[PHP] Session problems..
Hi All, I am in trouble with the session handling of PHP. It works fine as long as the session_start is not inside a function or a class. My idea was to create a session class with a constructor calling session_start(). The variables inside the session class would hide the session vars. Proper methods for accessing and updating them were available. At the end I will call my class session update method just before the script ended to sync them with the PHP sessions. I have tried changing track_vars and globals, but problem seems to not be there, since calling session_start() from outside the class works. Is it a scope problem? Any help will be appreciated. Thanx. Sean C. McCarthy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] SSL encryption type in PHP?
Hi, You can tell it using the variables from the server. Using Apache you can access the variables specs at: http://www.apache-ssl.org/docs.html With Apache SSL is SSL_CIPHER returns the variable about SSL/TLS ciphersuite. Sean C. McCarthy SCI, SL (www.sci-spain.com) "Dr. Evil" wrote: > > Is there a function in PHP which can tell me the encryption strength > being used by the browser? I want to be able to put a little message > on the page saying, "You are using strong encryption" or "Warning: you > should upgrade your browser to one which supports 128bit crypto". > > Thanks > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Am I being Hacked ???
Hi Mark,
408 is an HTTP status code meaning Request Timeout. The excerpt from the
RFC2616 is:
408 Request Timeout
The client did not produce a request within the time that the server was
prepared to wait. The client MAY repeat the request without
modifications at
any later time.
Do you have lots of this? If just a few I wouldn't say its an attack but
a problem from the person making the request.
Sean C. McCarthy
SCI, SL (www.sci-spain.com)
Mark Lo wrote:
>
> Hi,
>
> My apache log files contains the following log info sending from my
> desktop to my server which hosted at remote data center, I am wondering, am
> I being hacked ?? Is there something wrong in my apache server ??
>
> 203.218.49.24 - - [07/Aug/2001:22:04:52 +0800] "-" 408 - - "-" "-"
> 203.218.49.24 - - [07/Aug/2001:22:04:55 +0800] "-" 408 - - "-" "-"
> 203.218.49.24 - - [07/Aug/2001:22:04:56 +0800] "-" 408 - - "-" "-"
> 203.218.49.24 - - [07/Aug/2001:22:04:56 +0800] "-" 408 - - "-" "-"
>
> Thanks
>
> Mark
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] ICMP Ping
Hi All,
You meant: http://www.PHPClasses.UpperDesign.com/
didn't you?
Sean C. McCarthy
SCI, SL (www.sci-spain.com)
hassan el forkani wrote:
>
> look for icmp at
> http://phpclasses.upperdesigns.com i beilive there is a class that does
> just that
>
> regards
>
> At 18:11 07/08/01, you wrote:
> >Hi,
> > I'm trying to write a port scanner similar to
> >http://scan.sygatetech.com to expose security holes in a PC or server.
> >However, I can't figure out how to perform an ICMP ping. Does anyone
> >know how?
> >
> >Regards,
> >
> >- James
> >
> >Editor, VB Web
> >==
> >Web - http://www.vbweb.co.uk
> >Email - [EMAIL PROTECTED]
> >ICQ# - 60612011
> >Fax - +44(0)8707052859
> >==
> >
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] SSL encryption type in PHP?
Hi, Use getenv() since it is a CGI variable. Look at the manual. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) "Dr. Evil" wrote: > > > You can tell it using the variables from the server. Using Apache you > > can access the variables specs at: > > > > http://www.apache-ssl.org/docs.html > > > > With Apache SSL is SSL_CIPHER returns the variable about SSL/TLS > > ciphersuite. > > Do you know how I would access that variable from PHP? Is that > possible? I know how to configure apache to reject conections based > on encryption settings, but instead of rejecting them, I would like to > accept them but warn the user: "You should upgrade your browser". Is > this possible? > > Thanks > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session problems when calling within a class.
Hi,
I got the same problem but i left it (had no more time to fumble around
with it). But try this, because it was what I was going to try:
function ccsession($userid = '1', $groupid = '1', $authid = '1',
$username = 'guest', $first_name = 'Guest', $last_name = 'Account')
{
global $HTTP_SESSION_VARS;
// Change all session variables below to
// $this->_cm_user_id = $HTTP_SESSION_VARS["userid"]
// and so on..
$this->ss();// I guess this is not important for sessions
$this->_cm_user_id = $userid;
$this->_cm_group_id = $groupid;
$this->_cm_auth_id = $authid;
$this->_username = $username;
$this->_first_name = $first_name;
$this->_last_name = $last_name;
$this->_session_id = $this->set_si();
}
// Once you started the session you might be able to set it
// the way you are doing here, in the following code as long
// as you don't send anything before this. If you do it you
// know you will have already sent the old ID to the user.
function set_si()
{
//if (0) {
//$c_session_id = $this->get_si();
print "==".session_id()."";
if (session_id()) {
$this->_session_id = $c_session_id;
} else {
srand((double)microtime()*1132590); // make 'rand' function
truly random
$this->_session_id = md5(rand(0,999));
}
$this->is_set_si = 1;
session_id($this->_session_id);
print "--".session_id()."";
return $this->_session_id;
//}
}
}
By doing this you should be able (and I say SHOULD, I haven't tested it)
to get the value from the session, but you will still have to start the
session outside the class.
Also don't forget to change the $HTTP_SESSION_VARS with the new session
information if you change it.
>From my point of view the problem is with variable scope. Even with
register_globals and track_vars the code didn't work for me. If you find
out something please post it (or at least send me a message with your
findings) because actually I was doing that stuff with just functions
and not a class.
