Re: [PHP] SQL Join query
Hi, On Mon, 9 Aug 2004 18:12:42 +, in php.general you wrote: >* Thus wrote Jonathan Haddad: >> The only problem there is when you group the LEFT JOIN pictures that >> have a count of 0 return a count of 1. Unfortunately there's no single >> query that I figured out when I did this same project that would give >> accurate results. > >SELECT > pics.*, > pic_comments.*, > count(*) + if(pic_comments.pic_id = NULL, -1, 0) Or simply: SELECT pics.*, pic_comments.*, count(pic_comments.pic_id) .. COUNT() does not count fields with NULL when specifying a specific field (as opposed to just count(*) ) .. but this is rather an SQL-related question. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: preg_match_all but no preg_replace_all?
On 10 Aug 2004 16:53:59 -, in php.general you wrote: >Yes. preg_replace is greedy by default. Err, global, that is (although it's also greedy per default, but then again, that's also the case for ereg-functions and perl) "greedy" is the term of whether or not a range of matches should be expanded to as long as possible, e.g.: pattern: /<.*>/ string: one two three .. wil match " two " and not just "". .*? on the other hand (or the U pattern modifier) makes the capture ungreedy. ... just trying to clear up a common mix-up in terms :) -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: preg_match_all but no preg_replace_all?
On 10 Aug 2004 18:24:54 -, in php.general you wrote: >> > Yes. preg_replace is greedy by default. >> >> Err, global, that is (although it's also greedy per default, but then >> again, that's also the case for ereg-functions and perl) > >Umm, not in perl. Perl will only replace the *first* match, unless the g >switch is passed to the s/// construct (e.g., s/a/b/g will replace all >occurrences of a with b; s/a/b/ will only replace the first). In other >words, perl's substitution operator is not *global* by default; PHP's >preg_replace is, however. I can see what I wrote could be misunderstood. I mentioned that it is greedy per default, which also is the case for ereg_* and perl. >And regexps are only *greedy* when using wildcards for quantifiers, not by >default (e.g., s/a/b/ only replaces a single occurence of a; s/a*/b/ >will replace an 0 or more occurences of a followed by anything with b -- >b -> bb, as does ab -> bb). In other words, regexps are not *greedy* >by default, either. Err, the *quantifiers* are still greedy per default (which can be negated), but of course it requires that quantifiers actually are used :) So, the "greedy"-terminology simply relates to quantifiers. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: preg_match_all but no preg_replace_all?
On Tue, 10 Aug 2004 14:50:26 -0400, in php.general you wrote:
>>>Yes. preg_replace is greedy by default.
>> Err, global, that is (although it's also greedy per default, but then
>> again, that's also the case for ereg-functions and perl)
>
>Regular expressions in Perl are not greedy by default. You have to
>specify the 'g' for it to be greedy.
You might want to read the last part of my post, about the common
mix-up of the meaning of "greedy" and "global" - Q.E.D. :)
1. "greedy" is a term used to specify the behaviour of *quantifiers*
(like {x,y}, +, ?, *)
2. The g-flag does not stand for "greedy", but "global". This
behaviour has nothing to do with quantifiers, and using the g-flag
doesn't change whether or not a quantifier is greedy. The U-flag does
that, though.
