Re: [PHP] Password Generator?
At 02:20 PM 4/18/01 -0600, Ashley M. Kirchner wrote: > Is there an easy way to generate generic passwords based on >(combined) dictionary words? (ej: take two different words and put them >together) Would be huge, and vulnerable to dictionary attack (of course) You'd have to have a file containing all possible dictionary words, then the rest is dead easy, just do a randomized grab of two words from the pile. I've seen PHP code for pronouncable non-words, like "optogru" and "umoktin" These are far more secure. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] math calculations query
At 08:31 PM 4/26/01 +0100, [EMAIL PROTECTED] wrote: >hi all, > >i have a script which selects description, price and quantity from a mysql >table. > >i have displayed the results on a page in the form of description, price, >quantity but I was wondering how best to go about calculating a total total, >ie. sum of quantitys multiplied by sum of prices. Generally, that's not how you do that. You'd calculate "extended" prices based on quantity of item and price, then add all extended prices. 1 Thingy $5 Ext= $5 2 SuperThingy $3 Ext=$6 Total is $11 As opposed to 3 * $8 by the method you described. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: [PHP] Large Memory Problem
At 02:59 PM 5/7/01 +0100, Tom Carter wrote: >Hi > >This isn't a PHP thing, but most unix/linux distributions have a program >called wget in. You can use this to very easily download a file to your >server (eg. wget http://www.freebsd.com/man.php) Wget is VERY powerful. I have a php based site that does transactions through php, and I used Wget to create a test suite, having one computer slam transactions at the server, and record the results. BTW: I was able to get about 2000 transactions a second on RH6.1, PHP4, with large scripts, doing a lot of work in a MySQL database, using a PII-300 as the server :) -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uptime script?
At 08:18 PM 5/16/01 +0200, Christian Reiniger wrote: >On Wednesday 16 May 2001 15:16, Matthew Schroebel wrote: > > Why would you want to advertise that? Seems like you would be leaking > > information to crackers ... > >It's very difficult to imagine how 'uptime' information could be used to >cause mischief... http://www.dvanhorn.org/Status/Index.php -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Uptime script?
At 03:30 PM 5/16/01 -0500, Ben Gollmer wrote: >Uptime.exe is available on the WinNT / Win2k resource kit. You can also >download it here: > >http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default. >asp Does the windows version have the ability to count larger than hours? :) -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Encrypt Password for Session
At 12:05 PM 5/17/01 -0500, Troy Moreland wrote: >I fully understand what you are saying. The problem is that I'm storing >their password so that they don't have to re-enter it on each new page >visited. If I can't decrypt it, then I can't pass that password for the >user. How do I keep passing the password then w/o having to write it to the >session. Is that the right way to do it?? What I do, is pass a cookie. On the login page, I give them a cookie. When they input a correct UN/PW, then I store the cookie. When the go on to the user pages, I take the cookie, give them a new cookie, and compare the old cookie to the DB cookie. If it's a match, then I store the new cookie to the db. The cookie is a 13 digit base 36 number, generated randomly. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] preprocessing
At 10:18 AM 5/17/01 -0700, [EMAIL PROTECTED] wrote: >I have what I feel to be a strange problem (I'm most likely wrong here). >I have page A, which is an internal page, which posts to page C which is >external (belongs to another company). What I would like is to insert a >preprocessing script (let's call it page b). So, the end result would be, >users input data to page a, page a then posts to page b, page b processes >all variables etc and then posts to page c. I don't want the customer, to >ever really have to interact with page b. Is that possible? >If there is a command to do this, which I must've missed, that would >really be all I need ;) You can have tons of processing going on in a php script, but it sounds like what you need is to do the processing at the top of page C, then once that's done, generate output to the user as page C is doing now. Just put the processing code on top of the page, and you should be ok. Might need a while statement to check if it's "done" before proceeding. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: Re: [PHP] preprocessing
At 10:48 AM 5/17/01 -0700, [EMAIL PROTECTED] wrote: >Unfortunately, I don't control page c, or else this would be a mute point. >That's why I need page B. Good idea though. Well, it sounds like an auto-redirect is about your only choice. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] New buzz SOAP?
