[PHP] running a script
Is there any way to run a php script by clicking a link? Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] running a script
The program I am working on so far will take input from a form and email it out. This information needs to be verified by a human and then somehow the human that verifys the info needs to click some link in order to for all that data to be entered into an SQL database. I was thinking of somehow having a link in the email so when I click on it, it runs a script that will enter all my info into the database. Any help/suggestions is appreciated. Thanks, Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] On Tuesday 03 August 2004 12:25, Aaron Todd offered up the following tid-bit of information : > Is there any way to run a php script by clicking a link? > > Thanks, > > Aaron Anytime you click on a link to a php document, you are 'running' a php script. Could you be a bit more specific as to what you want to do? -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] running a script
I like both of these methods...Is one of them more used regularly with PHP. I don't want to start down a road that will eventually dead end if you know what I mean. Thanks, Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] On Tuesday 03 August 2004 13:08, Aaron Todd offered up the following tid-bit of information : > The program I am working on so far will take input from a form and email > it out. This information needs to be verified by a human and then > somehow the human that verifys the info needs to click some link in order > to for all that data to be entered into an SQL database. > > I was thinking of somehow having a link in the email so when I click on > it, it runs a script that will enter all my info into the database. > > Any help/suggestions is appreciated. > > Thanks, > > Aaron You could : A) Build the link in the email with a query string of all the data you want to enter into the db, eg. http://www.mydomain.com/processForm.php?key1=val1&key2=val2&key3=val3 And these will be passed to your script in the $_GET array. Or : B) Store all the info that is entered in your form in a temporary table, with a unique id, and attach that id to the link in your email, eg. http://www.mydomain.com/processForm.php?id= And have the script (processForm.php), read the info from the temporary table and insert it into it's final destination. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] running a script
Thanks for the tips. After clicking http://www.mydomain.com/processForm.php?id= is 'id' a variable containing 'some id'. Can I access that by '$id' I am just trying to figure out how to write the SELECT statement for that script. I am guessing, but I would do: "SELECT * FROM temp_users WHERE ID=$id" Thanks again. Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] On Tuesday 03 August 2004 13:32, Aaron Todd offered up the following tid-bit of information : > I like both of these methods...Is one of them more used regularly with > PHP. I don't want to start down a road that will eventually dead end if > you know what I mean. > > Thanks, > > Aaron > > B) Store all the info that is entered in your form in a temporary table, > with a unique id, and attach that id to the link in your email, eg. > > http://www.mydomain.com/processForm.php?id= > > And have the script (processForm.php), read the info from the temporary > table and insert it into it's final destination. I don't know if it's more common, but I would use the second option to do something like this. No 'personal' infomation is passed to the script via http. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need Some Direction
Hello, I am trying to build up a members only site, but I need some direction. So far I have written a page that will let a user register for access. That script emails me their info so I can validate it, sends them a "thankyou" email and then sends the data to a temporary MySQL database table. In the email that I get I created two links. One will send the user an acceptance email and put their info in a final database table. The other will send the user a Deny email and will delete their info from the temporary database table. I have also created a login script that will ask for a username and password and verify it with the database. If its all correct then it will redirect you to a restricted page. The direction I need is how do I go about restricting access to the members only pages? I have been reading up on sessions, which I think will be a cool addition to this site, but I still havent found much on restrictin access without a username and password. Currently my login and registration pages are located in the root of the domain. The all the members only pages are in a directory called /members/. Can anyone give me some direction on how I should go about all this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron "Miles Thompson" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron, > > The way to do it is to have an authentication page where users log in. A > successful login starts the session, on each subsequent page test for the > session and if it is not present, redirect to the login page. This test is > just one line at the top of each page you want to protect. > > This way if someone comes to a members page through something like Google, > they will be redirected automatically to the login page. > > Trust this his helpful - Miles Thompson > > At 11:42 AM 8/5/2004, Aaron Todd wrote: > >Hello, > > > >I am trying to build up a members only site, but I need some direction. So > >far I have written a page that will let a user register for access. That > >script emails me their info so I can validate it, sends them a "thankyou" > >email and then sends the data to a temporary MySQL database table. In the > >email that I get I created two links. One will send the user an acceptance > >email and put their info in a final database table. The other will send the > >user a Deny email and will delete their info from the temporary database > >table. > > > >I have also created a login script that will ask for a username and password > >and verify it with the database. If its all correct then it will redirect > >you to a restricted page. > > > >The direction I need is how do I go about restricting access to the members > >only pages? I have been reading up on sessions, which I think will be a > >cool addition to this site, but I still havent found much on restrictin > >access without a username and password. Currently my login and registration > >pages are located in the root of the domain. The all the members only pages > >are in a directory called /members/. > > > >Can anyone give me some direction on how I should go about all this. > > > >Thanks, > > > >Aaron > > > >-- > >PHP General Mailing List (http://www.php.net/) > >To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