Hope it's useful for you.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Mark Garcia wrote:
>
> Greetings,
>
> I'm having a puzzling time trying to figure out how to work around the issue
> of the session_id not existing after making calls to session_start and
> session_id to generate an session. It seems that by set_si() calling
> session_id and seeing if there is a value, doesn't not work. Hence, a new
> session_id is created but is not persistant. If I reload the page
> sessions.test.php3 it generates a new session_id and can not detect the
> previous one set.
>
> For example, ...
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] MySQL connection
Hi All,
Also a good advice is to restrict the access to the files where you
include your login/pass. Give permissions to only the PHP user, I mean
the user that runs the php process (in unix/linux make a ps axu and look
at the user column). Then change the file permissions to just that user
(unix chown and chmod, more info 'man chmod' and 'man chown'). If you
are using W9x/ME you're out of luck.
Hope this helps.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
BRACK wrote:
>
> I have tested again what I said yesterday and found that if I have
> problems in PHP support in Apache then all my information
> (username and password) are seing simly on the screen, so it's not
> about dead SQL server but PHP.
>
> However, I went through all docs that I have on this topic and found
> that the only solution of this is to put included "connect.php/inc"
> outside of htdocs directory and configure your php.ini such a way
> that one outsider directory would be accepted and only by php call.
>
> Hope I didn't mess up this time so you are able to understand what
> I mean... =))
>
> Thank you for the help anyway, just be aware of this PHP prob
> when you pick up provider.
>
> Youri
> On 8 Aug 2001, at 19:33, Attila Strauss wrote:
>
> > hi,
> >
> > there are 2 ways.
> >
> > 1. you hardcore the user/password in the php.ini file.
> > 2. u do a simply error checking like :
> >
> > > $connect = mysql_connect($host, $user, $pass);
> > if(!$connect)
> > {
> > print "connection failed";
> > }
> >
> > ?>
> >
> > of course you could also do like kindaheader("Location: http://host";);
>instead of print "connection failed".
> >
> > i hope i could help you.
> >
> > best regards
> > attila strauss
> >
> >
> >
> >
> > > Hey Jouri,
> > >
> > >
> > > I don't agree with this one. I tested it out on my
> > > localhost and got the two error messages I told you I
> > > was going to get:
> > >
> > > Warning: Unknown MySQL Server Host...
> > > Warning: MySQL Connection Failed...
> > >
> > > No usernames/passwords. I have to say however that I
> > > always include my connect.php file. Maybe that's a
> > > secure way to connect without anyone seeing your
> > > password in case of sqlserver problems.
> > >
> > >
> > > Greetz,
> > > Bjorn Van Simaeys
> > > www.bvsenterprises.com
> > >
> > >
> > >
> > >
> > > --- BRACK <[EMAIL PROTECTED]> wrote:
> > > > If you have Apache and MySQL servers make this
> > > > experiment -
> > > > start Apache but "forget" to start SQL and go to
> > > > your site
> > > > http://localhost/... you will see yourself all the
> > > > information on the
> > > > screen.
> > > >
> > > > Youri
> > > >
> > > > On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
> > > >
> > > > > I'm curious as to how the "hacker" would see all
> > > > this information (the
> > > > > username.. password, etc..) just by going to a
> > > > site where the SQL backend
> > > > > was down?
> > > > >
> > > > > Ryan
> > > > >
> > > > > > -Original Message-
> > > > > > From: BRACK [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: Tuesday, August 07, 2001 12:36 PM
> > > > > > To: [EMAIL PROTECTED]
> > > > > > Subject: [PHP] MySQL connection
> > > > > >
> > > > > >
> > > > > > I just wanned to bring the issue of security of
> > > > MySQL connection:
> > > > > >
> > > > > > Let us imagine that SQL server was down for some
> > > > hours (of
> > > > > > course without us knowing it) and at the same
> > > > hours our SQL site
> > > > > > was visited by some kind of hacker, he can s
> > ee
> > > > on his screen all
> > > > > > our SQL connection info like username,
> > > > password, and database
> > > > > > name. You may hide this information in different
> > > > file than the file
> > > > > > that your users open then the hacker will see
> > > > something like
&
Re: [PHP] PHP in corporate settings?
Jeff Lewis wrote: > > I still rarely ever see PHP mentioned in job listings and the like. Especially here >in Canada I find it very hard to find any kinds of contacts for companies using PHP. >My previous employer that I was with for 3+ years insisted on Micro$oft products and >wanted to go with ASP. > > My current employer, a HUGE media/newspaper in Ontario goes with strictly Java. > > Is it that people still are hesitant to go wth open source based technology? > > Jeff Lewis Hi All, Just one point Java is actually open source, because you can get the source code for the JVM. It is not GPL what means that if you want to make money with it you have to pay for it (but after all Sun is a bussiness, and bussiness are for making money). One question how many programmers, technicians, support companies there aree for Microsoft Products? and now how many of them there are for PHP, open source, GPL? and I mean BIG companies. Beleive it or not certification is important. People fear to get stuck with something that anybody knows how to use. Maybe not all the time they choose it for this same reason. You might want to check this out http://www2.linuxjournal.com/lj-issues/issue85/index.html Sean C. McCarthy SCI, S.L. (www.sci-spain.com) BTW: I use Linux for work and home, and I like things like PHP ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP in corporate settings?
