[PHP] PHP backup in Minnesota

[Ken Kixmoeller]

Hey, folks  ---  -

I have a new system going "live" shortly. Unfortunately, through some 
client delays (and mine, too, I suppose), we are butting up to a 
vacation I have planned.


My client would like to have a *local* resource PHP person, in case, 
well I don't know, the whole system starts randomly launching ICBMs 
toward world capitals or something.


So: anyone interested in being a backstop for me over the rest of this 
month, and a possible replacement in case the client sends a hit-man 
after me, please send me a note off-line.


Some Details:

 -- St. Paul/Minneapolis area

 -- PHP 5.2x

 -- MySQL 5

 -- OOP design, using data objects and an application object

 -- "Interesting" construction, in that I use a MySQL
table as a screen controller object.

 -- Shopping site, home-built shopping cart. Low volume.

 -- Session-based, no cookies.

 -- Home-built Orbital CC processing module

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP backup in Minnesota

[Ken Kixmoeller]

Manuel Lemos wrote:

Hello,

You may want to try posting an offer here to increase the chances of

finding somebody.

http://www.phpclasses.org/jobs/

You can also look some of the available people on the map of your region:

http://www.phpclasses.org/professionals/country/us/



Thanks


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP backup in Minnesota

[Ken Kixmoeller]

Jochem Maas wrote:

Op 3/11/10 10:05 PM, Ken Kixmoeller schreef:

Hey, folks  ---  -


 -- Session-based, no cookies.


sessions are cookie based. unless your passing the
session id around via a URL parameter, which is a no-no.


Ja, bestimmt. I should have said "no persistent cookies"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP backup in Minnesota

[Ken Kixmoeller]

Thanks to all! I got who I needed.

Best regards - --  -

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] replying to list (I give up)

[Ken Kixmoeller]

Daniel Egeberg wrote:


Then get a better email client if yours doesn't support "reply to all"
or "reply to group". It's hardly the mailing list's fault that your
client doesn't support that.


Nonsense. I have used lists like this for many, many years. PHP lists 
are the only ones I have ever used that behave this way. All the others 
I have used are configured that a simple "Reply" replies to the list.


Sure, you can always "Reply All" but then you get multiple replies from 
the same person to the same post. Plus, it is really easy to forget.


In my opinion, it is idiotic.

OTOH, what is important to me is the quality of the information that 
comes in from you incredibly generous people. Thank you to all posters. 
You are the best.


The list behavior is just an irritant, but it pales in comparison to the 
benefit.



Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

php-general@lists.php.net

[Ken Kixmoeller]

Michael Calkins wrote:

How is it used for a website then?


Some program is using the ID 4 and the value of "cus" to bring up 
information you requested on a prior page. Probably to query a database 
for those values.


As Ashley said: it is GET ($_GET) data in a URL -- a way to pass values 
from one page to another using the URL.


Look up $_GET or Predefined Variables in the PHP documentation online.

If that doesn't help, you need to buy the most basic book on web 
programming you can find (and read it).


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Configuration Issue (Error 310 ERR_TOO_MANY_REDIRECTS)

[Ken Kixmoeller]

Hey, folks - 

One of my applications is being moved to a new server. Testing it out, I
get the subject error. The error is reported this way in Chrome. In FireFox
it says:

"Firefox has detected that the server is redirecting the request for this
address in a way that will never complete."

I suspect this is a PHP or Apache configuration issue, as neither the
current test server, production server, nor my development server throw
that error.

I have searched for 2 days trying to find references for this. I see a lot
of PHP-driven applications having the same problem (mostly blogs), but no
"under the hood" fixes.

Anyone experienced this? Ideas?

Many thanks,

Ken

[PHP] Commands which call exec() or shell_exec() ??

[Ken Kixmoeller]

Hi -- -

Strange problem. One of my applications was just moved to a new server. The
new server has php configured to blacklist some functions (using
"disable_functions="). One of the "banned" functions is exec().

The error log is reporting "shell_exec() has been disabled for security
reasons"  --- but exec() or shell_exec() are not in my code *anywhere*. The
program and line number being reported makes absolutely no sense.

Are there other php commands that really call exec() or shell_exec() ???
Any clues how this could happen? Fixes (other than un-blacklisting the
command, of course)?

Many thanks,

Ken

Re: [PHP] Commands which call exec() or shell_exec() ??

[Ken Kixmoeller]

Thanks, Daniel - --

I do use passthru() -- in an entirely different part of the application (a
place where it runs a mysqldump to do a manual backup). Of course, I have
millions of backticks delimiting SQL fields and tables.

The error log is reporting specifically shell_exec(). Would a stray
backtick call that error?


On Tue, Apr 9, 2013 at 2:39 PM, Daniel Brown  wrote:

> On Tue, Apr 9, 2013 at 3:11 PM, Ken Kixmoeller 
> wrote:
> > Hi -- -
> >
> > Strange problem. One of my applications was just moved to a new server.
> The
> > new server has php configured to blacklist some functions (using
> > "disable_functions="). One of the "banned" functions is exec().
> >
> > The error log is reporting "shell_exec() has been disabled for security
> > reasons"  --- but exec() or shell_exec() are not in my code *anywhere*.
> The
> > program and line number being reported makes absolutely no sense.
> >
> > Are there other php commands that really call exec() or shell_exec() ???
> > Any clues how this could happen? Fixes (other than un-blacklisting the
> > command, of course)?
> >
> > Many thanks,
> >
> > Ken
>
> If you're positive you aren't executing any command line code
> (backticks, passthru(), et cetera), then check to see if arbitrary
> code is somehow being attempted via your scripts.
>
> --
> 
> Network Infrastructure Manager
> http://www.php.net/
>

Re: [PHP] Commands which call exec() or shell_exec() ??

[Ken Kixmoeller]

Yes -- Thanks Matjen and Daniel ---

There *was* a stray backtick in there. Weird that we haven't run into it
before.

Testing now.


On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt  wrote:

>
>
>
> On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller wrote:
>
>> Hi -- -
>>
>> Strange problem. One of my applications was just moved to a new server.
>> The
>> new server has php configured to blacklist some functions (using
>> "disable_functions="). One of the "banned" functions is exec().
>>
>> The error log is reporting "shell_exec() has been disabled for security
>> reasons"  --- but exec() or shell_exec() are not in my code *anywhere*.
>> The
>> program and line number being reported makes absolutely no sense.
>>
>> Are there other php commands that really call exec() or shell_exec() ???
>> Any clues how this could happen? Fixes (other than un-blacklisting the
>> command, of course)?
>>
>> Many thanks,
>>
>> Ken
>>
>
> The back tick(`) operator is also used for that same purpose. Maybe that's
> in your code?
>
> - Matijn
>
>

Re: [PHP] Commands which call exec() or shell_exec() ??

[Ken Kixmoeller]

Yes --- it worked. Thank you so very much. I had searched the heck out of
this to no avail.

This is why I think developer communities are so great -- always someone
smarter than me (not that it is a high bar ) and willing to help.




