Re: [PHP] SSH file transfer

2001-01-10 Thread Opec Kemp

Humm... that's a bit difficult. There are easier solution:

1) Get your users to learn and usr SCP :) (not likely :))
2) Get a better FTP Server. There are better FTP servers out there other than
   Wu-FTPD :). Try Pro-FTPD
3) SSH server to forward the FTP port (21). This will pass the "command" channel of 
FTP ie the username
and password part of FTP process to SSH. But all other command like actual files 
transfers etc. will not
be encrypted. And as I recall the FTP clients will have to always use passive mode? or 
the other one I can't 
remember.

4) Run SSL on your server. This way you can just let your user use your PHP scripts to 
upload files

Otherwise, it'll be pretty difficult to get PHP to work with SSH.

> From: [EMAIL PROTECTED] ("Nando2")
> Newsgroups: php.general
> Date: 5 Jan 2001 16:40:09 -0800
> Subject: [PHP] SSH file transfers
> 
> Hello Everybody,
> 
> I need to do upload and download with php but I didn't want to have a FTP
> server running on one of my linux servers since it is unsecure.
> 
> Since all my servers have SSH running I would like to be able to offer a PHP
> download/ upload system that uses SSH instead of FTP.
> 
> How can I upload / download files using SSH through PHP?
> 
> Has anyone ever did it before?
> 
> Thank you,
> 
> Carlos Fernando.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Passing values from ASP to PHP

2001-03-01 Thread Opec Kemp

Hi, 

To enumerate the key/value in ASP from the form you'd do this
<%

dim element
dim objForm
dim strURL

'/* We're creating an object so that it won't matter which
' * HTTP method the previous form uses.
' */
If LCase(Server.Request("HTTP_METHOD")) = "post" Then
Set objForm = Request.Form
Else
Set objForm = Request.QueryString
End If

strURL =  "myscript.php?"

'/* Now step through the form
For each element in objForm
'/* Key Name is in the "element" var
   ' * Value of the key is in the objForm(element) 
' * Now build the Redirect string
' */
strURL = strURL & Server.URLEncode(element) & "="& 
Server.URLEncode(objForm(element)) & "&"
Next

'/* Now redirect
Response.Redirect(strURL)

%>

That should do it.

> > I've been given a project that I want to use PHP with, but 
> > unfortunately there are unchangable hard-coded values that point clients to an ASP
> > script residing on our server. Here's what I want to do, and I don't
> > really know how to do it:
> > 
> > I want to pass all the key/value pairs that are passed to the 
> > ASP script
> > to a PHP script. I can get values with Request.Form("key_name"), but
> > that takes hard-coding the name of the key.
> > 
> > So if the following is passed to the ASP script:
> > one=blue&two=red&three=yellow
> > 
> > Then I would want to redirect to
> > myscript.php?one=blue&two=red&three=yellow
> > 
> > How do I go about walking through all the key/values that 
> > have been passed
> > in ASP? I really don't want to have to learn this ugly language..
> > 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] User-friendly URI's

2002-01-03 Thread Opec Kemp

You will need to use the following techniques:

* In Apache you will need to enable mod_rewrite module
http://httpd.apache.org/docs/mod/mod_rewrite.html
this allows you to "remap" URI to any script, in your case you'd probably
want and request to "/news" to be mapped to for example /news.php etc.

* In your script you will need to parse the URI via the "REQUEST_URI" server
variable.

Basically what you're doing in your apache is saying: "Pass all requests to
the URI to this instead" note that this will not affect the URL display in
your browser.

This is similar technique to making search engines index your site. I've
written replies to this subject a while back check it out here:

(Note that apparently my code in this post has some problem so..)
http://aspn.activestate.com/ASPN/Mail/Message/php-Users/373430

OR a better example here:

Building Dynamic Pages With Search Engines in Mind
http://www.phpbuilder.com/columns/tim19990117.php3

Revisited: Build Dynamic Pages With Search Engines in Mind
http://www.phpbuilder.com/columns/tim2526.php3


HTH

> -Original Message-
> From: Mike Eheler [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 4 January 2002 10:01 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] User-friendly URI's
>
>
> http://www.somesite.com/news/2002/01/02/keyword
>
> I've seen some sites do this with other scripting languages (maybe even
> PHP.. I just don't know).. I like the look of this *way* better. Anyone
> have any insight as to how I can make that work with an Apache 1.3.xx +
> PHP 4.1.x setup?
>
> "news" would actually be a PHP script, of course. I know how to handle
> /2002/01/02/keyword as parameters, my question is on making "news" be
> interpreted through PHP.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] The need for strong typing...

2001-07-12 Thread Opec Kemp

> Also obviously, this capability isn't needed for most of what PHP is
> used for, and so maybe it doesn't belong in PHP, and maybe those of us
> who are writing more sensitive aps should look into other things.  Any
> sugestions?

