Re: [PHP] Who uses PHP
Well, if you do not know the answer to my particular question, I'm
curious how might you respond to someone who says:
PHP has to many security issues and should not be used with a
user authentication system.
We should use XXX.
I think security mainly depends on the programmer and not on the
language he uses...
greets
Zoltán Németh
I totally agree.
You are not allowed to say 'Well, you're wrong. PHP is as secure as
anything else.' without explaining why.
Or, would you agree with the statement? Is there an 'XXX' that should
be used instead of PHP?
Of course not. As Zoltan stated above, security is dependent upon the
programmer and not the language. But, if you aren't familiar with why
PHP is considered so "insecure" its a result of people who can't/
don't know how to properly program PHP applications. PHP is an easy
programming language to learn quickly and hit the ground running.
These people (typically) don't care to check to make sure writing
something like:
mysql_query('SELECT * FROM admins WHERE username = "'.$_GET
['username'].'" and password = "'.$_GET['password'].'"');
is safe and secure. This is one of the bigger issues I've seen on
some PHP applications. As you will (or perhaps already have read) on
Chris S.'s site that a big thing to do in PHP apps is FIEO (Filter
Input Escape Output). Applications written in this manner are
insecure; PHP isn't what's insecure.
However, with my limited Computer Science training, FIEO is something
that should be done in any application under any programming language
- for security's sake.
So, rather than consider the difference in security of a programming
language versus another, you should be asking the question "What does
PHP offer me that XXX doesn't?". Alternatively, if the person on the
other end is still too concerned about security, then you should be
considering "How much easier is it for me to program secure
applications in PHP than XXX?" If you do it right from the start,
you'll find that PHP does not make it difficult to write secure apps.
Given the limited number of options for maintaining state
information, I would be hard pressed to see how any language could be
inherently more security or why one could not write PHP code which
implemented the same techniques as 'XXX'.
(No, I do not know what 'XXX' might be.)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Christopher Weldon
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
(866) 813-4603 x605
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Billing client for studying documentation
On Feb 3, 2007, at 8:09 PM, Mike Mannakee wrote: I have a php project I have been working on for several months. The client's requirements have expanded to include interfacing to an online service using xml, which I was familiar with but have never worked with prior to this project. I have spent a good number of hours reading up on xml, and learning how to use it to integrate with this online service. I have also spent hours poring over hundreds of pages of documentation for the online service itself. My question is this - should I be billing the client for this time? It is needed to properly work with this framework, but it is not programming time in itself. Googling the topic has been useless. Any advice? Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If the client didn't request this to begin with, and if you told them that you'd have to research how to do it when they asked you to do it, then absolutely! But, if you told them that you were proficient in that area, then did the research, and choose to bill the client for the hours you did for the research, then you may have a difficult time justifying the extra hours put into it if you are questioned. In general, however, some research will always be required when dealing with outside sources/services because you have to learn how they transmit their data, how to interpret it, etc. This is all part of the development and "coding" for the project and should be billed to the client appropriately. -- Christopher Weldon President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] (866) 813-4603 x605 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stuffing code into variable
On Feb 3, 2007, at 9:09 PM, Albert Padley wrote:
It's late and I've been at this a long time today so I throw myself
on the mercy of the list.
I have an echo statement that I use in conjunction with a MySQL query.
echo "\n" . $row['time'] . "\nclass=\"tabletext\">" . $row['field'] . "\n\"tabletext\">" . $row['division'] . "\n";
This works perfectly fine. However, I will be using the same code
numerous times on the page and wanted to stuff it all into a
variable. At this point I can't remember the proper syntax and
quoting to get this right. Any takers?
Thanks.
Al Padley
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You could always make it a function...ie:
function drawTableRow($sqlRow) {
return "\n". $sqlRow['time'] ."
\n".$row['field'].""; // Simplified for
time purposes.