Rasmus Lerdorf wrote: > > > Just one point Java is actually open source, because you can get the > > source code for the JVM. It is not GPL what means that if you want to > > make money with it you have to pay for it (but after all Sun is a > > bussiness, and bussiness are for making money). > > Access to source code has very little to do with being "Open Source". > Access to source code is 1 out of 9 requirements for something to be open > source. Please see http://www.opensource.org/docs/definition.html > > -Rasmus Ok sorry about that. I read "open source" and not Open Source as OSD ;-) Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Determining browser encryption strength
Hi Bolivar, Ciphering is something done at the network level when the connection is done. It is done exactly at the negotiation of the SSL session and it is done by the Server (Apache, IIS, ...). So you can use the information provided by the CGI Environment Variables of Apache (if it happens that you are using Apache) to determine the actual SSL enc method. More precisely you can use the HTTPS_CIPHER, HTTPS_KEYSIZE and HTTPS_SECRETKEYSIZE to determine the different aspects of the actual encryption method used by the client. If you want 128bits that means Triple-DES for simetric encryption. If you do not have a strong know-how at SSL I recommend you these two links: Intro to SSL http://developer.netscape.com/docs/manuals/security/sslin/index.htm Apache-SSL doc http://www.apache-ssl.org/docs.html Hope this helps you. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) Bolivar Shagnasty wrote: > > My web site it going to be the starting point with a link to an application > that only works with browser at 128bit strength. What I would like to do is > automatically determine if the user doesn't have a compatible browser and > then direct them where to get the correct browser. Does anyone know how I > might go about doing this? > > tia, > bol > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Storing Credit Card Numbers, etc.
Hi, I agree completly with him. You should go through another entity for payment. You should go through some company that ensures you reliability and security. Here in Europe there are a lot of histories about company databases being hacked and loosing up to 15.000 cc numbers. By no way you could get the security these companies can offer you. Try these ones (I do not endorse to any of these companies or have no information about them) ccbill.com or americanbank.com. I recomend you browsing through the net for more. Also for the private information you should use SSL in the trasactions. Hope this helps Sean C. McCarthy SCI, S.L. (www.sci-spain.com) Richard Lynch wrote: > > > I'm new to PHP and to e-commerce. Needless to say, I've done a lot of > > studying over the last few weeks and I'm ready to dive in head first! > > Actually, you're not... Sorry. The fact that you want to store data in > flat files, and that you want to store CREDIT CARD INFO the way you describe > tells me that you haven't read enough. > > > I'll be building an e-commerce site and I'll be using PHP. I'd like > > customers to have the option of saving their information so that they > don't > > have to enter it each time they purchase -- much like Buy.com does or like > > Amazon.com's One-Click feature. > > Those are nice features, *IF* the information is stored and accessed > properly. > > > This means that the customer will be storing information like one or more > > credit cards, shipping addresses, billing addresses, etc. > > > > I'm planing on storing all information in flat files so that I don't have > > the additional expense of using MySQL (My ISP is charging 24.95/month > extra > > for MySQL service). > > Consider moving to a different server. $24.95/month should get you > everything you need including MySQL *UNLESS* you're a high-volume site with > 10,000+ hits/day or heavy bandwidth like audio/video. > > > So the question is: How can I store each customer's information safely? > Can > > I use .htaccess and .htpasswd to help me out? Or don't they even apply? > > .htaccess and htpasswd would be okay for AUTHENTICATION of a few people, but > if your server is running PHP as a Module, you're better off using PHP to do > the HTTP Authentication. See the PHP manual online for sample code. > http://php.net/ > > Authenticating a user as a specific customer is COMPLETELY SEPARATE from > safely storing their credit card information. > > > My intention is to store the user's password encoded with md5 or something > > and also to develop my own cipher for disguising the credit card numbers > as > > well. > > > > Any suggestions? > > Don't. > > md5 is useless for this, and developing your own cipher is out-and-out silly > unless you are a cryptography expert. > > When Amazon et al store a credit card number, they have a very specific > custom setup for that, involving: > > A separate dedicated computer *NOT* directly connected to the Internet to > store the cc info. These machines are: > accessible via a SECOND Ethernet card in the web-servers > invisible to the outside world > only accept connections to the Database server -- no other software > installed > only accept data from that one Ethernet cable > physically accessible only to trusted few > > Further, even their web-servers are DEDICATED machines, not shared-access at > an ISP. These machines will have an extremely limited number of users able > to directly access them. Yours has several hundred untrusted users. > > In short, if you are balking at $24.95 a month for MySQL, your budget is > *NOWHERE* *NEAR* within reach of the hardware/software/facilities required > to safely STORE credit card numbers. > > By all means, feel free to hook up with a third-party firm to process your > credit cards in real-time. > > But you'll have to forego the STORAGE of credit card info feature for now. > > -- > WARNING [EMAIL PROTECTED] address is an endangered species -- Use > [EMAIL PROTECTED] > Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm > Volunteer a little time: http://chatmusic.com/volunteer.htm > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session security issue
Hi,
For security use SSL and get the SSLSession ID instead. This cannot be
fooled since it is based in PK handshake and with simetric encryption.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Christian Dechery wrote:
>
> I have pages that uses session for security that looks something like this:
>
> session_start();
>
> if( !isset($uid) )
> {
> include("include/auth.inc.php");
> auth_user();
> }
>
> more code...
> ?>
>
> so $uid tells me if the user is logged on or not...
>
> but what if somebody calls the script directly from the address bar like
> this: http://server/script.php?uid=10
>
> wouldn't this be a security problem?
>
> . Christian Dechery (lemming)
> . http://www.tanamesa.com.br
> . Gaita-L Owner / Web Developer
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Object members dynamic access?
Hi All,
I was wondering if it is possible to access dinamically to the members
of a class. I mean to access like:
--
class foo {
var $bar;
var $barbar;
}
...
...
$foo_instance = new foo;
$somevar = $foo->$anothervar;
-
I now this doesn't work, and have searched the manual and haven't found
anything on it. I doubt it since this is more or less the work of the
Arrays and not the way a class should behave. Anyway any ideas? thanks
in advance.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Object members dynamic access?
