[PHP] POSTing HTML into a database

2002-01-06 Thread James Arthur

Hi

I need a user to be able to enter submit HTML code (also perhaps containing 
PHP code) via a web form, which will then be entered into a database.

The data is typed in to a textarea, which is then posted to my script. I 
notice that some special characters come out of this process escaped, but the 
escaping sequence does not appear to be entirely compatible with the SQL 
query I'm using to insert it into a table.

Can anyone tell me the correct way to convert the output from the form into a 
format that PostgreSQL will accept, and then how to convert it back so that 
it's identical to what the user entered before being escaped by post (so that 
I can just use print to print it out)?

Thanks.

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] POSTing HTML into a database

2002-01-07 Thread James Arthur

On Monday 07 January 2002 01:59, Richard S. Crawford wrote:
> I've used a combination of addslashes() and stripslashes() along with
> htmlspecialchars() to perform just that sort of thing, though I used MySQL
> instead of PostreSQL.

Can you help me along a bit further? I can't seem to get them in the right 
order.

Thanks.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] POSTing HTML into a database

2002-01-07 Thread James Arthur

On Monday 07 January 2002 01:59, Richard S. Crawford wrote:
> I've used a combination of addslashes() and stripslashes() along with
> htmlspecialchars() to perform just that sort of thing, though I used MySQL
> instead of PostreSQL.

I've got it sorted so that when the user enters the HTML data in the form, it 
is retrieved and stripslashes() is used so that I can just use print() to 
display it.

The only problem comes when I want to send this data back again (so that the 
user can edit it after they view it). Everything's fine unless the user has a 
quote (") in the text because it messes up the HTML tag.

For example, consider the string $body = "I am saying \"Hello\"";


is interpreted by the browser as

And so we have a problem.

What can I do about that?

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] Secure User Auth

2002-02-03 Thread James Arthur

Hi

I have a web site that needs a secure login system.

Users of the system can SSH in to the server, and POP, IMAP, Postgres and 
other services are provided, and I'd like the users to be able to log in to 
the site - obviously as securely as possible. Maybe using SSL + sessions?

I have not used SSL or HTTPS before, and certainly not with PHP. Can anyone 
give me any suggestions?

Thanks

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Convert PostgreSQL timestamp to nicer format

2002-02-03 Thread James Arthur

Hi

How can I convert the PostgreSQL timestamp to several strings? This sort of 
thing:

array($hour,$minute,$second,$day,$month,$year) = convert($timestamp)

Thanks

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Re: [PHP-DB] PHP + Postgresql + Linux = Frustration

2002-02-03 Thread James Arthur

> >
> >Is there an easy way to do this sort of stuff on Linux or is it better to
> >just buy off the shelf products that work?

Hi

I hate to do the "my distro is better than yours" thing, but typing "apt-get 
install postgresql postgresql-client apache php4 php4-pgsql" at the command 
line on a Debian system will download and install it all automatically for 
you. Just configure the postgres settings to how you want them, edit the 
php.ini and httpd.conf files and that's it.

I run a debian-based system at home with postgresql, apache and PHP4, and 
I've also set up web servers with this configuration on Debian boxes. If 
you're looking for ease-of-maintainence of a Linux server, then Debian is 
really the one you want to look at.

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Secure User Auth

2002-02-03 Thread James Arthur

On Sunday 03 Feb 2002 17:43, Viper wrote:
> Well it depends what you want to do, Do they need to just get into the app
> or do they need to have different access levels? If they dont need access
> levels just use htaccess that should work out fine.
>

htaccess isn't secure enough, since it sends the password in plain text to 
the server. Besides, the users already have accounts on the server, so it 
would make more sense to authenticate against an existing system, like 
IMAP/POP3. Doing that's easy enough, and also has the side effect that when 
they log in it tells them whether they have new mail or not.