}
// Execute the query
foreach ($row = mysql_fetch_array($query)) {
echo drawTableRow($row);
}
/me pours you a cold frosty one to soothe the pain of the long struggle
--
Christopher Weldon
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
(866) 813-4603 x605
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP4 to PHP5 issue
On Feb 5, 2007, at 2:00 PM, Jochem Maas wrote: you don't need to use the box - you can install a 2nd copy of apache and run php4 on it and use the apache ProxyPass directive to make the php4/apache setup available via the apache(2)/php5 [std] webserver. search the archives for 'ProxyPass' You actually don't even have to run a second instance of Apache. From what I've heard of other hosting companies doing, you can use the same Apache installation and run PHP4 and PHP5 concurrently. However, the only thing you'd have to do is one of the following: 1) For PHP4 apps and scripts, leave the .php extension and rename all PHP5 apps and scripts with a .php5 extension. Where you have the string: DirectoryIndex index.php index.html add: index.php5 to it. And where you have the string: AddType application/x-httpd-php .php Change it to: AddType application/x-httpd-php4 .php Also, add another line: AddType application/x-httpd-php5 .php5 Make sure you include both the php4 and php5 modules, restart apache and voila! PHP4 and PHP5 on the same server using 1 installation of Apache. 2) Do the same as above, but use .php4 extensions instead of .php5. 3) Additionally, after doing 5 minutes of Googling, I found that you can have .htaccess files to control which applications use PHP4 and which use PHP5 with the following directive: AddHandler application/x-httpd-php5 .php This would circumvent having to rename the extensions of your PHP files, as you could then do directory specific PHP4/5 app running. You still have to make certain Apache has both the PHP4 and PHP5 modules loaded, obviously. -- Christopher Weldon President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] (866) 813-4603 x605 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie question about
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Borrelli wrote: > Good day, > > While I've been using php for more than a little while now, I've never > understood why the use of the "" short tag is noted "to be > avoided". > > Or rather, I understand that there's an option to disable it, and that's > why it's noted in this way, but I don't understand why it's disabled? > What's gained by writing over some_function(); ?> > > Thanks in advance. > > Cheers, > Mike > - From my understanding, there are multiple reasons. One is that depending on where your application is being hosted, the server it is on may have turned off the short tags option (and you can't get your hosting provider to change this). Thus, would simply be written to the page as that. Additionally, through some of my training courses, another reason behind it is that if you use PHP to generate any XML documents, XML uses syntax, and it's better to turn off the short tags in your PHP config so that PHP doesn't attempt to interpret those tags as PHP code. - -- Christopher Weldon President, Lead Systems Administrator Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFAsRnZxvk7JEXkbERAiW+AJ9POOf3U1K6TiRVhSFC6ok7VjDm2ACfel8U /6gFKYPPFYa5iyEtWdksZ0w= =C1fK -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using a variable to call another variable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tedd wrote:
> At 12:10 AM -0400 9/9/06, Robert Cummings wrote:
>> On Sat, 2006-09-09 at 12:57 +0900, Dave M G wrote:
>>> PHP List,
>>>
>>> I have a list of variables:
>>>
>>> $001
>>> $002
>>> $003
>>> $004
>>>
>>> And what I'd like to do is have a function which will select and return
>>> one of them. Something like:
>>>
>>> public function returnVar($n)
>>> {
>>> return $(somehow n is made to reference the name of the variable);
>>> }
>>>
>>> And then in later scripts I can call anyone of the variables by saying
>>>
>>> returnVar(001)
>>>
>> > Or something like that.
>>>
>>> I've been scratching my head on how to do this for a while. I thought
>>> the answer might lie somewhere in call_user_func(), but even if it is I
>>> can't determine how.
>>>
>>> Any advice would be much appreciated.
>>
>> >
>> function easy_peasy( $name )
>> {
>> $foo1 = 1;
>> $foo2 = 2;
>> $foo3 = 3;
>>
>> return $$name;
>> }
>>
>> echo easy_peasy( 'foo2' )."\n";
>>
>> ?>
>>
>> Cheers,
>> Rob.
>
>
>> Or something like that. < :-)
>
> $easy_peasyier = array("foo1" => 1, "foo2" => 2, "foo3" => 3);
>
> echo($easy_peasyier['foo1']);
>
> tedd
class myClass {
private var $_001;
private var $_002;
private var $_003;
public function access_var($var) {
return $this->$$var;
}
}
$cs = new myClass;
$cs->access_var('_001');
// Done
BTW, please make certain that you aren't really naming your variables as
$001, $002 and $003. Those are bad variable names, as PHP only allows
for variables beginning with letters and '_' characters (what I did above).