Hi,
The code below is actually code to access an object's member. That's
fine as long as you give the name of the member at the time you write
the code. What I am interested is to know if the members name might be a
variable, I mean not hardcoded but a variable useful for loops, etc.
Thanks.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Cerel wrote:
>
> Try this :
>
> class foo {
> var $var1="hello";
> var $var2="world";
> }
> ...
> ...
> $fooinstance = new foo;
> $vartest=$fooinstance->var1;
> echo ($vartest); // should be 'hello'
>
> This should work, but i had no time to test this code.
>
> See you later
>
> Sean C. McCarthy <[EMAIL PROTECTED]> a écrit dans le message :
> [EMAIL PROTECTED]
> > Hi All,
> >
> > I was wondering if it is possible to access dinamically to the members
> > of a class. I mean to access like:
> >
> > --
> > class foo {
> > var $bar;
> > var $barbar;
> > }
> >
> > ..
> > ..
> >
> > $foo_instance = new foo;
> > $somevar = $foo->$anothervar;
> > -
> >
> > I now this doesn't work, and have searched the manual and haven't found
> > anything on it. I doubt it since this is more or less the work of the
> > Arrays and not the way a class should behave. Anyway any ideas? thanks
> > in advance.
> >
> > Sean C. McCarthy
> > SCI, S.L. (www.sci-spain.com)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] register_globals odd behaviour?
Hi All,
I just come across and odd behaviour with the register_globals and
session handling. The problem is that when I set the register globals to
on I cannot access the session_variables through the associative array
HTTP_SESSION_VARS. The manual says explicitly that with track_vars and
register_globals both on the array and the vars will point to the same.
It just doesn't happen the vars are not written at the end of the
script. I mean with register_globals ON:
this does not work. My php is PHP Version 4.0.3pl1 running on Linux
2.2.18 and Apache1.3.9 . Does this bogus behaviour happen with higher
versions too?
Thanks in advance.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: register_globals odd behaviour?
Hi,
Internally I use variables but I use the array to update the value since
I have problems with the scope inside classes. So I update the value on
the array just at the end of the script by registering an update
function with register_shutdown_function().
What is the reason that I should not use the array? Is there any problem
doing it that way?
Thanks in advance.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
PS: By the way I couldn't find this bug in the bug database.
Richard Lynch wrote:
>
> I think you should still use $count++
>
> The array is just there for you to *READ* data, not to alter it.
>
> --
> WARNING [EMAIL PROTECTED] address is an endangered species -- Use
> [EMAIL PROTECTED]
> Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
> Volunteer a little time: http://chatmusic.com/volunteer.htm
> ----- Original Message -
> From: Sean C. McCarthy <[EMAIL PROTECTED]>
> Newsgroups: php.general
> To: PHP General List <[EMAIL PROTECTED]>
> Sent: Tuesday, August 21, 2001 1:00 AM
> Subject: register_globals odd behaviour?
>
> > Hi All,
> >
> > I just come across and odd behaviour with the register_globals and
> > session handling. The problem is that when I set the register globals to
> > on I cannot access the session_variables through the associative array
> > HTTP_SESSION_VARS. The manual says explicitly that with track_vars and
> > register_globals both on the array and the vars will point to the same.
> >
> > It just doesn't happen the vars are not written at the end of the
> > script. I mean with register_globals ON:
> >
> > > session_register("count");
> > $HTTP_SESSION_VARS["count"]++;
> > ?>
> >
> > this does not work. My php is PHP Version 4.0.3pl1 running on Linux
> > 2.2.18 and Apache1.3.9 . Does this bogus behaviour happen with higher
> > versions too?
> >
> > Thanks in advance.
> >
> > Sean C. McCarthy
> > SCI, S.L. (www.sci-spain.com)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: register_globals odd behaviour?
Hi,
Actually is what I do but since register global is off, I do:
# Beginning of script:
session_start();
session_register('count');
$sess_object->count = $HTTP_SESSION_VARS['count'];
.
.
.
# In your class methods:
class ...
var $count
function ...
# global $count; not needed anymore
$count++;
.
.
}
}
.
.
.
# At the end of your script.
# Nothing. $count is your variable, it's registered, coo coo ka
choo
$HTTP_SESSION_VARS['count'] = $sess_object->count;
# This is actually inside a function
?>
I do not know if this is bad because the way $HTTP_SESSION_VARS[] is
designed or what. Just wanted to know if there is some real problem like
references or some problem that would cause data missing or becoming
corrupt. Thanks.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Richard Lynch wrote:
>
> > What is the reason that I should not use the array? Is there any problem
> > doing it that way?
>
> They array is simply not designed for you to use as if it were your
> variable.
>
> What you want to do is this:
>
> # Beginning of script:
> session_start();
> session_register('count');
> $count = $HTTP_SESSION_VARS['count'];
> .
> .
> .
> # In your class methods:
> class ...
> function ...
> global $count;
> }
> }
> .
> .
> .
> # At the end of your script.
> # Nothing. $count is your variable, it's registered, coo coo ka choo
> ?>
>
> You are changing $HTTP_SESSION_VARS['count'], but I'm betting the *GLOBAL*
> variable $count is not changing, and *THAT* is what was registered, and
> *THAT* is what gets save. $count in the global name-space.