3. From perldoc perlre:
By default, a quantified subpattern is "greedy", that is,
it will match as many times as possible (given a particuÂ
lar starting location) while still allowing the rest of
the pattern to match. If you want it to match the minimum
number of times possible, follow the quantifier with a
"?". Note that the meanings don't change, just the
"greediness":
There really is a common mix-up between these two words, as you have
just proved :)
(I'm pretty sure that we all agree of the actual behaviour of /g,
though - this is only an issue regarding words)
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: apache htaccess mod rewrite with php querystring urls
On Thu, 12 Aug 2004 14:19:07 +0200, in php.general you wrote: >> [A-Za-z0-9] will only match one character. >> Try this : >> RewriteEngine on >> RewriteRule [A-Za-z0-9]+\.html$ /index.php?page=$1 $1 would be a backreference, but there are no capturing parenthesis. RewriteRule ([A-Za-z0-9]+\.html)$ /index.php?page=$1 >However, I'm still experiencing problems displaying any page contained >within the folder which holds this htaccess file. I get a 403 Forbidden >Access error everytime. It's pretty simple, though: If you get an error, check your error log for Apache (default written to logs/error.log). It would give you the reason for you Apache has given a 403-error to the client. Still, this is not much of a PHP issue. Since Rewrite-magic tend to be pretty complicated (and there are a couple of misunderstandings regarding this feature), I do think some Apache mailing lists would be of more help for you. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] FW: Help with PHP 5 - code not working since upgrade
On Tue, 17 Aug 2004 12:40:00 -0700 (PDT), in php.general you wrote: >I didn't have to look much further than this. You have a class that was >designed in PHP3 and suddenly you're wondering why it work in PHP5? Actually, I too would wonder why it worked :) -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing Forms???
On Fri, 13 Aug 2004 12:39:07 -0700 (PDT), in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote: >http://shiflett.org/talks/oscon2004/php-security/36 $token = md5(uniqid(rand(), true)); .. is a pretty bad idea, since the output could include quotes, newlines, low-ascii-characters, thereby messing up the form. $token = md5(uniqid(rand() )); ought to be sufficient - and works with PHP4 :) -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing Forms???
On Wed, 18 Aug 2004 17:59:34 -0700, in php.general [EMAIL PROTECTED] (John Holmes) wrote: >> $token = md5(uniqid(rand(), true)); >> >> .. is a pretty bad idea, since the output could include quotes, >> newlines, low-ascii-characters, thereby messing up the form. >How do you figure that? md5() only returns 0-9 and a-f characters. From the manual: http://php.net/md5 string md5 ( string str [, bool raw_output]) "If the optional raw_output is set to TRUE, then the md5 digest is instead returned in raw binary format with a length of 16." raw_output is set to true, meaning that md5() will not just return a hexdump of the digest, but a raw binary format, which could contain quotes and other special characters. There's about 6% probability of md5 returning (at least) one double quote for a random input :) >> $token = md5(uniqid(rand() )); >> ought to be sufficient - and works with PHP4 :) >Using entropy with uniqid() simply returns a more unique value to md5(), >so what's the difference. Err... the only difference is that I removed the second argument, making md5() return a simple hex-encoded string. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing Forms???
On Wed, 18 Aug 2004 15:26:34 -0700 (PDT), in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote: >> $token = md5(uniqid(rand(), true)); >> .. is a pretty bad idea, since the output could include quotes, >> newlines, low-ascii-characters, thereby messing up the form. >That's incorrect. An MD5 is a hexadecimal number. Ah, damn you, parenthesis :) I read it as: md5(uniqid(rand()), true); My bad - sorry! -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing Forms???
On Wed, 18 Aug 2004 15:57:26 -0700 (PDT), in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote: >I see your mistake now. That second argument is for the uniqid() function. >Have another look and pay close attention to parentheses. :-) "My arch enemy, Parenthesis, we meet again. And I can see that you have grown stronger since our last encounter!" -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: exploding
Hi,
On Wed, 25 Aug 2004 18:00:49 -0400, in php.general
[EMAIL PROTECTED] (Jake McHenry) wrote:
>Hi everyone.
>
>Is there a way to explode by every character in the variable?
>
>Example:
>
>$var = "8";
>$test = explode("", $var);
Use preg_split(): http://php.net/preg_split - example 2.