I hate to sound ignorant, but how do I get a file out of a .htaccess protected directory without logging in again? You cant use the normal syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft "fixed" that "bug". Thanks, Aaron "Torsten Roehr" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Aaron Todd" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > So far I have made this work. But now I have to ask...what about a pdf > > file? I cant add php code to it so what do I do. I need to be able to > > restrict the pdf so a user can only get to it during a current session. > > > > Thanks again for all the previous posts. You all directed me to a good > > place. My pdf files sliped my mind when I posted. I should have added > this > > problem before. > > > > I hope it can still be done. > > > > Thanks, > > > > Aaron > > Hi Aaron, > > put your pdf file outside of the webroot our in a .htaccess protected > directory. Then read in the file contents, set the appropriate headers and > output the file contents to the browser - this should prompt a download > window. > > PEAR's HTTP_Download is excellent for this job: > http://pear.php.net/package/HTTP_Download > > Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Do you recomend the same for downloading of a file. I have a few zip files that need to be protected too. Do I have to open the file using fopen and then write it to the users machine using fwrite? Thanks, Aaron "Ed Lazor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Adding to what Miles says, use the fopen and fread commands (see manual on > the PHP site) for accessing the PDF files so that you can send copies of > them to the user. Examples are in the user comments of the manual. > > > -Original Message----- > > At 05:42 PM 8/5/2004, Aaron Todd wrote: > > >So far I have made this work. But now I have to ask...what about a pdf > > >file? I cant add php code to it so what do I do. I need to be able to > > >restrict the pdf so a user can only get to it during a current session. > > > > > >Thanks again for all the previous posts. You all directed me to a good > > >place. My pdf files sliped my mind when I posted. I should have added > > this > > >problem before. > > > > > >I hope it can still be done. > > > > > >Thanks, > > > > > >Aaron > > > > > > Put the directory containing the .pdf's outside the web tree (webroot & > > descendants). > > > > Miles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
When you say "outside of the webroot" do you mean. Can you give me an example. The root of my web is in /var/www/html/. Thats where you are taken when you punch in my domain. Currently I have a directory called /test/ which is protected by .htaccess but it is inder the webroot.../var/www/html/test/ So far under this config I cant get it to work, but I'm not sure if I'm still under the webroot in my config. Do I need to move my test directory to lets say /var/www/ or even /var/? Thanks again, Aaron "Torsten Roehr" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Aaron Todd" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > I hate to sound ignorant, but how do I get a file out of a .htaccess > > protected directory without logging in again? You cant use the normal > > syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft "fixed" that > > "bug". > > > > Thanks, > > > > Aaron > > Hi Aaron, > > because you are accessing a file via PHP from your *local* file system it > doesn't matter if the directory is protected or outside of the webroot. PHP > has access to the file (if read privilege is set). The protection is just to > deny public access. > > Take a look here: > http://pear.php.net/manual/en/package.http.http-download.intro.php > > Hope this helps, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] download script
I was going to post another follow-up question in a pending thread here but it seems to have been deleted. Anyway, I am trying to write a download script that will downloaded files from my site. All these files need to be protected so just anybody cant come to the site and download them. I have already created a login environment for this site and just need to make my file downloads work. Currently they are in a directory protected by .htaccess. I was told on the previous thread that I needed to place the files that are protected by .htaccess ouside of the webroot in order for PHP to have rights to them. My web root is /home/lgxdlr/mainwebsite_html/ I put the secure directory called test in /home/lgxdlr/ I am trying to dowload a file using readfile(), but PHP still cant seem to get to the file. Here is my code: "; echo basename($file); echo "No File Found"; } ?> If anyone can give me a hand with this please post. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] download script
I was going to post another follow-up question in a pending thread here but it seems to have been deleted. Anyway, I am trying to write a download script that will downloaded files from my site. All these files need to be protected so just anybody cant come to the site and download them. I have already created a login environment for this site and just need to make my file downloads work. Currently they are in a directory protected by .htaccess. I was told on the previous thread that I needed to place the files that are protected by .htaccess ouside of the webroot in order for PHP to have rights to them. My web root is /home/dlr/mainwebsite_html/ I put the secure directory called test in /home/dlr/ I am trying to dowload a file using readfile(), but PHP still cant seem to get to the file. Here is my code: "; echo basename($file); echo "No File Found"; } ?> If anyone can give me a hand with this please post. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Embeded PHP
I was just wondering if anyone out there is using PHP for an embeded development or knows of any devices that use PHP on their system. Thanks, Aaron Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Thanks for your reply,
I am not getting an error at all. I have coded some error traping so if the
files is not found it will tell you instead of displaying an error. As a
test I took all of that out so the script was:
$file = "/home/dlr/test/".$_GET['file'].""
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($file));
readfile($file);
I also took out the @ as you suggested.
Like that it brings up a download window like it should and then downloads a
file with the correct name, but it is only about 400 bytes and cannot be
read.