> >This is going to be big because it is a very large part of the new Microsoft >.NET strategy. In essence it will enable everyone and everything to talk >together without worrying about hardware, software or OS's incompatibilities >(well, that's the theory, anyway). Of course, I'm sure that MS will make >their own non-open extensions and tie everyone into their World. I can't count the number of times I've heard this promise.. Anyone remember how Java was supposed to take over the world? >The best thing about SOAP is the sense of humour of the designers. Part of >the SOAP toolkit is called the Remote Object Proxy Engine, this is >responsible for the consumption of dispatching of SOAP messages. So, you get >SOAP on a ROPE! Don't drop the SOAP! :) -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Lists are back up
> >If we didn't have Microsoft, we'd have to blame ourselves for all of our >programs crashing Most of my systems don't even HAVE a reset button. :) -- Dave's Engineering Page: http://www.dvanhorn.org I would have a link to http://www.findu.com/cgi-bin/find.cgi?KC6ETE-9 here in my signature line, but due to the inability of sysadmins at TELOCITY to differentiate a signature line from the text of an email, I am forbidden to have it.
Re: [PHP] Re: Lists are back up
At 12:01 AM 6/19/01 +0200, Alexander Skwar wrote: >So sprach Clayton Dukes am Mon, Jun 18, 2001 at 05:38:26PM -0400: > > Why not just set your filter to look for [EMAIL PROTECTED] in > the to > > or cc line? > >Because not all filters support that, and it makes reading mails eg. via >webmail interfaces easier? Eudora can't filter on CC lines. I've dropped one subscription to another group because the members insisted on sending emails to each other individually, and CCing the group. -- Dave's Engineering Page: http://www.dvanhorn.org I would have a link to http://www.findu.com/cgi-bin/find.cgi?KC6ETE-9 here in my signature line, but due to the inability of sysadmins at TELOCITY to differentiate a signature line from the text of an email, I am forbidden to have it.
[PHP] how do I subscribe?
subscribe -- Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Gzip compression
I'm looking at implementing Gzip compression and output buffering.
I think I have it working, but for some reason, the page isn't displayed
for 8-10 seconds.
It seems that the compressed page is sent immediately, but the browser
hangs on to it for some reason.
http://www.dvanhorn.org/Test/Index.php Compressed
http://www.dvanhorn.org/Test/Index2.php Not compressed
Here's the top level page code:
Current status.
There are NO chars before, or after, the PHP flags.
Here is the contents of gzdoc.php.
\n";
$Contents = ob_get_contents();
ob_end_clean();
$Size = strlen($Contents);
$Crc = crc32($Contents);
$CContents = gzcompress($Contents,$level);
$CContents = substr($CContents, 0, strlen($CContents) - 4);
Header('Content-Encoding: '.$ENCODING);
Header('Content-Length: ' . strlen($CContents));
Header('Content-Length: ' . strlen(ob_get_length));
echo $CContents;
echo pack('V',$Crc) . pack('V',$Size);
exit;
}else{
ob_end_flush();
exit;
}
}
?>
--
Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Gzip compression
At 04:24 PM 2/2/01 +0100, Dimitar Tsolov wrote: >May be the reason is somewhere in your browser? > >I can see both pages /compressed and another one/ and I'm using Netscape >4.75 with Linux? They both get there, (I'm running latest MSIE) but I can't seem to work out why the delay between when the data stops coming in, and the page pops up. It may be that I'm not sending everything exactly the way the browser wants, but where it THAT documented? -- Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Microsoft's new naming convention...
