hosting Ruby on Rails Apps --- / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpBB alternatives?
--- Tony Di Croce <[EMAIL PROTECTED]> wrote: > Due to the recent vulnerabilities discovered in phpBB and the > content of this page: > http://www.phpbb.com/ > I have decided to consider other options for my forum needs... Does > anyone have any reccomendations for a PHP based forum software? FUDforum has proven to be much more secure over the years: http://fudforum.org/forum/ My complaint with FUDforum is that it's fugly. :-) I find phpBB to be much more attractive. Unfortunately, it has had numerous security vulnerabilities over the years. I've never examined the code, so I'm not sure if it's due to a poor design or just developer mistakes, but I wouldn't feel comfortable deploying it. While I agree with your decision, I disagree with using their recent misfortune to support a switch. Server security is an entirely different field - a secure application doesn't make a secure server, and a secure server doesn't make a secure application. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming Soon http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] ncurses woes...
Well I think I've got my handling of cursor movement keys working pretty good. But I still have a couple of bugs with some of the video attribute settings. The BLINK attribute works, but even after turning it off, it leaves the area that you set to blink in an active blink mode. The blinking thing won't turn for nothing. I actually have to log off and back on to get it to reset. The BOLD is actually turning everthing in the screen DIM and then leaving it that way. I've decided I don't need those attributes that bad. I would like to get the reverse video problem fixed though. That's an intersting point about glibc. I'll look into it. Thanks, Dean -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 08, 2005 12:58 PM To: Grimes, Dean Cc: 'php-general@lists.php.net' Subject: Re: [PHP] ncurses woes... Grimes, Dean wrote: > Anybody out there doing any work with ncurses? I've been playing around > with > ncurses trying to figure it all out. I have had pretty good luck but I am > finding a few issues and would like to know if other users are having the > same problems. One of the problems I'm having is with function keys and > arrow keys. I can trap on them OK but I haven't been able to keep the > system > from displaying their escape sequences on the screen. When this happens it > corrupts the screen and skews the display. I've got machines that do that even with vi, because I forced them to upgrade that one thingie (readline?) you need for the arrow keys to work for command history in MySQL/PostgreSQL, which means I had for force a glibc upgrade. G. I think I'm lucky the damn thing works at all, from what I understand (or don't) of glibc. Anyway, I forget what it's called, but you might have a mis-match in the glibc and that readline software versions... > Also, I'm having some weirdness > with mvwaddstr, I logged a bug on bugs.php.net #31876. I have test > programs > for anyone interested in taking a stab at some of the problems I've > encountered. I've read all the documentation I could get my handsthat > took about 10 minutes! If ncurses is continues to give you trouble, you may want to consider PHP GTK -- There is possibly a larger community of users working on that. Or are you the guy needing to duplicate the green-on-black terminal stuff?... I was gonna say GTK wouldn't do so hot at that, but, actually, it MIGHT be not that hard, now that I think about it. http://gtk.php.net/ PS If anybody knows how I can fix my glibc and readline issue on RedHat 9.x I'd surely welcome some input. I use control-L a lot, but it's not much fun. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
Jennifer Goodie wrote: > I wouldn't use system calls to move files around. PHP has built in file > system functions. Why shell out to do something that is built in? Well, the apache user really shouldn't have access to the entire file system -- that's the problem. Thanks, Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
Guillermo Rauch wrote: > This article may help: > http://www.onlamp.com/pub/a/php/2003/08/28/php_foundations.html Thanks you, I've read that, it deals with avoiding malicious code in file uploads. I think I've got that part under control. You're right, such methods are obvious entry points to a system for a cracker. But still, the article doesn't really help. Thanks, Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ability to use extract to $this vars in a class
is there any way to use extract , to extract the keys from an array to $this vars for within a class ? Let me know. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
AW: [PHP] phpBB alternatives?