>
> --
> WARNING [EMAIL PROTECTED] address is an endangered species -- Use
> [EMAIL PROTECTED]
> Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
> Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] The future of PHP
Hi, Well you are not well informed then. Java is the most popular solution to big web sites with the need to have something fault tolerant and stable. If you look a lot of banks have not JSP or servlets but EJB which are transactional, persistant through connections, multithreaded and have all the power of Java Language (safety, security, sandboxing, etc). Containers like Weblogic are making good money out of this. If you want to know if somebody is using Java, just visit www.javasoft.com or ask people like the group in charge of Tomcat (of the Apache group), XERCES or so at java.apache.org on the Jakarta project. Also Motorola and other companies are working hard to integrate Java into small devices set-top boxes and devices like that. I guess that there are places to use PHP and others to use Java, you decide what will suit better your needs. Sean C. McCarthy SCI, S.L. Kai Schaetzl wrote: > > > JSP is the wave of the future > > > > As was said two years ago about Java. Does anybody still know about > Java? ;-) > > Kai > > -- > > Kai Schätzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > IE-Center: http://ie5.de & http://msie.winware.org > ClubWin - Help for Windows Users: http://www.clubwin.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] wget
Hi,
use '-o /dev/null' with this you will get no output at all.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Augusto Cesar Castoldi wrote:
>
> Hi.
>
> I'm using "wget -q -o /home/httpd/html/temp/logs.txt
> http://localhost/script.php"; to run a php script from
> shell.
>
> But 'wget' always create a log file with same name of
> the script that wget are running in
> "/home/httpd/html/".
>
> why he doesn't put the "logs" in logs.txt?
>
> thanks.
>
> Augusto
>
>
>___
> Yahoo! GeoCities
> Tenha seu lugar na Web. Construa hoje mesmo sua home page no Yahoo! GeoCities. É
>fácil e grátis!
> http://br.geocities.yahoo.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] The future of PHP
Manuel Lemos wrote: > Do you really believe that? As far as I can recall, this recession > started when a "mean judge" convicted Microsoft for anti-trust > practices. That caused NASDAQ crash that scared people away from > investing in tech company stocks. Many Internet companies dried and > without cash from the investors many went bankrupt. That affected all > the small or big corporations that have grown and were dependent on the > networking market. I don't think this affected much non-technological > companies, big or small. So I don't think your anti-big corporations > speech has much to do with this. > > Regards, > Manuel Lemos > No, recesion on the "new economy" started as the fact that the .com (or dotcommers) companies did not develop with their market spectations. Shareholders then started to not give any more credit to bussines expectations and speculation stopped. Quarter after quarter with cash looses, and even worse "return on investement" expectations, made the shareholders move the money out of those companies and their confidence. It is the way the dotcommers made bussines and SE speculation what caused this problem. Just as a point travelprice.com just announced that this is the first quarter without losses before taxes. It just happened that they have applied normal bussines strategies and bussines models. Also the effect that this downturn is going through all the chain, from transportation to food and goods. And BTW most companies that caused this were startups not really big companies. Much more information on this can be found on the Wall Street Journal. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP to fax
Hi Ari,
If you are using Linux (if not you should! really) You can use lprfax
which will let you use 'lpr -Pfax -J', mgetty-fax, efax
or something like that. If you use one of those programs dump the
information to file and use exec() from PHP.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Ari Nepon wrote:
>
> Does anyone know of a way to go directly from a PHP/MySQL application to
> having a fax sent out??? I am trying to set up my application so that when a
> transaction is completed. Both parties receive a fax. Anyone done anything
> like this?
>
> Thanks,
>
> Ari Nepon
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] generate random ascii string
Hi, If you have random string including symbols just take them of with regexp. Look at the manual for regular expresion functions. Hope it helps. Sean C. McCarthy SCI, s.L. (www.sci-spain.com) bill wrote: > > How can a random string of only letters and numbers be generated? > > I'm stumped so far on how to avoid including symbols. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: EDI with PHP?
Hi,
You can also try to use Java (the list is going to run over me with this
comment). Xerces parser is quite good and amazinly fast, and opensource.
We are validating XML document of 3Mb with it, and it is done in three
seconds (creating a DOM object). It is just another idea if you haven't
look at it.
Also you can keep the logic more organized with the object structure.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Jon Farmer wrote:
>
> No, we would have to spend around £24,000 sterling to get the modules. We
> already have modules that allow importing of order, etc from txt files. I
> could write a PHP XML parser to interface into this.
>
> What I am not sure is how acceptable it will be to our customers
> --
> --
> Jon Farmer
> Systems Programmer, Entanet www.enta.net
> Tel 01952 428969 Mob 07968 524175
> PGP Key available, send blank email to [EMAIL PROTECTED]
>
> >
> http://www.computerworld.com/cwi/story/0,1199,NAV47-68-85-1552_STO55904,00.h
> > tml
> > http://www.xml.com/search/index.ncsp?sp-q=EDI
> >
> > PHP should be quite capable of handling this,
> > but you will end up creating a lot of the business
> > logic from scratch. If your company already uses
> > integrated management software like SAP, it may
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] adding functions to a class
Hi,
What you are looking for is the OOP class extension. Look for "extends".
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Jeroen Olthof wrote:
>
> hi,
>
> picture I have a class with some variable holding the information of this
> class. Now there are some functions to manipulate the vars. well, you nou
> what classes are about. but now I want to add functions that are located in
> a different php file. but this functions need to use the the var of the
> class.
>
> bassicly what a want is extends the original class with more functionalities
> like. you could see it as adding plug-ins in a program. So I don't want to
> just copy past the functions in the original class file.
>
> class a {
>
> var VAR1
> var VAR2
> var VAR3
>
> require(morefunctions.php);
>
> function a($param) {
> ..
> }
>
> function test2($param) {
> ..
> }
> }
>
> the require(morefunctions.php); will ofcource not work but bassicly this is
> what I want. en all the functions added should be able to use VAR1 VAR2 VAR3
> (and the other functions that are allready in the class)
>
> is there a why to do this ??