Thanks again for your help,
Aaron
"John Nichel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Aaron Todd wrote:
>
> > > $file = "/home/dlr/test/".$_GET['file']."";
> > if (file_exists(basename($file))) {
> > header("Content-Description: File Transfer");
> > header("Content-Type: application/force-download");
> > header("Content-Disposition: attachment; filename=".basename($file));
> > @readfile($file);
> > } else {
> > echo "$file";
> > echo basename($file);
> > echo "No File Found";
> > }
> > ?>
>
> Belay my last post...you're using readfile and not fread.
>
> Okay, what error is the script outputting? You should remove the '@'
> from in front of readfile() so that it will output an error if it's the
> problem.
>
> --
> John C. Nichel
> ÜberGeek
> KegWorks.com
> 716.856.9675
> [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] embedded php
I was just wondering if anyone out there is using PHP for an embeded development or knows of any devices that use PHP on their system. An example of what I am talking about would be a Linksys router. They run an embedded Linux web server and do management through a browser. I am wondering if I could do the same but also run some php scripts. Thanks, Aaron Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Why would this be a security hole if I do not filter the file name before I use it? Thanks, Aaron "Ed Lazor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The other guys addressed how to get the script working, but I thought I > might also mention that you're presenting a potential security hole in your > app by not filtering the file name before using it. You'll also want to use > the realpath command on the full file name and path. > > > -Original Message- > > $file = "/home/dlr/test/".$_GET['file'].""; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] str_split()
I was just wondering if anyone can look an the following code and tell me if there are any obvious errors. I wrote this in DZsoft PHP editor where it works perfectly. But then when I run it on my webserver it gave me a fatal error: Fatal error: Call to undefined function: str_split() in /home/virtual/site341/fst/var/www/html/test.php on line 12 "; echo "$parsed[0]-$parsed[1]-$parsed[2]$parsed[3]"; ?> Can anyone enlighten me on this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_split()
I thought someone might ask me that. I honestly dont know. I have been looking for a comand that I can run to find out, but I havent found one. I have SSH access to the server so if you know of a way to get the version please let me know. Thanks, Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron Todd wrote: > > I was just wondering if anyone can look an the following code and tell me if > > there are any obvious errors. I wrote this in DZsoft PHP editor where it > > works perfectly. But then when I run it on my webserver it gave me a fatal > > error: > > > > Fatal error: Call to undefined function: str_split() in > > /home/virtual/site341/fst/var/www/html/test.php on line 12 > > > > > > > > > > > > > > > $teststr = "5176948000"; > > $parsed = str_split($teststr,3); > > echo "$teststr"; > > echo "$parsed[0]-$parsed[1]-$parsed[2]$parsed[3]"; > > ?> > > > > > > What version of php is your webserver running? > > -- > John C. Nichel > ÜberGeek > KegWorks.com > 716.856.9675 > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_split()
HAH...I found it. I have version 4.3.3 Does that version not have this function or something? Thanks, Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron Todd wrote: > > I was just wondering if anyone can look an the following code and tell me if > > there are any obvious errors. I wrote this in DZsoft PHP editor where it > > works perfectly. But then when I run it on my webserver it gave me a fatal > > error: > > > > Fatal error: Call to undefined function: str_split() in > > /home/virtual/site341/fst/var/www/html/test.php on line 12 > > > > > > > > > > > > > > > $teststr = "5176948000"; > > $parsed = str_split($teststr,3); > > echo "$teststr"; > > echo "$parsed[0]-$parsed[1]-$parsed[2]$parsed[3]"; > > ?> > > > > > > What version of php is your webserver running? > > -- > John C. Nichel > ÜberGeek > KegWorks.com > 716.856.9675 > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_split()
Do you know of a simular function that will split a string in the same way. I have phone numbers stored in a database in the format ##. I need to display the number on the page in the format ###-###-. str_split() worked perfectly for this. Is there another function? Thanks, Aaron "John Nichel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron Todd wrote: > > I thought someone might ask me that. I honestly dont know. I have been > > looking for a comand that I can run to find out, but I havent found one. I > > have SSH access to the server so if you know of a way to get the version > > please let me know. > > Well, it looks like str_split() was introduced in PHP5, and I think it's > safe to say that most production servers out there are still running > php4. Make a php file in the document root of your web site with this > in it > > > phpinfo(); > > ?> > > And access it with a browser... > > http://www.mysite.com/phpinfo.php (or whatever you name the file) > > and you can see the version of php, as well as all the configuration > options. Also, if you have the cli installed, you can type this in via > a shell > > php -v > > and that will give you version info. > > -- > John C. Nichel > ÜberGeek > KegWorks.com > 716.856.9675 > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] downloading files
