[PHP] Webpage Persistence Load balancing
I'm having a webpage Persistence problem, it is intermittent. I suspect it is caused by load-balancing. Specifically: Users are connected to a webpage form to complete. Generally, everything is OK if they take a minute or even more to complete the form. However, sometimes they report to me, and I've seen it myself, the connection has been dropped by the server in a short time. They enter the data and Submit it to the server, and the page just reloads and their data is lost. I have the PHP ignore_user_abort(true); etc. Is there anything I can do to fix this or is it a server issue that you must fix? Thanks, Al. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webpage Persistence Load balancing
On May 29, 2013 8:04 AM, "Al" wrote: > > I'm having a webpage Persistence problem, it is intermittent. I suspect it is caused by load-balancing. > > Specifically: > > Users are connected to a webpage form to complete. Generally, everything is OK if they take a minute or even more to complete the form. However, sometimes they report to me, and I've seen it myself, the connection has been dropped by the server in a short time. They enter the data and Submit it to the server, and the page just reloads and their data is lost. > > I have the PHP ignore_user_abort(true); etc. > > Is there anything I can do to fix this or is it a server issue that you must fix? > > Thanks, Al. > Are you using sessions for persistence? If so, is your session storage in a location that is shared between servers behind the load balancer? (Shared network path, database, etc.) Andrew
[PHP] Re: Webpage Persistence Load balancing
On 5/29/2013 8:03 AM, Al wrote: I'm having a webpage Persistence problem, it is intermittent. I suspect it is caused by load-balancing. Specifically: Users are connected to a webpage form to complete. Generally, everything is OK if they take a minute or even more to complete the form. However, sometimes they report to me, and I've seen it myself, the connection has been dropped by the server in a short time. They enter the data and Submit it to the server, and the page just reloads and their data is lost. I have the PHP ignore_user_abort(true); etc. Is there anything I can do to fix this or is it a server issue that you must fix? Thanks, Al. I'm not familiar with this kind of problem but I'm curious. What exactly do you imply by your statement "Users are connected to..."? From my perspective, web apps are not connected to clients while the user is making input. Not like the old days of CICS screens, etc. So, as the other responder asked, are you handling the input from the user with a new script that is not properly handling the incoming data from the first screen? Persistance has never been an issue for me - I rely on Sessions to provide me any data I need, along with the POST/GET array contents for continuity, so I've never run into a 'persistence' issue. I suppose that a session can time out after a set amount of time, but certainly not within a few (5-10?) minutes. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: need some regex help to strip out // comments but not http:// urls
On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote: > I'm adding some minification to our cache.class.php and am running into an > edge case that is causing me grief. > > I want to remove all comments of the // variety, HOWEVER I don't want to > remove URLs... KISS. To make it simple, straight-forward, and understandable next year when I have to re-read what I've written: I'd change all "://" to "QqQ" -- or any unlikely text string. Then I'd do whatever needs to be done to the "//" occurances. Finally, I'd change all "QqQ" back to "://". Jonesy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Webpage Persistence Load balancing
On Wed, May 29, 2013 at 8:03 AM, Al wrote: > I'm having a webpage Persistence problem, it is intermittent. I suspect it > is caused by load-balancing. > > Specifically: > > Users are connected to a webpage form to complete. Generally, everything is > OK if they take a minute or even more to complete the form. However, > sometimes they report to me, and I've seen it myself, the connection has > been dropped by the server in a short time. They enter the data and Submit > it to the server, and the page just reloads and their data is lost. > > I have the PHP ignore_user_abort(true); etc. > > Is there anything I can do to fix this or is it a server issue that you must > fix? Well, either way, it would be up to you to fix it. We wouldn't have anything to do with the server (well, unless you were hosted with my company, but the PHP project itself isn't any way related to the corporate stuff). Of course, it could just be the ambiguity of the term "you" in the sentence throwing me off here. That said, is this a standard HTML page displayed in a normal, modern-era browser, or is there a different frontend, such as Flash, a mobile client, an API, or something of the sort? And is the page being timed-out with JavaScript, or simply timing out with the sessions? Lastly, if you suspect that it is the load-balancing, and the balancer isn't capable of persistence itself (such as if you're using round-robin), and sessions themselves are breaking, it's probably because you're relying on file-based sessions, which do not (by default) synchronize between servers. Instead, you'll need to centralize your sessions in a database, memcached, or similar option. For some hints on session management and how you can manage it across server clusters, check out the session_set_save_handler() function[1]. ^1: http://php.net/session_set_save_handler -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 9:57 AM, Jonesy wrote: > On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote: >> I'm adding some minification to our cache.class.php and am running into an >> edge case that is causing me grief. >> >> I want to remove all comments of the // variety, HOWEVER I don't want to >> remove URLs... > > KISS. > > To make it simple, straight-forward, and understandable next year when I > have to re-read what I've written: > > I'd change all "://" to "QqQ" -- or any unlikely text string. > > Then I'd do whatever needs to be done to the "//" occurances. > > Finally, I'd change all "QqQ" back to "://". > > Jonesy Wow. This is just a spectacularly bad suggestion. First off, this task is probably a bit beyond the capabilities of a regex. Yes, you may be able to come up with something that works 99% of the time, but this is really a job for a parser of some sort. I'm sorry I don't have any suggestions on exactly where to go with that, however I'm sure Google can be of assistance. The main problem is that regex doesn't understand context. It just blindly finds patterns. A parser understands context, and can figure out which //'s are comments and which are something else. As a bonus, it can probably understand other forms of comments like /* */, which regex would completely die on. Blindly replacing a string with "any unlikely text string" is just bad. I don't care how unlikely your text string is, it _will_ eventually show up in a page. It may take 5 years, but it'll happen. And when it does, this little hack will blow up spectacularly. I'm sorry to rain on your parade, but this is not KISS. This may seem simple, but the submarine bugs it introduces will be a nightmare to track down, and then you'll be in the same boat that you are in right now. Don't do that to yourself. Do it right the first time. -- --Zootboy Sent from some sort of computing device. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On 29 May 2013, at 17:26, Last Hacker Always onpoint wrote: > HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO BUT > HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. > > DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE > SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW GUYS I > WANT SOMEONE TO TEACH ME. 1) Shouting at us will not encourage a helpful attitude. 2) Neither will calling us your "cool guyz." 3) What is "a simply machine function script?" If you want someone to teach you PHP you'll probably need to pony up some cash. If you want someone to help you while you're learning, show us that you're working on it and we'll be happy to help. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On Wed, May 29, 2013 at 9:30 AM, Stuart Dallas wrote: > On 29 May 2013, at 17:26, Last Hacker Always onpoint < > lasthack...@gmail.com> wrote: > > > HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO > BUT > > HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. > > > > DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE > > SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW > GUYS I > > WANT SOMEONE TO TEACH ME. > > 1) Shouting at us will not encourage a helpful attitude. > > 2) Neither will calling us your "cool guyz." > > 3) What is "a simply machine function script?" > 4) http://www.catb.org/esr/faqs/smart-questions.html > > If you want someone to teach you PHP you'll probably need to pony up some > cash. If you want someone to help you while you're learning, show us that > you're working on it and we'll be happy to help. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ > -- > >