- --
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFAsfXZxvk7JEXkbERAiYkAJ9misO/pDJYEpJM3iPFF5T3GVdKGwCgpwFB
ae17qOdSZL2DJj+VA6rUqDc=
=dRAJ
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FUNCTION TO CHECK IMAGE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BBC wrote: > Hi all. > I'm having a problem regarding image handling. Sometimes an image can be > showed in browser normally (in my computer) but when I > upload it into my site that image is not valid, so there is an issue in my > getimagesizes() function. > Is there any function to recover such problem? I used > "if(file_exists($image_path))" but it couldn't solve the problem. > Input would be appreciated > > Best Regards > BBC > **o<0>o** > - From what it sounds like you are doing, you are uploading a file through some form, then manipulating it's size. Is this correct? What happens when you stop manipulating it's size and try to view just the uploaded file? - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBDkiZxvk7JEXkbERArmiAJwLuA2Kk52/uhT6y8ptKEi/D6nkWQCcDa2M R0uKdIwEaPBGBc14AoZQzo4= =epdR -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 4 OOP, re-using a object?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Micky Hulse wrote: > Micky Hulse wrote: >> Any help, even a RTFM link, would be really appreciated. :) > > Hi all, > > A fellow list member gave answered my question off-list and pointed me > here: > > http://www.php.net/oop > > Going to (re)read... It has been a while since I last worked with > classes. :) > > I asked because I was getting an error with my code... I thought it was > how I was calling it. > > Anyway, have a great day, > Cheers, > Micky > > What's the error, and how do you have the class and functions defined? - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBMjMZxvk7JEXkbERArjTAKCVd57A8Pj+aoaY0iF4BU/5A1dmawCeP3ku h4bOmUAeBphVXvOfnnpOwUQ= =JPWQ -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] does magic_quotes_gpc prevents sql injection through forms?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reinhart Viane wrote: > > Seems that the only and best way to prevent mysql injection is the > combination of mysql_real_escape_string combined with value validation. > Yes, this should be what you use. When you think about application design, not only should you escape the data going into the database for security purposes. DBMS's have certain characters specific to them that can make the DMBS think what's been inputted as a quote, but PHP won't see it as a quote, and magic_quotes, addslashes, etc. won't catch it - still leaving a security hole. You should also be making sure you're inserting the proper data (ints in integer fields, strings in varchar, char, text, etc. fields) so that your DBMS doesn't start spitting SQL errors out in a log (or worse yet - to your visitor) and cause nightmares for visitors entering seemingly valid data when they aren't. This is definitely done in the case where you don't have quotes around your data in the SQL query - as is done sometimes with integer, double, etc. Easy validation for integer: is_numeric($_POST['var']) Easy way to just straight-up typecast: $clean['var'] = (int) $_POST['var']; The best way is to check to see if it is_numeric rather than force it's type to be integer - but for simplicities sake, it can be used. - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBXHEZxvk7JEXkbERAuf/AJ9Rs8TxgKjNlK6XR59KykTq3OXUdACeNPaW O5j8lNIEWIaPA56ZdCttaUA= =+ur0 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strip urls
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Merlin wrote:
> RalfGesellensetter schrieb:
>> Am Montag 11 September 2006 15:36 schrieb Merlin:
>>> I am trying to strip URL's out of a text. There is a function for
>>> this in php, but I can't find it anywhere. Can sombody help?
>>
>> hi, it's strip_tags and only removes the tags (> the plain text that would be displayed in a text browser.
>
> Hi there,
>
> thank you for the hint. This it the one I was searching for. However
> unfortunatelly the function also strips all other tags! I am looking for
> one that only does strip the
> I am not so familar with regex, but I fear I would need to :-(
>
> My guess is that it must be something like this:
>
> $str = 'foo test o';
> $str = preg_replace(' echo $str;
>
> Can anybody help me on that? Thank you so much in advance.
>
> Regards,
>
> Merlin
>
Two things:
First, you can actually specify which tags you don't want strip_tags to
take out. Say for example you want and tags to remain in the
string:
$string = strip_tags($string, '');
Second, don't forget the tags you'll need in the preg_replace function:
$str = preg_replace('/\]*\>/', "\1", $str);
You can use other characters, such as ! if you want instead of /, but
you have to use the same at the beginning and the end.