On Tue, Apr 9, 2013 at 3:05 PM, Ken Kixmoeller  wrote:

> Yes -- Thanks Matjen and Daniel ---
>
> There *was* a stray backtick in there. Weird that we haven't run into it
> before.
>
> Testing now.
>
>
> On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt  wrote:
>
>>
>>
>>
>> On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller wrote:
>>
>>> Hi -- -
>>>
>>> Strange problem. One of my applications was just moved to a new server.
>>> The
>>> new server has php configured to blacklist some functions (using
>>> "disable_functions="). One of the "banned" functions is exec().
>>>
>>> The error log is reporting "shell_exec() has been disabled for security
>>> reasons"  --- but exec() or shell_exec() are not in my code *anywhere*.
>>> The
>>> program and line number being reported makes absolutely no sense.
>>>
>>> Are there other php commands that really call exec() or shell_exec() ???
>>> Any clues how this could happen? Fixes (other than un-blacklisting the
>>> command, of course)?
>>>
>>> Many thanks,
>>>
>>> Ken
>>>
>>
>> The back tick(`) operator is also used for that same purpose. Maybe
>> that's in your code?
>>
>> - Matijn
>>
>>
>

Re: [PHP] Commands which call exec() or shell_exec() ??

[Ken Kixmoeller]

Yes, but no further need. Problem solved.


On Tue, Apr 9, 2013 at 4:06 PM, El Ale...  wrote:

> you probe command system()?
>
>
>
> 2013/4/9 Ken Kixmoeller 
>
>> Yes --- it worked. Thank you so very much. I had searched the heck out of
>> this to no avail.
>>
>> This is why I think developer communities are so great -- always someone
>> smarter than me (not that it is a high bar ) and willing to help.
>>
>>
>>
>>
>> On Tue, Apr 9, 2013 at 3:05 PM, Ken Kixmoeller 
>> wrote:
>>
>> > Yes -- Thanks Matjen and Daniel ---
>> >
>> > There *was* a stray backtick in there. Weird that we haven't run into it
>> > before.
>> >
>> > Testing now.
>> >
>> >
>> > On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt  wrote:
>> >
>> >>
>> >>
>> >>
>> >> On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller > >wrote:
>> >>
>> >>> Hi -- -
>> >>>
>> >>> Strange problem. One of my applications was just moved to a new
>> server.
>> >>> The
>> >>> new server has php configured to blacklist some functions (using
>> >>> "disable_functions="). One of the "banned" functions is exec().
>> >>>
>> >>> The error log is reporting "shell_exec() has been disabled for
>> security
>> >>> reasons"  --- but exec() or shell_exec() are not in my code
>> *anywhere*.
>> >>> The
>> >>> program and line number being reported makes absolutely no sense.
>> >>>
>> >>> Are there other php commands that really call exec() or shell_exec()
>> ???
>> >>> Any clues how this could happen? Fixes (other than un-blacklisting the
>> >>> command, of course)?
>> >>>
>> >>> Many thanks,
>> >>>
>> >>> Ken
>> >>>
>> >>
>> >> The back tick(`) operator is also used for that same purpose. Maybe
>> >> that's in your code?
>> >>
>> >> - Matijn
>> >>
>> >>
>> >
>>
>
>

[PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

Hey - --

I have a huge screen -- to make it simple for the user, it does 100s of
calls to MySQL and has 1,000s (literally) of POST variables.

We have done extensive research and see that upgrading from php 5.1.6-27 to
5.1.6-39 is the thing that caused it to break. All other issues (Apache,
PHP and MySQL configuration and Versions) have been methodically ruled out.


Anybody experience this? Heard of it? Suggest a repair (other than changing
my screen)?

*** Please don't tell me to redesign the screen -- this may come, but now
is an urgent situation.***

Worked fine in prior versions for the last 3 years.

Thanks,

Ken

Re: [PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

>From the link: "The php_register_variable_ex function in php_variables.c in
PHP 5.3.9 allows remote attackers to execute arbitrary code via a request
containing a large number of variables, related to improper handling of
array variables. NOTE: this vulnerability exists because of an incorrect
fix"

===

I wondered if it was memory handling, but what is it (I wonder out loud)
that could be "improper" about my array handling. No error messages are
thrown.

Ken


On Wed, Apr 24, 2013 at 4:14 PM, David OBrien  wrote:

> On Wed, Apr 24, 2013 at 5:09 PM, Ken Kixmoeller wrote:
>
>> Hey - --
>>
>> I have a huge screen -- to make it simple for the user, it does 100s of
>> calls to MySQL and has 1,000s (literally) of POST variables.
>>
>> We have done extensive research and see that upgrading from php 5.1.6-27
>> to
>> 5.1.6-39 is the thing that caused it to break. All other issues (Apache,
>> PHP and MySQL configuration and Versions) have been methodically ruled
>> out.
>>
>>
>> Anybody experience this? Heard of it? Suggest a repair (other than
>> changing
>> my screen)?
>>
>> *** Please don't tell me to redesign the screen -- this may come, but now
>> is an urgent situation.***
>>
>> Worked fine in prior versions for the last 3 years.
>>
>> Thanks,
>>
>> Ken
>>
>
> Looks like they fixed the bug that allowed that to work...
> php-common-5.1.6-32.el5.x86_64<http://linuxsoft.cern.ch/cern/slc5X/x86_64/yum/updates/php-common-5.1.6-32.el5.x86_64.rpm>
>  [153 KiB] *Changelog* by Joe Orton (2012-02-02): - add security fix for
> CVE-2012-0830 (#786756)
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
>
>
>

Re: [PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

Thanks so much. Yes, we found that because PHP threw an error that said
that explicitly. A bit of research led us to add a line to php.ini to set
the "max_input_vars" to a higher level.

At first, that appeared to fix it (on the development machine). The
appearance is wrong; it is still broken. No errors are being thrown. We are
baffled.

Ken


On Wed, Apr 24, 2013 at 4:23 PM, David OBrien  wrote:

> On Wed, Apr 24, 2013 at 5:14 PM, David OBrien  wrote:
>
>> On Wed, Apr 24, 2013 at 5:09 PM, Ken Kixmoeller wrote:
>>
>>> Hey - --
>>>
>>> I have a huge screen -- to make it simple for the user, it does 100s of
>>> calls to MySQL and has 1,000s (literally) of POST variables.
>>>
>>> We have done extensive research and see that upgrading from php 5.1.6-27
>>> to
>>> 5.1.6-39 is the thing that caused it to break. All other issues (Apache,
>>> PHP and MySQL configuration and Versions) have been methodically ruled
>>> out.
>>>
>>>
>>> Anybody experience this? Heard of it? Suggest a repair (other than
>>> changing
>>> my screen)?
>>>
>>> *** Please don't tell me to redesign the screen -- this may come, but now
>>> is an urgent situation.***
>>>
>>> Worked fine in prior versions for the last 3 years.
>>>
>>> Thanks,
>>>
>>> Ken
>>>
>>
>> Looks like they fixed the bug that allowed that to work...
>> php-common-5.1.6-32.el5.x86_64<http://linuxsoft.cern.ch/cern/slc5X/x86_64/yum/updates/php-common-5.1.6-32.el5.x86_64.rpm>
>>  [153 KiB] *Changelog* by Joe Orton (2012-02-02): - add security fix for
>> CVE-2012-0830 (#786756)
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
>>
>>
>>
>
> *I looked around google some more and found there is a hard limit of 1000
> post variables in 5.1.6*
>
> After weeks of using it, a problem was reported about just one function of
> the app that would sometimes return a blank screen. It took me hours of
> debugging (read: echo) to figure out what's going on, digging through some
> old PHP code (fun!): It appeared that only 1000 post variables arrived on
> the server. (Well, 1006 actually, but 2 were added by PHP, and that sounded
> like a PHP-style limitation of 1000.) A quick google lookup revealed that
> PHP introduced a new feature where it would limit the number of post
> variables. For safety reasons.
>
> The variable is called "max_input_vars" with a default of 1000. PHP states
> that this feature was introduced in 5.3.9, but I'm running 5.1.6 and the
> limit is enforced.
>
> Because the server is for production, it was running with on-screen
> warnings turned off. PHP says that it "prints a warning and cuts". For me,
> that's a real WTF. A post request should be processed as all-or-nothing.
> It should instead refuse the request completely. But for a technology
> named "personal home page" the priorities are different.
>
>
>