The problem is finding a way to enter login details that does not send the 
password across the internet in plain text mode. The only way seems to use 
SSL, but I don't know how to implement it.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Security in virtual host server

2002-05-15 Thread James Arthur

Hi

I have a server with multiple users, each with user space that may contain a 
public_html directory. The main site also has a web page, but I'm having 
trouble configuring PHP securely.

Anyone with access to PHP can write a script to find and print out any file 
in the main page, and one of these files may contain secure information, like 
passwords etc.

It seems that the only way to get around this is to use php in cgi-bin mode. 
What I want to do is make this transparent to users, so that they don't need 
to make their files executable and put the #!/usr/bin/php4 -q on the top of 
each php file. If I can make it so they don't even realise that they're using 
cgi-bin php, then that's perfect. Is there any way I can do this?

I'm using php 4.2.x with apache 1.3.x on top of Debian GNU/Linux 
potato/stable.

Thanks

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] MacOS-style pager

2002-02-28 Thread James Arthur

Hi

Does anyone know of any MacOS-style pager applets? Something that would sit 
in the panel and display the current app, and give me a drop down list of 
running apps.

GNOME has a very good one, and I miss it having switched to KDE.

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] MacOS-style pager

2002-02-28 Thread James Arthur

Sorry -- that was supposed to go to the KDE list :)

On Monday 25 Feb 2002 20:12, James Arthur wrote:
> Hi
>
> Does anyone know of any MacOS-style pager applets? Something that would sit
> in the panel and display the current app, and give me a drop down list of
> running apps.
>
> GNOME has a very good one, and I miss it having switched to KDE.
>
> --jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Userfriendly

2002-03-07 Thread James Arthur

On Thursday 07 Mar 2002 16:22, Josiah Wallingford wrote:
> Hello,
>
> Does anybody know of a php script that will email the daily
> userfriendly.org comic?

Not sure about this -- Userfriendly.org is maintained by advertising, so 
unless you want to pay them a royalty for every page you view they might not 
appreciate it.

> Josiah Wallingford
> Email = [EMAIL PROTECTED]
> Mailing lists:
> PHP General - [EMAIL PROTECTED]
> BBEdit Talk  - [EMAIL PROTECTED]
> BBEdit Web Authoring - [EMAIL PROTECTED]
> ICRadius - [EMAIL PROTECTED]
> Linux Newbie - [EMAIL PROTECTED]
> MySql - [EMAIL PROTECTED]
> Messenger Services:
> (MSN Instant Messenger = josiahlizzard)
> (ICQ # 150522268)
> (Yahoo Instant Messenger = josiahwallingford)
> (AIM American Online Instant Messenger = JosiahWalling)
> Web Pages:
> www.josiahw.com
> www.pooponwindows.com
> www.mymysql.com
> www.bigbirdlinux.com
> www.sofast.net
> www.darwinduck.com

Nice sig.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Parsing Content

2002-03-07 Thread James Arthur

On Tuesday 05 Mar 2002 15:07, Erik Price wrote:
> On Monday, March 4, 2002, at 06:10  PM, Jonathan Duncan wrote:
> > I want to make a web site that displays news headlines from my favorite
> > news
> > sites.
>

PEAR has an RSS headline class that's dead easy to use and works for RDF 
files.

Incidentally, does anyone know any good sites with RDF headlines? I've 
already got slashdot, newsforge and theregister. I'm looking for a few more 
good sites.

Cheers,

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Netscape vs. IE/Mozilla

2002-03-10 Thread James Arthur

On Friday 08 Mar 2002 15:44, Vlad Kulchitski wrote:
> Hi guys,
>
> I know it's a wrong place to ask about this, but I am sure someone here
> faced the same problem. I am trying to get the site to look consistent
> in
> Netscape Navigator and it's giving me hard times.

Yes, this is a bug in Netscape 4.x. You just have to make your site so that 
it doesn't look too bad without the table backgrounds.

> Either tables or/and cell background doesn't show up or spacing between
> two tables is not what it is supposed to be.

Netscape doen't do table backgrounds properly.