I suppose that if you *really* do need strongly typed language that's widely
used (and cross platform like PHP) then you can't get past JSP or Java
Servlets. JAVA is definitely a strongly typed languge :). There are other
languages out there of course like Python or something but I don't know
enough about it to comment.

Or run your Perl as Mod_Perl in Apache, IIRC you have to use strict anyway
in this mode.

My $0.02



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] The need for strong typing...

2001-07-12 Thread Opec Kemp

> I will look into JSP.
>
> Even on the same website, we could have two different languages: Maybe
> we'll use JSP for the transaction stuff, and PHP for customer support
> pages, where things are less critical.

Incidentally, PHP4 can also use some Java Serverlet or Bean. Check out this
bit from the manual:

http://www.php.net/manual/en/ref.java.php

This PHP/Java combo could be what you needed :)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Capitalize Function ??

2001-07-23 Thread Opec Kemp

The function that you want is called: ucfirst()

http://www.php.net/manual/en/function.ucfirst.php

To make sure that string are consistant you might want to convert all
characters in the string to Lower case first then call this function. This
will ensure that stuff like "JoHn sMITH" gets converted to "John Smith"
consistantly.

> -Original Message-
> From: PHP Junkie [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 24, 2001 11:39 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Capitalize Function ??
>
>
> I know this one will be an easy one ...
>
> I'm taking in first name and last name data into a MySQL db
> through a form. Users sometimes don't capitalize their first and
> last names when entering the data.  Is there a function to clean
> this up for consistency?  If so, what is the name of the function
> that performs this?
>
> Thanks in advance,


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Sending Broadcast Email - will a large loop cause a crash?

2001-09-06 Thread Opec Kemp

Hi,
You'd be better off running this process from a command line, i.e. not
through your Web Browser as I'm more than certain that it will timeout if
you are to send 3000+ emails in a loop :). And then you'll have to start
again , and I'm sure your client won't be so happy if they were to get
multiple copies of the same emails even if they've asked for it:)

You can still write the program in PHP to run from the command line. There
are only a couple of changes that you have to make (if you have complied PHP
to be both stand alone and Web plugin) to enable this.

Also if you were to do this, I wouldn't use mail() function. What I'd do is
run sendmail from the command line (with switches) to basically, get
sendmail to handle *all* deliveries. The beauty of this is that with certain
switch you use from the command line you run sendmail in *batch* mode i.e.
it won't try to send the email straight away but put them into the queue.

The advantage of this is that you can crunch through the list much quicker.
And even if your server crash the emails would already be in the queue so
you won't have to redo it :).

Just a few pointers :) HTH.

> Hi,
>
> I need to send a broadcast email to our customers (about 3,000
> emails). The
> data is being drawn for the DB, and will be personalized. Obviously, the
> code to do this is only a few lines. However, I am concerned with the load
> it will put on the system trying to loop through and mail() 3,000+ times.
> Because of the overhead I anticipate this will cause the server, I am
> planning to do it late in the evening.
>
> My concern is this... will such a loop calling mail() cause PHP/Apache/the
> box/etc to crash under normal circumstances? We have a pretty beefy box, I
> just have never tried broadcasting through PHP. Also, if there is any
> reasonable chance for such a failure, is it possible to put timed
> pauses in,
> say half a second or so before it continues the loop. I've never heard of
> inserting pauses into the execution of PHP code, not sure if its possible.
> If it were, I would think this could combat some of the load, and prevent
> the bottleneck from building backlog until failure.
>
> Who knows, maybe this type of routine won't even make my box
> flinch (P3-833,
> FreeBSD, 256 megs), that's why I'm asking ahead of time. I'd hate to see a
> crash, mainly because I'll have no idea where it left off, and will end up
> sending 2 or more emails to some people if I have to run it more
> than once.
>
> Thanks.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] -----s--- bit

2001-02-22 Thread Opec Kemp \( Ozemail \)

Hi,

Why do you want to access /etc/shadow from your PHP?. As a general
rules of thumb that's a pretty bad idea. The reason for this is that
/etc/shadow is owned by Root and it's *should* only be readable by
Root
and noone else.

Now in answer to your question "Why your PHP" script can't read
/etc/shadow is that if you're PHP script is running as Apache module
(or even a stand alone CGI). Your User ID would most likely *not* be
Root.
Thus you are not allowed to read the /etc/shadow.

You are able to fix this by running the Apache process as Root!
THIS IS A VERY VERY bad idea but possible nonetheless as it is
a huge security hazard.

To configure Apache to run as Root, check out Apache doc

HTH.

> Hi,
>
> I am running apache server as user/group=apache/httpd
> And want to access the shadow file to authenticate my users
> from the system.
>
> shadow file is owned by root and chmod to 400.
>
> server-root:/5:28pm>ls -al /etc/shadow
> -r   1 root sys 27695 Feb 22 10:06 /etc/shadow
>
> I can access the shadow from cgi-bin / c code by giving the
> chmod +s bit .


