RE: [PHP] Sharing Cookies with Java?

[Mike Migurski]

>>Can php share cookies with java servlets?  Specifically, can php use
>>cookies written by a java servlet?
>
>I don't know about Java, but JavaScript can use php cookies and
>vice-versa.

A cookie is a cookie is a cookie, regardless of the originating technology
-- browsers should treat them all identically, so your only restrictions
will be the ones built into HTTP itself. See the RFC (linked from the
php.net cookie docs) or netscape's info for a few brief notes on the
various restrictions placed on cookie data:

http://wp.netscape.com/newsref/std/cookie_spec.html

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session vs Cookie Issues

[Mike Migurski]

>   I know this topic has been talked about a LOT but all the info
>I've managed to get from google is that there is no center / best option
>to choose between using sessions or cookies.

You're comparing apples and oranges -- cookies are one of the mechanisms
by which PHP implements sessions. The other is URL-munging. So if you use
sessions, odds are cookies are coming along for the ride. What you
definitely /don't/ want to do is to store application data in the cookie
itself, due to various security (public machines) and technical (4k size
limit) concerns. PHP's built-in session support uses the cookie data as an
identifier, to match a user to the data stored in a session file, and in
general this is the way to go. The only major flaw I've found with PHP's
session support is that it doesn't appear to be possible to force the data
to be written without also closing the session. In general, PHP's session
features are pretty complete, and easily modifiable.

To clear up a few items below:


>Cons of Sessions
>1. saves it in /tmp - world viewable

not necessarily so, see php.net/session_save_path

>2. Session ID may be easy to guess unless I md5 the sessionID before
>sending it out

you can define your own session id if you'd like, see php.net/session_id
for example, to help deter session fixation, you might require that the
session be a hash of certain environment variables, such as remote IP or
user-agent string.


>Cons of cookies
>1. cookies can be rejected by users
>2. if rejected, means session can't be preserved across pages?? (this I'm
>not sure)

this is where URL-munging will come into play; PHP will resort to this if
cookies are rejected.


>3. cookie is stored in user's hard drive. What is user using public PC?

don't use the cookie to store application data - use it to determine the
user's identity. This is the behavior that PHP's session features
encapsulate.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session vs Cookie Issues

[Mike Migurski]

>   based on what you're saying, I gather that if I were to choose to
>use cookies, and if cookies were rejected by the user, PHP will default
>to using sessions?

If you chose to use sessions, and cookies were rejected by the user, then
PHP would append the session ID to each internal link, in order to
preserve the session ID between requests.

If you just used cookies with no supplemental method, and cookies were
rejected by the user, then your method would break.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session vs Cookie Issues

[Mike Migurski]

>>The only major flaw I've found with PHP's session support is that it
>>doesn't appear to be possible to force the data to be written without
>>also closing the session.
>
>Mike - can you expand on your point above?

I've running into this problem where--in an app with a lot of OOP and
reference-passing, on a shared host--requests would die out before
reaching the end, though they'd do enough work to be useful. I can't seem
to be able to fix the instability (see below), but I was able to work
around one of the flaws of the session support: normally the user's
session data is read from a file, typically in /tmp, at the start of a
request. This data is manipulated by the script when values in
$GLOBALS['_SESSION'] are changed, and then it's written back to the file
at the end of the request.  My issue was that frequently, my scripts
wouldn't finish correctly, session data would not be written to the file,
and therefore it would be lost between requests. I had hoped to find a
function like session_write_close() that did not have the side effect of
closing the session altogether, but instead I ended up rolling my own,
with more frequent disk writes at crucial junctures.

If anyone can help shed any light on the sort of instability I'm seeing,
that would really help. Apache child processes die right and left, with
segfaults and bus errors.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Authentication system

[Mike Migurski]

>At the point where they fill out the registration form, I am sending them
>an email, informing them that they have been registered. On many sites
>I've gone to, the process then includes a requirement that the person
>reply to the message.
>
>Now I need to learn how to take the incoming message and process it.  I
>am assuming that the processing can be done by php. Any suggestions,
>either on how to do this, or where I might learn how to do this?

You may find it easier to include, in the e-mail, a uniquely-generated,
limited-time URL that the person can visit to verify that they have
received the e-mail. This will remove the burden of having to set up a
system that responds to e-mail commands.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Incrementing counter from an HTML page.

[Mike Migurski]

>The problem I am facing is that my Index page can be an HTML page only..
>not PHP. I cant use framesets, redirects etcetera.  I want to build my
>own Counter using PHP & mySQL Database.. with the "Users Online" and
>"Total Hits" feature.  How can I increment the counter or affect a PHP
>code using HTML.. is there someway I can achieve this? To be able to show
>the php counter on my HTML page.. ?

If your webserver is Apache, use SSI -
http://httpd.apache.org/docs/howto/ssi.html

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Eregi filtering..

[Mike Migurski]

>elseif (eregi("a-ZA-9", $v_tel_filter)) {
>echo "'$v_tel_filter' Telephone Number Contains words";
>
>} else {
>
>im looking how to verify numbers alone and dash "-" can that be possible? I
>have tried using "a-ZA-9" but did not work.

/^[\-\d]+$/ should match a string of just digits and dashes.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Storing large amounts of text in db

[Mike Migurski]

>I am working on some scripts that will allow for uploading of files that
>will then be stored in a database with the ability to be listed and
>searched.
>
>What im wondering, is if I have a user upload a file in txt, or doc
>format if there is an easy way to read that file, store the information
>in the database so it is easily accessable later.

If in doc format, no - MS word is a closed file format, and while you may
be able to pick through the files, there is no guarantee as to the meaning
of what you find there. Though you may be surprised to find all sorts of
interesting things. Txt is just text - no conversion necessary, except
perhaps to account for line endings.

If you can, try to convert whatever incoming format you encounter to
plaintext, and store /that/ in the db. If it's important to you that the
original file format be preserverd, then store both: original in a BLOB
field or in the filesystem with a pointer from the database, and plaintext
version in the database. You might even want to store only keywords from
the plaintext version to cut down on storage and processing requirements.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Retaining formatting problem[Scanned]

[Mike Migurski]

> cannot have multiple lines, use this
>
>little amount of
>
>text

This is true.

Also, watch the line endings coming aout of that textarea - you may want
to normalize them. I prefer unix linebreaks, so I use this to convert mac
and DOS endings:

str_replace(array("\r\n", "\r"), "\n", $textarea_value)

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Stumper: Get Variable Name

[Mike Migurski]

>I want to be able to e-mail myself the name of the variable that bombed
>out and the line that it was on (as well as the filename) if possible.
>Don't really know where to start... looks like this:

You can use PHP's predefined constants in an assertion, and
debug_backtrace().

http://www.php.net/manual/en/language.constants.predefined.php
http://www.php.net/debug_backtrace

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $_SESSION act funny...

[Mike Migurski]

>If you go to the next webpage by using the same file (webpage) or a
>$_SERVER['PHP_SELF'], the data in the $_SESSION array remain the same, it
>does not change as it should.



>   if ($_SESSION['test'] == "one") { $_SESSION['test'] = "two" };
>   if ($_SESSION['test'] == "two") { $_SESSION['test'] = "three" };
>   if ($_SESSION['test'] == "three") { $_SESSION['test'] = "four" };
>   if ($_SESSION['test'] == "four") { $_SESSION['test'] = "one" };

The code above will always result in $_SESSION['test'] == 'one', if you
start from any of the four tested values. Is there some other behavior you
are expecting?