Hi, This one is really nice. I Use it myself on a coulpe of sites. http://phorum.org/ Greetings Lindworm -Ursprüngliche Nachricht- Von: Tony Di Croce [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 9. Februar 2005 02:16 An: php-general@lists.php.net Betreff: [PHP] phpBB alternatives? Due to the recent vulnerabilities discovered in phpBB and the content of this page: http://www.phpbb.com/ I have decided to consider other options for my forum needs... Does anyone have any reccomendations for a PHP based forum software? -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
> > :-( The downside would be, IMHO, that I would need to pro-actively > > check everything that is going on concerning PHP, in order > to prevent > > any major problems. (one and a halve month ago, some clients on an > > other installation who hadn't mainted phpBB also caused me the > > necessary problems). Also, when clients are non-commercial, a good > > programmer is out of the question (which applies to this > case too). I > > wonder how mass hosting companies get arround these issue's? > > To add to this -- I suspect some good hosts actively check > the directories of their clients, and search for known > security flawed software, such as specific versions of phpBB > and formmail.pl and so on. I could write a PERL-script for that :-) For wide-used scripts (such as PHPBB) automation would be a doable and good sollution, but for custom scripts, it will be quite a challenge. > When you find a client running known security flawed > software, you deal with them, quickly and politely, but with > clear cut no nonsense > requirements: > > Upgrade it now or lose the account. That would be the right thing indeed. Though I do find that many times, people either have severe technical difficulty upgrading (usually installing was already quite a tough cookie for them, being used to the more point and click of Windows). Or perhaps just to the fear of it. It always comes down to a lack of knowledge and understanding from the user. Educating users in this regard is not easy. > Non-profits can always find a free programmer or a donor to > hire the programmer or... > > There are even organizations that exist solely to provide > services like this to non-profits. One small one I know of > run by guys in Chicago is > here: > http://npotechs.org/ > > I'm sure that there are others. Thanks! That looks like a very nice addition to my to-do and to-look-at bookmark list :-) Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ability to use extract to $this vars in a class
If i understand you correctly, you want to extract all the keys and
generate class members with them..
// Define class test
class test {
// We pass an array to the constructor
function __construct( $arr ) {
foreach($arr as $key => $val ) {
$this->{$key} = $val;
}
// For this example, i print the structure of the object
print_r($this);
}
}
$tests = array( 'hi' => 'bye', 'hey' => 'ho', 'lets' => 'go');
$test = new test($tests);
I forgot in the previous message to mention that if the member exists,
it will be overriden. In addition, you shouldn't use this, as you
don't have control over the accessing to the vars. Instead, you should
store them in a previously defined array (for example private $_vars;
)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
-- Original message -- From: Niels <[EMAIL PROTECTED]> > Jennifer Goodie wrote: > > > I wouldn't use system calls to move files around. PHP has built in file > > system functions. Why shell out to do something that is built in? > > Well, the apache user really shouldn't have access to the entire file system > -- that's the problem. Should web applications have access to areas on the file system that the apache user doesn't? I personally only allow my web applications access to certain areas on purpose and set my permissions to accomplish this. If I need to be a user other than nobody to do something I don't want my web applications doing it. Of course, I work in an environment where I have root access to dedicated servers and a sysadmin that listens to what I want, so your experience may be different. I admittedly do not have a lot of experience getting around the problems caused by shared hosting. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
> Sander Holthaus - Orange XL wrote: > >>Sander Holthaus - Orange XL wrote: > >> > ... > >> > >>Fix or disable that script. > > > > > > I wish I could, but I'm not a PHP-programmer (can read it > and can do > > some basic programming, but I lack in-depth knowledge of PHP). > > > > well disabling it is fairly easy ;-) rm -f ./xxx.php chown && chmod would be less invasive :-) > a script that functions is a one that doesn't crash the box. > quick'n'dirty or inefficient scripts don't have to cause > problems per se, > his script is just plain borked. if you need to ensure the box is > running then you _can't_ let him run it till its fixed, friend or not. > besides if it is a friend then presumably you are offering > space/resources > for free - under such circumstances your interest in keeping > the machine up > precludes his interest in functionality and ASAP programming - and > would be understanding of your interests (just as you seem to > be of his ;-). no? Indeed. > > :-( The downside would be, IMHO, that I would need to > pro-actively check > > everything that is going on concerning PHP, in order to > prevent any major > > problems. (one and a halve month ago, some clients on an > other installation > > who hadn't mainted phpBB also caused me the necessary > problems). Also, when > > clients are non-commercial, a good programmer is out of the > question (which > > applies to this case too). I wonder how mass hosting > companies get arround > > these issue's? > > by not garanteeing full uptime ;-) and having lots of machine > across which to > spread the risk etc. That makes sense :-/ Must be quite frustrating from times to times being a sysadmin at such a company. Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cerauno Technologies announces the release of DocGuru Professional 1.0
Hello, We have not seen the product that you have listed so we cannot really compare our product with them. I believe phpDocumentor is a web-based project so it will never be as responsive as a client server application. DocGuru is developed in C/C++ therefore its speed is uncomparable. We have tested our product with test case projects having 50MB of sourcecode and it created the documentation under acceptable time. We encourage you to give it a try and check for yourself how it stands as compared to phpDoc. Regards, Akhil -Original Message- From: Greg Donald [mailto:[EMAIL PROTECTED] Sent: Tue, February 08, 2005 11:24 AM To: php-general@lists.php.net Cc: Akhil Dhanuka Subject: Re: [PHP] Cerauno Technologies announces the release of DocGuru Professional 1.0 On Tue, 8 Feb 2005 23:22:05 -0800, Akhil Dhanuka <[EMAIL PROTECTED]> wrote: > > Cerauno Technologies proudly announces the release of DocGuru Professional > 1.0. Did you happen to have a comparison doc comparing this with the free, open source PHPDocumentor: http://www.phpdoc.org/ ? Thanks, -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure system calls -- how
Jennifer Goodie wrote: > Should web applications have access to areas on the file system that the > apache user doesn't? I personally only allow my web applications access > to certain areas on purpose and set my permissions to accomplish this. If > I need to be a user other than nobody to do something I don't want my web > applications doing it. Of course, I work in an environment where I have > root access to dedicated servers and a sysadmin that listens to what I > want, so your experience may be different. I admittedly do not have a lot > of experience getting around the problems caused by shared hosting. This particular php application manages users and has to update their passwords, move their files around and more. And it manages hardware also, with similar problems. And it has to run several scripts and programs that controls the network. So I need a secure way of doing those things. And yes, I can get root access or make whatever scheme of permissions and sudos I want -- or maybe something with Linux security modules, but I don't really know anything about those. I'm running the program on an intranet on a dedicated server, but probably with internet access to the application some time in the future. So my question is: Is sudo the best solution? Thanks, Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FTP script and project
I'm in need of some fully functional stand-alone php FTP scripts, I've searched the web, have downloaded a couple but they don't work. While this looks valid and appears to be uploading the file, no file is ever saved other than a temporary file that vanishes as soon as the file has completed uploading. Upload test Select File 1: _ Seems that everyone has their own implementation of how it should be done so I'd like to obtain some working examples that I don't have to spend time figuring out why it doesn't work just for test purposes. If you have something, please send it to me, a variety of choices for test purposes would be ideal. TIA -- Dale -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FTP script and project
On Wednesday 09 February 2005 12:58, D.Walsh wrote: > I'm in need of some fully functional stand-alone php FTP scripts, I've > searched the web, have downloaded a couple but they don't work. > > While this looks valid and appears to be uploading the file, no file is > ever saved other than a temporary file that vanishes as soon as the > file has completed uploading. [HTTP upload code snipped] It seems that you're confused as to what FTP is and what HTTP is. Perhaps if you explained what you are trying to do then someone might be able to point you in the right direction. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] reading/writing files outside of web root
On Wednesday 09 February 2005 02:31, Richard Lynch wrote: > Phil Ewington - 43 Plc wrote: > > For some reason user_prefs will not open > > for read/write even when I tested it under apache.apache and chmod'd > > to 755, > > perhaps because /home is owned by root? > > Something went wrong with this test. > > You SHOULD have been able to read/write that file in PHP, assuming > 'apache' is the user PHP runs as. Use http://php.net/phpinfo to > confirm that it really *IS* 'apache' user that's running apache/php. It *will* fail if apache has no access to $HOME! -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