I suppose you could test to see if the client browser is Netscape<6 and 
adjust accordingly..?

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Sessions and multiple domains

2002-03-14 Thread James Arthur

Hi

I have this problem is that the website I am designing can be accessed using 
multiple addresses: wired.st-and.ac.uk, wired.st-andrews.ac.uk, 
wiredsoc.st-and.ac.uk or wired (internally). The trouble is that the cookie 
is locked to one address. For instance, if I initialise it in 
wired.st-and.ac.uk then the session variables I register will not be used in 
wired.st-andrews.ac.uk or wired. Does anyone have a way around this?

--jaa


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Success Using PEAR?

2002-03-16 Thread James Arthur

On Saturday 16 Mar 2002 20:32, Bryan Henry wrote:
> anyone had success using PEAR?
>
> I have read the documentation and been trying to use the PEAR
> files that came with PHP 4.1.2 , PEAR cvs and PHP4/PEAR cvs
> with no success.
>
> I wish there was some updated documentation, and more explanation
> on which files to use for stable development.  Every answer I
> get from people developing PEAR is vague and contradictory.
>
>

What part of PEAR?

I use the DB,DB-pager and RSS functions from PEAR. They seem to work well.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] building a control panel in php

2002-03-20 Thread James Arthur

On Wednesday 20 Mar 2002 02:42, Thalis A. Kalfigopoulos wrote:
> > -Original Message-
> > From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 19, 2002 5:49 PM
> > To: Paul ...
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [PHP] building a control panel in php
> >
> > On Wed, 20 Mar 2002, Paul ... wrote:
> > > just thinking about making a small control panel for my server so i
> > can do
> > > the web hosting related things from the web... would php be a good
> > language
> > > to do this in and if so why?.. what would be the ups and downs?
> >
> > The fastest way would be to download Webmin from here
> > (http://www.webmin.com/), then change all the comments so it says you
> > wrote it.
> >
> > Seriously, you might want to look into that because a lot of people have
> >
> > already put a lot of work into making something fairly comprehensive.
> >
> > miguel
>
> Yes, but how safe can one feel having all this power-functionality over a
> webpage? (I presume lots of stuff is SETUID;Correct?)

Webmin is modular. You only install the modules you want to control over the 
web. You can also retrict access to port 1 (on which it lives by default) 
in the normal way. I imagine you can set it to do HTTPS connections as well, 
but I've not tried that because I only use it locally.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] HTMLnetscape issue

2002-03-20 Thread James Arthur

On Wednesday 20 Mar 2002 18:11, Vlad Kulchitski wrote:
> Hi,
>
> Sorry for repeating myself, but am lost and still can't find a solution
> to the following problem, I need to specify a background image for 
> like the code below:
>
> 
>   
> 
>
> This code works EVERYWHERE (in all browsers) but Netscape Navigator 4.xx
> versions.

Yes, Netscape 4.x doesn't do table backgrounds according to HTML spec. There 
is no solution for it, and you'll have to work your way around it, either by 
changing the design for your page, or by giving an alternative layout which 
is displayed when netscape users pay a visit.

The second way I mentioned is really surprisingly easy using CSS.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Problem with posting

2002-03-20 Thread James Arthur

I'm writing a voting script, but I have a problem with it.

Voters cast their vote by submitting a form. When this form is received it is 
added to the database, and a session variable is set saying that they've 
voted. The problem is that once someone's voted they can just press reload on 
their browser and it sends another vote. This happens in Netscape 4.x. All 
other browsers either do not submit form data or recognise that the session 
variable is set.

Any ideas on how to fix this? Thanks.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Problem with posting

2002-03-20 Thread James Arthur

On Wednesday 20 Mar 2002 19:40, Rick Emery wrote:
> What do you mean "All other browsers either do not submit form data"?

I mean when the user hits 'reload' the POST data is not resubmitted. Some 
browsers do not resubmit form data, some do, and some prompt.

> What kind of user authentication are you using?  If none, they'll vote and
> vote often.