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Using PPP with PHP

[Mike Migurski]

>[snip]
>Umm, use exec() to call the dialing program?
>[/snip]
>
>That works on the surface, but the PPP program returns some vital
>information about its connection status that is required for use by any
>subsequent file operations. The information is returned via STDOUT.

so try system() instead. Or one of the other methods referenced in
http://php.net/manual/en/function.exec.php

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] download hyperlink

[Mike Migurski]

>Does anyone know how I can set a hyperlink to a file so that someone can
>download the file instead of viewing it in the browser?  Please let me
>know.  Thanks.

You want the Content-Disposition header, see the HTTP spec.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Searching a test file...

[Mike Migurski]

>No matter what I do, it always returns "not here" even if there is a
>matchvery frustrating!
>
>Any ideas?

-snip-

Looks like you are attempting to match 'user1' to "user1 26:48:59 6 logins
4:28:09 hrs/login\n", which will come up false. You'll need to either do
some postprocessing on the file, to extract just the user id, or you'll
need to replace your in_array() check with a loop or array_map() that
compares the name you want against just the relevant portions of the line,
perhaps using a function such as strstr() or preg_match() or
reset(explode()).

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] XML Array

[Mike Migurski]

>I'm looking for a function to take an XML file and turn it into a PHP
>array with the same structure. So if I have:

It's not one function, but you could use xml_parse() with
appropriately-defined handlers for character data and open/close elements:
http://php.net/xml

There is also http://php.net/xml_parse_into_struct, which doesn't generate
exactly what you want, but it "generates structures amenable of being
transversed in a tree fashion."

-mike.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Object can not be used after a session

[Mike Migurski]

>$customer = new Customer($_GET['facilityID'], $_GET['customerID']);
>$_SESSION['acceptPayment']['serializedCustomer'] = serialize($customer);
>
>so now when I have moved on to another page or another instance of the
>same page and I want to access the object from the session var, I do so
>like this:
>
>$customer =
>unserialize($_SESSION['acceptPayment']['serializedCustomer']);
>
>and now you can access the object.  There is a hidden jewl about this
>method, I now no longer have to include or require the class file because
>it is already defined in the serialized string.

Really, you don't need the serialize/unserialize in there, as they are
handled automagically. $_SESSION['customer'] = $customer; and
$customer = $_SESSION['customer'] should work just fine. I'm doing this
with 4.3.2, and a casual glance at my sess_* files in /tmp shows that the
objects are stored in serialized form and the __sleep() method is called
the usual way.

My understanding is that classes must be defined prior to unserializing an
object if you dan't want to risk having the object becoming disassociated
from its class, but your method above does have the advantage that you
decide when that serialization takes places and can load the classes
there, rather than having to do so prior to session_start().

http://www.php.net/manual/en/language.oop.serialization.php

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Object can not be used after a session

[Mike Migurski]

>Wow thats strange??  I am using PHP 4.3.2 as well and I don't see that
>happening where it serializes the object when assigning it to the
>$_SESSION.

It doesn't do it when you assign it into the $_SESSION array, it does it
when the script completes and updated session data is written to the
session file. This actually caused me a lot of grief a while back, when
scripts were bombing out and session data was being lost - I ended up
writing another layer on top of the session that explicitly wrote crucial
data at critical junctures, rather than relying on the built-in support.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session objects crossing applications

[Mike Migurski]

>foobar and foobar_dev are suppose to point to different databases, but
>other than that all is identical.
>
>If I open a new internet explorer window via the windows Start menu all
>is fine.  I thought if the url base is different then the session would
>be different?  This is how it is with JSP.  Am I miss-understanding
>something?

by default, example.com/example and example.com/example_dev will both use
cookies set for example.com. You will want to change the cookie parameters
of your session, see 'path' in php.net/setcookie and
php.net/session_set_cookie_params. Another option is to change your
session name, so one is (for example) example_dev_sessionid and the other
is example_sessionid.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] fsockopen

[Mike Migurski]

>Is there a way to get fsockopen to suppress the header information it
>returns.  I have no use for the crap, have no idea how to use a regexp to
>get it out of there (nor does anyone on this list it would seem either).

preg_match('/()/ms', $http_response, $html)

...puts it into $html[1]. Adjust to suit your local standards-compliance
practices. You can also look for everything after the first instance of
"\n\n".

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] fsockopen

[Mike Migurski]

>> preg_match('/()/ms', $http_response, $html)
>>
>> ...puts it into $html[1]. Adjust to suit your local standards-compliance
>> practices. You can also look for everything after the first instance of
>> "\n\n".
>
>Thats assuming that the person used the  for the first
>item. what bout extra space, SSI, etc...

SSI's wouldn't be output on port 80, and anything before the doctype is
essentially junk anyway. Like I said, suit to taste or just pull from
after the first "\n\n" -- no regexp needed in that case.

Personally, I'm using the regexp method, because I'm using the above code
in a context where the server is flakey. I need to repeat the request
immediately if PHP craps out and dies before the '' is output. It's
a proxy that allows for the possibility of segfaults and premature exits
and such.

looks like this if you are curious. the usleep give the server increasing
amount of chill-out time as the number of attempts is incremented:
-
do {
usleep(pow(4, $attempt));

if($fp = @fsockopen($GLOBALS['_SERVER']['HTTP_HOST'], 80, $errno, $errstr, 30)) {
fputs($fp, sprintf("GET %s?fresh=fresh HTTP/1.0\nHost: %s\nConnection: 
close\n\n",
   str_replace('proxy.php', 'view.php', 
$GLOBALS['_SERVER']['REQUEST_URI']),
   $GLOBALS['_SERVER']['HTTP_HOST']));

$html = '';
while(!feof($fp)) $html .= fgets($fp, 128);
fclose($fp);

}

} while((++$attempt <= $max_tries) && !preg_match('/()/ms', $html, 
$matches));
-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] classes v. functions

[Mike Migurski]

>> Execution speed isn't all that matters. In fact, speed is not the point
>> at all.
>
>Then you must be an PHPNuke or Typo3-programmer, beeing lucky to get at
>least 1 request per second ;).  Don't take it hard, but If you had ever
>been in computer-science [school|college|...] you would know that speed
>is all that matters.

troll. :)

Execution speed is most definitely /not/ all that matters, though it
really depends on the situation. It is often cheaper to throw
CPU/storage/RAM at a problem than it is to spend more developer time,
especially when one of the considerations is future maintenance or
upgrades. In regards to education, OOP-techniques and other lisp-isms
evolved in academic settings, in response to concerns about code
portability, maintenance, and elegance. Academic code frequently
sacrifices speed in the service of technique.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] mysqldump

[Mike Migurski]

>Thanks for the replies guys but the main reason I'm doing this is
>because most times I don't have access to the servers, or not enough
>preveleges to install myadmin or any other tools. I wish we had our own
>server but I'm trying for a solution where you can't upload any tools and
>cannot access system commands.

Curt's suggestion does not require command-line access - the backtick
operator is a shorthand for exec() or passthru(), and is a language
construct of PHP. So yeah, don't reinvent the wheel.

http://php.net/manual/en/language.operators.execution.php

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] debuging and getting mor information about failures

[Mike Migurski]

>These errors are usually caused by an extra or missing brace or
>quote/apostrophe/backtick.  The best way to find where this is happening
>is to use another error.

Alternatively, use a text editor that's syntax-aware. In bbedit for the
mac, finishing a closure or double-clicking on one (parens, brackets,
braces, etc.) shows you the beginning and end in an unobtrusive way.
Finishing a closure that was not open (too many close parens) causes a
system beep. The hints are subtle, but help you codee correctly as you go.
I think Ultraedit is a good alternative for the pc.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Trouble getting $HTTP_RAW_POST_DATA

[Mike Migurski]

>$HTTP_RAW_POST_DATA is an array...
>with echo you'll only get "array"..