I posted a simular question before and never really got an answer. The post drifted off into some other valuable information, but I still have the same question. I am trying to create a site with file downloads. The files on the server that are to be downloaded need to be protected somehow. I have already created a login page for the site so users must log in. The download files are in a directory protected by htaccess which it is my understanding that PHP can go underneath htaccess to get access to the files. My problem is where do I put this directory? I was already told to put it outside the web root directory, but I really dont know where the best place is. Anyone have a suggestion? Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] downloading files
I have been using the following code to try to make it work: The webroot of my site is at: /var/www/html So far this will create a new file on my computer where ever I want, but it does not download the contents of the file. Any suggestions? Thanks, Aaron "Octavian Rasnita" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > You can put the files that need to be downloaded in a directory somewhere > outside of the web server root, but in that case your PHP program will > need > to read the file and print it to the browser, and it will also need > printing > the HTTP headers: > > Content-type: application/octet-stream > Content-disposition: attachment; file=$filename > Content-length: xxx > [blank line] > > Or you can put the files somewhere on the web server tree, protect the > directory with .htaccess (username + password), and just put a simple link > to those files. > When someone will click that link, it will be asked for a username and > password in a popup window that the browser will open. > > If you don't want to appear that window, you can set your server to > redirect > the user to a php script, for a certain Status code that is generated when > authorization is required, and that PHP script can ask nice for a username > and password that can be used then by the script to allow access to that > file (but this way might be more complicated without real benefits). > > Teddy > > Teddy > > - Original Message - > From: "Aaron Todd" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, August 19, 2004 8:30 PM > Subject: [PHP] downloading files > > >> I posted a simular question before and never really got an answer. The > post >> drifted off into some other valuable information, but I still have the > same >> question. >> >> I am trying to create a site with file downloads. The files on the >> server >> that are to be downloaded need to be protected somehow. I have already >> created a login page for the site so users must log in. The download > files >> are in a directory protected by htaccess which it is my understanding >> that >> PHP can go underneath htaccess to get access to the files. My problem is >> where do I put this directory? I was already told to put it outside the > web >> root directory, but I really dont know where the best place is. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] downloading files
I did exactly what you said but its not working for me. I am getting the following error: Warning: filesize(): SAFE MODE Restriction in effect. The script whose uid is 20373 is not allowed to access /var/www owned by uid 0 in /home/virtual/site341/fst/var/www/html/test.php on line 3 I checked the rights and it its exactly what it should be...rwxr-xr-x...for all the directories leading to the download directory and all the files in the directory. Is this SAFEMODE error normal or is something turned on in that I need to turn off? Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] readfile()
I'm trying to use readfile() to allow a user to download a file that is
outside of my webroot.
webroot = /var/www/html
downloads dir = /var/www/downloads
Here is the code that I have been using:
$file = "/var/www/downloads/test.txt";
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($file));
readfile($file);
This code will work if I change the path to the webroot path, but not the
downloads dir path. I get an error saying "Unable to access" and then
"failed to open stream: No such file or directory".
I have given whe I believe is the correct rights for the downloads dir and
also the file...rwxr-xr-x for both.
Anyone have any idea why this isnt working?
Thanks,
Aaron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] readfile()
Not too familure with a chroot'd web setup and I dont know if my ISP has
some security that I dont know about. I tried some tests with file_exists()
and it doesnt seemt to be able to get to the files either. I've put in an
info request to my ISP but they are usually not much help with something
this advanced. Is there anything else I can do to further diagnose this
problem?
Thanks again,
Aaron
"Greg Donald" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Mon, 2004-08-23 at 13:02, Aaron Todd wrote:
>> I'm trying to use readfile() to allow a user to download a file that is
>> outside of my webroot.
>>
>> webroot = /var/www/html
>> downloads dir = /var/www/downloads
>>
>> Here is the code that I have been using:
>> $file = "/var/www/downloads/test.txt";
>> header("Content-Description: File Transfer");
>> header("Content-Type: application/force-download");
>> header("Content-Disposition: attachment; filename=".basename($file));
>> readfile($file);
>>
>> This code will work if I change the path to the webroot path, but not the
>> downloads dir path. I get an error saying "Unable to access" and then
>> "failed to open stream: No such file or directory".
>>
>> I have given whe I believe is the correct rights for the downloads dir
>> and
>> also the file...rwxr-xr-x for both.
>>
>> Anyone have any idea why this isnt working?
>
> Is the download directory outside a chroot'd web setup perhaps? Or
> maybe your provider has some security you don't know about?
>
> There are some file related functions you can debug with, like
> is_readable(), and file_exists().