Re: [PHP] REQUEST
Does anyone else find it strange that the movie Troll only has 2 stars on IMDB? I think it's worth at least CAPSLOCK. On 29 May 2013 11:45, Tommy Pham wrote: > On Wed, May 29, 2013 at 9:30 AM, Stuart Dallas wrote: > >> On 29 May 2013, at 17:26, Last Hacker Always onpoint < >> lasthack...@gmail.com> wrote: >> >> > HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO >> BUT >> > HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. >> > >> > DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE >> > SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW >> GUYS I >> > WANT SOMEONE TO TEACH ME. >> >> 1) Shouting at us will not encourage a helpful attitude. >> >> 2) Neither will calling us your "cool guyz." >> >> 3) What is "a simply machine function script?" >> > > 4) http://www.catb.org/esr/faqs/smart-questions.html > > >> >> If you want someone to teach you PHP you'll probably need to pony up some >> cash. If you want someone to help you while you're learning, show us that >> you're working on it and we'll be happy to help. >> >> -Stuart >> >> -- >> Stuart Dallas >> 3ft9 Ltd >> http://3ft9.com/ >> -- >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
Please find your caps-lock key and turn it off! Also, please include the list when replying, or expect an invoice for my consulting services. On 29 May 2013, at 17:36, Last Hacker Always onpoint wrote: > A SIMPLE MACHINE FUNCTION, IS A FORUM SITE SCRIPT FROM THE SIMPLE MACHINE > COMPANY BUT UNLIKE OTHER SCRIPTS IT HAS A DIFFERENT TYPE OF SCRIPTING. If you're having issues with forum software supplied by a company, please contact that company. > AM STILL LEARNING PHP THOUGH BUT ASK ME A QUESTION SO I CAN PROVE MYSELF > WORDY. COZ YOU SEEM TO SEE ME NOT WORDY At a rough guess you mean worthy, not wordy. Worthy of what? You have nothing to prove to me other than the ability to make sense and ask a question that can be answered without four tonnes of interpretation. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ > On Wed, May 29, 2013 at 5:30 PM, Stuart Dallas wrote: > On 29 May 2013, at 17:26, Last Hacker Always onpoint > wrote: > > > HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO BUT > > HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. > > > > DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE > > SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW GUYS I > > WANT SOMEONE TO TEACH ME. > > 1) Shouting at us will not encourage a helpful attitude. > > 2) Neither will calling us your "cool guyz." > > 3) What is "a simply machine function script?" > > If you want someone to teach you PHP you'll probably need to pony up some > cash. If you want someone to help you while you're learning, show us that > you're working on it and we'll be happy to help. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
Bastien Koert On 2013-05-29, at 12:30 PM, Stuart Dallas wrote: > On 29 May 2013, at 17:26, Last Hacker Always onpoint > wrote: > >> HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO BUT >> HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. >> >> DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE >> SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW GUYS I >> WANT SOMEONE TO TEACH ME. > > 1) Shouting at us will not encourage a helpful attitude. > > 2) Neither will calling us your "cool guyz." > > 3) What is "a simply machine function script?" > > If you want someone to teach you PHP you'll probably need to pony up some > cash. If you want someone to help you while you're learning, show us that > you're working on it and we'll be happy to help. > If I had to guess I think he means a simple state machine. There are examples out there but he needs to read them > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On 5/29/2013 12:51 PM, Stuart Dallas wrote: Please find your caps-lock key and turn it off! Also, please include the list when replying, or expect an invoice for my consulting services. On 29 May 2013, at 17:36, Last Hacker Always onpoint wrote: A SIMPLE MACHINE FUNCTION, IS A FORUM SITE SCRIPT FROM THE SIMPLE MACHINE COMPANY BUT UNLIKE OTHER SCRIPTS IT HAS A DIFFERENT TYPE OF SCRIPTING. If you're having issues with forum software supplied by a company, please contact that company. AM STILL LEARNING PHP THOUGH BUT ASK ME A QUESTION SO I CAN PROVE MYSELF WORDY. COZ YOU SEEM TO SEE ME NOT WORDY At a rough guess you mean worthy, not wordy. Worthy of what? You have nothing to prove to me other than the ability to make sense and ask a question that can be answered without four tonnes of interpretation. -Stuart Frankly I am a little reluctant to respond to someone who names himself "hacker". Makes me worry about what they think they are doing. If the person hasn't learned enough php yet to be dangerous, why would I want to help him? I love the responses so far. Especially the one about how to ask a question. As for our would-be hacker - Try dealing with people you don't know with some respect. Afterall - you are asking for help and you don't know any of us. We're not your dudes/guyz/bros or anything like that. Also - judging by your email address and your choice of conversational style, I'm assuming that your native language is (some form of) English. In that case, TRY LEARNING HOW TO SPELL IT. (I'm done shouting now.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 6:08 PM, Sean Greenslade wrote:
> On Wed, May 29, 2013 at 9:57 AM, Jonesy wrote:
> > On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote:
> >> I'm adding some minification to our cache.class.php and am running into
> an
> >> edge case that is causing me grief.
> >>
> >> I want to remove all comments of the // variety, HOWEVER I don't want to
> >> remove URLs...
> >
> > KISS.
> >
> > To make it simple, straight-forward, and understandable next year when I
> > have to re-read what I've written:
> >
> > I'd change all "://" to "QqQ" -- or any unlikely text string.
> >
> > Then I'd do whatever needs to be done to the "//" occurances.
> >
> > Finally, I'd change all "QqQ" back to "://".
> >
> > Jonesy
>
> Wow. This is just a spectacularly bad suggestion.
>
> First off, this task is probably a bit beyond the capabilities of a
> regex. Yes, you may be able to come up with something that works 99%
> of the time, but this is really a job for a parser of some sort. I'm
> sorry I don't have any suggestions on exactly where to go with that,
> however I'm sure Google can be of assistance. The main problem is that
> regex doesn't understand context. It just blindly finds patterns. A
> parser understands context, and can figure out which //'s are comments
> and which are something else. As a bonus, it can probably understand
> other forms of comments like /* */, which regex would completely die
> on.
>
>
It is possible to write a whole parser as a single regex, being it terribly
long and complex.
That said, there's no other simple syntax that would work, for example in
javascript you could to the following:
var http = 5;
switch(value) {
case http:// Http case here! (this whould not be deleted)
// Do something
}
But most likely you wouldn't care about that..
- Matijn
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
> It is possible to write a whole parser as a single regex, being it terribly
> long and complex.