No, it's a string - just the raw bytes that were posted.

>> Is register globals ON or OFF? Either way, maybe try
>> $_SERVER['HTTP_RAW_POST_DATA']...

Also, ensure that "always_populate_raw_post_data" is on, too - see:
http://www.php.net/manual/en/configuration.directives.php

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Purging old files from directories

[Mike Migurski]

>I need to write a script that will scan/read a given directory's contents
>and delete files older than a certain date. Ideally, this will be a
>script that runs via cron once a week and deletes all files it finds in
>the directory older than 2 weeks from the current date. I do currently
>have scripts running via cron and that's no problem. I'm not sure where
>to begin with the other components

Don't bother with PHP for tasks like these - just use the standard unix
find program. The following one-liner should work:

find /path/to/your/dir -mtime +14 -type f -print0 | xargs -0 rm -f

man find, man xargs for more info.


-mike.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dev style guide

[Mike Migurski]

>Is there a style guide for coding practices used when creating code to be
>shared with the community?

PEAR has some, http://pear.php.net/manual/en/standards.php

I gave them a cursory glance, and they seem to be pretty solid -- in line
with standards that I used for the past year or so after realizing that my
old code was nearly indecipherable. They use the One True Brace Style,
which is encouraging:

function fooFunction($arg1, $arg2 = '')
{
if (condition) {
statement;
}
return $val;
}

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Unzipping Files

[Mike Migurski]

>I am doing this for a client, and he doesn't have the ZZIPlib installed,
>and would like to avoid it if possible.  Any other ideas?

It has been mentioned before: use exec, or the backtick operator, and the
command-line tools: unzip, bunzip, gunzip, etc.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] dev style guide

[Mike Migurski]

>At the risk of starting a flame/religious/holy war I find the One True
>Brace style to have some inconsistency if it is as above. The 'function'
>does not open the curly brace at the EOL, but the 'if' does.

Yeah, that's pretty much the definition of the OTBS. :)

I'm not sure why I find it so natural, but basically it acknowledges that
function definitions are fundamentally different (in usage and meaning)
than other code blocks. I like this.


>I also mentioned me being and old-schooler earlier today but the rules
>that we use in our (current) group always place the opening curly at the
>EOL. Also, we do not allow ternary notation.

Personally, I use ternary notation a lot, but I try to use it thusly:

(condition
? statement 1
: statement 2)

The line breaks make it easier to see what's going on.

I don't think it really matters what standard you use, as long as you
*have one* and everyone in your group agrees that it's a comfortable fit,
which paradoxically seems to converge on something like what PEAR uses
anyway.

Anecdote:
At one time, a member of our group decided (on their own) that the coding
style should automatically prefer printf() constructions to double-quoted
variable interpretation, and that it should be word-wrapped to fit within
his 80-char vim terminal. An autoconversion script was written, files were
drastically modified to conform, and then subsequently committed to CVS.
This is not a proper way to go about implementing a coding standard. :P

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] chown / chgrp of a http owned file after upload

[Mike Migurski]

>I have written as part of my CMS, an image upload system, now when the
>images are placed in the destination folder, they are owned by httpd.root
>and I need to get them to be owned by siteuser.sitegroup.
>
>I have tried to chmod and chgrp it to siteuser.sitegroup but it gives
>permission denied errors.
>
>Is there any way round this without enabling run as root? Or is there a
>safe way to do this?

You can ch(mod|own|grp) the files in the upload script, right after they
are written to disk. chmod a+rwX is a good option if you are not overly
concerned about the security of these files. Are you getting
permission-denied errors when attempting to do this in your script, or
afterwards, on the command-line?

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Simple cookie question

[Mike Migurski]

>There are two ways round your problem...
>
>1. Set your cookie right at the top of the script, so as your first line
>have something like: if(isset($_POST['vote'])){ setcookie(); }
>
>2. Use output buffering, this will make PHP buffer all of your content
>and not send it till you tell it to (or until it reaches the end of the
>file). Read more at: http://uk.php.net/ref.outcontrol

3. Use PHP's session features. Start your session at the top of the page,
like usual, and then set a flag in $_SESSION when the poll is is
completed. This will allow you to set other arbitrary flasg as well.
See: http://php.net/session

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] segmentation faults

[Mike Migurski]

>I have a large project underway which is (hopefully!) nearing completion,
>running on the latest stable release, 4.3.2.  However, strange things
>have started happening...
>
>My main page sometimes causes Apache to seg fault at some point during
>the execution (e.g. [Sun Aug 10 18:05:55 2003] [notice] child pid 29674
>exit signal Segmentation fault (11)). I thought I'd track through it to
>find out where the problem might be, but having sprinkled a few echo
>statements around it now isn't crashing any more.

I have also had this problem, and asking about it here provided no help.

Mine seems to be related to abnormally high numbers of instantiated
objects and large amounts of reference-passing. Occasionally Apache
children will die (with the error you've described), or spin out of
control and hog the CPU for a while (Apache 1.3.27, Red Hat 9, PHP 4.3.2).
I have not been able to track down the problem, though I did attempt to
re-create it using the command-line PHP interpreter to write Apache out of
the picture, and was not able to reproduce the errors.

I've tried to route around them somewhat, and have been moderately
successful, except when they bump my CPU load to 100%. :-P

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how do I spoof a get request

[Mike Migurski]

>> But some web pages when I cut and paste the URLs don't work.  Like when
>> I search for something on Ebay.  Could this be because of cookies?
>
>That's a good guess!  Yet further proof that cookies suck, except the
>ones made with flour, shortening and sugar, of course.

Huh? seems like further proof that cookies are working as intended:
serving up individual, user-dependent content. Unless you are interested
in having your personal info be the default return value from e-bay. :)

Anyway, like you said, they are easy to fake - just pass along a cookie
header in your socket write.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] what is %s %d

[Mike Migurski]

>They are codes for date formatting.
>
>Specifically:
>%s represents seconds with leading zeros.
>%d represents day of the month with leading zeros

They can also be codes for the printf family of functions:
%s represents string
%d represents number

See http://php.net/sprintf

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php.ini configuration can we have two include_path inphp.in file

[Mike Migurski]

>  I am not able to locate the file you are referring to. Please do
>help me I am very much frustrated.

.htaccess files are described here:
http://httpd.apache.org/docs/configuring.html#htaccess

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Validate The Last Day of Month with server's clock????

[Mike Migurski]

>Here's a trick script.  We know that some months have the last day
>which is 30 while other is 31.  As for February, it can be either 28 or
>29.  So, what's the trick in using the php to find out what is the last
>day of the month if you want to checked it against the server's clock to
>find out the last day of the month.  Suppose it is this month or 3 months
>ago or 3 months from now.  Anyone know?

If you're in unix, pull the last token from the default output of `cal`:

August 2003
 S  M Tu  W Th  F  S
1  2
 3  4  5  6  7  8  9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting images?? Help!!

[Mike Migurski]

>I have created a little image manager.  Mainly for personal usage but I
>have a few friends that would like it as well.  Anyway, the problem that
>I've run into is that I can only select one file at a time using the form
>attribute  that I want to upload.  Does anyone know of
>a way to select multiple files using some other way?  I haven't the
>slightest idea of how to go about this other than maybe Java or
>something.

Having multiple file input copies is pretty much the only way - for
security reasons, the file input widget can't be visually or functionally
tampered with. Typically, you might want to start with a small set number
(one?), and allow the user to ask for more.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Counter on HTML Page

[Mike Migurski]

>I've never used GD or ImageMagick before.. can you guide me to any
>tutorial, script, reference.. something upon the same that can help me
>out?