- --
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFBZ9yZxvk7JEXkbERAhuUAJ4o4rBiypj2OwpHjrUj2e0XZ8FVhQCeJZ6e
eCOa+PYkyrRacqnT5VtoL/A=
=/r2e
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 suresh kumar wrote: > Hi to all, > i am having one doubt regarding php mail function.i am using > php mail() function to send mail to the users.but when i send mail throught > php its going to the users bulk folder but not to the user inbox.i dont know > the reason. > >Is there any setting that is requried in the php.ini file (or) the > user have to change their setting in their mail (or) is there any option > available to send mail to the user inbox.tnxs for reply > > A.suresh > > > > > - > Find out what India is talking about on - Yahoo! Answers India > Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get > it NOW There are several things you need to check for, and probably add to your emails that you're sending. Number one, add additional headers to make SPAM / Bulk filters realize the message is not SPAM or should not be considered SPAM. IE: $headers = "From: Suresh Kumar <[EMAIL PROTECTED]>\r\n". "X-Mailer: PHP 4.3.2\r\n". "X-Sender: $_SERVER['HTTP_HOST']\r\n". "X-Comment: If you can put a comment here, do it.\r\n"; mail($to, $subject, $body, $headers); The above is considering you have already declared the $to, $subject, and $body variables. Also, make sure your $subject is not 'undisclosed-recipients;' or something like that - it's a big no-no and will definitely flag some SPAM filters. Put a valid e-mail address - but you can still use the BCC-headers and everything should go just fine. Alternatively, if your list is not too large, it looks better to run a for / while loop to send each recipient a message directly (ie: not using BCC) as that will cut down on the SPAM probability. Second, if you are making MIME emails, make sure you are doing so correctly. You can learn about creating multipart/alternative MIME emails more at www.php.net/mail. Finally, if none of the above works, it would be helpful for us to see the headers of the received message from one of your recipients where the message was put in the BULK folder. - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBaG2Zxvk7JEXkbERAgZiAKCJVQfno2fAca13Sx7aXPWD2WMgUwCeOMBX grbViYDnAXXy8l1i4liVHzE= =ka5I -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Really stupid cookie question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Dunning wrote: > I am embarrassed to ask this. If I set a cookie for 30 days, and the > visitor comes back 25 days later but I do nothing to re-set the cookie, > will his cookie expire in 5 days, or does his browser automatically > reset it to another 30 days? > > --PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > It will expire in 5 days. - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBaHLZxvk7JEXkbERAgBXAJ400jfYjm5EggSZpCKt8s2tnEpy5QCgt3yZ 8Och6y0aCPxgJw6t1R/VQnE= =oH63 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FUNCTION TO CHECK IMAGE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BBC wrote: >> BBC wrote: >>> Hi all. >>> I'm having a problem regarding image handling. Sometimes an image can be >>> showed in browser normally (in my computer) but when I >>> upload it into my site that image is not valid, so there is an issue in my >>> getimagesizes() function. >>> Is there any function to recover such problem? I used >>> "if(file_exists($image_path))" but it couldn't solve the problem. >>> Input would be appreciated >> - From what it sounds like you are doing, you are uploading a file through >> some form, then manipulating it's size. Is this correct? > > Yes it is, but the uploading was going well (size is ok). When I show the > image on the web using getimagesizes(), 'sometimes' such > image size couldn't be resolved. > Is there any function to define that image is ok or not? > >> What happens when you stop manipulating it's size and try to view just the >> uploaded >> file? > > Size of image (after or before uploading) would be same. but the issue still > there (sometimes) > > What types of images are these? JPG, PNG, GIF? - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBaLsZxvk7JEXkbERAg62AJ4iWogZyWry445xv6bT8ld6Mfw79ACgkWhx zfIJGqxli9pHPHrcHoi8FjI= =sllc -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FUNCTION TO CHECK IMAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BBC wrote:
>> What types of images are these? JPG, PNG, GIF?
> Its jpg. Look... I don't know exactly what your point, I'm just asking you
> about the function to resolve the size of image like the
> codes below:
> if (file_exists($img_path)){
> list($width,$height) = getimagesizes($img_path);
> }else{
> $width = $ height = $max_size;
> }
> So is there any other option to replace file_exists();?