Re: [PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

Thanks, Jim ---

Is this different from the "max_input_vars" discussion above? (from David
OBrien)

Ken


On Wed, Apr 24, 2013 at 5:06 PM, Jim Lucas  wrote:

> On 04/24/2013 02:40 PM, Ken Kixmoeller wrote:
>
>> Thanks so much. Yes, we found that because PHP threw an error that said
>> that explicitly. A bit of research led us to add a line to php.ini to set
>> the "max_input_vars" to a higher level.
>>
>> At first, that appeared to fix it (on the development machine). The
>> appearance is wrong; it is still broken. No errors are being thrown. We
>> are
>> baffled.
>>
>> Ken
>>
>
> If you have the Suhosin patch installed, it also introduces other limits
> to GET and POST variable counts within PHP.
>
> --
> Jim Lucas
>
> http://www.cmsws.com/
> http://www.cmsws.com/examples/
>

Re: [PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

Thank you very much, Jim ---


On Wed, Apr 24, 2013 at 5:34 PM, Jim Lucas  wrote:

> On 04/24/2013 03:24 PM, Ken Kixmoeller wrote:
>
>> Thanks, Jim ---
>>
>> Is this different from the "max_input_vars" discussion above? (from David
>> OBrien)
>>
>
> yes.  For example...
>
> php.ini:[suhosin]
> php.ini:;suhosin.log.syslog =
> php.ini:;suhosin.log.syslog.**facility =
> php.ini:;suhosin.log.syslog.**priority =
> php.ini:;suhosin.log.sapi =
> php.ini:;suhosin.log.script =
> php.ini:;suhosin.log.phpscript = 0
> php.ini:;suhosin.log.script.**name <http://suhosin.log.script.name> =
> php.ini:; variables registered in the current scope: SUHOSIN_ERRORCLASS and
> php.ini:; SUHOSIN_ERROR. The first one is the alert class and the second
> variable is
> php.ini:;suhosin.log.**phpscript.name <http://suhosin.log.phpscript.name>=
> php.ini:;suhosin.log.**phpscript.is_safe = Off
> php.ini:;suhosin.log.use-x-**forwarded-for = Off
> php.ini:;suhosin.executor.max_**depth = 0
> php.ini:;suhosin.executor.**include.max_traversal = 0
> php.ini:;suhosin.executor.**include.whitelist =
> php.ini:;suhosin.executor.**include.blacklist =
> php.ini:;suhosin.executor.**func.whitelist =
> php.ini:;suhosin.executor.**func.blacklist =
> php.ini:;suhosin.executor.**eval.whitelist =
> php.ini:;suhosin.executor.**eval.blacklist =
> php.ini:;suhosin.executor.**disable_eval = Off
> php.ini:;suhosin.executor.**disable_emodifier = Off
> php.ini:; by default in Suhosin >= 0.9.6. Allowing symlink() while
> open_basedir is used
> php.ini:;suhosin.executor.**allow_symlink = Off
> php.ini:; If you fear that Suhosin breaks your application, you can
> activate Suhosin's
> php.ini:; simulation mode with this flag. When Suhosin runs in simulation
> mode,
> php.ini:;suhosin.simulation = Off
> php.ini:; first. It always uses resource slot 0. If Suhosin got this slot
> assigned APC
> php.ini:; will overwrite the information Suhosin stores in this slot. When
> this flag is
> php.ini:; set Suhosin will request 2 Slots and use the second one. This
> allows working
> php.ini:;suhosin.apc_bug_**workaround = Off
> php.ini:;suhosin.sql.bailout_**on_error = Off
> php.ini:;suhosin.sql.user_**prefix =
> php.ini:;suhosin.sql.user_**postfix =
> php.ini:;suhosin.multiheader = Off
> php.ini:suhosin.mail.protect = 1
> php.ini:; memory_limit to whatever value they want. Suhosin changes this
> fact and
> php.ini:; that Suhosin will disallows scripts setting the memory_limit to
> a value above
> php.ini:;suhosin.memory_limit = 0
> php.ini:suhosin.session.**encrypt = Off
> php.ini:;suhosin.session.**cryptkey =
> php.ini:;suhosin.session.**cryptua = On
> php.ini:;suhosin.session.**cryptdocroot = On
> php.ini:;suhosin.session.**cryptraddr = 0
> php.ini:; session. The difference to suhosin.session.cryptaddr is, that
> the IP is not
> php.ini:;suhosin.session.**checkraddr = 0
> php.ini:;suhosin.cookie.**encrypt = 0
> php.ini:;suhosin.cookie.**cryptkey =
> php.ini:;suhosin.cookie.**cryptua = On
> php.ini:;suhosin.cookie.**cryptdocroot = On
> php.ini:;suhosin.cookie.**cryptraddr = 0
> php.ini:; cookie. The difference to suhosin.cookie.cryptaddr is, that the
> IP is not
> php.ini:;suhosin.cookie.**checkraddr = 0
> php.ini:;suhosin.cookie.**cryptlist =
> php.ini:;suhosin.cookie.**plainlist =
> php.ini:; Defines the reaction of Suhosin on a filter violation.
> php.ini:;suhosin.filter.action =
> php.ini:;suhosin.cookie.max_**array_depth = 50
> php.ini:;suhosin.cookie.max_**array_index_length = 64
> php.ini:;suhosin.cookie.max_**name_length = 64
> php.ini:;suhosin.cookie.max_**totalname_length = 256
> php.ini:;suhosin.cookie.max_**value_length = 1
> php.ini:;suhosin.cookie.max_**vars = 100
> php.ini:;suhosin.cookie.**disallow_nul = 1
> php.ini:;suhosin.get.max_**array_depth = 50
> php.ini:;suhosin.get.max_**array_index_length = 64
> php.ini:;suhosin.get.max_name_**length = 64
> php.ini:;suhosin.get.max_**totalname_length = 256
> php.ini:;suhosin.get.max_**value_length = 512
> php.ini:;suhosin.get.max_vars = 100
> php.ini:;suhosin.get.disallow_**nul = 1
> php.ini:;suhosin.post.max_**array_depth = 50
> php.ini:;suhosin.post.max_**array_index_length = 64
> php.ini:;suhosin.post.max_**name_length = 64
> php.ini:;suhosin.post.max_**totalname_length = 256
> php.ini:suhosin.post.max_**value_length = 2048000
> php.ini:suhosin.post.max_vars = 500
> php.ini:;suhosin.post.**disallow_nul = 1
> php.ini:;suhosin.request.max_**array_depth = 50
> php.ini:;suhosin.request.max_**array_index_length = 64
> php.ini:;suhosin.request.max_**totalname_length = 256
> php.ini:suhosin.request.max_**value_length = 2048000
> php.ini:;suhosin.request

Re: [PHP] Updated PHP breaks processing-intense Procedure

[Ken Kixmoeller]

THank all of you for your help. I think I got this thing licked.