> That said, there's no other simple syntax that would work, for example in
> javascript you could to the following:
> var http = 5;
> switch(value) {
> case http:// Http case here! (this whould not be deleted)
> // Do something
> }
> But most likely you wouldn't care about that..
>
> - Matijn
I would have to disagree. There are things that regex just can't at a
fundamental level grok. Things like nested brackets (e.g. the standard
blocking syntax of C, javascript, php, etc.). It's not a parser, and
despite all the little lookahead/behind tricks that enhanced regex can
do, it can't at a fundamental level _interret_ the text it sees. This
task involves interpreting what the text you're looking for actually
means, and should therefore be handled by something that can
interpret.
Also, (I haven't tested it, but) I don't think that example you gave
would work. Without any sort of quoting around the "http://";
, I would assume the JS interpreter would take that double slash as a
comment starter. Do tell me if I'm wrong, though.
--
--Zootboy
Sent from some sort of computing device.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
And after all I said - a few minutes of searching tells me that the SMF forum software (according to the simplemachines.org site itself) is written in a very familiar language - PHP. WITH a very familiar (to me) MySQL DB behind it. So apparently our erstwhile hacker can't yet recognize PHP script when he sees it. :) Note to hacker: Getting some free software doesn't mean the work to implement it is free also. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 7:27 PM, Sean Greenslade wrote:
> > It is possible to write a whole parser as a single regex, being it
> terribly
> > long and complex.
> > That said, there's no other simple syntax that would work, for example in
> > javascript you could to the following:
> > var http = 5;
> > switch(value) {
> > case http:// Http case here! (this whould not be deleted)
> > // Do something
> > }
> > But most likely you wouldn't care about that..
> >
> > - Matijn
>
> I would have to disagree. There are things that regex just can't at a
> fundamental level grok. Things like nested brackets (e.g. the standard
> blocking syntax of C, javascript, php, etc.). It's not a parser, and
> despite all the little lookahead/behind tricks that enhanced regex can
> do, it can't at a fundamental level _interret_ the text it sees. This
> task involves interpreting what the text you're looking for actually
> means, and should therefore be handled by something that can
> interpret.
>
I think it should be possible, but as I said, very very complex. Let's not
try it;)
>
> Also, (I haven't tested it, but) I don't think that example you gave
> would work. Without any sort of quoting around the "http://";
> , I would assume the JS interpreter would take that double slash as a
> comment starter. Do tell me if I'm wrong, though.
>
> Which is exactly what I meant. Because http is a var set to 5, it is a
valid case statement, it would be equal to:
switch(value) {
case 5: // Http case here! (this whould not be deleted)
// Do something
}
But any regex given above would treat the first one as a http url, and
won't strip the // and everything after it, though in this modified case it
will strip the comments.
- Matijn
[PHP] include() Error
Good morning all:
I have recently purchased a computer and am using it as a dedicated server. A
friend helped me install PHP and configure. I am saying this because I wonder
if using a newer version of PHP (compared to my commercial web host) may be the
reasoning behind the error I am receiving.
I created a function to generate a form submission key.
- This created hidden variable for forms
- This is also session variable
With this function I have an ‘ include ‘ for the file containing the mySQL
database, username and password. I know this file is being accessed because I
added:
===
echo $mySQL_user;
===
following the login credentials.
But when I remove this line from mySQL_user_login.inc.php and place within the
function on the line following the include the "echo” returns nothing.
===
include("mySQL_user_login.inc.php");
echo $mySQL_user;
===
Can any of you tell me why this is happening?
Ron Piggott
www.TheVerseOfTheDay.info
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 1:33 PM, Matijn Woudt wrote:
>
>
>
> On Wed, May 29, 2013 at 7:27 PM, Sean Greenslade
> wrote:
>>
>> > It is possible to write a whole parser as a single regex, being it
>> > terribly
>> > long and complex.
>> > That said, there's no other simple syntax that would work, for example
>> > in
>> > javascript you could to the following:
>> > var http = 5;
>> > switch(value) {
>> > case http:// Http case here! (this whould not be deleted)
>> > // Do something
>> > }
>> > But most likely you wouldn't care about that..
>> >
> I think it should be possible, but as I said, very very complex. Let's not
> try it;)
>>
>>
>> Also, (I haven't tested it, but) I don't think that example you gave
>> would work. Without any sort of quoting around the "http://";
>> , I would assume the JS interpreter would take that double slash as a
>> comment starter. Do tell me if I'm wrong, though.
>>
> Which is exactly what I meant. Because http is a var set to 5, it is a valid
> case statement, it would be equal to:
> switch(value) {
> case 5: // Http case here! (this whould not be deleted)
> // Do something
> }
>
> But any regex given above would treat the first one as a http url, and won't
> strip the // and everything after it, though in this modified case it will
> strip the comments.
>
> - Matijn
Sorry, I slightly mis-interpreted what that code was intending to do.
Regardless, it is still something that should be done by an
interpreter. So this is another edge case where regexes would more
than likely break down but an interpreter should (I do say should) do
The Right Thing.
--
--Zootboy
Sent from some sort of computing device.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] include() Error
Is the "echo $mySQL_user;" inside of a function? I believe you'll
need to say "global $mySQL_user;" to gain access to it if so.
On 29 May 2013 12:39, Ron Piggott wrote:
>
> Good morning all:
>
> I have recently purchased a computer and am using it as a dedicated server.
> A friend helped me install PHP and configure. I am saying this because I
> wonder if using a newer version of PHP (compared to my commercial web host)
> may be the reasoning behind the error I am receiving.
>
> I created a function to generate a form submission key.
> - This created hidden variable for forms
> - This is also session variable
>
> With this function I have an ‘ include ‘ for the file containing the mySQL
> database, username and password. I know this file is being accessed because
> I added:
>
> ===
> echo $mySQL_user;
> ===
>
> following the login credentials.
>
> But when I remove this line from mySQL_user_login.inc.php and place within
> the function on the line following the include the "echo” returns nothing.
>
> ===
> include("mySQL_user_login.inc.php");
>
> echo $mySQL_user;
> ===
>
> Can any of you tell me why this is happening?
>
> Ron Piggott
>
>
>
> www.TheVerseOfTheDay.info
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: include() Error
On 5/29/2013 1:39 PM, Ron Piggott wrote:
Good morning all:
I have recently purchased a computer and am using it as a dedicated server. A
friend helped me install PHP and configure. I am saying this because I wonder
if using a newer version of PHP (compared to my commercial web host) may be the
reasoning behind the error I am receiving.
I created a function to generate a form submission key.
- This created hidden variable for forms
- This is also session variable
With this function I have an ‘ include ‘ for the file containing the mySQL
database, username and password. I know this file is being accessed because I
added:
===
echo $mySQL_user;
===
following the login credentials.