>
> kind regards
> Jeroen Olthof
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Undefined class name 'parent'
Hi Again, Maybe you are using "parrent" instead of "parent" (one 'R')? If it is not that no clue? It works perfect for me. Have you tried chapter 13 of the manual? Sean C. McCarthy SCI, S.L. (www.sci-spain.com) Jeroen Olthof wrote: > > when I use parrent::function() to use parent class function from the child > (extended one) I get > > Undefined class name 'parent' > > What I'm I doing wrong > > kind regards > Jeroen Olthof > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] The future of PHP
"B. van Ouwerkerk" wrote: > > >I can tell you that in general, companies in Europe appears to be more > >open to open-source solutions much more than ones in the US. Of course, > >Europe is comprised of lots of different countries, and each country has > >lots of different companies, so your mileage may vary. > > In The Netherlands many people believe M$ creates great products.. I > stopped fighting, upgrading and patching NT pays the rent :-) > > One of the reasons open source might be considered an alternative is the > fact that M$ products cost > In Europe M$ products are more expensive then in the US. > > I talked with one of my customers about using Linux instead of Novell or > NT.. he said Linux is to big to be used in a small company.. I don't > understand him and I even stopped trying to understand. > > Just my 0,02 > > Bye, > > B. Hi, My experience is the same. Here in Spain everybody uses Microsoft products. W95, W98, NT everywhere, and now 2000. There a lot of MCSE around and very little Linux/PHP experts. Yes there are a lot of people that say "I'm an expert on this or that..." but once you get to work with them, you notice that their knoledge is not the one that they say. Also saying "I know Linux" means absolutly nothing... The Universities and companies I have been working at or with they all use in 90% of the tasks MS products. And for critical tasks they use Solaris or another Unix. Now a few companies we are dealing with are moving to Linux/PHP, but sometimes they fall back to Microsoft because they cannot afford hiring another programmer/technician that deals with this special software written in another language and another operating system. Too bad. Where did you get that thing about EU being more open source that the US??? Is it your personal experience or what??? It is not my own experience... maybe what you mean is that the US is more in the bussines of making money with the open source than the EU, but that is something else. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sterilize user input function
Hi, You might want to have a look at http://www.thewebmasters.net/php/Validator.phtml is a class for validating serveral things. It is a PHP class. You can have a look at the regexps they have used. But as stated before it would be better to check the syntax instead... if it is not a phone number just do not accept it and require the user to enter it again. Sean C. McCarhy SCI, S.L. (www.sci-spain.com) Christian Reiniger wrote: > > On Sunday 09 September 2001 04:46, Kevin wrote: > > I think my question could be restated to: What characters are > > potentially lethal in user input. I can do the regex. But don't know > > what to parse out of the strings. > > > > would removing \ / . do the trick? > > You mean http://php.net/addslashes I suppose. Also read through the > config section (magic_quotes_*) > > -- > Christian Reiniger > LGDC Webmaster (http://lgdc.sunsite.dk/) > > The most exciting phrase to hear in science, the one that heralds new > discoveries, is not "Eureka", but "That's funny..." > > - Isaac Asimov > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Stripslashes question.
Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Thanks in advance. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stripslashes question.
Hi,
Didn't help. I tried it before that is why I tried with addcslashes.
What I have done so far is :
I have cmp'ed the file before adding slashes and after and it seems that
it is eating up the \. Like Pñ\#as renders as Pñ#as after
stripingslashes but in the DB is Pñ\\#as. As far as I know it should
have converted back from \\ to a single \. By the way I am running
4.0.3pl1 Linux
Thanks.
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Jason Bell wrote:
>
> try addslashes instead. You might have better luck.
>
> - Original Message -
> From: "Sean C. McCarthy" <[EMAIL PROTECTED]>
> To: "PHP General List" <[EMAIL PROTECTED]>
> Sent: Monday, September 10, 2001 2:42 PM
> Subject: [PHP] Stripslashes question.
>
> > Hi all,
> >
> > What will be the way to convert binary information into a string which
> > will get into an SQL query for MySQL? I tried stripcslashes but I got
> > stucked with it. Any help?
> >
> > Thanks in advance.
> >
> > Sean C. McCarthy
> > SCI, S.L. (www.sci-spain.com)
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] World Trade Centre Hit By terrorists, also pentagon
Dear All, Please I beg you not to start a discussion over this. It is a very sad moment, and I think everybody agrees with me. I send my condolences to all the people who has family in these tragic terrorism acts. Sean C. McCarthy Clint Tredway wrote: > > I am sorry, but the problem is the exact opposite. If people would turn back to God >and seek his face and live according to His will, the World would benefit greatly. > > My 2 cents. > > -- Original Message -- > From: Alexander Skwar <[EMAIL PROTECTED]> > Date: Tue, 11 Sep 2001 18:26:46 +0200 > > So sprach »[EMAIL PROTECTED]« am 2001-09-11 um 08:55:49 -0600 : > > > > We need the receive the help from Got, I believe He is the only one who can > > help us on this situation > > Well, you know: *EXACTLY* this is the problem! Your so called "god". > If it weren't for this superstition, the world would be a *MUCH* safer > place. I'm sure of that. > > But if it makes you feel better: Go on, believe in that. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Uploading Photos to MySQL
Hi all,
If you mean http://www.webtechniques.com/archives/1998/02/lerdorf/ what
inserts in the DB is just the image's name, but not the file itself.
What is exactly the problem you are having with the class? Just a couple
days ago I had a problem uploading files into a MySQL DB because the
addslashes function. As I have seen in this code it also uses it. Your
problem is with getting corrupt data from the DB?
If it is this use base64_encode and base64_decode. This is a tip Chris
(only know his name) gave me as no solution for addslashes was given...
Thanks again Chris!!