>
>
> --
> Greg Donald
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] crypt()
I have developed a PHP based site that requires users to login. Their login information is kept in a MYSQL database. Currently, I am using an IF statement to verify what the user enters as their password with what is in the the database. If they are the same a session is created and they have access to the content of the site. As far as I know the password is being sent to the script in clear text and I was wondering what a good way would be to get this to be encrypted. My first thought is to encrypt the password in the database using crypt(). So if I view the table I will see the encrypted characters. Then change the IF statement to encrypt the password that the user enters and then just check if its the same as what is in the database. That sounds like the same as I am doing now only instead of checking a password that is a name, its checking the encrypted characters of the name. So it seems my idea would hide the real characters. Can anyone tell me if this is a bad idea. And maybe point me toward a good one. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: crypt()
Thanks for the tip, it worked great, however everything I have been reading says that md5 is only one way. The way I have setup my app is the database contains the encrypted version of what the user entered as their password. Then on my login page there is an if statement that encrypts what the user is entering as their password and then checking that against what is in the database for them. This is working great!...Thanks again. My registration page is where the password gets encrypted and then sent to the database. After the user registers and I accept them as a user they recieve an email containing their username and password. But the password is encrypted. Is there a way to decrypt the encrypted password in the database? Or am I going about this wrong? Thanks again for your help. Aaron "Torsten Roehr" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Aaron Todd" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> I have developed a PHP based site that requires users to login. Their > login >> information is kept in a MYSQL database. Currently, I am using an IF >> statement to verify what the user enters as their password with what is >> in >> the the database. If they are the same a session is created and they >> have >> access to the content of the site. >> >> As far as I know the password is being sent to the script in clear text > and >> I was wondering what a good way would be to get this to be encrypted. My >> first thought is to encrypt the password in the database using crypt(). > So >> if I view the table I will see the encrypted characters. Then change the > IF >> statement to encrypt the password that the user enters and then just >> check >> if its the same as what is in the database. That sounds like the same as > I >> am doing now only instead of checking a password that is a name, its >> checking the encrypted characters of the name. >> >> So it seems my idea would hide the real characters. >> >> Can anyone tell me if this is a bad idea. And maybe point me toward a > good >> one. >> >> Thanks, >> >> Aaron > > Hi Aaron, > > encrypting passwords in the database is generally a good idea. You can use > md5() as an alternative to crypt(). MySQL itself has an MD5 function you > can > directly use in your SQL statements. > > Regards, Torsten Roehr > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Download Script
I've created a download script that works quite nicely. The only issue with it is that when I download a file where the file name is like "filename v1.0.2.1.exe" there is some extra characters added into the name when it is downloaded. So that file will be "filename v1[1].0.2.1.exe". I am wondering if this is my headers that are doing this, but I really dont know. Here is my code: If anyone can let me know what is going on I'd appreciate it. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Download Script
Were you trying to download any files in the format "filename v1.0.2.0.exe"
I just tried using readfile and got the same results.
Aaron
"Jasper Howard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> When I created a download script a couple weeks ago I used
> readfile($filename) instead of fread() and didn't get anything like what
> you're getting.
>
> [snippet]
> header("Content-type: $type");
> header('Content-Disposition: attachment; filename="'.$file_name.'"');
> readfile($dfile);
> [/snippet]
> NOTE: $dfile = path + file;
>
> --
>
>
> -->>
> Jasper Howard :: Database Administration
> Velocity7
> 1.530.470.9292
> http://www.Velocity7.com/
> <<--
> "Aaron Todd" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>> I've created a download script that works quite nicely. The only issue
> with
>> it is that when I download a file where the file name is like "filename
>> v1.0.2.1.exe" there is some extra characters added into the name when it
> is
>> downloaded. So that file will be "filename v1[1].0.2.1.exe". I am
>> wondering if this is my headers that are doing this, but I really dont
> know.
>>
>> Here is my code:
>> > $file = $_GET['file'];
>> $path = $_GET['type'];
>> $rootpath = "/home/virtual/site341/fst/var/www/downloads/";
>> $filename = "$rootpath$path/$file";
>> if (file_exists($filename)) {
>> header("Content-Description: File Transfer");
>> header("Pragma: no-cache");
>> header("Content-Type: application/force-download");
>> header("Content-Disposition: attachment;
> filename=".basename($filename));
>> header("Content-Length: ".filesize($filename));
>> $handle = fopen(($filename), "r");
>> print(fread($handle, filesize($filename)));
>> flush();
>> fclose($handle);
>> } else {
>> header("HTTP/1.0 404 Not Found");
>> }
>> ?>
>> If anyone can let me know what is going on I'd appreciate it.
>>
>> Thanks,
>>
>> Aaron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Variable Security
Can anyone tell me how secure a session variable is. I realize that if someone wanted to take the time to break into my site they will eventually succeed, but I dont want to make it too easy. I have a database that stores a username and an encrypted password which both are verifyed when the user logs in to the site. Then I have a session variable that I am checking for on all other pages that tells the page that they are logged in. I also have a session variable that holds the users ID in the database. Certain pages reference that ID to show the user there data. Mainly used for a My Account page. But If I'm logged in, how easy would it be, if its even possible, to change the session variable that holds my ID to someone elses ID so I can get their data. I hope I have explained myself enough for someone to know what I am talking about. If anyone has some good web sites on session security I'd really like to read them. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Push file to FTP Server
Does anyone know how I might be able to have php push a file to an FTP server? Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] constant tasks
I'm wondering if it is possible to have some kind of script running all the time. I have a site that collects data that users enter and emails certain people and does other various tasks with the data. Some of the information collected contains dates and times that could be up to three months from now. What I am trying to do is have something fire off an email to someone when that future date/time comes around so a follow-up can be done. Anyone know of anything I can look into for this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] fireing function with onChange
I have a loop that is putting the filenames of files in a certain directory
into a listbox. I am then using the onChange event of the listbox to fire a
function. In this script the onchange event sends the function the path an
filename of the chosen file from the list. I have tested what I am sending
with a javascript alert and it looks ok. The funstion is supposed to open
the file and then make a new file(im working with jpegs using GD).