On Wed, Apr 24, 2013 at 7:14 PM, Ken Kixmoeller  wrote:

> Thank you very much, Jim ---
>
>
> On Wed, Apr 24, 2013 at 5:34 PM, Jim Lucas  wrote:
>
>> On 04/24/2013 03:24 PM, Ken Kixmoeller wrote:
>>
>>> Thanks, Jim ---
>>>
>>> Is this different from the "max_input_vars" discussion above? (from David
>>> OBrien)
>>>
>>
>> yes.  For example...
>>
>> php.ini:[suhosin]
>> php.ini:;suhosin.log.syslog =
>> php.ini:;suhosin.log.syslog.**facility =
>> php.ini:;suhosin.log.syslog.**priority =
>> php.ini:;suhosin.log.sapi =
>> php.ini:;suhosin.log.script =
>> php.ini:;suhosin.log.phpscript = 0
>> php.ini:;suhosin.log.script.**name <http://suhosin.log.script.name> =
>> php.ini:; variables registered in the current scope: SUHOSIN_ERRORCLASS
>> and
>> php.ini:; SUHOSIN_ERROR. The first one is the alert class and the second
>> variable is
>> php.ini:;suhosin.log.**phpscript.name <http://suhosin.log.phpscript.name>=
>> php.ini:;suhosin.log.**phpscript.is_safe = Off
>> php.ini:;suhosin.log.use-x-**forwarded-for = Off
>> php.ini:;suhosin.executor.max_**depth = 0
>> php.ini:;suhosin.executor.**include.max_traversal = 0
>> php.ini:;suhosin.executor.**include.whitelist =
>> php.ini:;suhosin.executor.**include.blacklist =
>> php.ini:;suhosin.executor.**func.whitelist =
>> php.ini:;suhosin.executor.**func.blacklist =
>> php.ini:;suhosin.executor.**eval.whitelist =
>> php.ini:;suhosin.executor.**eval.blacklist =
>> php.ini:;suhosin.executor.**disable_eval = Off
>> php.ini:;suhosin.executor.**disable_emodifier = Off
>> php.ini:; by default in Suhosin >= 0.9.6. Allowing symlink() while
>> open_basedir is used
>> php.ini:;suhosin.executor.**allow_symlink = Off
>> php.ini:; If you fear that Suhosin breaks your application, you can
>> activate Suhosin's
>> php.ini:; simulation mode with this flag. When Suhosin runs in simulation
>> mode,
>> php.ini:;suhosin.simulation = Off
>> php.ini:; first. It always uses resource slot 0. If Suhosin got this slot
>> assigned APC
>> php.ini:; will overwrite the information Suhosin stores in this slot.
>> When this flag is
>> php.ini:; set Suhosin will request 2 Slots and use the second one. This
>> allows working
>> php.ini:;suhosin.apc_bug_**workaround = Off
>> php.ini:;suhosin.sql.bailout_**on_error = Off
>> php.ini:;suhosin.sql.user_**prefix =
>> php.ini:;suhosin.sql.user_**postfix =
>> php.ini:;suhosin.multiheader = Off
>> php.ini:suhosin.mail.protect = 1
>> php.ini:; memory_limit to whatever value they want. Suhosin changes this
>> fact and
>> php.ini:; that Suhosin will disallows scripts setting the memory_limit to
>> a value above
>> php.ini:;suhosin.memory_limit = 0
>> php.ini:suhosin.session.**encrypt = Off
>> php.ini:;suhosin.session.**cryptkey =
>> php.ini:;suhosin.session.**cryptua = On
>> php.ini:;suhosin.session.**cryptdocroot = On
>> php.ini:;suhosin.session.**cryptraddr = 0
>> php.ini:; session. The difference to suhosin.session.cryptaddr is, that
>> the IP is not
>> php.ini:;suhosin.session.**checkraddr = 0
>> php.ini:;suhosin.cookie.**encrypt = 0
>> php.ini:;suhosin.cookie.**cryptkey =
>> php.ini:;suhosin.cookie.**cryptua = On
>> php.ini:;suhosin.cookie.**cryptdocroot = On
>> php.ini:;suhosin.cookie.**cryptraddr = 0
>> php.ini:; cookie. The difference to suhosin.cookie.cryptaddr is, that the
>> IP is not
>> php.ini:;suhosin.cookie.**checkraddr = 0
>> php.ini:;suhosin.cookie.**cryptlist =
>> php.ini:;suhosin.cookie.**plainlist =
>> php.ini:; Defines the reaction of Suhosin on a filter violation.
>> php.ini:;suhosin.filter.action =
>> php.ini:;suhosin.cookie.max_**array_depth = 50
>> php.ini:;suhosin.cookie.max_**array_index_length = 64
>> php.ini:;suhosin.cookie.max_**name_length = 64
>> php.ini:;suhosin.cookie.max_**totalname_length = 256
>> php.ini:;suhosin.cookie.max_**value_length = 1
>> php.ini:;suhosin.cookie.max_**vars = 100
>> php.ini:;suhosin.cookie.**disallow_nul = 1
>> php.ini:;suhosin.get.max_**array_depth = 50
>> php.ini:;suhosin.get.max_**array_index_length = 64
>> php.ini:;suhosin.get.max_name_**length = 64
>> php.ini:;suhosin.get.max_**totalname_length = 256
>> php.ini:;suhosin.get.max_**value_length = 512
>> php.ini:;suhosin.get.max_vars = 100
>> php.ini:;suhosin.get.disallow_**nul = 1
>> php.ini:;suhosin.post.max_**array_depth = 50
>> php.ini:;suhosin.post.max_**arra

Re: [PHP] Help! Made a boo-boo encrypting credit cards

[Ken Kixmoeller]

On Fri, Feb 11, 2011 at 4:42 PM, Brian Dunning  wrote:
> Hey all -
>
> I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt 
> fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good example). 
> Maybe there is a character that appears in about 10% of my encryptions that's 
> not being encoded properly???
>
> // Encryption is set up at the top of the script:
> $crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
> $ks = mcrypt_enc_get_key_size($crypto);
> $key = substr(md5('my_funky_term'), 0, $ks);
>
> // When the card number is collected by the form, it's encrypted:
> $cc_number = addslashes($_POST['cc_number']);
> mcrypt_generic_init($crypto, $key, $iv);
> $cc_encrypt = mcrypt_generic($crypto, $cc_number);
> mcrypt_generic_deinit($crypto);
>
> // This is written to the database:
> $query = "update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv', 
> other_fields='$other_stuff' where id='$account_id' limit 1";
> $result = mysql_query($query) or die(mysql_error());
>
> Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci, 
> MyISAM, MySQL 5.0.91
>
> In another script, when I retrieve, I first set it up at the top of the 
> script exactly like step #1 above, then retrieve it like this:
>
> mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
> $cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));
> mcrypt_generic_deinit($crypto);
>
> Most of them are good, a few of them are bad. Can anyone see anything I'm 
> doing wrong or a case I'm not covering? Thanks much.

Just a WAG, but when I first was working with mcrypt, it would append
spaces to the encrypted value. I would have to TRIM() everything for
processing or decryption. BTW, we also elected *not* to store card
numbers, only the last 4 digits.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Installing on a Mac: include_path issues

[Ken Kixmoeller]

Hey, folks -- --

I am switching over my development (I hope) to a Mac. Having some
trouble with the configuration. Rudimentary scripts run fine in the
document_root, but beyond that, my scripts in the include_path are not
found.