Or, a possible faster method, using str_split() (only available in
PHP5): http://php.net/str_split
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: exploding
On Thu, 26 Aug 2004 00:57:43 +0200, in php.general
[EMAIL PROTECTED] (Felix) wrote:
>$array = explode( ' ', chunk_split( $sting, 1, ' ' ) );
>
>http://www.php.net/manual/de/function.explode.php
>http://www.php.net/manual/de/function.chunk-split.php
Well, that would leave a blank entry end of the array:
array(6) {
[0]=>
string(1) "0"
[1]=>
string(1) "0"
[2]=>
string(1) "0"
[3]=>
string(1) "0"
[4]=>
string(1) "8"
[5]=>
string(0) ""
}
Besides, strings containing spaces could also produce unexpected
results (like "foo bar baz"):
array(14) {
[0]=>
string(1) "f"
[1]=>
string(1) "o"
[2]=>
string(1) "o"
[3]=>
string(0) ""
[4]=>
string(0) ""
[5]=>
string(1) "b"
[6]=>
string(1) "a"
[7]=>
string(1) "r"
[8]=>
string(0) ""
[9]=>
string(0) ""
[10]=>
string(1) "b"
[11]=>
string(1) "a"
[12]=>
string(1) "z"
[13]=>
string(0) ""
}
I would still suggest str_split() if available, otherwise
preg_split().
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Get Value
On Thu, 26 Aug 2004 09:41:28 +0530, in php.general [EMAIL PROTECTED] (Syed Ghouse) wrote: >Will anybody tell me how to extract the value (say Google) > from the code below: > >Google(value to extract) Instead of using regular expressions (and taking care of all exceptions), you might want to use xml_parser_create(), since you essentially want to parse the contents of a tag. I simply don't think that regular expressions is the right tool here (and the complexity of the regular expression when all exceptions has been taken care of is unnecessary). Works fine under PHP4 and PHP5: blabla'; $x = xml_parser_create(); xml_parse_into_struct($x,$string,$array); // href will be available in $array[0]['attributes']['HREF'] ?> If you are curious, you could add: "; var_dump($array[0]['attributes']); print ""; print ""; print ""; var_dump($array); print ""; ?> But look at $array[0]['attributes']['HREF'] for the link. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem sending mail
On Tue, 31 Aug 2004 00:03:26 +0200, in php.general [EMAIL PROTECTED] (M.
Sokolewicz) wrote:
>that would depend from which place you run the script.
>file_get_contents("text.inc") will be looked for in:
>1. the current working directory
>2. the included dirs
Remember though that for 2), it looks in "include_path relative to the
directory of current script." (from documentation for include), and .
is usually included in include_path
For:
>[EMAIL PROTECTED] /]# cd /
>[EMAIL PROTECTED] /]# php -q /var/www/html/scripts/mail.php
>then you're actually working in /, so it's looking for "text.inc" in:
>/text.inc and in all include-paths.
... it would also check /var/www/html/scripts/text.inc
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Bug with mktime??
On Tue, 31 Aug 2004 09:53:01 +1200, in php.general
[EMAIL PROTECTED] (John Clegg) wrote:
>I have been using mktime() to determine the next 12 months for a
>program, and i have discovered what seems a bug in the function.
>
>The following code...
>
>for($i=0;$i < 12;$i++){
>
>$currentDate = date("d m Y",mktime(0, 0, 0,date("m")+$i , date("d"),
>date("Y")));
There is no bug.
Currently it is the 31. august.
For $i ==1, you are setting the date to 31. september => 1. october.
For $i ==2, you are setting the date to 31. october
For $i ==3, you are setting the date to 31. november => 1. december
For $i ==4, you are setting the date to 31. december
.. and so on.
Since you only look at the month, you would get october, october,
december, december, etc.
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session variables does not get sent
On Mon, 6 Sep 2004 13:33:02 +0800, in php.general [EMAIL PROTECTED] (Jason Wong) wrote: >> $username = trim(addslashes($_POST['user_name'])); >> $pass = trim(addslashes($_POST['password'])); > >addslashes() is not needed as you're performing SELECT query and not an INSERT >query. How did you come up with that? The escape mechanism is the same for SELECT and INSERT. addslashes() is not needed if magic_quotes is enabled, though. But if it isn't, it could be easy to login as another user, e.g. post: other_user' OR user_name = 'foo .. as user_name. In that case the attacker could login as other_user. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing HTML files
On Fri, 10 Sep 2004 11:58:58 +0100, in php.general
[EMAIL PROTECTED] (Abdul-Wahid Paterson) wrote:
>> I was wondering if any classes/functions could help me with this little
>> challenge, (im hopeless at regex ;-)
>>
>>
>
>No easy way of doing it, regex somthing like:
>
>$id = preg_replace("/.*/", $1, $string);
How about just using an xml-based function? Much cleaner, doesn't
require name-attribute to be present before value-attribute.