At 05:03 AM 2/3/01 -0600, Ahmad Navid Yar wrote: >FYI folks... > >Microsoft is planning on a new naming convention for it's latest products. The next OS version is supposed to combine features from ME, CE, and NT, into windows CEMENT. :) -- Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] include files
I've got kind of a deep page structure, lots of subdirs. I'm having trouble with an include directive. The problem is a footer that I use on all pages, which resides in the base directory. The footer file includes another file, which I use if there is no menu. footer.inc has menu, and includes footer-nomenu.inc footer-nomenu.inc may be used alone. I know this works, in footer.inc, to pull up nomenu. However, is there a more "generic" way to specify the server root as the path? I'd rather not expose my directory structure in the PHP code. I tried various versions of ../ and ../../ without success. -- Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] include files
At 12:50 PM 2/5/01 -0500, Brian V Bonini wrote: >DOCUMENT_ROOT ??? >http://php.net/manual/en/language.variables.predefined.php Ok, but having read the docs you pointed to (thanks), I still don't see how to use it in an include directive. I assume that since the vhost is specified to use "/home/dvh/public_html/" as the server root, that DOCUMENT_ROOT is equal to "/home/dvh/public_html/" when the server is running any script from that vhost. But, how do I apply that to the include directive? -- Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MD5 / crypt
> >e.g. >5V"g\7`Qv1Sc]aV&Q4a6#bW>SbU!f_4V1QvPaUe 5Q!c b Something else is "helping" you. MD5 output does not look like that. MD5 is 32 hex chars, 0-9 and a-f I have not tried passing MD5 values out to the browser though, it may be the browser "helping". I use MD5 extensively on my spamwhack site. Hard to demo though, it's all transparent to the user, except when queries come in using wget, where they are sending me MD5 data. That works fine too, leading me even more to suspect that the broswser is getting in the way. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Questions about simple php problems
> >I think it's just "test.html", although I am not 100% >sure. I will check that. Maybe this is the reason... I hit this early on too. I write my code on a windows machine, and upload it using cute-ftp to the server, which is linux. I started out trying to make files like "file.ext" on windows, but windows "helps" by capitalizing the first letter for you. The results on upload were inconsistent, sometimes it ended up as "file.ext" and sometimes as "File.ext" I've settled on a capitalization scheme that seems to satisfy both systems, that files are always of the form "File.ext" When I upload and download in this form, then it stays the same. One exception, on the main page, I have "index.html" which is simply a copy of "Index.php" renamed. This is so that requests to www.server.org/ will come up correctly. Probably there's a place to fix that in apache, but I haven't gone after it yet. >I will try that. What does phpinfo() function does? >Will it return on the screen the info if my server >supports php? Yes, and it tells you what sort of information you can use through internal variables. A good page to keep hanging around for those "can I do.." questions. > > >3. Now suppose I write a seperate php script as a > > >seperate file, like test.php. How do I refer to it > > >from html file in order to make the php script > > work? > > >And can I start my web page directly with php? If > > so > > >how? > > > > (In index.html) > > Try the test thing > >??? I don't understand it. You refer to another html >file... Will it make a php script work??? How? Sorry, I wasn't clear. On a properly configured server, you can have .html files with and without php code inside, and .php files as well. Basically, the server figures it out :) >Correct me if I am wrong, but I think the following >will make a link to another html file... Yes. The idea was that the second file could be pure html, or Php that generates html. Here's what my normal "Index.php" looks like. Page Title. The body of the page is in "Index.inc". Headmeta, Header, and Footer are the "structure" of the page, in this case using HTML forms. Do_webtrends is actually a java script, that tracks users for me. This is a little tricky to get right, but in the end, pages take only minutes to create, since all you do is copy and rename Index.php to Newpage.php, and put the content in Newpage.inc. You have to change only one line in Newpage, so that it includes Newpage.inc rather than Index.inc. Probably some clever person will pipe up and show us how not to have to change that line :) >Really? Than how can you save a php file with php >extension? Do you save in .txt and rename? Or do >something else?... File, Save as, Index.php No problem. >What do you mean by "mouseover"? >Can it be actually done with CSS? When your mouse is over this area, do something. Web search on "mouseover" and "java" As to CSS, probably so, but don't ask me. :) >Yes, I know some of my questions may seem 'bizarre' to >you. That's because I try very much to learn and many >things confuse me... I'm not a programmer... and I try >to learn. I went through this starting Xmas eve in 1999. By Feb 2000, I had a server online. Between then, I taught myself the essentials of Linux, Apache, PHP, and MySQL. (With of course a lot of help from groups like this one.) It wasn't great, and I've made a lot of progress since then, but it was up and running! -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MD5 / crypt