>
Well, if I do remember correctly, then you are uploading a file. If
that's the case, then rather than using file_exists() you should be
using is_uploaded_file. Once you've verified that is_uploaded_file()
returns true, then use move_uploaded_file() to move the file to
someplace on your filesystem. If that returns true, then you should not
have to check file_exists again and just be able to use get getimagesize().
So, a good function for this would probably be:
function getUploadedImageSize($image, $to_path) {
global $max_size;
$width = $height = $max_size;
if (is_uploaded_file($image)) {
if (move_uploaded_file($image, $to_path)) {
list($width,$height) = getimagesize($to_path);
}
}
return array($width, $height);
}
list($width, $height) = getUploadedImageSize($tmp, '/the/final/path');
BTW, I don't know if you did a copy and paste from your code or if you
just typed it in really quickly, but you do have a few syntactical
errors in the code above. First, the image sizing function is
getimagesize - singular, not plural. Second, in your assignment
statement, you have a space where there should not be one:
$width = $ height = $max_size;
^
Just wanted to make sure you knew about that in case it was copied and
pasted.
- --
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFBjDqZxvk7JEXkbERAr3XAKCXlgni7S6KuHAOY9ch7O9AkRBmEgCfcd6u
Oc1YRxq4EhHkeJpspLW0RdU=
=Kxek
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mail() help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 suresh kumar wrote: > Hi, > I am using php mail function to send mails to our customers.but when i > send mail to them.it is getting received in customers bulk folder .i want > mail to get received in customers inbox.i dont know the reason why its > getting stored in bulk folder. > >i attached the code.below,any one help me > > $to='[EMAIL PROTECTED]'; > > $subject='Password from MyAdTV'; > > $headers = 'MIME-Version: 1.0' . "\r\n"; > > $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; > > $headers .= 'From: MyADTV @yahoo.co.in>' . > "\r\n"; > > $headers.= 'X-Mailer: PHP/' . phpversion(). "\r\n"; > > $sendmessage = "Here is the information you requestedYour > Logon name and Password details for MyADTV Account your LogonName > is : suresh your Password is rajaysIf You Want > To Login into Your MyADTV Account, href=\"Click'>http://myadtv.com/login.php\";>Click Here"; > > > mail($to,$subject,$sendmessage,$headers); > Yes, you definitely have a problem with the From line, but I also suggest that you turn your email into a multipart message - IE have a plaintext version of your email as well as an HTML version of the email. This not only will probably be less of a sign of "SPAM" because it won't contain mostly HTML. I know SPAMAssassin has a rule that scores big SPAM points for messages that are > 90% HTML. Finally, after you fix all of those issues, if you still have a problem with your messages being flagged as SPAM, send us the full email (with all the headers) so we can see the reason behind the message being marked as SPAM. - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBx4pZxvk7JEXkbERAg6IAJ4pMh1DMNP+TrPIh+j7UHz51dSkqgCfUhzC yiG9jiZDyjxPAjunLgOhiGo= =z8H3 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_start() and fopen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fabri wrote:
> Hello, would you please help me on this issue that is making me crazy?
>
>
>
>
>
> I start a session with session_start() and I need to write a file, the file
> is written twice! If I remove session_start the code works obviously fine.
>
> I used the date as name of file so I can see the problem, otherwise the
> file is overwritten.
>
>
>
> session_start();
>
> $nome = date("Ymd-His");
>
> $path = $nome . ".xml";
>
> $fh = fopen($path, 'w');
>
> if ($fh) {
>
> fwrite($fh, 'ciao');
>
> fclose($fh);
>
> echo $path;
>
> }
>
>
>
> does someone have an answer?
>
>
Yes, I believe you need to elaborate more on your objectives for the
code and what exactly you mean by the file being written twice. From the
code snippet above, it seems as though you are just going to overwrite a
file and destroy it's contents, not write to it twice.
This isn't being called from any sort of loop, is it?