But when I remove this line from mySQL_user_login.inc.php and place within the
function on the line following the include the "echo” returns nothing.
===
include("mySQL_user_login.inc.php");
echo $mySQL_user;
===
Can any of you tell me why this is happening?
Ron Piggott
www.TheVerseOfTheDay.info
#1 - it's not an "include error". It's a programmer error
#2 - that said - why would you want to do this? The release of
usernames/passwords is a dangerous practice - even in development. If
all you want to do is verify that you passed thru this bit of code, echo
some less sensitive message, such as "Connected successfully". Or even
better have the connect function return true or false and check the return.
#3 - global
#4 - global
and #5 global. Anytime you want to use a var withing a function include
it in a global statement.
I always forget too. But I'm getting pretty good at remembering how to
resolve it.
PS - do you store your .inc file with this sensitive info on your server
"outside" of the web-accessible path? I hope so.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: WOT [PHP] REQUEST
[snip]We're not your dudes/guyz/bros or anything like that. [/snip] Don't taze me bro'! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On 29 May 2013, at 17:26, Last Hacker Always onpoint wrote: > HEY GUYZ I KNOW, I KNOW THIS IS NOT A PLACE FOR SOMETHING LIKE THIS SO BUT > HEY I HAVE A LITTLE TINY QUESTION FOR MY COOL GUYZ. > > DOES ANYONE HERE USE A SIMPLY MACHINE FUNCTION SCRIPT? BECAUSE THE > SCRIPTINGS ARE A LITTLE HARD FOR ME TO UNDERSTAND PLEASE LET ME KNOW GUYS I > WANT SOMEONE TO TEACH ME. SIMPLE MACHINES FORUM, not SIMPLY MACHINE FUNCTION. Funny how a couple of incorrect words can turn a simple question in to gobbledygook! As for your problems with the product, which I'm guessing are legion, try: http://support.simplemachines.org/ -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On 29 May 2013, at 18:16, Jim Giner wrote: > On 5/29/2013 12:51 PM, Stuart Dallas wrote: >> Please find your caps-lock key and turn it off! >> >> Also, please include the list when replying, or expect an invoice for my >> consulting services. >> >> On 29 May 2013, at 17:36, Last Hacker Always onpoint >> wrote: >> >>> A SIMPLE MACHINE FUNCTION, IS A FORUM SITE SCRIPT FROM THE SIMPLE MACHINE >>> COMPANY BUT UNLIKE OTHER SCRIPTS IT HAS A DIFFERENT TYPE OF SCRIPTING. >> >> If you're having issues with forum software supplied by a company, please >> contact that company. >> >>> AM STILL LEARNING PHP THOUGH BUT ASK ME A QUESTION SO I CAN PROVE MYSELF >>> WORDY. COZ YOU SEEM TO SEE ME NOT WORDY >> >> At a rough guess you mean worthy, not wordy. Worthy of what? You have >> nothing to prove to me other than the ability to make sense and ask a >> question that can be answered without four tonnes of interpretation. >> >> -Stuart >> > Frankly I am a little reluctant to respond to someone who names himself > "hacker". Makes me worry about what they think they are doing. If the > person hasn't learned enough php yet to be dangerous, why would I want to > help him? Anyone who calls themselves a hacker in a public place such as this does so with absolutely no clue what they're talking about, and that's without getting in to the hacker vs. cracker debate. However, regardless of that I tend not to judge people by the labels they give themselves, they're rarely accurate, especially when they think they're the last and/or best of their kind! [On which note it has to be said he clearly isn't since he couldn't get lasthacker@ and had to settle for lasthacker1@. Just sayin'.] -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [SOLVED] need some regex help to strip out // comments but not http:// urls
> -Original Message-
> From: Andreas Perstinger [mailto:andiper...@gmail.com]
> Sent: Tuesday, May 28, 2013 11:10 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] need some regex help to strip out // comments but not
> http:// urls
>
> On 28.05.2013 23:17, Daevid Vincent wrote:
> > I want to remove all comments of the // variety, HOWEVER I don't want to
> > remove URLs...
> >
>
> You need a negative look behind assertion
> ( http://www.php.net/manual/en/regexp.reference.assertions.php ).
>
> "(?
> Bye, Andreas
This worked like a CHAMP Andreas my friend! You are a regex guru!
> -Original Message-
> From: Sean Greenslade [mailto:zootboys...@gmail.com]
> Sent: Wednesday, May 29, 2013 10:28 AM
>
> Also, (I haven't tested it, but) I don't think that example you gave
> would work. Without any sort of quoting around the "http://";
> , I would assume the JS interpreter would take that double slash as a
> comment starter. Do tell me if I'm wrong, though.
You're wrong Sean. :-p
This regex works in all cases listed in my example target string.
\s*(?http://foo.com";>
function bookmarksite(title,url){
if (window.sidebar) // firefox
window.sidebar.addPanel(title, url, "");
else if(window.opera && window.print){ // opera
var elem = document.createElement('a');
elem.setAttribute('href',url);
elem.setAttribute('title',title);
elem.setAttribute('rel','sidebar');
elem.click();
}
else if(document.all)// ie
window.external.AddFavorite(url, title);
}
And for those interested here is the whole method...
public function compress($sBlob)
{
//remove C style /* */ blocks as well as PHPDoc /** */ blocks
$sBlob = preg_replace("@/\*(.*?)\*/@s",'',$sBlob);
//$sBlob =
preg_replace("/\*[^*]*\*+(?:[^*/][^*]*\*+)*/s",'',$sBlob);
//$sBlob = preg_replace("/\\*(?:.|[\\n\\r])*?\\*/s",'',$sBlob);
//remove // or # style comments at the start of a line possibly
redundant with next preg_replace
$sBlob =
preg_replace("@^\s*((^\s*(#+|//+)\s*.+?$\n)+)@m",'',$sBlob);
//remove // style comments that might be tagged onto valid code
lines. we don't try for # style as that's risky and not widely used
// @see http://www.php.net/manual/en/regexp.reference.assertions.php
$sBlob = preg_replace("@\s*(?_file_name_suffix, array('html','htm')))
{
//remove blocks
$sBlob = preg_replace("//s",'',$sBlob);
//if Tidy is enabled...