The include_path has a couple of directories in which I have my
foundation classes and a clients application classes and other
programs. For various reasons, I put them into my "Documents/Clients"
folder. When I create to set the path to these files in PHP, they are:

 /Users/ken/Documents/Clients/comped_php
 /Users/ken/Documents/Clients/jaguar_php

PHP doesn't find them, which has me stumped.

php.ini shows the include_path correctly, as:   
  
/Users/ken/Documents/Clients/comped_php:/Users/ken/Documents/Clients/jaguar_php

the document_root, configured in Apache is: /Users/ken/Sites/

The errors show as:
include_once() [function.include]: Failed opening 'smm_header.php' for
inclusion 
(include_path='/Users/ken/Documents/Clients/comped_php:/Users/ken/Documents/Clients/jaguar_php')
in /Users/ken/Sites/smm_registration/smmcomputereducation.php on line
1

Any ideas or suggestions?

Thanks,

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Installing on a Mac: include_path issues

[Ken Kixmoeller]

On Thu, May 5, 2011 at 4:40 AM, Richard Quadling  wrote:
> On 5 May 2011 05:51, David Robley  wrote:
>> Ken Kixmoeller wrote:
>>
> include_path should only contain directories, not filenames. [1]

Thanks. Yes, both of those are directories.

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Installing on a Mac: include_path issues

[Ken Kixmoeller]

On Wed, May 4, 2011 at 11:51 PM, David Robley  wrote:
>> php.ini shows the include_path correctly, as:
> If I remember correctly, include and friends have two parts to the error
> message but you've only shown us one. For a guess, is it possible the
> apache process doesn't have permissions for those directories and/or the
> files within them?

Yes, it ia  two-parter. I showed the second. The first is:

Warning: include_once(smm_header.php) [function.include-once]: failed
to open stream: No such file or directory in
/Users/ken/Sites/smm_registration/smmcomputereducation.php on line 1

I am checking out the "rights" issue --- sounds like a great lead. Thank you.

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Installing on a Mac: include_path issues

[Ken Kixmoeller]

On Thu, May 5, 2011 at 5:59 AM, Mike Mackintosh
 wrote:
> Run phpinfo() or php -I and see if the PHP.ini file is being loaded.

 php.ini shows the include_path correctly, as:
   
 /Users/ken/Documents/Clients/comped_php:/Users/ken/Documents/Clients/jaguar_php

Oops, that line was supposed to say "phpinfo() shows the include_path
correctly." Sorry for the confusion. phpinfo() runs just fine and
shows me what I expected.

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: iPhone apology - was Re: [PHP] Re: Installing on a Mac: include_path issues

[Ken Kixmoeller]

On Thu, May 5, 2011 at 9:52 AM, Richard Quadling  wrote:
> On 5 May 2011 15:08, Mike Mackintosh  wrote:
>> Sent from my iPhone
>
> Why do all iPhone users apologize for sending mail from their iPhone?

1. Apparently, iphone software top-posts replies. For some people,
that alone constitutes a federal (if not intergalactic) crime.

2. This signature addition seems to have started with the Blackberry.
Some people got upset with concise replies (like "fine") thinking them
to be snippy, when they were due to limited typing capabilities.

3. Advertising for Apple.

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Installing on a Mac: include_path issues

[Ken Kixmoeller]

On Thu, May 5, 2011 at 9:08 AM, Mike Mackintosh
 wrote:
> What are the permissions on the include directory?
> --

Well, I swear that I had set the permissions to r/w for these
directories, but after I did it (again?), now I get a whole *new* set
of errors which seem to be about connecting to MySQL.

So, pending further investigation, it seems like *this* problem is solved.

Many, many thanks to all who responded.

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] iPhone sadness

[Ken Kixmoeller]

On Mon, May 30, 2011 at 11:19 AM, Ashley Sheridan
 wrote:
> Erm,... Most people who use Windows tend not to change basic settings from 
> their defaults.

Erm, most Winders users have no clue *how* to change them, nor that
there might be some reason to do so.

Ken

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Found this and I thought of you.

[Ken Kixmoeller]

On Sun, Jun 5, 2011 at 11:44 AM, Jonesy  wrote:
> On Sun, 5 Jun 2011 00:34:30 +0100, Richard Quadling wrote:
>> http://www.exxcire.com/login.php
>>
>> If nothing more than a good "bad example".
>
> ROTFLMAO!!!  "Where Experts Exchange"
> Sweet Jeezuz!

At least they have a cute 404 page. Gotta count for *something*! 

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] scroll down list -visible, but not possible to choose

[Ken Kixmoeller]

You want:

>  if($status == $selected) echo "selected = ' selected' ";
(I didn't bother with \s)

And BTW, unless the support person is actually sitting on top of the
customer (and I can see situations where that would help), you want it
to say "Waiting *for* Customer"

Ken

On Wed, Aug 31, 2011 at 3:30 AM,   wrote:
>  echo "  if($status == $selected) echo ' selected';
>  echo ">$status";
>  }
>  }
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Generating JavaScript menus on-the-fly

[Ken Kixmoeller]

Hey - - -- - -- --

I keep a profile of a user's rights and responsibilities in tables.  
Since this profile defines what a user can do in the system I am  
designing, I'd like to build a JavaScript menu navigation scheme. I  
need it to be driven programmatically, because the Admin users can  
add and remove tasks to the system or to a given user at-will.


I already built a similar thing using CSS-only menus, but it just  
wasn't aesthetically flexible enough. I am exploring other options,  
but I am wondering if any of you have done something similar and have  
any samples or advice.


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Generating JavaScript menus on-the-fly

[Ken Kixmoeller]

Thank you -- I don't know about those functions -- I'll check them  
out (for general knowledge, too)...


Ken


On Mar 10, 2008, at 12:01 PM, Roberto Mansfield wrote:


If you are building select menus on the fly using javascript, look at
php's json_encode function. It will create a JSON representation of  
your

php data structure. Makes "passing" data sets to javascript very easy.
Just build your array of allowed options in php, plug the data into  
your
javascript via json_encode() and let javascript build the menu  
options.



Ken Kixmoeller wrote:

Hey - - -- - -- --

I keep a profile of a user's rights and responsibilities in tables.
Since this profile defines what a user can do in the system I am
designing, I'd like to build a JavaScript menu navigation scheme.  
I need

it to be driven programmatically, because the Admin users can add and
remove tasks to the system or to a given user at-will.

I already built a similar thing using CSS-only menus, but it just  
wasn't

aesthetically flexible enough. I am exploring other options, but I am
wondering if any of you have done something similar and have any  
samples

or advice.

Ken


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] module access rights

[Ken Kixmoeller]

Right. Thanks for the links. This type of approach is the basis of my  
software architecture.


Ken

(BTW, don't forget to "Reply All" so your reply goes to the list, too).

On Apr 19, 2008, at 9:03 AM, Tony Marston wrote:
What you are describing is a Role Based Access Control (RBAC)  
system, and it

is not simple. Take a look at
http://www.tonymarston.net/php-mysql/role-based-access-control.html  
and

http://www.tonymarston.net/php-mysql/menuguide/index.html

Tony Marston

http://www.tonymarston.net
http://www.radicore.org




-Original Message-
From: Ken Kixmoeller.com [mailto:[EMAIL PROTECTED]
Sent: 19 April 2008 14:33
To: PHP General List
Subject: Re: [PHP] module access rights



On Apr 19, 2008, at 2:37 AM, Alain Roger wrote:

Hi,

i'm very surprised... i did not get any answer to my

previous post. is

it because it is good way to do it or because nobody knows ?
---

Hi,
i face now a little issue regarding how end user can access to some
modules
of my web portal.

Let imagine we have several modules (let say: mod1, mod 2, mod3)
and 2 users
(usr1, usr2).
i would like to use a simple way how to established access rights
for each
user to grant/forbidden access to modules...