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
Richard Lynch wrote:
>
> Rasmus' classic Photo Album is still online with source code.
>
> Google:
> "Rasmus Lerdorf" and "Photo Album"
>
> --
> WARNING [EMAIL PROTECTED] address is an endangered species -- Use
> [EMAIL PROTECTED]
> Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
> Volunteer a little time: http://chatmusic.com/volunteer.htm
> - Original Message -
> From: Mike Gifford <[EMAIL PROTECTED]>
> Newsgroups: php.general
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 11, 2001 2:45 PM
> Subject: Uploading Photos to MySQL
>
> > Hello,
> >
> > Has anyone developed another class for uploading images to a MySQL
> database?
> >
> > I downlaoded upload_db.zip from:
> > http://circle.ch/scripts/
> >
> > as it was a phplib based and it looks like it should do what is required.
> > However it doesn't seem to be working.
> >
> > Does anyone else have any good pointers to scripts to store jpg/png files
> in
> > MySQL using PHP?
> >
> > Thanks.
> >
> > Mike
> > --
> > Mike Gifford, OpenConcept Consulting, http://openconcept.ca
> > Offering everything your organization needs for an effective web site.
> > Abolish Nuclear Weapons Now!: http://pgs.ca/petition/
> > In all things it is better to hope than to despair.Wolfgang von Goethe
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: Uploading Photos to MySQL
Mike Gifford wrote:
>
> Hi Sean,
>
> Sean C. McCarthy wrote:
> > If you mean http://www.webtechniques.com/archives/1998/02/lerdorf/ what
> > inserts in the DB is just the image's name, but not the file itself.
>
> I had trouble opening up the upload.php3 file in list six, so I couldn't verify
> by looking at the code. Not sure if it was the javascript or what, but I
> couldn't open it.
I'll send you the code at a separate message, but just look at the
tables definitions. There are no blob columns.
>
> > What is exactly the problem you are having with the class? Just a couple
> > days ago I had a problem uploading files into a MySQL DB because the
> > addslashes function. As I have seen in this code it also uses it. Your
> > problem is with getting corrupt data from the DB?
>
> Add slashes are included as the file is added to the array:
> $this->daten["image"] = addslashes(fread(fopen($userfile, "r"),
> filesize($userfile)));
>
> Some content almost gets inserted. However it only gets as far as:
> Content-Type: image/jpeg ÿØÿà
>
> The image filed is just a blob
>
Correct! I tried the same but with PDF files. The problem I had was that
stripslashes and stripcslashes were not working as the manual said. When
I had one \ addslashes() gave me \\ (comfirmed at the DB) but
stripslashes() gave me a big nothing striping everything.
> > If it is this use base64_encode and base64_decode. This is a tip Chris
> > (only know his name) gave me as no solution for addslashes was given...
> > Thanks again Chris!!
>
> Ok.. This is getting better..
>
> http://php.net/manual/en/function.base64-encode.php
> $this->daten["image"] = addslashes(base64_encode(fread(fopen($userfile, "r"),
>filesize($userfile;
Just
$this->daten["image"] =
base64_encode(fread(fopen($userfile, "r"), filesize($userfile)));
The special chars in RFC2045 are from
http://www.ietf.org/rfc/rfc2045.txt?number=2045 :
tspecials := "(" / ")" / "<" / ">" / "@" /
"," / ";" / ":" / "\" / <">
"/" / "[" / "]" / "?" / "="
; Must be in quoted-string,
; to use within parameter values
Ok "_" is not there... but anyway you are not going to make searches
with " ... like 'something_' ...".
>
> gives me quite a lot more information. Even looks like when I upload different
> images, that it is different information (unlike previous attempts)
>
> Unfortunately, it still isn't producing the graphic that I'm looking for...
> Hmm..
>
> I get raw code easily enough:
> http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=16
> http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=17
> http://pgs.ca/WLP/profiles/getimage-simple.php3?imageID=18
>
> Which is generated by:
> mysql_connect($DBHOST, $DBUSER, $DBPASS);
> mysql_select_db($DATABASE);
> $resultset = mysql_query($query);
> $query = "SELECT image FROM ztpv_images WHERE imageID = $imageID";
> $resultset = mysql_query($query);
> print(stripslashes(base64_decode(mysql_result($resultset, 0, "Image";
>
> So I couldn't either view the file here.. or within a . See:
> http://pgs.ca/WLP/profiles/test.html
>
> Also thanks for providing the direct URL for :>>Rasmus' classic Photo Album is still
>online with source code.
> >>Google:
> >>"Rasmus Lerdorf" and "Photo Album"
Have you forgot to add:
header ("Content-Type: image/jpeg");
just before the print? If you have the type will be text/plain (or
text/html or something). Add it just before anything gets outputed.
doing a wget -s I got the replies from your scripts like:
Content-Type: text/html
Content-Type: image/jpeg
No idea about this...
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Accessing pdf file thru php
Hi,
I have the same problem going on. I have tried IE on Windows 98, 2000
and Netscape on Linux, 98 without any difference. I can't check it
because using https and sessions, but can anyone try to use wget with
the -s option to see what is going on the headers? Also might be useful
to see what PHP are u running.
Mine PHP4.0.3pl1 on Linux+Apache
Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)
PS: I know I should upgrade when having funny problems, but actually we
are almost finishing a project a we cant stop to recompile and
reinstall.
Matthew Loff wrote:
>
> Are you using Internet Explorer? I've found that broken installations
> of Acrobat will cause that... Try reinstalling acrobat on your computer,
> and also try using Netscape... See if they work.
>
> --Matt
>
> -Original Message-
> From: George Pitcher [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 12, 2001 10:01 AM
> To: Brad S. Jackson
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] Accessing pdf file thru php
>
> Brad,
>
> Thanks for that pointer.