Can you -please- do some of your own legwork once in a while?

http://www.google.com/search?q=imagemagick+tutorial
http://www.google.com/search?q=gd+php+tutorial

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] host name

[Mike Migurski]

>I want to get the current domain name in to a PHP variable.

print_r() the contents of $_SERVER to see all the information given to you
by the webserver -- the host name will be in there.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Function arguments

[Mike Migurski]

>What is the best way to pass the arguments so it is easy to maintain in
>future if function behaviour changes by adding/removing one or more
>arguments?
>
>Currently i am passing arguments in array. But i think it is not the
>clean way to do it and another approach i am using is functionName(arg1,
>arg2='', arg3='') but here again i think it is not easy to maintain.

According to http://php.net/manual/en/functions.arguments.php,

Variable-length argument lists

PHP 4 has support for variable-length argument lists in
user-defined functions. This is really quite easy, using the
func_num_args(), func_get_arg(), and func_get_args() functions.

No special syntax is required, and argument lists may still be
explicitly provided with function definitions and will behave as normal.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] [php] explode that :) !

[Mike Migurski]

>echo "Your score is: "; $score=split($P1OC1Q1,"¶"); echo
>$score[0]."\n";
>
>Do I have to go through all that to get score[0] ?

I think reset(split()) should work for getting the first element.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] indexing a folder

[Mike Migurski]

>> Thanks, but is this also possible for directories not on my server? Or
>> can i just use these functions?
>
>Missed that bit, sorry. If the directory is not on your server, then you
>need to go through FTP.

or SSH, or HTTP, or one of the other innumerable ways to get information
from one machine to another.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] get current path

[Mike Migurski]

>The PHP site seems to be down right now ... so here's the question:  Is
>it possible for PHP to tell me the current path of a page?  For example:
>www.whatever.com/this/page.php - I'd like PHP to return /this/page.php
>...  is that possible and if so, how so?

PHP site looks up to me, though I have been having intermittent
difficulties recently with one of the servers - us4 I think.

To get the current path of the page or other webserver-related
environmental informatio, check the contents of the $_SERVER superglobal
and all will be revealed.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] user-defined superglobals?

[Mike Migurski]

>It would be nice to have a php-function like
>
>declare_superglobal($_MYFRAMEWORK);
>
>And then use $_MYFRAMEWORK like $_GET.

You have a few options: if you are looking to set variables that are
static and atomic, you can use environmental variables in an .htaccess
file (getenv() to access them) or you can use read-only constants
(define() to create them).

If you need a global read-write or array variable, just use $_GLOBALS:
use $_GLOBALS['_MYFRAMEWORK'] like $_GET, etc.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using PHP on an .html file

[Mike Migurski]

>>  For example, on a file called info.html, i want to have some PHP
>> code that actually gets executed.
>
>In your httpd.conf add the line
>
>AddType application/x-httpd-php html

Better to do this in an .htaccess file, so you don't incur PHP processing
overhead on the entire server (if there are others using it).

http://httpd.apache.org/docs/configuring.html#htaccess

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using PHP on an .html file

[Mike Migurski]

>> Better to do this in an .htaccess file, so you don't incur PHP
>> processing overhead on the entire server (if there are others using
>> it).
>
>Apache suggests not using .htaccess files at all because they require a
>recursive traversing of directories looking for .htaccess files, because
>some supersede others or something like that.

The only way to eliminate the overhead of searching for .htaccess files is
to set the Allowoverride directive to 'None' in your httpd.conf file -
otherwise, they will be checked for on every request whether they exist or
not. The question is: does the additional benefit of using per-directory
configuration and selective .html-as-.php handling outweigh the speed gain
of not looking for .htaccess files? This depends on the server, how it's
used, and how important raw performance is vs. ease of use.

Just to quickly return to the original question, I would not use either
method - instead I would turn multiviews on, and not use file extensions
in URL's at all.

http://httpd.apache.org/docs/content-negotiation.html

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Recursive Object Troubles

[Mike Migurski]

>I am building a recursive Menu object.  Inside each menu item there is an
>array which should allow me to add submenu items and so on.  I am having
>trouble, though, with getting the submenus to stay.  They are
>disappearing as I go along.

Without really going through your code (sorry) I would hazard a guess that
you are assigning by value, rather than by reference - by default, the '='
operator in PHP passes a copy of an object or variable, rather than a
reference to it. The 'new' language construct does this as well. So do
functions, when they return values. All of this is very annoying and
requires you to liberally sprinkle your code with the '&' that denotes
passing-by-reference.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] OOP, bus errors, segfaults

[Mike Migurski]

Hello,

First post to the list, hi everyone.

I'm having some difficulties with a script that makes heavy usage of
objects, (de)serialization, and reference-passing. I've been noticing
extremely frequent segfaults and bus errors in my apache logs (Bus Error
10, Segmentation Fault 11). These are not strictly predictable, but they
happen often and seem to be more frequent when pages are reloaded rapidly.

Are there known problems with PHP's OOP implementation that may cause this
behavior, on Mac OS X 10.2? (PHP 4.3.0, Apache 1.3.27, compiled with apxs,
mySQL and postgreSQL) I'd post code, but there's a lot of it, and I can't
trace the problem to any one given place.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: put data into array

[Mike Migurski]

>I have problem when I try to retrieval the data from Oracle database.
>what I want is to put each row of data into an array with second column
>value as the key and first column as the value, at present I can not
>append the value to the existing array instead replacing current array
>value, can any people how can I fix it , sorry I am pretty new to PHP,
>thank you in advance.

Each time you iterate through the while loop, you are overwriting your old
results with new ones. Try something like the following (note the '[]'
near the end):

$results = array();

while(ora_fetch_into($cursor, $result, ORA_FETCHINTO_ASSOC))
if(is_array($result))
$results[] = $result;

print_r($results)

Read more in "square bracket syntax" at
http://www.php.net/manual/en/language.types.array.php


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Naming a variable with a variable

[Mike Migurski]

>Ho can I create (name) a variable with other variables value?
>
>If $foo = "bar";
>
>then the variable I want to create is $bar.
>
>How do I do this?

$$foo

see: http://www.php.net/manual/en/language.variables.variable.php

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Convert KB to MB?

[Mike Migurski]

>Is there a simple script that will take a value in Kilobytes and convert
>it to MegaBytes?

$value_in_mb = $value_in_kb / 1024;

ta da

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Convert KB to MB?

[Mike Migurski]

>>Ahhh, but then marketing gets involved and changes the 1024 to 1000 and
>>ta da, you now have more MegaBytes. 1024 is the right number to use, but
>>don't be surprised if it doesn't match with some numbers you might
>>compare it to.
>
>Not necessarily, in data storage 1mb = 1024kb but in data transfer 1mb =
>1000kb.

Isn't it the case that in data storage the 'b' means 'bytes', while in
data transfer the 'b' means 'bits'? It makes a difference: talking about
1000 bytes is awkward, while 1000 bits is not.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] return all non-tag characters

[Mike Migurski]

>I want to be able to retrieve and return all character that are not
>located in html tags.  For example:
>
>1234567
>or
>1234567
>
>I would just like it to be equal to 1234567, but I would need it to work
>with any tags and attributes.

A good starting point might be preg_replace, search pattern '/<[^>]+>/',
replace pattern ''.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date problem

[Mike Migurski]

>I am storing dates in an Access database in a field with a "Date/Time" Type
>the date is being generated using date("n/d/Y  h:i a").  It appears to be
>stored in Access correctly but when I output it to the page using PHP it
>seems to be changing.  It is being stored in the database as "6/19/2003
>1:44:00 PM" but being displayed on the page as "1056044640"
>Thanks in advance,

That's a timestamp - it's the number of seconds since the Unix Epoch
(1/1/1970 GMT), and you can read up about conversion here: php.net/date

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Source/version control?