Or maybe the answer is as complicated as the question seems simple.

I have my master application object. On __construct, it checks the
current user's rights from somewhere (a config file or a database,
for example), and instantiates the application based on the rights
profile.

Simple answer, but a lot of front-end work to implement.

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php








--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Testing HTTPS without certificate

[Ken Kixmoeller]

Hi - - -   - --

I have a typical setup -- my development machine, a testing server  
and, of course, the production server. My development machine, of  
course, doesn't have a Secure certificate, yet I need to be able to  
test https pages here, before getting to the testing server.  
(Currently, the testing server doesn't have one either, but that will  
be remedied shortly.)


I know how to test for the existance of HTTPS, and stuff like that.

So: Can one test https on a local machine? Resources, anyone? I have  
Googled my fingers off.


Environment: PHP 5.2.5
Win 2K
IIS 5

- or, if I need to -

Mac OS-X 10.4
Apache? (I haven't set up the Mac as a server)

 - or -

Linux (Ubuntu) with Apache (I am moving this direction and haven't  
yet learned how to run Apache)


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Creating an array as a property of an object

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hello, folks -- lurking for a while, first post --

I'm relatively new to PHP but doing database design work for nearly  
20 years.


I've RTFM'ed (+ books + other resources) a bunch of times but I have  
a mental block around doing this:


I want to have an multidimensional array as a property of an object.

Example:

MySQL Resource:
 WHAM_ID  NAME AMOUNT
  5   Fred 99
  9   Albert  345
 23   Mary  5
 (etc...)

Inside the function which builds the instance of the object, I have  
language like:


while ($line = mysql_fetch_array($result_set,MYSQL_ASSOC))
{
  $this->foom_array = array("MyKey".$line["wham_id"]=>array($line).",";
}
This isn't even close. 

Any examples, or a well-written resource to help me do this?

TIA

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Creating an array as a property of an object

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 26, 2007, at 3:08 PM, Robert Cummings wrote:


$this->foom_array[$line['WHAM_ID']] = $line;

Cheers,
Rob.


Thank you so much, Rob. That did it. (Kickin' the cobwebs out of my  
head...)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Can a class instance a property of another class

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hey - --  -

Here I am again. Anybody still working on a Friday?

I would like to have a class instance be the property of another  
class, like can be done in other languages. For example: I would like  
to have a "Connections" class which contains all of the database  
connection logic and query results. There are advantages to having  
this type of utility class be local to a data or business class. (I  
know that I could have a generic "include" with functions outside of  
the class hierarchy.)


So, in the __construct method of a business or data class, for  
example, one could:


include_once("connection_classes.kbk");
$this->connection_class = new connection_class;

This syntax fails, so I know this isn't right, but I hope you get the  
idea.


Can it be done?

TIA, again

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can a class instance a property of another class

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Thanks for your help, guys. I had to leave my office last evening  
before I had a chance to try any of them.


I am sneaking in some office time today. I'll let you know (with  
complete scripts and error messages).


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can a class instance a property of another class

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

OK, Jochem, I adapted your example and got it working. Thank you very  
much.


I am still playing with it to better understand. One thing I don't  
yet understand is the necessity for the getFoo()/getBar()  
"handshake," especially the getbar() in the BAR class. That doesn't  
seem to serve any purpose. My adaptation us just a getDummy().


Do they just serve to pass the object by reference?


Ken

--
On Jan 26, 2007, at 5:47 PM, Jochem Maas wrote:




class Foo
{
private $var;
function __construct() { $this->var = "foo"; }
function getFoo() { return $this->var; }
}

class Bar
{
private $var;
private $foo;
function __construct() { $this->var = "bar"; $this->foo = new Foo; }
function getBar() { return $this->var; }
	function speak() { echo "I am ",$this->foo->getFoo(),$this->getBar 
(),"\n"; }

}




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Can a class instance a property of another class

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Thanks to all -- got all of this working fine. Mostly my syntax was a  
bit off. Your examples helped me mend my ways.


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Executing scripts from a table

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hi, folks -- - -

For security and efficiency, I am trying to store PHP scripts in  
MySQL tables. Only problem: I can't get them to execute.


In a template:

$php_code = $this->ApplicationObject->GetStoredCode($whichpage);

echo $php_code;  // doesn't execute

print_r($php_code); // doesn't execute, either


I've looked for some kind of exec_script() function without luck.

I can't be the first one to have done this. Any ideas or resources  
you can point me to?


Thank you -- - -

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Executing scripts from a table

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Yeah, that was it. Thanks, Thomas.

(dang it, I should have been able to figure out that myself!)

Ken


On Feb 2, 2007, at 11:32 AM, Thomas Pedoussaut wrote:


Ken Kixmoeller -- reply to [EMAIL PROTECTED] wrote:

Hi, folks -- - -

For security and efficiency, I am trying to store PHP scripts in  
MySQL tables. Only problem: I can't get them to execute.


In a template:

$php_code = $this->ApplicationObject->GetStoredCode($whichpage);

echo $php_code;  // doesn't execute

print_r($php_code); // doesn't execute, either



I think you're thinking of eval()
http://ie2.php.net/manual/en/function.eval.php

It should do what you want.

--
Thomas




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Executing scripts from a table

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 2, 2007, at 6:59 PM, Richard Lynch wrote:


Putting PHP source into MySQL is the WRONG way to go for security and
efficiency...


Thank you, Richard -- I appreciate your advice.

Here is a qualifier: I'm not putting any core code into tables, just  
code which generates page content. The access rights to that page  
content, as well as security code and application objects are not  
there. That code is off of the web path, called by functions. No SQL  
is in tables. So maybe I shouldn't have said "security."


With that in mind -- I would really appreciate it if would help me  
understand your comment or point me to a resource which will. I have  
read a bunch of stuff on security, but no resources led me to believe  
that I was on a wrong path, though none of them followed the path I  
am on. It isn't too late for me to change.


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Executing scripts from a table

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 3, 2007, at 9:32 AM, Ken Kixmoeller -- reply to  
[EMAIL PROTECTED] wrote:


I'm not putting any core code into tables, just code which  
generates page content. The access rights to that page content, as  
well as security code and application objects are not there. That  
code is off of the web path, called by functions. No SQL is in  
tables. So maybe I shouldn't have said "security."


I should add: All of the PHP in the tables is making calls to UI  
objects and data objects (which contain the SQL). Those classes are  
also off of the web tree. My goal has been to locate any and all page- 
related content (HTML and PHP) in a single location.


I am *not* trying to justify my strategy here. I just want to provide  
enough information to anybody willing to help me understand if it is  
ill-conceived.


Thank you,

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Sessions working/not

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hey - -- -

Would anyone be so kind as to un-stick my brain?

I can't get sessions to work on my development machine (localhost).  
They work fine on my testing server (an internal IP). Development:  
W2K, Testing Server W2K Server, both using IIS 5, PHP 5.2.


The php.ini SESSION settings are the same on both machines.

Seems to me I made this choice at some point, but now my feeble brain  
can't bring it up.



"Anyone? Anyone?"


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Capture the whole URL

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hey - -

I must be missing something, but in a URL such as:

  diddly.com?id=fred&total=goof

$_SERVER['PHP-SELF'] gives me the diddley.com part.

I want to capture the whole URL. The documentation makes it seem like  
$_SERVER['REQUEST_URI'] is supposed to do that, but I get an  
"Undefined Index" error.


Do I have to enable this somehow? I realize that I could recreate the  
rest of the URL from $_GET's, but I'd rather not if I don't have to.