> >GET or POST-Parameters are for user-input. Handing information over to the >client and taking it back later is a potential security leak. If you have >no means of revalidating the information after it crossed the so called >trust boundary, you should't do it. >Send a handler, some random and unique (nothing like 1,2,3 or a,b,c) >identifier and store the critical information in a session variable or >somewhere else. In spamwhack, I have secure access using this technique. On login I pass you a cookie (10 digit random number, base 16) store the cookie in the database marked invalid, and take your username and password. On submit, I check the username and password against the database, also the originating IP address, to see if it's in-range for that account. If so, I mark the db entry valid. When you pull up the next page, you get a new random cookie, which is also invalid. I take the cookie you gave me, check against the database. If it matches, and the IP address is still the same, then I mark the new one valid. This happens for every page access in the secure area. You have to hand me the right cookie value, and each cookie is only good for one page. I refresh the same cookie, so as not to fill up the jar impolitely. It's not as complicated as it sounds. The idea is that you can steal a cookie value, but it won't help you, since you'll be from a different IP. If you can grab the cookie value, and forge the IP address, then you can hijack the session. It's never happened yet. Other fun: On login, after a couple tries, the script goes into a mode where even the correct password will be rejected. It also sends emails to me, and to the account holder, that someone is messing with it. I put a randomised delay in the passord script as well, so that it's not obvious wether you're being accepted or rejected until the script finishes, so as to foil automated attempts to speed up a dictionary attack. There's more, but :) -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Questions about simple php problems
> >Here's what my normal "Index.php" looks like. > > > > Well.. the mailing list munged it.. I can email you a copy if you're interested. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Variable quantity chooser.
Is there a way, using PHP, to generate a quantity chooser that maxes out at the quantity on hand? IOW, I have $quantity from the database, for a given line item, and I'd like to have a slider that lets you run up to, but not over, the quantity on hand. This might be more of an HTML question.. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Variable quantity chooser.
> >I'm sure I can help you, but I'm not able to follow your terminology. >What's a "quantity chooser" and what's a "slider"? Are you referring to >select boxes? I'm not trying to be rude, I just don't understand what >you're referring to. I'm confident you can accomplish what you want using a >loop, but perhaps you can restate your question using different terminology >and some more details. Sorry, I've been away from this for a while. Let me peel back a bit. When I generate the form, I pull up from the db, the quantity on hand, and the quantity already committed to orders. So: $max=$quantity-$commit is the maximum number I can allow someone to order. In the form, I'd like to get to a mechanism that would allow entry (by most any means really) of an order number >0 and less than $max. I know I can do it by submitting the form, but it would be irritating to have to do that.. Maybe I should just display $max, and let it go at that. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] New Mod-gzip
There's a new mod_gzip out that does work with PHP output. Have a look at www.dvanhorn.org All the pages are PHP generated, with nothing special in the PHP code. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] New Mod-gzip
At 04:53 PM 2/16/01 -0500, Michael Kimsal wrote: >Does it work when you print from Netscape? I don't have a printer hooked Hmm. Couldn't tell you, I don't have Netscape. The only bug reports so far, all involve a relatively minor config tweak. I've had no problem reports on my page. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Session support in PHP (buffering output to browser)
At 05:53 PM 2/19/01 -0800, ..s.c.o.t.t.. wrote: >there was an awesome article on phpbuilder about buffering output, >controlling when things got to the browser... so that you could >set cookies/headers anywhere in your script (or, as he talks about, >gzip content on the fly beofre outputting it to the browser) No longer necessary with the current release of Gzip I have it up and running at http://www.dvanhorn.org Nothing in the PHP code at all. -- Dave's Engineering Page: http://www.dvanhorn.org Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