';
$x = xml_parser_create();
xml_parse_into_struct($x,$string,$array);
print $array[0]['attributes']['VALUE'];
// or, out of curiousity:
var_dump($array);
?>
(and why preg_replace? $1 wouldn't even be set since no capturing
parenthesises are used)
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How does work shorten url services?
On Sat, 18 Sep 2004 22:33:09 +0800, in php.general [EMAIL PROTECTED] (Jason Wong) wrote: >> Ok, it is like I thought, but if it is made in PHP is >> there a way to catch all the ID sent to the main page >> of tinyurl.com and then query the database? > >If your webserver is apache you could use its rewrite engine to ensure that >all requests to http://example.com/ gets processed by php (see apache docs). Further: Apache-solution One of the simplest methods (if the user is able to change the configuration of the server config or virtual host) is to point DocumentRoot to a file and not a directory. E.g. DocumentRoot /path/to/handler.php At least the apache following with debian stable will issue a warning (which could be ignored) that the directory-path does not exist. I suppose it only checks for the existance of a directory with that name. Another dirty method include using a 404-document for handling requests to files that do not exist: ErrorDocument 404 /404handler.php (one could still set a 200 OK-returncode) .. but all this is out of PHP-scope. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend PHP Certification test
On Thu, 30 Sep 2004 10:20:19 -0700 (PDT), in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote: >You can win a free pass to take the exam by being the first to solve this >puzzle: > >http://shiflett.org/archive/55 This is just too easy: The shown times are posting-times for one day on this list, for posts regarding mysql. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting database passwords
On Thu, 01 Jul 2004 06:55:38 -0700, [EMAIL PROTECTED] (Bob Hockney) wrote: >What I am concerned about is a local user on the server machine, not access through >the web server. It sounds like it can be done if there is a separate user or group >for the >web server process, but this site specific. It would be difficult to distribute a >program >and use a generalized install routine to install the file containing the passwords to >be >edited by the site admin. You could move the virtual host to its own file, only readable by root (and include this virtual host-file in httpd.conf). Use SetEnv in this virtual host to set values like DBUSER, DBPASS and so on: http://httpd.apache.org/docs/mod/mod_env.html#setenv You can choose whatever names you like. The PHP script would then just have to read these environment values to retrieve username and password. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Retrieving client SSL info
Hi, I have an Apache1 webserver running under Linux with mod_ssl and PHP5.0.4 (debian dotdeb backport). I have users logging in via SSL, presenting a client certificate: SSLVerifyClient require SSLCACertificateFile path/to/CAcert.crt .. and everything works at this point. My question is how to retrieve any kind of information regarding the current SSL connection with PHP, thereby being able to identify the different clients uniquely (I'm not interested in who they are, just to be able to store and present different information for the users). This might be based on the serial in the client certificate. A phpinfo() only shows that $_SERVER['HTTPS'] has been set to "on". The mod_ssl-refrence shows though that a lot of other environment variables should be present: http://www.modssl.org/docs/2.1/ssl_reference.html#ToC23 .. but I can't seem to retrieve this information anywhere. I haven't tried apache_getenv() since I'm not running Apache2. I don't know if variables such as SSL_CLIENT_M_SERIAL are available here. I have searched the web, in php.general and comp.lang.php without success. The closest info was a reply from Christ Shiflett: http://marc.theaimsgroup.com/?l=php-general&m=103828683828825&w=2 Notice that it is my own site that is running under SSL. I am not trying to connect to a SSL-enabled site using PHP; my users are connecting to my site (with their browsers and certificates). I don't think the openssl functions could be helpful here. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Retrieving client SSL info
On Thu, 26 May 2005 21:32:27 +0200, in php.general [EMAIL PROTECTED] (Peter Brodersen) wrote: >I have searched the web, in php.general and comp.lang.php without >success. The closest info was a reply from Christ Shiflett: >http://marc.theaimsgroup.com/?l=php-general&m=103828683828825&w=2 What a typo... I admit I do admire his work, but his name is still Chris :-) Sorry about that. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: fopen for http://