PHP 5.1

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Capture the whole URL

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 22, 2007, at 10:26 PM, tedd wrote:



Print out these three and you'll see your problem.

$_SERVER['SERVER_NAME']
$_SERVER['QUERY_STRING']
$_SERVER['REQUEST_URI']



Thanks, Tedd - -

REQUEST_URI still generates a "Undefined Index" error
SERVER_NAME on my testing server returns its IP

***QUERY_STRING***  is the one I wanted.

I didn't see it (but then again, I am working through the worst head  
cold I have had in years. My head is a solid block. Watta pain.)


Many thanks.

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Capture the whole URL

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 23, 2007, at 12:18 AM, Jim Lucas wrote:



  diddly.com?id=fred&total=goof

First of forgoing the http:// missing, this still isn't a qualified  
URL




Yeah, I was just giving an example of what I wanted.




echo $_SERVER['REQUEST_URI'];
and see what it returns



I said in the post, it returns an error: "Undefined index." I wonder  
if this doesn't work on a Wintel server? Is it supposed to return the  
whole thing?




if for some odd reason that doesn't work try: echo $_SERVER 
['QUERY_STRING'];




Yes, thanks, that gave me what I wanted, or at least it will together  
with 'PHP_SELF' that part of the URL that I wasn't getting otherwise.





show us an example of the script that generates the error



I was testing just with simple echo statements.



Looks like you either typed this pretty fast or maybe you had a few  
typo's.  Review your code and check that you are using underscores  
and not hyphens.




Yes, sorry -- I was both in a hurry (wife "gently" beckoning me to  
get moving) and drugged up. My code was syntacticly correct.


Thank you for your help, Jim.

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Capture the whole URL

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 22, 2007, at 4:33 PM, Jochem Maas wrote:


do a var_dump($_SERVER); or phpinfo(); to see what you do have  
available.




'REQUEST_URI' doesn't show. Now I see the line in the documentation  
that says "You may or may not find any of the following elements..."


How do I find out whether QUERY_STRING will work on the working  
server? I'll do some searching, but is anyone aware of a resource  
that tells which server hardware/software supports which ones?


H... it might be smarter to use the $_GET's to recreate the  
string if these things are inconsistent.


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Capture the whole URL

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Feb 23, 2007, at 7:46 AM, tedd wrote:


On Feb 22, 2007, at 10:26 PM, tedd wrote:


Print out these three and you'll see your problem.

$_SERVER['SERVER_NAME']
$_SERVER['QUERY_STRING']
$_SERVER['REQUEST_URI']


Thanks, Tedd - -

REQUEST_URI still generates a "Undefined Index" error
SERVER_NAME on my testing server returns its IP

***QUERY_STRING***  is the one I wanted.

I didn't see it (but then again, I am working through the worst  
head cold I have had in years. My head is a solid block. Watta pain.)


Many thanks.

Ken


Ken:

As per my understanding, the $_SERVER['REQUEST_URI'] should give  
you something -- after all, it's from where the request came from  
(i.e., your app).


In your code, simply do a print_r($_SERVER) and see what happens.


I did this (actually a var_dump) and $_SERVER['REQUEST_URI'] doesn't  
show up at all. See my message replying to Jochem.


Thanks for your code. I'll check it out.

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generating foldout menus in php

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Sep 3, 2007, at 12:42 PM, tedd wrote:



that would be more complicated than just using css with js, like so:

http://sperling.com/examples/menuh/

http://sperling.com/examples/menuv/

Why complicate your life?



Hey, tedd - - - -

I like this tool, and am playing with it -- --

Just wondering, though, if you have ever created PHP code to generate  
these menus on-the-fly? I am working on an intranet application in  
which I take values from rights-and-responsibilities tables and use  
it to generate navigation options. Got a start on it, but if you  
already had some code I'd appreciate getting a gander at it.


KixJaguar - -

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generating foldout menus in php

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Sep 6, 2007, at 11:02 AM, Edward Kay wrote:


You may want to take a look at Yahoo's YUI menu:
http://developer.yahoo.com/yui/menu/

These can be defined using standard XHTML markup.


Thank you --- I will do that --

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generating foldout menus in php

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Sep 6, 2007, at 10:47 AM, Ken Kixmoeller -- reply to  
[EMAIL PROTECTED] wrote:


Just wondering, though, if you have ever created PHP code to  
generate these menus on-the-fly?


Never mind === I got it working. (Mechanically) --

Aesthetically, though, even though I used the "horizontal" classes,  
it comes out vertical -- any clues?


thanks ---

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generating foldout menus in php

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Sep 6, 2007, at 1:17 PM, Ken Kixmoeller -- reply to  
[EMAIL PROTECTED] wrote:


Aesthetically, though, even though I used the "horizontal" classes,  
it comes out vertical


Never mind (not that you did) -- got it working fine ---

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hey --- - -

I am in the process of upgrading the encryption technology I am using  
from (64 bit) blowfish to (256 bit) rijndael.


The code (and some explanations) is below, but the results are, um,  
unusual, and I can't see what I am doing wrong. For testing, I have a  
program that generates a random 16-character string, encrypts it to a  
variable, and decrypts it. Running it in 500 iteration loops, it  
fails roughly 4% of the time. By "fails" I mean that the original  
string and the eventual decrypted one don't match.


Anybody able to spot why?

Ken
--
function jagencdecr($text,$EorD,$encpass='') {
// parameters:
// - $text = string to be en/decrypted,
// - $EorD = Encrypt or Decrypt
// - $encpass = key phrase
if (empty($text)) {return "";}
$text = trim($text);
$cypher = mcrypt_module_open('rijndael-256', '', 'ecb', '');
// "ecb" mode produces the above results.
// "ofb" mode produces 100% errors

$size = mcrypt_enc_get_iv_size($cypher);
$phprand = rand(1000,);
	$iv = mcrypt_create_iv($size,$phprand); // produces the same results  
as below, platform independent

//$iv = mcrypt_create_iv($size,MCRYPT_RAND); // for Windows
//$iv = mcrypt_create_iv($size,MCRYPT_DEV_RAND); // for 'NIX

$ks = mcrypt_enc_get_key_size($cypher);
/* Create key */
$key = substr(md5($encpass), 0, $ks);
mcrypt_generic_init($cypher,$key,$iv);
if ($EorD == "D") {
$text_out = mdecrypt_generic($cypher,$text);
} else {
$text_out = mcrypt_generic($cypher,$text);
} // endif ($EorD == "D")
mcrypt_generic_deinit($cypher);
mcrypt_module_close($cypher);
return trim($text_out);

}  // endfunc jagencdecr Jaguar Ecnrypt/Decrypt

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 15, 2008, at 7:06 PM, Casey wrote:


Maybe you could echo the results of the failed ones and compare.


I did that at first, thinking that "something about these strings  
might cause the problem." But then I realized: I can't blame the  
data. I don't have any control over what users use for passwords, for  
example. this thing is supposed to en/decrypt the strings I gige it,  
so there must be some kind of programming flaw.


FWIW, there was no discernible pattern to the failed strings, at  
least not to me. (Not that it matters.)