Unfortunately it isnt working the way I would want it to. Can soneone check
this code and see if there is anything wrong. In the browser it doesnt do
anything. I had hoped for at least an error code.
Hope someone can help...Thanks
\n";
while ($file = readdir($dir_handle))
{
if($file!="." && $file!=".."){
echo "$file\n";
}
}
echo "\n";
echo "";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Image Creation
I just wrote a little script to play around with the GD library but I am
having a problem displaying it in the browser. I have not problem at all
when I just run the script. But I was trying to make the image in a custom
function which will return the image when its called. All I end up getting
is a bunch of weird characters.
Here's my code:
function makepie($slice, $total){
$height = 150;
$width = 150;
$im = ImageCreate($width, $height);
$bck = ImageColorAllocate($im, 255,255,255);
$black = ImageColorAllocate($im, 0, 0, 0);
$red = ImageColorAllocate($im, 255, 0, 0);
imagefilledellipse($im, 75, 75, 125, 125, $red);
imageellipse($im, 75, 75, 125, 125, $black);
//Making the Slice
$pieslice = (($slice / $total) * 360) + 315;
imagefilledarc($im, 75, 75, 125, 125, 315, $pieslice, $black,
IMG_ARC_PIE);
//Return
header("Content-type: image/png");
echo ImagePNG($im);
}
Anyone have any idea why I cant return the image?
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Image Creation
Thanks for the compliment on my function. I have since improved upon
it...see below.
I can do the exact same thing as you and get results, but what I can't do is
show the image within an HTML table. I think it is something to do with the
header line, but I dont know how to get around it. I've tried just calling
the function like I have in the code below. I've also tried calling the
function inside of command. Both ways dont work.
Check out the code if you can and let me know if you seen anything that I am
doing wrong. Thanks
This is a
test".makepie(20,200)."
";
?>
"James Taylor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Dude - that works fine!
>
> can you check your code - make sure you havnt got any white space at all
> before the php starts in ANY file, and then check that you've got ALL
> erros being reported (because you might have the error cant send headers,
> output allready sent at line x) which will prenvent the header being sent
> and then you dump the image to the screen which is the random wierd
> characters (that means the image create functions are all ok and
> installed, and you have an image object or similar).
>
> my code was simple NO WHITESPACE
> NO BLANK LINES NOTHING.
>
> (ps you might even have a php include in the php file (php prepend or
> something?) which might be inserting a space or a newline or ending
> headers or something. Look at error_reporting() or similar in the manual
> to turn error reporting on for your script.
>
> Hope you find the bug, thats quite a nice function you have there.
> J
>
> Aaron Todd wrote:
>> I just wrote a little script to play around with the GD library but I am
>> having a problem displaying it in the browser. I have not problem at all
>> when I just run the script. But I was trying to make the image in a
>> custom function which will return the image when its called. All I end
>> up getting is a bunch of weird characters.
>>
>> Here's my code:
>> function makepie($slice, $total){
>> $height = 150;
>> $width = 150;
>> $im = ImageCreate($width, $height);
>> $bck = ImageColorAllocate($im, 255,255,255);
>> $black = ImageColorAllocate($im, 0, 0, 0);
>> $red = ImageColorAllocate($im, 255, 0, 0);
>> imagefilledellipse($im, 75, 75, 125, 125, $red);
>> imageellipse($im, 75, 75, 125, 125, $black);
>>
>> //Making the Slice
>> $pieslice = (($slice / $total) * 360) + 315;
>> imagefilledarc($im, 75, 75, 125, 125, 315, $pieslice, $black,
>> IMG_ARC_PIE);
>>
>> //Return
>> header("Content-type: image/png");
>> echo ImagePNG($im);
>> }
>>
>> Anyone have any idea why I cant return the image?
>>
>> Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Image Creation
Hey Guys,
I think I fixed my own problem. I tried calling the PHP script from a
different page like this:
This gave me the results I wanted.
Thanks for all your help.
Aaron
"Aaron Todd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I just wrote a little script to play around with the GD library but I am
>having a problem displaying it in the browser. I have not problem at all
>when I just run the script. But I was trying to make the image in a custom
>function which will return the image when its called. All I end up getting
>is a bunch of weird characters.
>
> Here's my code:
> function makepie($slice, $total){
>$height = 150;
>$width = 150;
>$im = ImageCreate($width, $height);
>$bck = ImageColorAllocate($im, 255,255,255);
>$black = ImageColorAllocate($im, 0, 0, 0);
>$red = ImageColorAllocate($im, 255, 0, 0);
>imagefilledellipse($im, 75, 75, 125, 125, $red);
>imageellipse($im, 75, 75, 125, 125, $black);
>
>//Making the Slice
>$pieslice = (($slice / $total) * 360) + 315;
>imagefilledarc($im, 75, 75, 125, 125, 315, $pieslice, $black,
> IMG_ARC_PIE);
>
>//Return
>header("Content-type: image/png");
>echo ImagePNG($im);
> }
>
> Anyone have any idea why I cant return the image?