//if (!extension_loaded('tidy')) dl( ((PHP_SHLIB_SUFFIX ===
'dll') ? 'php_' : '') . 'tidy.' . PHP_SHLIB_SUFFIX);
if (FALSE && extension_loaded('tidy'))
{
//use Tidy to clean up the rest. There may be some
redundancy with the above, but it shouldn't hurt
//See all parameters available here:
http://tidy.sourceforge.net/docs/quickref.html
$tconfig = array(
'clean' => true,
'hide-comments' => true,
'hide-endtags' => true,
'drop-proprietary-attributes' => true,
'join-classes' => true,
'join-styles' => true,
'quote-marks' => false,
'fix-uri' => false,
'numeric-entities' => true,
'preserve-entities' => true,
'doctype' => 'omit',
'tab-size' => 1,
'wrap' => 0,
'wrap-php' => false,
'char-encoding' => 'raw',
'input-encoding' => 'raw',
'output-encoding' => 'raw',
'ascii-chars' => true,
'newline' => 'LF',
'tidy-mark' => false,
'quiet' => true,
'show-errors' =>
($this->_debug ? 6 : 0),
'show-warnings' =>
$this->_debug,
);
if ($this->_log_messages) $tconfig['error-file'] =
DBLOGPATH.'/'.$this->get_file_name().'_tidy.log';
$tidy = tidy_parse_string($sBlob, $tconfig, 'utf8');
$tidy->cleanRepair();
$sBlob = tidy_get_output($tidy);
Re: [PHP] [SOLVED] need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 4:26 PM, Daevid Vincent wrote:
>
>
>> -Original Message-
>> From: Sean Greenslade [mailto:zootboys...@gmail.com]
>> Sent: Wednesday, May 29, 2013 10:28 AM
>>
>> Also, (I haven't tested it, but) I don't think that example you gave
>> would work. Without any sort of quoting around the "http://";
>> , I would assume the JS interpreter would take that double slash as a
>> comment starter. Do tell me if I'm wrong, though.
>
> You're wrong Sean. :-p
Glad to hear it. I knew I shouldn't have opened my mouth. =P
(In all seriousness, I realize that I mis-read that code earlier. I
think I was still reeling from the suggestion of doing arbitrary
string replacements in files.)
>
> This regex works in all cases listed in my example target string.
>
> \s*(?
> Or in my actual compress() method:
>
> $sBlob = preg_replace("@\s*(?
> Target test case with intentional traps:
>
> // another comment here
> http://foo.com";>
> function bookmarksite(title,url){
> if (window.sidebar) // firefox
> window.sidebar.addPanel(title, url, "");
> else if(window.opera && window.print){ // opera
> var elem = document.createElement('a');
> elem.setAttribute('href',url);
> elem.setAttribute('title',title);
> elem.setAttribute('rel','sidebar');
> elem.click();
> }
> else if(document.all)// ie
> window.external.AddFavorite(url, title);
> }
>
And if that's the only case you're concerned about, I suppose that
regex will do just fine. Just always keep an eye out for double
slashes elsewhere. My concern would be something within a quoted
string. If that happens, no regex will save you. As I mentioned
before, regexes aren't smart enough to understand whether they're
inside or outside matching quotes. Thus, a line like this may get
eaten by your regex:
document.getElementById("textField").innerHTML = "Lol slashes // are // fun";
The JS parser sees that the double slashes are inside a string, but
your regex won't. Just something to be aware of, especially because
it's something that might not show up right away.
--
--Zootboy
Sent from some sort of computing device.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
2013/5/29 Matijn Woudt
> On Wed, May 29, 2013 at 6:08 PM, Sean Greenslade >wrote:
>
> > On Wed, May 29, 2013 at 9:57 AM, Jonesy wrote:
> > > On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote:
> > >> I'm adding some minification to our cache.class.php and am running
> into
> > an
> > >> edge case that is causing me grief.
> > >>
> > >> I want to remove all comments of the // variety, HOWEVER I don't want
> to
> > >> remove URLs...
> > >
> > > KISS.
> > >
> > > To make it simple, straight-forward, and understandable next year when
> I
> > > have to re-read what I've written:
> > >
> > > I'd change all "://" to "QqQ" -- or any unlikely text string.
> > >
> > > Then I'd do whatever needs to be done to the "//" occurances.
> > >
> > > Finally, I'd change all "QqQ" back to "://".
> > >
> > > Jonesy
> >
> > Wow. This is just a spectacularly bad suggestion.
> >
> > First off, this task is probably a bit beyond the capabilities of a
> > regex. Yes, you may be able to come up with something that works 99%
> > of the time, but this is really a job for a parser of some sort. I'm
> > sorry I don't have any suggestions on exactly where to go with that,
> > however I'm sure Google can be of assistance. The main problem is that
> > regex doesn't understand context. It just blindly finds patterns. A
> > parser understands context, and can figure out which //'s are comments
> > and which are something else. As a bonus, it can probably understand
> > other forms of comments like /* */, which regex would completely die
> > on.
> >
> >
> It is possible to write a whole parser as a single regex, being it terribly
> long and complex.
>
No, it isn't.
> That said, there's no other simple syntax that would work, for example in
> javascript you could to the following:
> var http = 5;
> switch(value) {
> case http:// Http case here! (this whould not be deleted)
> // Do something
> }
> But most likely you wouldn't care about that..
>
> - Matijn
>
--
github.com/KingCrunch
Re: [PHP] REQUEST
On May 29, 2013, at 2:56 PM, Stuart Dallas wrote: > Anyone who calls themselves a hacker in a public place such as this does so > with absolutely no clue what they're talking about, and that's without > getting in to the hacker vs. cracker debate. However, regardless of that I > tend not to judge people by the labels they give themselves, they're rarely > accurate, especially when they think they're the last and/or best of their > kind! > > -Stuart I called myself a Fracker once, but that was when I worked in the oil industry. Cheers, tedd PS: I think it probably best not to rise to the bait from people who forgot to turn off their cap's key. _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
On Wed, May 29, 2013 at 10:51 PM, Sebastian Krebs wrote: > > > > 2013/5/29 Matijn Woudt > >> On Wed, May 29, 2013 at 6:08 PM, Sean Greenslade > >wrote: >> >> > On Wed, May 29, 2013 at 9:57 AM, Jonesy wrote: >> > > On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote: >> > >> I'm adding some minification to our cache.class.php and am running >> into >> > an >> > >> edge case that is causing me grief. >> > >> >> > >> I want to remove all comments of the // variety, HOWEVER I don't >> want to >> > >> remove URLs... >> > > >> > > KISS. >> > > >> > > To make it simple, straight-forward, and understandable next year >> when I >> > > have to re-read what I've written: >> > > >> > > I'd change all "://" to "QqQ" -- or any unlikely text string. >> > > >> > > Then I'd do whatever needs to be done to the "//" occurances. >> > > >> > > Finally, I'd change all "QqQ" back to "://". >> > > >> > > Jonesy >> > >> > Wow. This is just a spectacularly bad suggestion. >> > >> > First off, this task is probably a bit beyond the capabilities of a >> > regex. Yes, you may be able to come up with something that works 99% >> > of the time, but this is really a job for a parser of some sort. I'm >> > sorry I don't have any suggestions on exactly where to go with that, >> > however I'm sure Google can be of assistance. The main problem is that >> > regex doesn't understand context. It just blindly finds patterns. A >> > parser understands context, and can figure out which //'s are comments >> > and which are something else. As a bonus, it can probably understand >> > other forms of comments like /* */, which regex would completely die >> > on. >> > >> > >> It is possible to write a whole parser as a single regex, being it >> terribly >> long and complex. >> > > No, it isn't. > It's better if you throw some smart words on the screen if you want to convince someone. Just thinking about it, it makes sense as a true regular expression can only describe a regular language, and I think all the programming languages are not regular languages. But, We have PHP PCRE with extensions like Recursive patterns[1] and Back references[2], which can describe much more than just a regular language. And I do believe it would be able to handle it. Too bad it probably takes months to complete a regular expression like this. - Matijn [1] http://php.net/manual/en/regexp.reference.recursive.php [2] http://php.net/manual/en/regexp.reference.back-references.php