>
> However, with that implemented, all I get is the PDF coding dumped onto
> the screen - no pdf file downloaded!
>
> Any further suggestions. I feel as though I'm getting there . . .
> slowly.
>
> George
>
> - Original Message -
> From: "Brad S. Jackson" <[EMAIL PROTECTED]>
> To: "George Pitcher" <[EMAIL PROTECTED]>
> Sent: Wednesday, September 12, 2001 2:52 PM
> Subject: Re: [PHP] Accessing pdf file thru php
>
> >
> >
> > You should call header() for each header line. And you should only
> > send
> one
> > content type header.
> >
> > header("Content-type: application/pdf");
> > header("Content-Disposition: inline;
> filename=D:\\Pdf\\0226138097(57-77).pdf");
> > header("Content-Length: $len");
> >
> >
> > "George Pitcher" <[EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> > I'm trying to build php into an existing solution which uses Lasso.
> >
> > I have tested the passing of data from Lasso to php and that works
> > fine.
> >
> > I want Lasso to pass the filename over to a php page and for that page
>
> > to grab the file from a folder outside of the webroot and push it out
> > to the user, at the same time as presenting them with a confirmation
> > form so that downloading can be confirmed.
> >
> > I have tried the following code without any good results:
> >
> > > $filename="D:\\Pdf\\0226138097(57-77).pdf";
> > $len = filesize($filename);
> > $header="
> > Content-type: application/pdf
> > Content-type: application/x-octet-stream
> > Content-Disposition: inline; filename=D:\\Pdf\\0226138097(57-77).pdf
> > Content-Length: $len";
> > header=($header);
> > readfile($filename);
> > ?>
> >
> > I get a parse error on the line that calls the header.
> >
> > Can anyone help me with this please?
> >
> > Regards
> >
> > George Pitcher
> >
> > Technical Manager
> > HERON Project
> > Napier University
> > Edinburgh EH10 5DT
> >
> > [EMAIL PROTECTED]
> > [EMAIL PROTECTED]
> > [EMAIL PROTECTED]
> >
> > http://www.heron.ac.uk
> >
> >programmer - A device for transmuting caffeine into code.
> >
> >
>
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] To
> contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP Security
Hi,
I don't think there is any other way, at least so easy to extend. The
only improvement will be to combine the system with calls to NIS or a
Kerberos/RADIUS server. If you have such a server (or maybe LDAP ???)
you should combine it for administration easiness.
[EMAIL PROTECTED] wrote:
>
> This is a rehash of a post earlier today!
>
> I implement security with user hierarchies which I will describe here (and
> also a more flexible method, user groups, which I will outline later ).
>
> I use a procedure called ensure_logged_in ( $level ). It is wrapped around
> all .PHP where security is required (as an 'if' which is the first line on
> the page with '}' as the last ), so
>
> if ( ensure_logged_in( 5 ) ) {
> ...
> do stuff
>
> }
> ?>
>
A better way will be (I think):
That way you could just put it in a file and include it at the header,
not needing to wrap the code around. He was talking about thousands of
pages!!!
> Levels are implemented as such. Punter could be 0, Administrator 5 and
> Suppresser 9. You could then pass this through to the function. So
> ensure_logged_in(5) would return true if user was at least of level 5
> (allowing levels 5,6,7,8,9 access). For pages for punters who must be
> logged in use ensure_logged_in(0).
>
> The ensure_logged_in function checks the level and if the user is not
> authorised displays an error and login form (the function returns false).
> This will then post to where you currently post for login processing (I
> actually include the form in and reuse it for both here and login.php ).
>
> Alternatively ensure_logged_in could just display an error message (and
> maybe email the administrator if the person was logged in and trying to
> access an unauthorised part of your system ).
>
> There is in fact another function ( is_logged_in ) which ensure_logged_in
> uses and also returns Boolean. This function enables different
> functionality for different levels ( i.e. not including certain fields
> unless user is of a certain level ).
>
> User level is held in a session variable ( i.e. $SESSION["user"]["level] )
> and set when logged in.
>
> The alternative would be to define groups and say which .PHP modules have
> access to which groups. You can then allocate users to a gropes (or a
> number of groups). Each .PHP module is then wrapped with a function ( say
> chack_security() ) which works similar to ensure_logged_in. I have only
> done this sort of thing in oracle applications ( client/server non web )
> but the principle is the same. You could also go further and define
> database access as well as module using something like :-
>
> Table module_access
> module_name varchar( 100 )
> allow_update Boolean
> allow_insert Boolean
> allow_delete Boolean
>
> Don't see much point in allow_select ;-)
>
> Sure you could also define which fields users DO NOT have access to on top
> of this with another table ( defining what fields users DO have access is
> crazy as this security is built on top of previous ).
>
> Please let me know what you think, at least I then know someone red it -:)
>
> Ben
>
> Regards,
> Ben
>
> "Allen May" <[EMAIL PROTECTED]> on 13/09/2001 13:40:06
>
> To: <[EMAIL PROTECTED]>
> cc:
> Subject: [PHP] PHP Security
>
> I have been using the .htpasswd/.htaccess convention to authenticate our
> 3000 employees.
> I want to move away from the .htpasswd/.htaccess convention and use a PHP
> form to authenticate against the database.
>
> I can create the PHP authentication page, no problem, but how do I check
> authentication on the thousands of HTML pages I already have on the site?
> For several reasons I don't want to do cookies. Can I set a session
> variable
> in the PHP and conditionally check it with Javascript, if fail go to PHP
> authentication form?
>
> What is the javascript session variable function?
>
> Thanks
>
> -Allen
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