- --
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFCGnIZxvk7JEXkbERAj4OAKCVUc3lLkx7JcbwYavK/Qc/DYKtEQCfbU9w
EevaaQyHxc87B7qFwZxS0E4=
=BbS2
-END PGP SIGNATURE-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] R: [PHP] session_start() and fopen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fabri wrote: > Hi Christopher: this is just a simplified code, I use it to generate some > xml file, no loop is present. > > Try it as it is: you will find that two files will be generated while it > should be only one. > If you remove 'session_start()' then only one file will be generated: that's > correct! > > Fabri Hey Fabri, I cannot replicate this bug (PHP 4.2.3 on older server). I'm only getting one file written. What version of PHP are you using? - -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCa33Zxvk7JEXkbERAkT6AJwODHyP1uvE7UjlAOsjSlTf83LS0ACgifny XRbhB2bRYZsKCvCl09QLkS0= =lSIJ -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing function names in db and running them as row is output?
blackwater dev wrote:
First, the example I have is not the real situation, just an example so I
don't want to get into why are you doing it like that, etc. Just want to
see if it's possible.
Basically, I want to store stuff in a text field in a db like this "johns
name is ucfirst('john adams') ".
When I cycle through that row for output in my php script, I want it to not
see ucfirst as text but as the php function and run ithow is the
possible?
Thanks.
$db_query = mysql_query("select command from table");
if ($db_query && mysql_num_rows($db_query) > 0) {
while ($array = mysql_fetch_array($db_query)) {
eval($array['command']);
}
}
eval() is your solution.
--
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Most stable combination of AMP?
Børge Holen wrote: On Wednesday 20 September 2006 18:06, Pawel Miroslawski wrote: On 9/20/06, Kae Verens <[EMAIL PROTECTED]> wrote: James Tu wrote: Hi: I'm trying to setup a dev environment using Apache, MySQL and PHP...to develop an application that will go to production. What is the most stable versions of the AMP components should I can install? The production environment will most likely live on a Linux machine. My dev environment will be on OS X. that's a religious question. some people advocate some distributions over others. Personally, I recommend Fedora - it's easy to install, and you can use "yum" and "yumex" (graphical yum) for package management. Kae -- Hi I agree it's a religious question. I prefer Debian, apt-get is a really comfortable tool and it install all require dependencies. All procedure LAMP install it only 4 commands ex. apt-get install php5 :) It's a very fast and nice (best what i know). Representant of debian's church ;) Paul * * Disipel of the same church. Never any problems and rock stable. Well, though I tout in favor of Debian MOST of the time (especially for stable distributions), sometimes it's not possible to use the stable distro releases, as they many times are way-behind the current version of the software and it limits you to the features you have available. For example, the stable version of mod_php for apache under Debian is 4.3.10-16, compared to the current stable release of PHP 4.4.4! AIA, if you aren't too picky and don't need particular versions of your packages, then use your package manager to install them. Else, it's oftentimes better to compile and install packages from scratch as many compile-time options will increase performance for your particular hardware and allow customization (pick and choose what you do and don't want compiled into PHP). For both cases (especially if your development and production hardware are different), make sure you compile/install each environment with the same settings (configure options) to make absolutely certain that you don't have missing dependencies / expectations on your production system when they were there on the dev box. -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] storing function names in db and running them as row is output?
blackwater dev wrote:
great, thanks. So if it's just text, eval won't do anything?
On 9/20/06, Christopher Weldon <[EMAIL PROTECTED]> wrote:
blackwater dev wrote:
> First, the example I have is not the real situation, just an example so
I
> don't want to get into why are you doing it like that, etc. Just want
to
> see if it's possible.
>
> Basically, I want to store stuff in a text field in a db like this
"johns
> name is ucfirst('john adams') ".
>
> When I cycle through that row for output in my php script, I want it to
not
> see ucfirst as text but as the php function and run ithow is the
> possible?
>
> Thanks.
>
$db_query = mysql_query("select command from table");
if ($db_query && mysql_num_rows($db_query) > 0) {
while ($array = mysql_fetch_array($db_query)) {
eval($array['command']);
}
}
eval() is your solution.
--
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
Umm, I believe eval will error out if it's just text. eval is basically
processing a PHP command, so if you have something like "Bob Smith" and
you run:
eval("Bob Smith");
It will error out because "Bob Smith" is not a something that can be
processed by PHP.
--
Christopher Weldon, ZCE
President & CEO
Cerberus Interactive, Inc.