Re: [PHP] REQUEST
On 5/29/2013 5:45 PM, Tedd Sperling wrote: PS: I think it probably best not to rise to the bait from people who forgot to turn off their cap's key. You call it "bait"? I call it stupidity. Once no, more than once YES. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: need some regex help to strip out // comments but not http:// urls
Matijn Woudt wrote: >On Wed, May 29, 2013 at 10:51 PM, Sebastian Krebs >wrote: > >> >> >> >> 2013/5/29 Matijn Woudt >> >>> On Wed, May 29, 2013 at 6:08 PM, Sean Greenslade >>> >wrote: >>> >>> > On Wed, May 29, 2013 at 9:57 AM, Jonesy wrote: >>> > > On Tue, 28 May 2013 14:17:06 -0700, Daevid Vincent wrote: >>> > >> I'm adding some minification to our cache.class.php and am >running >>> into >>> > an >>> > >> edge case that is causing me grief. >>> > >> >>> > >> I want to remove all comments of the // variety, HOWEVER I >don't >>> want to >>> > >> remove URLs... >>> > > >>> > > KISS. >>> > > >>> > > To make it simple, straight-forward, and understandable next >year >>> when I >>> > > have to re-read what I've written: >>> > > >>> > > I'd change all "://" to "QqQ" -- or any unlikely text string. >>> > > >>> > > Then I'd do whatever needs to be done to the "//" occurances. >>> > > >>> > > Finally, I'd change all "QqQ" back to "://". >>> > > >>> > > Jonesy >>> > >>> > Wow. This is just a spectacularly bad suggestion. >>> > >>> > First off, this task is probably a bit beyond the capabilities of >a >>> > regex. Yes, you may be able to come up with something that works >99% >>> > of the time, but this is really a job for a parser of some sort. >I'm >>> > sorry I don't have any suggestions on exactly where to go with >that, >>> > however I'm sure Google can be of assistance. The main problem is >that >>> > regex doesn't understand context. It just blindly finds patterns. >A >>> > parser understands context, and can figure out which //'s are >comments >>> > and which are something else. As a bonus, it can probably >understand >>> > other forms of comments like /* */, which regex would completely >die >>> > on. >>> > >>> > >>> It is possible to write a whole parser as a single regex, being it >>> terribly >>> long and complex. >>> >> >> No, it isn't. >> > > >It's better if you throw some smart words on the screen if you want to >convince someone. Just thinking about it, it makes sense as a true >regular >expression can only describe a regular language, and I think all the >programming languages are not regular languages. >But, We have PHP PCRE with extensions like Recursive patterns[1] and >Back >references[2], which can describe much more than just a regular >language. >And I do believe it would be able to handle it. >Too bad it probably takes months to complete a regular expression like >this. > >- Matijn > >[1] http://php.net/manual/en/regexp.reference.recursive.php >[2] http://php.net/manual/en/regexp.reference.back-references.php Sometimes when all you know is regex, everything looks like a nail... Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
On Wed, May 29, 2013 at 8:56 PM, Stuart Dallas wrote: > > > [On which note it has to be said he clearly isn't since he couldn't get > lasthacker@ and had to settle for lasthacker1@. Just sayin'.] > > -Stuart > I'm surprised he didn't call himself la5T hax0R alwayZ 0nP01nT :)
Re: [PHP] REQUEST
On 5/29/2013 5:53 PM, Matijn Woudt wrote: I'm surprised he didn't call himself la5T hax0R alwayZ 0nP01nT :) He apparently can't find the caps key - how would he ever type that string correctly on a consistent basis? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] REQUEST
Jim Giner wrote: On 5/29/2013 5:45 PM, Tedd Sperling wrote: PS: I think it probably best not to rise to the bait from people who forgot to turn off their cap's key. You call it "bait"? I call it stupidity. Once no, more than once YES. Why not both? Cue cute taco shell girl. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: include() Error
You are most probable getting a fatal error, and the way PHP is configured
now, doesn't show you that publicly. Enable that setting via php.ini or
directly in the script (not recommended) or check out the webserver's
error_log (assuming apache and a RedHat based distro this will be on
/var/log/httpd/error_log). This will tell you what is really going on
because we don't even know what mySQL_user_login.inc.php looks like or what
it does, we also don't know what extensions are activated.
Providing that information you'll get more luck getting great answers. Also
try to mention what distro you're using.
Greetings.
On Wed, May 29, 2013 at 8:09 PM, Jim Giner wrote:
> On 5/29/2013 1:39 PM, Ron Piggott wrote:
>
>>
>> Good morning all:
>>
>> I have recently purchased a computer and am using it as a dedicated
>> server. A friend helped me install PHP and configure. I am saying this
>> because I wonder if using a newer version of PHP (compared to my commercial
>> web host) may be the reasoning behind the error I am receiving.
>>
>> I created a function to generate a form submission key.
>> - This created hidden variable for forms
>> - This is also session variable
>>
>> With this function I have an ‘ include ‘ for the file containing the
>> mySQL database, username and password. I know this file is being accessed
>> because I added:
>>
>> ===
>> echo $mySQL_user;
>> ===
>>
>> following the login credentials.
>>
>> But when I remove this line from mySQL_user_login.inc.php and place
>> within the function on the line following the include the "echo” returns
>> nothing.
>>
>> ===
>> include("mySQL_user_login.inc.**php");
>>
>> echo $mySQL_user;
>> ===
>>
>> Can any of you tell me why this is happening?
>>
>> Ron Piggott
>>
>>
>>
>> www.TheVerseOfTheDay.info
>>
>> #1 - it's not an "include error". It's a programmer error
>
> #2 - that said - why would you want to do this? The release of
> usernames/passwords is a dangerous practice - even in development. If all
> you want to do is verify that you passed thru this bit of code, echo some
> less sensitive message, such as "Connected successfully". Or even better
> have the connect function return true or false and check the return.
>
> #3 - global
> #4 - global
> and #5 global. Anytime you want to use a var withing a function include
> it in a global statement.
>
> I always forget too. But I'm getting pretty good at remembering how to
> resolve it.