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:


-Original Message-
From: Bastien Koert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:55 AM
To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php-
[EMAIL PROTECTED]
Subject: RE: [PHP] Encryption failing


are you base64 encoding the resultant encryption string? I have found
that there are problems with certain characters that can result from
the encryption, usually a combination of characters that  
approximate a

null or end of line

bastien> From: [EMAIL PROTECTED]> Date: Tue, 15 Jan 2008  
21:41:45 -

0600> To: php-general@lists.php.net> Subject: Re: [PHP] Encryption
failing> > > On Jan 15, 2008, at 7:06 PM, Casey wrote:> > >> Maybe  
you
could echo the results of the failed ones and compare.> > I did  
that at

first, thinking that "something about these strings > might cause the
problem." But then I realized: I can't blame the > data. I don't have
any control over what users use for passwords, for > example. this
thing is supposed to en/decrypt the strings I gige it, > so there  
must

be some kind of programming flaw.> > FWIW, there was no discernible
pattern to the failed strings, at > least not to me. (Not that it
matters.)> > Ken> > -- > PHP General Mailing List
(http://www.php.net/)> To unsubscribe, visit:
http://www.php.net/unsub.php>


I second that, you should base64 encode values before encrypting  
and base64

decode them after decrypting to be safe.

Rob

Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale,  
FL 33308

| TEL 954-607-4207 | FAX 954-337-2695
Email: [EMAIL PROTECTED]  | MSN Chat: [EMAIL PROTECTED]  |  SKYPE:
bestplace |  Web: http://www.bestplace.biz | Web: http://www.seo- 
diy.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:


I second that, you should base64 encode values before encrypting  
and base64

decode them after decrypting to be safe.



Thanks for the idea.

Like this? Fails 500/500 times on my test.


if ($EorD == "D") {
$text_out = mdecrypt_generic($cypher,$text);
$text = base64_decode($text);
} else {
$text= base64_encode($text);
$text_out = mcrypt_generic($cypher,$text);
} // endif ($EorD == "D")


A quick test looks like this:

1: String: 9334133814260182
 -|- Enc: X5Þ©·ža`p#È]#c¦±3ÔýCõÒiÏ~r¢Tª"
 -|- Dec:OTMzNDEzMzgxNDI2MDE4Mg== -|- Nope

2: String: 3027022406512648
 -|- Enc: j£n,h\"mê´ uKP%¥†¼D}H‚’f¢š„
 -|- Dec:MzAyNzAyMjQwNjUxMjY0OA== -|- Nope

3: String: 5042504153020331
 -|- Enc: 9ÿ•ýŸÝ§¤6Wi+€×Ÿéáo>nñº*J6}Ø+„
 -|- Dec:NTA0MjUwNDE1MzAyMDMzMQ== -|- Nope

4: String: 6741156238850410
 -|- Enc: ·:´[Úq\‹ë‹4\Q«ÍŽ5±{º‡µØtþðtN?b
 -|- Dec:Njc0MTE1NjIzODg1MDQxMA== -|- Nope

5: String: 0003100244041329
 -|- Enc: D¾¤úV:!Mû4ƒÜ€àœ‰ŽòÐÐ^ïHñ-š%z
 -|- Dec:MDAwMzEwMDI0NDA0MTMyOQ== -|- Nope

Wrong: 5/5

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 15, 2008, at 10:48 PM, Casey wrote:


It returns the correct value. If you look at the last example, and run
base64_decode on "MDAwMzEwMDI0NDA0MTMyOQ==", you will get
"0003100244041329".


Oops. "Haste makes crappy programming."

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jan 16, 2008, at 1:28 AM, Andrés Robinet wrote:


1 - Mike is right about first encrypting and then doing a  
base64_encode (then saving results to DB, cookies, etc). I don't  
know why replacing " " to "+" for decrypting, though.




His other post explains that php didn't seem to like spaces. No  
spaces in the test strings -- I'll check for those when/if I can get  
the core en/decryption working.



2 - Mike is also right about $text = base64_decode($text) which  
should be $text = base64_decode($text_out) I think.




Yup -- that's what i get for trying to do this hastily and late at  
night --



3 - You are trimming the results on return, according to one post  
in the manual notes this will remove null padding on the decrypted  
string. This is desired, most of the time, but if the original  
(cleartext message) string ended in nulls you will get a difference  
and that may be the cause of the errors you are getting.




I understand that, thank you. There are no trailing nulls on the  
original string.


After correcting the my program, I still get the same results, about  
4% wrong:


70: String: 5214006139804600
 -|- Enc: Ϊ%bÇCsšB>sìD%Å#z[ä. m…‡¿m§ð
 -|- Dec:àc8
 -|- Nope

75: String: 1034702254251899
 -|- Enc: !:Ã2ºÍ
é×»àe2s? :Ù0LµŒÕ[«
 -|- Dec:à`*' -|- Nope

89: String: 8245007043826594
 -|- Enc: µÆ Íãd-‘Á´E3½yÍ×v‹,ZØW"éûqüŽ‚ó
 -|- Dec:[EMAIL PROTECTED] -|- Nope

etc.

Wrong: 23/500


Phooey.

Ken
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Many thanks, Mike --- yours works great... 0 errors.

On Jan 16, 2008, at 9:24 AM, mike wrote:


function data_encrypt($data) {
if(!$data) { return false; }
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
$GLOBALS['config']['salt'], $data, 'cbc', md5($GLOBALS['config']['
salt'].$GLOBALS['config']['salt'])));
}

function data_decrypt($data) {
if(!$data) { return false; }
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,
$GLOBALS['config']['salt'], base64_decode(str_replace(' ', '+',
$data)), '
cbc', md5($GLOBALS['config']['salt'].$GLOBALS['config']['salt'])));
}


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Encryption failing

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

(forgot to copy the list)

On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:



Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?



In this case, no. In trying to simplify the situation to narrow the  
possibilities of error, I am generating "random" character strings of  
only alphanumeric (or numeric-only) characters. Each is exactly 16  
characters.





And if rijndael is one of the algorithms which requires a fixed-size
input, that also would be "bad" to trim it.



No documentation that I was able to find suggests that requirement.





Actually, I'd suggest that the encryption function has no business
trimming the text anyway.



Philosophically I agree with you, but mCrypt has this nasty habit of  
appending bunches of nulls to the decrypted string. So philosophical  
purity gives way to practical application.


Good ideas, as usual. Thank you.

Ken


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Removing a row from an Array

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

Hey - - - - - - --

To do this, I am:

 - looping through the array
 - copying the rows that I want to *keep* to a temp array, and
 - replacing the original array with the "temp' one.

Seems convoluted, but I couldn't find any function to remove a row of  
an array. Am I missing something (other than a few brain cells)?


thanks - - -

Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a row from an Array

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jun 4, 2007, at 2:25 PM, Jay Blanchard wrote:


http://us2.php.net/manual/en/function.array-pop.php


Thanks, Jay ---

I did see that function, but forgot about it when I asked the  
question. I should have added that *any* array row among many could  
be the one that needs to be removed. I couldn't figure out how to  
reorder the array so that POP would work.


Ken

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a row from an Array

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jun 4, 2007, at 3:29 PM, Peter Lauri wrote:



You could use unset() for the rows you don't want to keep.



Ah --- yes, that looks like it would do it. I was expecting something  
to find something array-specific.


Thank you, Pater and Roberto

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Removing a row from an Array

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jun 4, 2007, at 3:27 PM, Al wrote:



What determines the rows you want to keep?



User selection. The array is essentially a "shopping cart"-type of  
object.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Removing a row from an Array

[Ken Kixmoeller -- reply to [EMAIL PROTECTED]]

On Jun 5, 2007, at 5:20 PM, Richard Lynch wrote:


am I missing something (other than a few brain cells)?


http://php.net/unset

As in, unset($array['goner']);


Yup, that's the one. Thanks to you, too.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php