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Munging hidden/form variables

2001-03-01 Thread Opec Kemp \( Ozemail \)

I can think of one way that you can take in an attempy to prevent
this.
It is not totally fool proof but it will make it more difficult
to send spoof data:

1) Check your HTTP refereer when the form is submitted. If the
referer is not from your host then don't process the form.
Of course this can be faked quite easily if this person knows
what (s)he doing.


> > It is possible (I've done it) to find out all the variables
> > that make up a form on a particular site, generate a
> > similar form on your site with that form's action being
> > the CGI/PHP script that the particular site uses to process
> > the form once submitted, modify the values for the form
> > variables to be anything you want and submit the form
> > that resides on your site.  This will basically submit totally
> > fabricated data to the foriegn site and possibly screw them
> > up somehow and/or in some way.
> >
> > Is there any way to defend against this?  Is there any way
> > to ensure that when a form is submitted that the submission
> > request originated from your site/domain and not somewhere
> > else?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] mySQL Question....

2001-04-17 Thread Opec Kemp \( Ozemail \)

> if i perform a SELECT query (say) like the following:
>
> SELECT email_addr FROM myTable WHERE x = 1
>
> in this query i want to pull-out (or list) all email
> addresses where x equals 1, however, suppose i don't want any
> duplicate email  addresses... would i use ORDER BY and COUNT(*) to
get listing
> of non-duplicate email addresses, and just ignore the COUNT() ?

You would use neither :) To get the distict email addressese you can
use

SELECT email_addr FROM myTable WHERE x = 1 GROUP BY email_addr

Check MySQL manual for SELECT options for more info.





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] PC MAG article

2001-05-09 Thread Opec Kemp \( Ozemail \)

Lol :)

Obviously they didn't even look at the ODBC functions part of PHP :)
Besides I don't know what they're bitching about DB abstraction layer
anyway. I mean Oracle SQL and MS SQL and MYSQL and Interbase SQL is
not exatcly compatible :) So even if you use the DB Abstraction layer
to connect to the DB you still screwed when it comes to SQL syntax :)
At least with PHP you can use tool like Metabase libs which will
perform abstraction for stuff like this as well as DB connection etc.
:)

My $0.02

> -Original Message-
> From: Ryan Christensen [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 10, 2001 10:31 AM
> To: Philip Olson; Mike
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] PC MAG article
>
>
> Lol..
>
> quoted..
> "PHP proponents argue that abstraction layers dumb down and
> slow down access
> to databases, but we think they can increase developer productivity,
> facilitate application migration, and cut training costs. "
>
> Cut training costs? Yeah.. let's use an inefficient system
> just so we can
> save some money? (even though PHP is already free!!!)
>
> hehe..
>
> 
> Ryan Christensen
> OlyPen Technical Support
> [EMAIL PROTECTED]
> 360.457.3000
> 800.303.8696
>
>
> - Original Message -
> From: Philip Olson <[EMAIL PROTECTED]>
> To: Mike <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, May 09, 2001 5:26 PM
> Subject: Re: [PHP] PC MAG article
>
>
> > for informational purposes, it can be seen here :
> >
> >
http://www.zdnet.com/pcmag/stories/reviews/0,6755,2713481,00.html
>
> no comment. :)
>
> regards,
> philip
>
>
> On Wed, 9 May 2001, Mike wrote:
>
> > As a devoted php programmer I was surprised how bad PC MAG blasted
php
this
> > month.It sound as if it doesnt scale very well(Ive never had more
than a
few
> > people on my site at once).Any comments???
> >
> > Thanks
> > Mike
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
[EMAIL PROTECTED]
>
>


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Decrypt Function?

2001-03-25 Thread Opec Kemp \( Ozemail \)

Unix "Crypt" function is a one way encrypytion algorithm therefore you
can not technically decrupted as such. The way that you can check to
see if the given uncrypted value is equals to its crypted value is to

1) Crypt the string with the same "salt"
2) Compare this with the crypted version

If these 2 are the same then you assume that the 2 strings are equal.
If you really want to "decrypt" the string i.e. turn the encrypted
version into its original readable text then you'll have to use
Mcrypt() functions in PHP instead (if you have PHP 4 and above ).
There are also other Encrytion functions available, check in the
manual:

http://www.php.net/manual/en/ref.mcrypt.php


> -Original Message-
> From: Chris Anderson [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, March 24, 2001 8:44 AM
> To: PHP
> Subject: [PHP] Decrypt Function?
>
>
> Is there any way to decrypt dat encrypted using the crypt
> function? If not, then what purpose does that function have?
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] L?

2001-04-09 Thread Opec Kemp \( Ozemail \)

Try this site

http://www.cod.edu/people/faculty/lawrence/romaindx.htm



> -Original Message-
> From: Kurth Bemis [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 10, 2001 10:14 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] L?
> 
> 
> what does the roman numeral L mean?
> 
> can someone point me to a page that has all of the roman 
> numerals and their 
> English equivlents?
> 
> i forgot?
> 
> ~kurth
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: 
> [EMAIL PROTECTED]
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]