[EMAIL PROTECTED]
979.739.5874
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/css and .htaccess
tedd wrote: Hi gang: I embedded php code inside css and changed my .htaccess to read -- SetHandler application/x-httpd-php -- so that the css file would be processed and executed by php. The end result was that everything worked and did what I wanted. However, FireFox / Mozillia won't accept a css file if a .htaccess file reads as indicated above. Any ideas as to how to get FireFox to play nice? Thanks in advance for any replies. tedd That shouldn't be expected. The SetHandler only applies to the Apache handler side, as browsers should not be able to read those files (.htaccess). So, are you 100% positive that PHP is in fact processing the file? -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Download files outside DocumentRoot Dir
Ramiro wrote: Hi, i'm trying to find a good solution to this problem. I want download files from a directory outside DocumentRoot. This files cannot be downloaded through direct url like http://site/test.zip. It must be downloaded after user login. I know i can do that using some functions like fread() + fopen() or readfile(), than i would echo file buffer to browser with correct headers. But, reading then dumping file to browser is a big problem to server. I've made one test that shows me i will "eat" 1.8% of RAM (i've used "ps aux" at Linux, in a server with 2Gb of RAM) to download a 30Mb file at 60kb/s speed. So, imagine what a dump-php-script can do with 50 to 100 concurrently downloads. Probably i will need 1 TeraByte of RAM to provide downloads ;) Theres my question now. Is there other way to protect files against direct downloading? (Obligating users to login and denying direct-url's). I also know i can check referer by using Mod_Rewrite at Apache. But it isn't secure, since referer cannot be sent or be fake. Please, help me ;) Thank you ! Script i used to test: ?> What you can do is put the downloads in a separate directory actually in your webroot. Then, use a .htaccess file to include a PHP file which checks for authentication. ie: File in : /var/www/htdocs/downloads/file.zip Accessible by: http://site/downloads/file.zip .htaccess: php_value auto_prepend_file "/var/www/htdocs/authenticate.php" authenticate.php would theoretically have some code to check that the user is authenticated, and if not, redirect to a login screen before any headers are sent to the user. -- Christopher Weldon, ZCE President & CEO Cerberus Interactive, Inc. [EMAIL PROTECTED] 979.739.5874 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Download files outside DocumentRoot Dir
On 2:36 pm 09/25/06 "Ramiro Cavalcanti" <[EMAIL PROTECTED]> wrote: > Hi Christopher, > at first, thank you for your answer. > > I'd like to know if it's possible use this when php is running like > cgi (php-suexec). I've put this code at httpd.conf at , > then tryed to use it at .htaccess, but without successs. > > Thank you again. > Oh, in that case, you most definitely can't use the .htaccess conditions. PHP will have issues if you are running php-suexec. I'll see if I can think of any other ways around this, but php-suexec definitely limits your usage for this simple fix right now. -- Chris Weldon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Download files outside DocumentRoot Dir
Richard Lynch wrote: > On Mon, September 25, 2006 3:57 pm, Christopher Weldon wrote: >> On 2:36 pm 09/25/06 "Ramiro Cavalcanti" <[EMAIL PROTECTED]> wrote: >>> Hi Christopher, >>> at first, thank you for your answer. >>> >>> I'd like to know if it's possible use this when php is running like >>> cgi (php-suexec). I've put this code at httpd.conf at , >>> then tryed to use it at .htaccess, but without successs. >>> >>> Thank you again. >>> >> Oh, in that case, you most definitely can't use the .htaccess >> conditions. >> PHP will have issues if you are running php-suexec. >> >> I'll see if I can think of any other ways around this, but php-suexec >> definitely limits your usage for this simple fix right now. > > If you *want* that ugly HTTP Auth popup box, you can search on php.net > for code to do that. > > If not, you can take that code, and replace the HTTP challenge with a > simple login form. > > If they aren't logged in, the download just doesn't go... > How do you mean? The particular code that I was talking about included doing authentication outside of an ugly HTTP Auth popup box and just including a PHP script that checked that the user was authenticated, and if not, either deny access to him or redirect them to a login page. My proposal requires minimal amount of changes that the user would have to do. He can keep his downloads in the web root and not have to load ANY file into memory. The only PHP side of downloading a file that's in the web root downloads folder is to check for authentication. Thus, a very quick and scalable solution. -- Chris Weldon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] WebMail client
Peter Lauri wrote: > Hi, > > > > Do you have any suggestion on WebMail clients written in PHP that is good > and easy to install? > http://hastymail.sourceforge.net/ -- Christopher Weldon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