>
> Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] FREETYPE and GD
Hello, I've created a simple script that takes in image and draws some lines and some text on top of it. I am having a problem with the text part of this. When the string that I am drawing on the image contains and apostrophe ( ' ) there is always a backslash ( \ ) before it. It make sense that it is the escape character, but I need to be able to show the apostrophe. Anyone have any ideas about this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FREETYPE and GD
BEAUTIFUL Thats exactly what I was looking for. I'm not doing anything with MySQL so I am going to leave Magic Quotes on and just use stripslashes() Thanks a bunch. "Richard Lynch" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron Todd wrote: >> I've created a simple script that takes in image and draws some lines and >> some text on top of it. I am having a problem with the text part of >> this. >> When the string that I am drawing on the image contains and apostrophe >> ( ' >> ) >> there is always a backslash ( \ ) before it. It make sense that it is >> the >> escape character, but I need to be able to show the apostrophe. Anyone >> have >> any ideas about this? >> >> > $backdir = "/var/www/html/backgrounds/"; >> $im = ImageCreatefromJPEG($backdir.$_GET['background']); > > Because you have Magic Quotes GPC on, all GET/POST/COOKIE data > automatically has addslashes called on it, before you see it. > > That's "good" because you are probably usually putting your data into a > MySQL database that needs that. > > In this case, though, you want to use http://php.net/stripslashes to > "undo" the automated addslashes of Magic Quotes. > > Or, if your site mostly/only takes GET data and puts it on images, and > rarely puts it into the database, go ahead and turn Magic Quotes GPC "off" > in php.ini (or in your .htaccess) > > Note that you can't turn it off in your script with ini_set since the GPC > data is already altered by the time your script starts. > > GD is not really directly involved, per se, in this issue. You'd have the > same problem if you were putting your GET data into a file, or displaying > it directly to the user, or pretty much doing anything at all with it > *except* for stuffing it into MySQL. > > -- > Like Music? > http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] rawurldecode
I am trying to use the rawurldecode() function to decode a variable that is begin passed from a different page through the url. The PHP manual doesnt say much for this function, but it does have quite a bit on the urldecode() function which says using urldecode on a $_GET variable wont produce the desired results. Is there another way to decode a url variable? Or maybe a better way to get a variable from one page to another so I can use it. The variable may contain all types of characters, but mainly a space(%20) is the biggest problem. If anyone has some kind of workaround for this please let me know. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] rawurldecode
All I am doing is adding a file name as a variable in the URL.http://www.mysite.com/mypage.php?variable=this is my image.jpg When I do a echo $_GET['variable']; it only writes the first word. Is there some setting that might be turned off in the php.ini file that would disable this functionality? Thanks "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Aaron Todd wrote: >> I am trying to use the rawurldecode() function to decode a variable that >> is begin passed from a different page through the url. The PHP manual >> doesnt say much for this function, but it does have quite a bit on the >> urldecode() function which says using urldecode on a $_GET variable wont >> produce the desired results. Is there another way to decode a url >> variable? Or maybe a better way to get a variable from one page to >> another so I can use it. The variable may contain all types of >> characters, but mainly a space(%20) is the biggest problem. >> >> If anyone has some kind of workaround for this please let me know. > > You should not need it, %20 is decoded to space and as such is already in > $_GET variable. If it's still encoded then you encoded it where it was not > necessary. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: rawurldecode
I have been playing around with the varialbe that I am sending here and I have found that this function is actually working correctly. Spaces an punctuation decode properly, but an amperstand seems to be where my ploblem is. I know its a very weird character to be using, but it is a valid character in a filename so I must acount for it. Has anyone previously dealt with this and might be able to give me a quick work around? Thanks "Aaron Todd" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I am trying to use the rawurldecode() function to decode a variable that is >begin passed from a different page through the url. The PHP manual doesnt >say much for this function, but it does have quite a bit on the urldecode() >function which says using urldecode on a $_GET variable wont produce the >desired results. Is there another way to decode a url variable? Or maybe >a better way to get a variable from one page to another so I can use it. >The variable may contain all types of characters, but mainly a space(%20) >is the biggest problem. > > If anyone has some kind of workaround for this please let me know. > > Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] rawurldecode
I got it. After you said I shouldn't need it I started playing around and found that you were right...I didnt need it for spaces and other punctuation. But I was then having a problem with amperstands. It was dropping everything after an amperstand off. I ended up doing a rawurldecode of $_SERVER["QUERY_STRING"] and then a strrchr() on it to return everything past the "=" sign. Then I had to do a substr() to get rid of the "=". Its probably a long way of doing this and I know it probably wont work if I add a second variable to the url, but I have already taken precautions against that. This should work unless anyone see's amore major security issue with it. $end = strlen(strrchr(rawurldecode($_SERVER["QUERY_STRING"]),"=")); echo substr(strrchr(rawurldecode($_SERVER["QUERY_STRING"]),"="), 1, $end); Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mail function in 4.2.2
I am working with a server that has version 4.2.2 on it. I know...I
know...its old. Its my ISPs server so I don't have too much control over
it.