[Mike Migurski]

>What tools do you recommend or use for a team environment that will allow
>us to maintain source control and even offer some version
>tracking/history in case we need to go back to old code?
>
>We need the ability to check-in and check-out files in a team environment
>--- normally just HTML and PHP type files.
>
>We have a local windows server we can work from or a Linux development
>server that is remote.  Primarily work is done in Dreamweaver and Flash.
>
>Low or no cost would be ideal.

CVS is your best friend - I wrote a brief intro (see links to info and
client software at the bottom) for evolt last month; read it here:
http://evolt.org/article/A_brief_introduction_to_CVS/21/60153/index.html

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Passing Array to object

[Mike Migurski]

You define a function "SetLinks", but call it as "SetLink" -- is this a
typo? Also, neither of your SetLink/s() calls are correct function calls.

This may work better:
$index->SetLinks(array(...));

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing PHP code

[Mike Migurski]

>I am getting started on a project on PHP that requires very very high
>levels of security. I cannot give you exact details but the basics is
>that it deals with credit cards.
>
>I want some advice and tips from experts on the following
>The server will be Red Hat Linux 7.3
>
>1) The site will have to take very high traffic and possibly thousands of 
>transactions per hour
>-> Which is the best free db to use (I am guessing MySQL)

Investigate PostgreSQL as well - it's also free, and implements some SQL
niceties such as subselects that do not exist in MySQL. It's slightly more
obtuse than MySQL (similar in some ways to Oracle from my limited
experience), but if you're doing credit card transactions, you are going
to want to use the commit/rollback features.


>2) I store the db password and login info in a database.inc.php file. Is
>there any way I can prevent a person from getting the db pass even after
>he gets this file?

A few methods: place the file outside of your docroot, ensure that it's
not publicly available through any other means (secure that server well),
set your DB access variables in httpd.conf, or .htaccess and then prevent
apache from serving /those/.


>3) Does anyone know a book that focuses of writing secure code.

O-reilly has a few. Have it audited by someone else. Watch out for SQL
injection.


>5)How do I know the code that I am writing and my server is safe. Are
>there any services out there that would help me evaluate this.

Hire an auditor, keep your featureset down. Use SSL.  Read up on known
methods of session hijacking. (php.net/session mentions some) Consider
using one of the BSD variants in favor of Linux - I think NetBSD (?) is
the one known for lock-tight security settings out of the box, but I'm not
entirely sure. Find someone experienced with BSD, and have them set it up
for you.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing PHP code

[Mike Migurski]

>>> 2) I store the db password and login info in a database.inc.php file.
>>> Is there any way I can prevent a person from getting the db pass even
>>> after he gets this file?
>>
>> Store that file outside the docroot.  That way there is no chance they
>> can get it from the web site.  I myself use an ini file that is no
>> where near the docroot, and use parse_ini_file() to load the DB
>> information in, and then I connect to it.  This method passed our
>> security audit with flying colors.
>
>Okay - this may be a dumb question - but if the file is named
>database.inc.php - how would someone get this file without having ftp or
>ssh or telnet access to the server.  If they have access to the server -
>it would be just as easy to collect the information outside of the doc
>root, since that file has to be readable by the webserver also yes?

Yes, but if an outsider can gain SSH access, then Apache's security is
meaningless, too. If you are concerned about security, you will also
disable FTP and telnet (or at least restrict them severely).

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing PHP code

[Mike Migurski]

>> Why rely on some access restriction when you don't have to? You include
>> code using a filesystem path. There is no need for it to reside under
>> document root. Yes, you can make it so that certain things are not
>> served directly by the Web server, but why take the extra risk? You
>> gain nothing. What if you make a mistake? What if you install a new
>> version of Apache and that file accidently gets served raw?
>
>Fair enough - but that still does not answer my question.  Is there a way
>to get a php document served raw if apache or whatever server is
>configured correctly?

I don't believe so, no.


>So back to the original question:
>
>"Maybe I am missing something totally obvious, but if the server is set
>up to properly parse php files - having configs outside of the doc root
>should not make much of a security difference? "
>
>Is this a true statement or not?  (of course we have to make the
>assumption that server access has not been compromised)

It's a true statement /if/ the server configs don't change -- but why risk
it? seriously... if you're concerned about those values being compromised
stick 'em someplace where you /know/ they won't get served up, no matter
what happens to the webserver. I usually put them in .htaccess first, then
move them to httpd.conf on production:

http://httpd.apache.org/docs/mod/mod_env.html#setenv
http://php.net/getenv

Also it helps with version control, since you can keep the
environment-specific stuff out of CVS (and PHP entirely).

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Largest Member of Array

[Mike Migurski]

>How would i find the value of the largest number in this array?
>
>$example_data = array(
>array("Mar-99",100,2000,5945.33,1234,10),
>array("Feb-99",908,3454,4764.90,4321,50),
>array("Jan-99",542,8000,13365.52,6012,60)
>);

end(array_reduce($example_data,
create_function('$a, $b',
'return array(max(array_reduce($a, "max"),
array_reduce($b, "max")));')));


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] A simpler question involving http_user_agent

[Mike Migurski]

>Would anyone happen to know what http_user_agent would be if the user is
>visitng from an internet enabled cell phone (e.g. sprint pcs phone or
>similar)?

It may or may not be one of these:
http://www.thewirelessfaq.com/useragents.asp



-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] web site security: how to hide login info for mysql-connection

[Mike Migurski]

>>
>>   php_value mysql.default_user fred
>>   php_value mysql.default_password secret
>>   php_value mysql.default_host server.example.com
>>
>
>H what about phpinfo()?  It shows those settings in the clear.

solution: don't leave stray phpinfo's on a production site. :)

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php-general as REPLY TO

[Mike Migurski]

>I just read this FAQ, and I still don't see a good reason why not to
>change the REPLY-TO.  The primary reason offered is that it will prevent
>people from sending messages in private, but that is not really the case
>(the FROM field will still contain the sender's address and it can simply
>be cut & paste).  I just don't see anything "evil."

Nothing evil, it's just a pain in the ass to have to cut and paste to send
a private mail, vs. the significantly lower PITA-level associated with
hitting 'reply-all' to send a public one. For those of use who use nice
context-sensitive mailers like Pine or Mutt, the default reply behavior to
a list is reply-all, anyway.


>I am with Doug -- it is better to have something set up to where people
>don't have to think about performing the normal operation,

Also, not munging the reply-to tends to cut down on the "oops, that
scathing flame / innappropriate proposition / disclosure of company
secrets was not meant to go to the list" factor.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Gripe

[Mike Migurski]

>Cuz the the way the PHP parser is written makes it impossible to discover
>the error before it gets to the end of the file, and realizes that there
>are no more braces to go around.
>
>It definitely sucks... almost as badly as a stray backtick.  Try finding
>that little bugger at 1600x1280...

This is where the benefits of a syntax-coloring text editor really come
into play - you find the missing backtick as soon as you see your code
colored like a text string.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] [SOLVED] Re: [PHP] Parse error?

[Mike Migurski]

>Ok, the reason I was getting this error seems to be related to Safari on
>OS X. When I copy code segments in Safari and paste them in BBEdit they
>generally looked ok, although there were extra spaces inserted in some
>places. I then turned on show invisible characters and it made it even
>more clear that something was up.