>
> PS - do you store your .inc file with this sensitive info on your server
> "outside" of the web-accessible path? I hope so.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Re: [PHP] Re: include() Error
On Wed, May 29, 2013 at 8:09 PM, Jim Giner wrote:
> On 5/29/2013 1:39 PM, Ron Piggott wrote:
>
>>
>> Good morning all:
>>
>> I have recently purchased a computer and am using it as a dedicated
>> server. A friend helped me install PHP and configure. I am saying this
>> because I wonder if using a newer version of PHP (compared to my commercial
>> web host) may be the reasoning behind the error I am receiving.
>>
>> I created a function to generate a form submission key.
>> - This created hidden variable for forms
>> - This is also session variable
>>
>> With this function I have an ‘ include ‘ for the file containing the
>> mySQL database, username and password. I know this file is being accessed
>> because I added:
>>
>> ===
>> echo $mySQL_user;
>> ===
>>
>> following the login credentials.
>>
>> But when I remove this line from mySQL_user_login.inc.php and place
>> within the function on the line following the include the "echo” returns
>> nothing.
>>
>> ===
>> include("mySQL_user_login.inc.**php");
>>
>> echo $mySQL_user;
>> ===
>>
>> Can any of you tell me why this is happening?
>>
>> Ron Piggott
>>
>>
>>
>> www.TheVerseOfTheDay.info
>>
>> #1 - it's not an "include error". It's a programmer error
>
> #2 - that said - why would you want to do this? The release of
> usernames/passwords is a dangerous practice - even in development. If all
> you want to do is verify that you passed thru this bit of code, echo some
> less sensitive message, such as "Connected successfully". Or even better
> have the connect function return true or false and check the return.
>
> #3 - global
> #4 - global
> and #5 global. Anytime you want to use a var withing a function include
> it in a global statement.
>
> I always forget too. But I'm getting pretty good at remembering how to
> resolve it.
>
> PS - do you store your .inc file with this sensitive info on your server
> "outside" of the web-accessible path? I hope so.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
You are most probable getting a fatal error, and the way PHP is configured
now, doesn't show you that publicly. Enable that setting via php.ini or
directly in the script (not recommended) or check out the webserver's
error_log (assuming apache and a RedHat based distro this will be on
/var/log/httpd/error_log). This will tell you what is really going on
because we don't even know what mySQL_user_login.inc.php looks like or what
it does, we also don't know what extensions are activated.
Providing that information you'll get more luck getting great answers. Also
try to mention what distro you're using.
Greetings.
--
@unreal4u
http://unreal4u.com/
Re: [PHP] need some regex help to strip out // comments but not http:// urls
On May 29, 2013, at 5:53 PM, Ashley Sheridan wrote: > Sometimes when all you know is regex, everything looks like a nail... > > Thanks, > Ash > There are people who *know* regrex? Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] limit access to php page
Hello list, I've created an authentication page (index.php) that logs into an LDAP server, then points you to a second page that some folks are intended to use to request apache redirects from the sysadmin group (redirect.php). Everything works great so far, except if you pop the full URL of redirect.php into your browser you can hit the page regardless of the login process on index.php. How can I limit redirect.php so that it can only be reached once you login via the index page? Thank you! Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
Re: [PHP] limit access to php page
On Wed, May 29, 2013 at 6:11 PM, Tim Dunphy wrote: > Hello list, > > I've created an authentication page (index.php) that logs into an LDAP > server, then points you to a second page that some folks are intended to > use to request apache redirects from the sysadmin group (redirect.php). > > Everything works great so far, except if you pop the full URL of > redirect.php into your browser you can hit the page regardless of the login > process on index.php. > > How can I limit redirect.php so that it can only be reached once you login > via the index page? > > Thank you! > Tim > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B Read through this page, and the other parts of the Session manual. Hopefully that will help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] limit access to php page
On May 29, 2013, at 7:11 PM, Tim Dunphy wrote: > Hello list, > > I've created an authentication page (index.php) that logs into an LDAP > server, then points you to a second page that some folks are intended to > use to request apache redirects from the sysadmin group (redirect.php). > > Everything works great so far, except if you pop the full URL of > redirect.php into your browser you can hit the page regardless of the login > process on index.php. > > How can I limit redirect.php so that it can only be reached once you login > via the index page? > > Thank you! > Tim > > -- > GPG me!! Try this: http://sperling.com/php/authorization/log-on.php Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: limit access to php page
On 5/29/2013 7:11 PM, Tim Dunphy wrote: Hello list, I've created an authentication page (index.php) that logs into an LDAP server, then points you to a second page that some folks are intended to use to request apache redirects from the sysadmin group (redirect.php). Everything works great so far, except if you pop the full URL of redirect.php into your browser you can hit the page regardless of the login process on index.php. How can I limit redirect.php so that it can only be reached once you login via the index page? Thank you! Tim I would simply place my redirect.php script outside of the web-accessible tree. The user can never type that uri into his browser and have it work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: limit access to php page
On 5/29/13 6:14 PM, Jim Giner wrote: On 5/29/2013 7:11 PM, Tim Dunphy wrote: Hello list, I've created an authentication page (index.php) that logs into an LDAP server, then points you to a second page that some folks are intended to use to request apache redirects from the sysadmin group (redirect.php). Everything works great so far, except if you pop the full URL of redirect.php into your browser you can hit the page regardless of the login process on index.php. How can I limit redirect.php so that it can only be reached once you login via the index page? Thank you! Tim I would simply place my redirect.php script outside of the web-accessible tree. The user can never type that uri into his browser and have it work. I always see this answer a lot but never any sample code of how to include that file using require_once() or include_once(). It would be nice to know the exact syntax of inclusion of such files. Say, for example if I put the login/redirect .php file 3-4 levels up from my webroot. -d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: limit access to php page
On Wed, May 29, 2013 at 8:14 PM, Jim Giner wrote: > On 5/29/2013 7:11 PM, Tim Dunphy wrote: >> >> Hello list, >> >> I've created an authentication page (index.php) that logs into an LDAP >> server, then points you to a second page that some folks are intended to >> use to request apache redirects from the sysadmin group (redirect.php). >> >> Everything works great so far, except if you pop the full URL of >> redirect.php into your browser you can hit the page regardless of the >> login >> process on index.php. >> >> How can I limit redirect.php so that it can only be reached once you login >> via the index page? >> >> Thank you! >> Tim >> > I would simply place my redirect.php script outside of the web-accessible > tree. The user can never type that uri into his browser and have it work. Depends on whether the redirect is by header or not, if it is via the Location header, then the browser has to be able to hit it. There is, though, a form of application architecture where everything is run through the index page, and it pulls things in via include/require as directed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: limit access to php page