Anyway, I am seeing a problem where when I use the mail function to send
out an email only some of the messages get to the destination. I wrote a
simple test script that runs through a loop and is supposed to send out five
emails. Usually only one or two of the emails make it. And on top of that
its not always the first two that get sent. Here is my test script. I also
have tried using the sleep command to give it 5 seconds between each email
thinking maybe it was a time thing.
for($i=0;$i<5;$i++){
echo $i."";
mail("[EMAIL PROTECTED]","test_".$i, "test_".$i);
sleep(5);
}
Is there something with this version of PHP that could be effecting the mail
function. I checked the change log and there has been some improvements to
the mail function, but not much detail on why the changes were necessary.
Just wondering if I have come across an old bug or something.
I've already asked my ISP to upgrade this server so if that's the solution
its on its way to being fixed. Is there anything else that could be wrong?
Thanks
Aaron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail function in 4.2.2
Thanks for the reply. I'll ask the ISP about throtteling next time I talk with them. I would also like to mention that I am also getting intermitent results when just sending a single email. One if the web pages I am testing is a support request form. When the form is submitted it sends an email to me so I can test that it is working. But sometimes it never makes it. In this case I wouldn't thing that throttleing would be the cause. Sometimes when I start working on it at 8 in the morning and do a test run it never makes it. In that case nothing has been sent through PHP for at least 8 hours. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DATE()
Is there any way yo get the date and time using date() from a Internet time server? Right now I am getting it from my servers date and time which seems to be unpredictable since my ISP seems to change it at random. Windows shows two time servers time.windows.com and time.nist.gov and I was wondering if I could use one of them instead of the time from my server. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] incrementing a register global
I dont know it this is possible, but here it goes. Hopefully I cac explain
it well enough for someone to understand.
I am posting data to a php script. I have several variables that are the
same except the number at the end is different. So the url of the called
script will be something like:
http://www.something.com/test.php?name1=Sam&name2=Bill&name3=Joe
On my script I am using substr() and strrchr() to get the number of last
variable:
$names = substr(strrchr($_SERVER['QUERY_STRING'],"&"),7,1);
I am then trying to run a loop to call each variable and just print it on
the screen:
for($i=1;$i<=$boxes;$i++){
echo $_GET['name'].$i;
}
This is where my problem is. And I dont know if this is even possible, but
if you look at the echo line in the loop I am trying to add the number of $i
to the register global. I dont get an error in doing this, but when I run
the script I get the number of $i instead of the value of $_GET['name1']
Like I said, I hope I explained this good enough for someone to know what I
am trying to do. If anyone has any suggestions or comments about doing
something like this please let me know.
Thanks,
Aaron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: incrementing a register global
Just so there is no confusion...I mistyped the line: $names = substr(strrchr($_SERVER['QUERY_STRING'],"&"),7,1); It should be a 5 instead of a 7 at the end: $names = substr(strrchr($_SERVER['QUERY_STRING'],"&"),5,1); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: incrementing a register global
Thanks for all the suggestions. I am going to plan on trying them out just
to see some other ways of making it work. I finally got it to work after
hours of just playing around with the code. Here is what I ended up doing:
for($i=1;$i<=$boxes;$i++){
echo $_GET['name'.$i];
}
Moving the $i inside the bracket but not inside the single quote seem to
make things happy.
Thanks,
Aaron
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] weird results from imagettfbbox()
I have an array of strings in which I am passing to imagettfbbox() in order
to calculate the height of the text box for each string. I am then
subtracting the height from the y position in order to deviate the pivot
point form the top left corner to the bottom left corner when I used
imagettftext() to draw the text on an image. I am giving both commands a
fontsize of 50, an angle of 0 and I am using the font ARIAL.
I am having an issue where the first string comes back with a height of 50
and the next comes back with 47. Then 50 again for the next following
string and then 47 again for the next one foloowing that. It keeps going on
and on like this and I do not understand why. I am using the same font,
font size, and angle for each string so shouldnt they all come back as the
same size?
Here's a snippet of what I am doing:
$file = "this can be any file";
$im = imagecreatefromjpeg($file);
$textcolor = imagecolorallocate($im, 0, 0, 0);
$fontfile = "arial.ttf";
$fontsize = 50;
$arr = split("CR", $_GET['text']);
$boxes = count($arr);
if (preg_match('/[0-9]/', $boxes)){
for($c=0;$c<$boxes;$c++){
$text = stripslashes($arr[$c]);
$y = $fontsize * $c;
$bbox = imagettfbbox($fontsize, 0, $fontfile, $text);
$dy = $bbox[7] - $bbox[1];
$py = $y-$dy;
imagettftext($im, $fontsize, 0, 1, $py, $textcolor, $fontfile, $text);
}
}
header("Content-type: image/jpeg");
imagejpeg($im, "" ,95);
imagedestroy($im);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