BBedit has a feature called 'zap gremlins' which can help you seek and
destroy non-printing characters that cause problems. I always found this
to be an issue when copying from flash to bbedit - there would always be
null character stuck at the end, which would stop the script cold at that
point.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Escaping the " ' " character

[Mike Migurski]

>I need to print the following:
>
>onClick="MM_openBrWindow('http://www.gilardi.com/pdf/gwyt1poc.pdf','','')"
>
>and I am not sure how to escape the " ' " characters.

with a slash.
http://www.google.com/search?&q=php+single+quote+escape+site%3Aphp.net

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] loading classes and efficiency

[Mike Migurski]

>> $some_object =& create_object('some_object');
>>
>
>This is really funny i've been doing php for a good while now but what is
>the reason to use the & symbol on the function ?

returns by reference.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] loading classes and efficiency

[Mike Migurski]

>>>This is really funny i've been doing php for a good while now but what
>>>is the reason to use the & symbol on the function ?
>>
>>returns by reference.
>
>ok i get it but why would i need it in my example ?

I think it was a hypothetical thing on Brad's part ... one of the annoying
things about object creation is that there are several steps in the chain
where references become copies: 'new', the return from the constructor
function, and the '=' operator itself. So if you really want to use true
references everywhere (which you probably don't; they don't save much
memory/CPU), you end up having to pepper your code with ampersands
/everywhere/. Then the joys of Apache crashes due to null pointer
dereferencing kick in... *shudder*.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session stealing, ..

[Mike Migurski]

>This all probably takes care about the problem with session id's in the
>query string, which is known as referrer to the next website our visitor
>visits. What I'm worrying and wondering about now are other users of the
>server my site's at. They can most likely go into the /tmp folder and
>just read my session files. Not Nice. I know it has been discussed for
>quite some times now .. but never really found anything else than
>warnings for stuff, no real solutions.

You don't have to store session data in /tmp -- it can be in any directory
you choose. Of course, that directory will still need to be world readable
and writeable in order to work, so this is more a case of security through
obscurity though it may help.

I don't think there really is a bulletproof solution to your problem,
though, for a number of reasons: if you choose to store the sensitive
information in a database rather than a session file, you are still left
with the fact that at some point, an unprivileged Apache user needs to be
able to get to it. That means world-readable database credentials, access
scripts, configuration files, and so on.

One option is to use Apache's suexec feature* and offload some of your
sensitive data access onto scripts and files that are maintained only by
you.

Jason's suggestion for encrypting session data is a good one, though it
also suffers from the drawback above: ultimately most of the code required
to access your session information will need to be open in some way,
including the encryption key.

I think if you're really storing sensitive information, you shouldn't be
on a host shared with people you don't know/trust to begin with.

* SuExec: http://httpd.apache.org/docs/suexec.html)

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Best way to approach object construction errors?

[Mike Migurski]

>I've created a class called university, it has a constructor which can
>accept an id. If the id is sent during construction the constructor will
>connect to a MySQL db to set all of the objects member variables to the
>MySQl counterparts.
>
>I'd like to include some error notification so if I send it an id and
>let's say that record doesn't exist in the db I get some notification and
>can write a message out to log (or screen). But what is the best way to
>do this? Any recommendations? Tutorials? URLs?

A short amount of testing shows that although you can't return a boolean
value from the constructor function (the return value will be the object,
and it will evaluate to true or false depending on the instance
variables), you can do something like the following:

class inconsequential
{
function inconsequential()
{
if(!$some_condition) $this = false;
}
}

$s = new inconsequential();
printf("type of s: %s, value of s: %s\n", gettype($s), ($s ? 'true' : 
'false'));
// prints: "type of s: boolean, value of s: false"

So, just have $this evaluate to false if some condition is not met, and
you can then perform a check against the new constructor:

if($o = new inconsequential()) {
// do stuff
} else {
// oh no!
}

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Running system commands

[Mike Migurski]

>I was wondering, if anyone can help me with running system commands from
>within php. Actually I have a script which deletes users from my database
>(which is of course MySQL), now I want to delete those users from system
>level also, as they are authenticated users of my OS also.
>
>Now, the problem is, that I'm running my MySQL server and web server on
>different machines. I can do whatever on remote DB server but how to run
>a system command on another machine. I know, it's possible to run system
>commands on local server by system(), but what about remote server?

This is partially dependent on the user your php scripts are running as.
One approach might be to use SSH to talk to the remote machine, and set up
a limited-privilege account there. You can run a copy of ssh-agent[1] as
the apache user, which stores an open copy of a private SSH key in memory,
add the public half of that key to the remote machine's authorized_keys
file[2], and use SSH to access that machine.

[1] http://www.phil.uu.nl/~xges/ssh/
[2] http://www.nevis.columbia.edu/cgi-bin/man.sh?man=ssh

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How can I auto upload a file to the server?

[Mike Migurski]

>The only part i am having trouble with is making the remote script
>automatically look into the local computer's hard drive and grab the .txt
>file.



>The problem with the code above is the path to the file does not show up
>in the , and the user would still need to click on the
>'submit button' to upload the file.

You're out of luck - for security reasons, the file input widget is
intentionally resistant to scripting/styling.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session info stored on server

[Mike Migurski]

>> Open sess_4f5d...0367 in any text editor and you will see your variable
>> there.
>
>I can't. I'm unable to open or download or change the permissions. Is it
>an array?

A serialized array, yes.


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Central authentication for multiple sites

[Mike Migurski]

>Does anyone know of a way to authenticate a person on one site and have
>that authentication carried through to multiple sites?
>
>Basically I'd like to have someone login on www.domain1.com and then have
>their login be valid on www.domain2.com and www.domain3.com ... the
>domain name is different so I don't see how I could use a common cookie.
>
>The 3 sites in question are hosted on a common server with a common user
>database if that helps but still the domain names that people access the
>sites with are unique.

Microsoft performed some crafty redirects to address this issue with
passport. I seem to recall them getting a ton of heat for it two or so
years ago. Not sure if they still do it.

I believe the procedure involved integrating the session data between
passport.com and (e.g.) expedia.com, such that a request to the latter
would return a redirect to the former, and that in turn would generate a
subsequent redirect back to the latter, this time with the Passport ID in
the URL. In this way, microsoft was able to synchronize your ID between
affiliated sites in a reasonably transparent way. It was pretty elegant,
but still struck me as creepy and manipulative. Go figure.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] printf....

[Mike Migurski]

>Warning: printf(): too few arguments in
>/home/sites/site8/web/index_test.php on line 34
>
>I cannot for the life of me figure out what the problem is.  I've looked
>thru archives, examples, and pages of a book all about printf, and this
>just doesn't add up to me..  Anyone see the problem?

To print a literal '%' (as in '100%'), you need to escape it with another
'%' (as in '100%%').

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ps command in php

[Mike Migurski]

>I'm trying to have the output of the "ps -ef" command in Linux to my
>browser. Can anyone help how to properly have the output in proper
>format. I've used the passthru() function but the output is scrambled.

What do you mean by 'scrambled'? The following works for me:
echo '', `ps -ef`, '';

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ps command in php

[Mike Migurski]

>my output is something like this:
>UID PID PPID C STIME TTY TIME CMD root 1 0 0 Sep19 ? 00:00:04 init [3] root
>2 1 0 Sep19 ? 00:00:00 [kflushd] root 3 1 0 Sep19 ? 00:00:09 [kupdate] root

>
>any idea?

Yeah, see David Otton's response, or look at the HTML source of your
output.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] dynamic -> static

[Mike Migurski]

>Dear All,
>
>Does anybody have any solutions, which makes possible to produce static
>pages of all dynamic cms once a day and can be easily integrated into
>already made site?

Why do you need to do this? Is it because of hosting restrictions,
performance concerns, or portability/mirroring (which is a form of hoting
restriction I suppose)?

There are a number of ways to approach this problem...