A session variable is used to store who has voted and who has not. Netscape 
and Mozilla seem to eschew this somehow. Not sure how. In IE it works fine, 
even when you choose to resubmit the form data.

Hit http://wired.st-and.ac.uk/ to see what happens.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] HTMLnetscape issue

2002-03-20 Thread James Arthur

On Wednesday 20 Mar 2002 19:43, Nathan Cassano wrote:
> Yes here is a solution to this problem and I am surprised no one on this
> list pointed it out.
>
> Simply put a transparent dot within a cell table that you wish to have
> the background image display.
> Netscape 4 in retarded in the fact that it will not display a cell
> background image unless it has cell content.
>
>
> 
>  src="images/transparent_1x1_dot.gif">
> 

Not only that, but it doesn't inherit the background image from its parent 
properly. For example,


Some textMore text
Even more text


You'll find that the background is repeated in each cell, not that the cells 
are transparent and the table area has a background. This is mightily 
annoying.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Forum with PHP, without using mySQL..

2002-04-01 Thread James Arthur

On Monday 01 Apr 2002 12:44, MiXmAsTeR wrote:
> Hi, I run a Sports site.
>
> And need a forum, in php, that dosen't use mySQL.
>
> Anyone know any good, without any advertice, exept some from the one who
> made it ?

PHPBB v2.x and OpenBB can run on top of PostgreSQL 7.x

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Problem with CGI mode

2002-04-01 Thread James Arthur

Hi

I need to run some pages on my site in CGI mode for security reasons.

I've put #!/usr/local/bin/php at the top of the script in question, and given 
it the .cgi extension so that apache treats it as a CGI. The script works, 
but the first thing it does is print out #!/usr/local/bin/php, because that's 
the first line of the script. If I remove that line, I get an internal server 
error, because apache doesn't know where php is located.

Does anyone have any ideas?

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Has anyone looked at phpinfo today?

2002-04-01 Thread James Arthur



Notice anything different?

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] nl2br returns ? normality or a bug?

2002-04-06 Thread James Arthur

On Saturday 06 Apr 2002 07:56, Miguel Cruz wrote:
> On Sat, 6 Apr 2002, Justin French wrote:
> > on 06/04/02 11:05 AM, Maxim Maletsky ([EMAIL PROTECTED]) 
wrote:
> >> It DOES NOT work fine in every browser. I'd love to give you a prov, but
> >> because I am lazy I will just tell you this formula:
> >
> > Again.  I was only stating MY experience.  "Every browser I can get my
> > hands on".  I do extensive testing, and have never seen a  or 
> > or  misbehave.
> >
> > If you have seen it perform unexpectedly, I'm keen to hear about.
>
> For what it's worth, I just tried on the following browsers (all I have at
> my disposal at home) and it works fine:
>
> links 0.96
> lynx 2.8.3
> Opera 5.0.498 (Mac)
> IE 5.1.3 (Mac)
> Mozilla 0.9.9 (Mac)
> Netscape 6.1 (Mac)

Add Konqueror on Linux to this list.

Also note that links 0.84 (the latest version on Debian Stable) does _not_ 
parse XHTML tags correctly.

--jaa

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Most secure way to send a password

2001-12-21 Thread James Arthur

Hi

The most insecure part of entering a password in a web
form is when you click "submit" and your password is
sent in plain text form to your next PHP script.

Is there any way around this without using JavaScript?
How secure is it to use HTTP_AUTH?

Cheers

--jaa

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] Supplied argument is not a valid PostgreSQL result resource

2001-12-24 Thread James Arthur

Hi.

I've been getting the following error:
Warning: Supplied argument is not a valid PostgreSQL
result resource in dbasefunctions.php on line 87

The error occurs in the following function:

function dbFetchRow($result,$num) {
global $wireddb_h;

$r = pg_fetch_row($result,$num);   // line 87

if(!$r) {} // Error checking etc.

return($r);
}

Can anyone explain why this happens?

--jaa

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]