On Fri, 27 May 2005 13:57:12 -0500, in php.general [EMAIL PROTECTED] (Jay Paulson) wrote: >For example, in my Apache httpd.conf file I have it set up to where I >have a directory that is only accessible from certain IP addresses, one >of which is 127. (the localhost). The script I'm running is located on >the server and the web site I'm trying to access via fopen() is on the >same server. Therefore, I'm thinking that the php script should have >access to read the site's restricted directory. For some reason it >does not have access. Even if it is the same server you might not connect with "127.0.0.1" as the source IP address - especially not if the other web site's host name resolves to any other IP address than 127.0.0.1. Your tcp connection might still be performed via the loopback-interface, but your source IP address might still be the one of a network interface Try to create a page on the second web site (that you want to access thorugh fopen() ) that outputs the client's IP address. You'll probably see that your source IP address is not 127.0.0.1. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Retrieving client SSL info
On Thu, 26 May 2005 21:32:27 +0200, in php.general [EMAIL PROTECTED] (Peter Brodersen) wrote: >A phpinfo() only shows that $_SERVER['HTTPS'] has been set to "on". >The mod_ssl-refrence shows though that a lot of other environment >variables should be present: >http://www.modssl.org/docs/2.1/ssl_reference.html#ToC23 >.. but I can't seem to retrieve this information anywhere. I reached the following solution: I never got access to any SSL_*-variables under $_SERVER (not even the server variables or using another language - or server, php version and OS), but a workaround for Apache and mod_ssl is to add SSLOptions +ExportCertData to httpd.conf (or .htaccess) The certificate presented by the client would then be stored in $_SERVER['SSL_CLIENT_CERT'] (the only SSL_*-variable available, besides SSL_SERVER_CERT). The data could then be retrieved using openssl_x509_parse(), e.g.: I would still like to know why the SSL-variables aren't available, but I don't think this is a PHP issue. Just wanted to post my solution for the sake of mail archives :-) -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to make a script sleep for 5 seconds?
On Mon, 30 May 2005 21:08:29 -0400, in php.general [EMAIL PROTECTED] (Robert Cummings) wrote: >Sorry to hijack this thread but I was wondering how to make a script >sleep for 5 seconds? Easy: Or better: Or even better: We have busy wait, we have risk of indefinite loops. The next step should be (more) imprecision. Maybe read /proc/cpuinfo and perform n steps of simple loop where n is calculated from the cpu type, mhz and current load. Maybe a PEAR project? -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] .INC files
On Thu, 02 Jun 2005 00:44:12 -0400, in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote: >3. The debate between storing includes outside of document root versus >using a .php file extension, instructing Apache to process .inc files as >PHP, instructing PHP to deny requests for .inc files, etc. I agree regarding code on your own server/project. I do believe that the situation is another when you are manager of some project where your php code is being distributed to several different systems beyond your control (think phpmyadmin, phpnuke, etc. - maybe not the best examples regarding security record, though :-) In that case, one could create some requirements regarding the installation of the php application that some customers at web hosting companies might not be able to follow (e.g. create a .htaccess denying .inc-files, create folders outsite of webscope), or one could make a trade-off between ease of installation and highed security. One way of achieving this could be the sole use of .php-extensions (and code constructed in a way that direct access would cause no harm). I believe that there is reason to differ in these two cases for practical reasons. In the latter case a lot of assumptions could cause damage. Poorly implemented high security could be worse than moderate, application based security. -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] Japanese with UTF-8 and mysql
On Thu, 2 Jun 2005 11:58:26 +0100, in php.general
[EMAIL PROTECTED] (Richard Davey) wrote:
>I would recommend setting UTF-8 as the Content-type via PHP itself:
>header('Content-type: UTF-8') - do it as one of the first things when
>you're ready to output the HTML.
UTF-8 is a charset, not a Content-type.