If your sole concern is performance, judicious use of caching could be
your answer. You can cache your code using PHP Accelerator or Turck
MMCache, which helps with load times, or you can cache your data by
implementing a caching layer between your application and your database. I
believe PEAR has some classes designed for this. They basically all boil
down to memoizing function return values with the serialize/unserialize
functions, and storing those results in files. I have used this method in
applications to great effect - a cascading cache that stores database
results, page components like navigation areas, and entire pages is a
great performance enhancer, but you need to know how to mark and remove
stale data dynamically.

If you need a static version of your site due to hosting restrictions, you
can used a spider such as wget (I think has been mentioned in this thread)
to crawl your site and generate a local copy for you. Wget is an excellent
one, because it has options like --page-requisites and --convert-links
which make it easy to generate a self contained site mirror. This approach
requires that your dynamic links all have a slash-syntax, like
index.php/foo/bar/etc/. It's very easily implementable in a series of Make
rules - I use this method for www.stamen.com, where rolling out a new
version of the site is a simple matter of 'make clean; make live'.

You can also use the 'page fault' method, which is my personal favorite.
Let Apache's mod_rewrite handle your caching and URL-rewriting:
1) user requests page foo/index.html
2) if foo/index.html does not exist in filesystem, Apache knows to
   redirect this request to bar.php
3) bar.php performs actions needed to generate contents of
   foo/index.html, and also creates the file
4) bar.php returns contents of foo/index.html
5) subsequent requests for foo/index.html just return that file,
   bypassing PHP entirely.
This one's sort of a balancing act though. It has been suggested here that
you can use Apache's ErrorDocument directive to direct the request to
bar.php, but this has the unfortunate side-effect of returning a 404
status code with the response. Not really a problem with a normal browser,
but when those responses are (for example) XML files used by flash, the
404 causes it to error out regardless of the content of the response. A
better method is to use a string of RewriteCond's, like so:
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html  !-f
RewriteRule ^.*$bar.php
Obviously, this method is totally incompatible with any form of actual
dynamic content, but you're asking for ways to generate static output, so
I assume that's not an issue. The difficulty with this one is the same as
with any caching system as above - finding and flushing stale data. I do
this by rolling the cache deletion code into the editing functions, but
you can also use a cronjob to find and flush files older than some cutoff
time period.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re[2]: [PHP] dynamic -> static

[Mike Migurski]

>As I wrote already this issue is mainly because of search engines
>incompatibility with dynamic content sites (to be more exact - with urls
>containing get parameters, in my case ex. index.shtml?lang=en&menu_id=23)
>
>Which of your described solution would you suggest for my situation ?
>
>Turck MMCache already installed. Now I need to do something with my urls.
>There are also problem emulating search engine friendly urls using "/"
>instead of "&" because I use SSI, so I can not use post method in forms,
>while using GET it will be a bit difficult to handle all params
>correctly, or I'm wrong ?

If all you need to do is change your URLs, the easiest method by far is to
change them all to something like 'index.php/lang/en/menu_id/23' -- you'd
need to add a parser function at the beginning, though.

Try isolating the '/lang/en...' by comparing $_SERVER['SCRIPT_NAME']
against $_SERVER['REQUEST_URI'] and then exploding the result and setting
your request variables accordingly.

I have never tried this with SSI, so I have no idea what sort of problems
you may run into - you may be better off going with PHP includes all the
way through. I have also recently read (on a different list)  that Google
in fact does crawl URLs with GET parameters, but I have not verified this
and tend to avoid it as a matter of superstition.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re[2]: [PHP] dynamic -> static

[Mike Migurski]

>: I have the following configuration.
>:
>: Redhat 8.0
>:   Apache/2.0.40 (stock redhat install)
>:   PHP 4.2.2 (stock redhat install)
>:
>: What I get when I try and run this is an Object Not Found.
>
>If I was Apache, I would try to serve the file:
>
>   /index.php/var1/val1/var2/val2/index.php
>or
>   /index.php/var1/val1/var2/val2/index.html

Interesting - I must admit I have never used Apache 2.anything (my
understanding is that it's a pointles upgrade if you're on unix), so the
slash-syntax method has only been reliably tested by me on Apache 1.3.x,
where it works with no configuration modifications to the default.

I guess for 2.0, you could start using mod_rewrite or mod_alias to rewrite
the URLs in a non-problematic format. :\

-mike.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re[2]: [PHP] dynamic -> static

[Mike Migurski]

>Did a little more googling and found the answer.
>
>In Apache 2.0, by default is does not allow this type of URL.
>
>But I found a few article on it that explained that if I modified this
>
>in httpd.conf modify, or add, this line.
>
>  AcceptPathInfo On
>
>Don't know what it does, but it fixes the problem.

AcceptPathInfo:

This directive controls whether requests that contain trailing pathname
information that follows an actual filename (or non-existent file in an
existing directory) will be accepted or rejected.  The trailing pathname
information can be made available to scripts in the PATH_INFO environment
variable.

For example, assume the location /test/ points to a directory that
contains only the single file here.html.  Then requests for
/test/here.html/more and /test/nothere.html/more both collect /more as
PATH_INFO.

...from: http://httpd.apache.org/docs-2.0/mod/core.html#acceptpathinfo


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need secure login

[Mike Migurski]

>Thanks Justin, actually I was also thinking of the same, but just wanted
>to confirm that it is really not a good idea.
>
>Was also wondering if there is any third party solution ?.

A third-party solution to a bad idea?

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need advice, hopefully on topic.

[Mike Migurski]

>   I got this project, I'm writing it in PHP of course.  What I would
>like to do is create a simple an efficient way to work on it from a
>couple different locations/workstations.  I'm throwing around the idea of
>a CVS repository, but am not sure if this is the best way.  Does anyone
>have suggestions or advice on how to setup a CVS or RCCS or something
>like this?  Web based would be even better.  Just need some direction on
>this.  Thanks!!

CVS rocks the house.
If you're completely new to it, I have a quick introduction to it at
http://www.evolt.org/article/A_brief_introduction_to_CVS/21/60153/

If you've used it before, I can write more about how it can be used in
specific circumstances. I never start a project without starting a
repository someplace, and a combination of CVS and Make have really helped
me out with a lot of projects.

-mike.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need advice, hopefully on topic.

[Mike Migurski]

>> If you've used it before, I can write more about how it can be used in
>> specific circumstances. I never start a project without starting a
>> repository someplace, and a combination of CVS and Make have really
>> helped me out with a lot of projects.
>
>hmm.. i'm interested in seeing your approach with Make.  I've seen things
>like using make to prepare and install code for a production server or
>set up a site for a staging level.

The main tasks I use it for are preparing directories with files that
shouldn't be included with CVS, rolling out stage and production versions
of sites, keeping log and cache files under control, and pulling in copies
of external resources like libraries of functions or classes.

It's nice to be able to set up your make rules, so that you can type `make
ready`, to have all your temp and log directories created with the proper
write permissions, or `make clean` to flush them out. `make live` or `make
stage` encapsulate the various rsync commands needed to push a site onto a
remote server (or the commands necessary to ssh into that remote server
and call `cvs update` while there), and `make db-clean` flushes out the DB
and recreates all objects from scratch.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Who knows all the Header attributes.

[Mike Migurski]

>Could some one tell me where can I find the documentation for the
>Hedear() function?
>
>The manual does not provide it but just some examples.