On 5/29/2013 9:20 PM, Glob Design Info wrote: On 5/29/13 6:14 PM, Jim Giner wrote: On 5/29/2013 7:11 PM, Tim Dunphy wrote: Hello list, I've created an authentication page (index.php) that logs into an LDAP server, then points you to a second page that some folks are intended to use to request apache redirects from the sysadmin group (redirect.php). Everything works great so far, except if you pop the full URL of redirect.php into your browser you can hit the page regardless of the login process on index.php. How can I limit redirect.php so that it can only be reached once you login via the index page? Thank you! Tim I would simply place my redirect.php script outside of the web-accessible tree. The user can never type that uri into his browser and have it work. I always see this answer a lot but never any sample code of how to include that file using require_once() or include_once(). It would be nice to know the exact syntax of inclusion of such files. Say, for example if I put the login/redirect .php file 3-4 levels up from my webroot. -d simply a require statement pointing to the script. PHP can load anything, http can only see the web tree. I personally have a std. set of code in my scripts that always creates a var that points to my document root (web root) and another that points to my php folder which is outside of the web root. As for the location - it need be only one level above or at a level parallel but outside of the web root. My hoster actually sets up their accounts with a 'php' folder at the same level as the "public_html" (web root) folder. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: limit access to php page
On Wed, May 29, 2013 at 8:20 PM, Glob Design Info wrote: > On 5/29/13 6:14 PM, Jim Giner wrote: >> >> On 5/29/2013 7:11 PM, Tim Dunphy wrote: >>> >>> Hello list, >>> >>> I've created an authentication page (index.php) that logs into an LDAP >>> server, then points you to a second page that some folks are intended to >>> use to request apache redirects from the sysadmin group (redirect.php). >>> >>> Everything works great so far, except if you pop the full URL of >>> redirect.php into your browser you can hit the page regardless of the >>> login >>> process on index.php. >>> >>> How can I limit redirect.php so that it can only be reached once you >>> login >>> via the index page? >>> >>> Thank you! >>> Tim >>> >> I would simply place my redirect.php script outside of the >> web-accessible tree. The user can never type that uri into his browser >> and have it work. > > > I always see this answer a lot but never any sample code of how to include > that file using require_once() or include_once(). > > It would be nice to know the exact syntax of inclusion of such files. > > Say, for example if I put the login/redirect .php file 3-4 levels up from my > webroot. Okay, first off, your application *has* to have some entry point that *is* accessible to a browser; otherwise nothing will find it. THe include/require(_once) directives take as an argument a file path including file name, there is no requirement they be in the same directory or lower as the calling file. So let's take this as a example: Application/webroot/index.php Application/includes/redirect.php Application/includes/login.php index.php: This the so-called single script entry style for designing your app. A consequence of this is that it makes bookmarking a bit different. One example of this is the PmWiki application. Everything runs through the main script (in this case it's called pmwiki.php instead of index.php, but that's immaterial here). Pages in the wiki are given on the path, such as: http://www.pmwiki.org/wiki/PmWiki/PmWiki, which makes it bookmarkable and work in the browser history. Others may not; it all depends on what you want. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: limit access to php page
On Wed, May 29, 2013 at 9:20 PM, Glob Design Info wrote:
> On 5/29/13 6:14 PM, Jim Giner wrote:
>
>> On 5/29/2013 7:11 PM, Tim Dunphy wrote:
>>
>>> Hello list,
>>>
>>> I've created an authentication page (index.php) that logs into an LDAP
>>> server, then points you to a second page that some folks are intended to
>>> use to request apache redirects from the sysadmin group (redirect.php).
>>>
>>> Everything works great so far, except if you pop the full URL of
>>> redirect.php into your browser you can hit the page regardless of the
>>> login
>>> process on index.php.
>>>
>>> How can I limit redirect.php so that it can only be reached once you
>>> login
>>> via the index page?
>>>
>>> Thank you!
>>> Tim
>>>
>>> I would simply place my redirect.php script outside of the
>> web-accessible tree. The user can never type that uri into his browser
>> and have it work.
>>
>
> I always see this answer a lot but never any sample code of how to include
> that file using require_once() or include_once().
>
> It would be nice to know the exact syntax of inclusion of such files.
>
> Say, for example if I put the login/redirect .php file 3-4 levels up from
> my webroot.
>
> require_once('../../../redirect.php');
Re: [PHP] limit access to php page
On Wed, May 29, 2013 at 08:51:47PM -0400, Tedd Sperling wrote: > On May 29, 2013, at 7:11 PM, Tim Dunphy wrote: > > > Hello list, > > > > I've created an authentication page (index.php) that logs into an LDAP > > server, then points you to a second page that some folks are intended to > > use to request apache redirects from the sysadmin group (redirect.php). > > > > Everything works great so far, except if you pop the full URL of > > redirect.php into your browser you can hit the page regardless of the login > > process on index.php. > > > > How can I limit redirect.php so that it can only be reached once you login > > via the index page? > > > > Thank you! > > Tim > > > > -- > > GPG me!! > > Try this: > > http://sperling.com/php/authorization/log-on.php I realize this is example code. My question is, in a real application where that $_SESSION['auth'] token would be used subsequently to gain entry to other pages, what would you use instead of the simple TRUE/FALSE value? It seems that someone (with far more knowledge of hacking than I have) could rather easily hack the session value to change its value. But then again, I pretty much suck when it comes to working out how you'd "hack" (crack) things. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] limit access to php page
On 30 mei 2013, at 05:05, Paul M Foster wrote: > On Wed, May 29, 2013 at 08:51:47PM -0400, Tedd Sperling wrote: > >> On May 29, 2013, at 7:11 PM, Tim Dunphy wrote: >> >>> Hello list, >>> >>> I've created an authentication page (index.php) that logs into an LDAP >>> server, then points you to a second page that some folks are intended to >>> use to request apache redirects from the sysadmin group (redirect.php). >>> >>> Everything works great so far, except if you pop the full URL of >>> redirect.php into your browser you can hit the page regardless of the login >>> process on index.php. >>> >>> How can I limit redirect.php so that it can only be reached once you login >>> via the index page? >>> >>> Thank you! >>> Tim >>> >>> -- >>> GPG me!! >> >> Try this: >> >> http://sperling.com/php/authorization/log-on.php > > I realize this is example code. > > My question is, in a real application where that $_SESSION['auth'] token > would be used subsequently to gain entry to other pages, what would you > use instead of the simple TRUE/FALSE value? It seems that someone (with > far more knowledge of hacking than I have) could rather easily hack the > session value to change its value. But then again, I pretty much suck > when it comes to working out how you'd "hack" (crack) things. > > Paul > > -- > Paul M. Foster > http://noferblatz.com > http://quillandmouse.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php $_SESSION value are quite secure, as they are set on the server, only you can control what's inside them. What can be hacked is the authentification process or some script that sets session values. There is also a way of hijacking a session, but again: its values aren't changed by some PHP script, the session is being hijacked. Don't pass urls with the session id within them and you'll be save. Greetings. Sent from my iPhone 6 Beta [Confidential use only] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