A quick test shows that the HTTP header output from Apache would
contain:
Content-Type: UTF-8
The correct way - if one wants utf-8 as charset - is:
header("Content-Type: index/html; charset=utf-8");
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions, Expire-headers and Firefox's back button
Hi, When I begin session with session_start() PHP sets an Expired-header. I suppose that's fine for the sake of unwanted caching. Unfortunately, Firefox seem to reload a page that's expired when using the browser's "Back" navigation instead of showing the page as it was as the user left it. This seem to complicate some things. If I create a page with a form, the user submits it and press "back", the page is reloaded and the form is wiped instead of preserving the values as they were when the user submitted/left the page. I'm curious if there is a simple, acceptable workaround like disabling the Expires-header? I'm *not* looking for a solution where the session stores the form values and insert them into a value attribute. This won't work: 1. There is no way to distinct whether the user pushed "back" or clicked on a link to request the search page. The variables should be kept in the first situation but not in the second (and looking at the Referer header would be considered a hack as well). 2. Users can have multiple windows/tabs open which should not interfere with the navigation. It seems like Opera, Internet Explorer, links, lynx and w3m behave more reasonable. I believe that W3 also states that when using back buttons browsers should always show the page as when the user left it and not requesting it at new. Even if it is a bug in Firefox I would still like to know whether there is an acceptable workaround that would reduce the number of requests and make Firefox use the cached page (or cache the page in the first place). -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions, Expire-headers and Firefox's back button
Hi Chris, On Fri, 02 Dec 2005 19:21:43 -0500 Chris Shiflett <[EMAIL PROTECTED]> wrote: > You might find this article helpful: > > http://shiflett.org/articles/guru-speak-nov2004 Very helpful indeed! I was mainly focused on the "Expires" header, but changing the Cache-Control output (by setting session.cache_limiter to 'private') seem to make everything work. private_no_expire could also be a possibility. I think I'll read the RFC a bit more to see which one would be the most appropate one in my situation. > This seems to conflict with the earlier statement, and I think this is > the reason for the inconsistent implementations in the industry. This > particular statement attempts to distinguish between the history > mechanism and caches, a distinction that doesn't naturally exist. Tell me about it. Earlier this evening I fell over a strange behaviour in IE, Firefox and Opera. Point one window to a URL pointing at an image. Overwrite the image with a new one. Open another window/tab and open the new image (at the same URL). Get properties for the old image in the old window. Both IE and Firefox would provide the correct information about image dimensions but would get the file size from the new image. Opera will replace the old image in runtime leading to spurious graphic updates. The whole concept about the history mechanism (and even content in current open windows) opposed to a cache is a bit mind boggling. > I don't really fault Firefox for abiding by the no-store directive, nor > do I fault Internet Explorer for ignoring it. Agreed. Furthermore, the change in cache_limiter makes very good sense in this context and doesn't seem like "just a hack". > Hope that helps. Very much. Thanks for the quick and precise reply! -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Why do Sessions use Cookies?
On Fri, 2 Dec 2005 20:43:48 -0500, in php.general [EMAIL PROTECTED] (Michael B Allen) wrote: >Why do sessions use cookies? Isn't a session just a container associated >with the user's socket? No. Even though mechanisms such as keepalive exists they are not reliable for tracking a user. A client can still open multiple HTTP connections to the same host even when using keepalive. Furthermore we would like the session to survive the smallest hickups (e.g. disconnects, TCP RSTs, ...). -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions, Expire-headers and Firefox's back button
On Sun, 4 Dec 2005 11:56:43 -0800, in php.general [EMAIL PROTECTED]
(Curt Zirzow) wrote:
>iirc, Firefox 1.5 has improved its caching system, in paticular to the
>back button drama.
It seems so, but the issue is still present in 1.5 and might be
further on.
session_cache_limiter('private') changed the output from
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
to
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: private, max-age=10800, pre-check=10800
session_cache_limiter('private_no_expire') can get rid of the Expires
header as well, but it doesn't seem to be an issue here. It could
still be relevant for other reasons though.
--
- Peter Brodersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