Check the HTTP spec for a definitive listing:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] intercepting URLs in a "control-system"

[Mike Migurski]

>If you are using PHP as an Apachemodule you also have the option of using
>a url like
>http://example.com/index.php/test/test.html
>Apache will see that test.html is not available and will travel down the
>directory path til it gets to the index.php (which should exist BTW) and
>call that script.
>This seems to work on most default installation of apache using php as
>apachemodule. (Don't know if this is true for all apache installations and
>if this still works on apache2)

This came up here a week or so ago - it will work with Apache 2.0 if the
AcceptPathInfo directive is set correctly:


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] error reporting

[Mike Migurski]

>Heh yes umm i know this. But how i could i catch this before is spits out
>to an ugly error page so i can send to a custom error page.

Why would anyone but you ever see a parse error? It's the sort of thing
you fix before setting up custom error handling. :)

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] SQL security

[Mike Migurski]

>> If you're using MySQL, you can use mysql_real_escape_string().  If
>> you're using another database, hopefully there is a similar function.
>
>Doesn't MySQL automatically protect against attacks like SQL injection?
>Or maybe it's that it automatically applies addslashes()? I can't
>remember exactly.

No - I don't think any database could automatically protect against SQL
injection, since the basis of that attack is the malformation of queries
before they even hit the DB. There is a magic quotes feature, which adds
slashes to request variable. You may be thinking of that:



-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Age from birthdate?

[Mike Migurski]

>> >I do wonder what the rule for those born on Feb 29'th.  Do they
>> >celebrate they're birthday before or after it on non leap years?
>> >
>> >
>>Neither.  They celebrate it on Feb 29th.  So while we age every
>> year, they only age once every four.  Make sense?
>
>So their life expectancy is only ~19 years? I'd hate to be born on that
>day :)

I dunno, a housemate of mine is thrilled to be turning just 9 years old
this year. :D

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP & JavaScript

[Mike Migurski]

>Have somebody any idea how I could do something like that?



You're somewhat out of luck, as the chain of events in your typical HTTP
transaction looks something like this...

>[time]->
client request received from browser
 |
 +-> PHP code executed on server
  |
  +-> text output to webserver (including javascript source)
   |
   +-> [drawing of cloud representing internet]
|
+-> text input to web browser on client side
 |
 +-> javascript executed by client
>[time]->

...The only way to have the javascript affect the PHP, is to make a
subsequent request /back/ to the server after the javascript has started
executing. You can, for example, package the screen size into a GET
variable appended to an image request.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Age from birthdate?

[Mike Migurski]

>Lastly, where in the world did you get "pedant"?  word for the day or
>something? :-D Thats a real unusual word for normal everyday use, unless
>you were trying to act pedant?? :-

The correct adverbial form is "pedantically"

;)

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] scrolling tables within a page

[Mike Migurski]

>My query output is about 20 to 30 records only. Instead of making the
>visitors scroll the whole page, can I make a scrolling table with the
>page such that the visitor scroll the results output table only?

This isn't strictly a PHP question, but you may want to look into the HTML
iframe element, or conversely the CSS overflow attribute.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Code optimization: single vs. double quotes?

[Mike Migurski]

>It's said that you shouldn't use tables for layout, but does people
>accutually listen to that? And what instead?

This is veering off-topic, but:


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generate Thumbnail gif's

[Mike Migurski]

>Is there any pre-written code available on the net to generate thumbnail
>images for a picture. I mean I send the path of the image and my PHP
>Script should be able to generate a gif file of size 100x71 or something
>like that.

If your server has Imagemagick installed (it seems pretty common), try:

`convert -size 100x71 old.gif new.gif`;

That will scale your image into 100x71 pixels, and will maintain the
aspect ratio.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] removing all duplicate values from an array

[Mike Migurski]

>I'm looking for a function that does almost the same as array_unique()
>
>But it must also delete the other duplicate entry.


Untested pseudo-PHP follows -

$encountered_elements = array();
foreach($original_array as $key => $val)
if(in_array($val, $encountered_elements)) {
unset($original_array[$key]);
} else {
$encountered_elements[$key] = $val;
}

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] removing all duplicate values from an array

[Mike Migurski]

>>I'm looking for a function that does almost the same as array_unique()
>>
>>But it must also delete the other duplicate entry.
>
>
>Untested pseudo-PHP follows -
>
>   $encountered_elements = array();
>   foreach($original_array as $key => $val)
>   if(in_array($val, $encountered_elements)) {
>   unset($original_array[$key]);
>   } else {
>   $encountered_elements[$key] = $val;
>   }

Oops, that should have been:

   $encountered_elements = array();
   foreach($original_array as $key => $val)
   if(in_array($val, $encountered_elements)) {
   unset($original_array[$encountered_elements[$val]]);
   } else {
   $encountered_elements[$val] = $key;
   }


-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] removing all duplicate values from an array

[Mike Migurski]

>array(
>'a' => 'one',
>'b' => 'one',
>'c' => 'zero',
>'d' => 'two'
>);
>
>through this and am having a hind time with then logic...  Could you
>explain how the output would be array('c' => 'zero', 'd' => 'two')??

I was being pretty sloppy with the code (should've posted pseudocode to
begin with, my bad) but the general logic is: cycle through each element
of the input array. If the value has not been encountered before, store
the value and key in a secondary array. If the value has been encountered
before (it's present in the secondary array), remove it from the input
array, and use the the stored key/value in the secondary array to unset
its first instance in the input array, too.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Object References Problem

[Mike Migurski]

>I don't pretend to fully understand PHP references, or the strange and
>mysterious ways that they work in regards to PHP objects, but I can tell
>you how to acheive the results you desire.  Someone else will have to
>explain it. :)



>If someone sees that I'm leading Gareth astray here, feel free to jump in
>and correct me...

Your explanation squares with my experience. My understanding from dealing
with some fairly complex OOP interactions is that PHP operators generally
favor passing-by-value to passing-by-reference, and the underlying
language engine is optimized to perform well under those circumstances.

Which is great, if you're new to programming, have never used Java or C,
and are tossing arrays around and don't want to be bothered with premature
optimization, but it's a royal pain when you need to maintain some degree
of referential integrity. I frequently find myself using '&' all over the
place to cut down on accidental returns-by-value.

I have not yet had a chance to play with PHP5's beta versions, but its
strong focus on OOP makes me wonder, what kind of language changes (if
any) were required to help ease this situation?

-mike.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] applying one function to all array elements

[Mike Migurski]

>Can someone show me a simple, clean way to apply one function (eg
>stripslashes()) to every element in an array (eg $_POST)?
>
>I've been doing it with a foreach() loop, but there has to be a better
>way.  I've also seen http://www.php.net/array_walk, but couldn't
>determine how/if it suited my needs.

What part of "Apply a user function to every member of an array" makes it
difficult to assess array_walk's usefulness? If it helps, array_map
("Applies the callback to the elements of the given arrays") does
something similar.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Load Stress tool

[Mike Migurski]

>I am looking for suggestions on a tool to "load stress" a php
>application. We want to make sure that the application/web server will be
>able to handle the amount of users we expect. I have found a few but they
>seem to be very expensive. Can anyone suggestion an "affordable" and user
>friendly stress test app?

Apache ships free with 'ab', a benchmarking tool:


It doesn't do a whole lot, but it will happily hammer away at a given URL
and tell you how your server did.

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting array slice of function output

[Mike Migurski]

>I have a line which strips the suffix (gif, GIF, TIFF, jpg, JPEG, etcetc
>or I would just use basename() :-) from a string but it seems needlessly
>drawn out:
>
>  $file = preg_split('/\./',$dirfiles[0]) ; $file = $file[0] ;
>
>I would like to just assign the 0th element of the preg_split() output to
>my variable.  I've also had to use a temp array for stat() output in
>other places.

try:
$file = reset(preg_split('/\./',$dirfiles[0]));

-
michal migurski- contact info and pgp key:
sf/cahttp://mike.teczno.com/contact.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php