[PHP] highlight_string for VB, CPP or .NET source code?
Hello all PHP offers the fantastic function highlight_string to highlight PHP source code. I was wondering whether anyone had written a function to highlight Visual Basic, CPP or .NET source code. Alternatively, would anyone have any suggestions on how to write such a function. Ideally, the output of this function / these functions would look very similar to that of highlight_string. Thank you in advance for any light that you could shed on this subject. All the best Stefen Lars _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Cross-Site Sesison ID Propagation
Hello all fellow-hackers
I am working on a project that includes a number of web sites, which are
grouped together into one network. Kind of like the OSDN network, of which
Slashdot.org, for example, is a member.
I need to implement a cross-site session. Using a technique, similar to the
one described at PHPBuilder
(http://www.phpbuilder.com/columns/chriskings20001128.php3) I implemented
this without too much difficulty.
The links at the top of each site (links to other sites in the network)
simply include the session id in the GET request:
http://www.site.com/?sid=1234567";>Site1 | http://www.site2.com/?sid=1234567";>Site2 | http://www.site3.com/?sid=1234567";>Site3 etc
As per article, the session id is passed between the sites with ease and the
session from Site 1 can be continued on Site 3 for example.
However, there are a number of cross-site links in the main body of the site
(i.e. not in the network link bar at the top of the page) that link various
articles from one site to another.
Thus, when a user clicks on one of these cross-site links, s/he cannot
continue her/his session, as the session ID is not propagated; the
--enable-trans-sid option only works on internal links (a very wise design
choice, may I add).
However, in my case, I would like to be able to define a list of external
sites that the --enable-trans-sid option works with. (i.e. the sites in
the network).
Is this possible?
If not, which method could I use to propagate the session id between the
sites in the network?
I know, it would be possible to manually add the session id to each
cross-site link, but this is not a great idea, as a number of the links are
from web site visitors in user-comments / forum posts they have submitted.
I may be possible to use output buffering to rewrite the cross-site links to
include the session id (like the --enable-trans-sid option works, I
guess). But, as I am using compression
(ob_start("zlib.output_compression");), that may not work. Plus, it seems a
very fiddly method to me.
Any suggestions from anyone, on how I may perform the cross-site session
propagation?
All the best
/S
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cross-Site Sesison ID Propagation
Hello Chris
And thank you for your comments and suggestions.
I think that the solution you offer is a great idea. However, in my case, I
may not be able to implement it as I, as the webmaster, do not always get
the chance to add $next_query_string to the a href. Some of the cross-site
links are added to discussion forums by the users.
I will try making a wrapper function that makes the special sauce links in
the normal body of the pages. That will just leave the cross site links in
the forum. May be I will be able to implement a special solution for the
forum
May I asked what CDSM specification is
I am not familiar with the term.
Thanks again for your comments. They have been really helpful to me.
Stefen
>From: Chris Shiflett <[EMAIL PROTECTED]>
>To: Chris Shiflett <[EMAIL PROTECTED]>
>CC: Stefen Lars <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>Subject: Re: [PHP] Cross-Site Sesison ID Propagation
>Date: Mon, 08 Jul 2002 17:31:02 -0500
>
>I made an error in my explanation (below). The reason you don't want to
>include the query string separator character in your variable is to allow
>flexibility with the types of URLs you can easily integrate this in with.
>My example should have looked like this:
>
>http://www.site3.com/?">Site 3
>
>The same conditional logic can be used. This allows for URLs that already
>have a query string to be addressed as follows:
>
>http://www.site3.com/index.php?task=incoming&;$next_query_string; ?>">Site 3
>
>Happy hacking.
>
>Chris
>
>Chris Shiflett wrote:
>
>>Stefen,
>>
>>There is no built-in way to do what you are speaking about here (that I
>>know of), but there is a pretty easy technique. However, even this
>>requires a lot of work to integrate into your existing code, but it will
>>ease all future additions and maintenance.
>>
>>Keep a variable called something like $next_query_string (so you don't
>>confuse it with the current one - you can just use $query or something if
>>you prefer brevity), and keep up with any and all variables that you may
>>need to include in all of your external links to other affiliated sites.
>>
>>For example:
>>
>>$next_query_string="sid=1234567";
>>
>>For all links where you're wanting to include the session ID in the URL,
>>build them as follows:
>>
>>http://www.site3.com/">Site 3
>>
>>I'm sure this seems like just as much work, but once in place, your
>>development will be much easier.
>>
>>This will also allow you to add conditional logic to which sites receive
>>the "special sauce" in their URL. :-)
>>
>>if (in_array("www.site3.com", $hosts_allow))
>>{
>>?>
>>http://www.site3.com/">Site 3
>>>}
>>else
>>{
>>?>
>>http://www.site3.com/";>Site 3
>>>}
>>
>>This will also allow you to make global changes to how you handle this
>>cross-domain session management. I wrote an extensive CDSM specification
>>for the USPS to use (if you ever notice, many of their "services" are not
>>in the usps.com domain) that leverages the HTTP protocol to maintain
>>*some* security. I would recommend that you also consider passing
>>additional information on the URL that is, for example, some encrypted
>>information about the client that would at least be somewhat challenging
>>to spoof. This would make it more difficult for someone to impersonate
>>your user, since more than just the session ID on the URL would be
>>necessary. How secure you want to make this needs to be balanced with your
>>performance requirements, of course, because checks do take time.
>>
>>Just a suggestion.
>>
>>Happy hacking.
>>
>>Chris
>>
>>Stefen Lars wrote:
>>
>>>Hello all fellow-hackers
>>>
>>>I am working on a project that includes a number of web sites, which are
>>>grouped together into one network. Kind of like the 'OSDN' network, of
>>>which Slashdot.org, for example, is a member.
>>
>>
>>
>>
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Code snippet archive
Hello all One part of the task that I have been recently been assigned involves creating a 'code archive' of sample applications for a certain Visual Basic control. The idea is that a web visitor can download code snippets and the associated Visual Basic project file in a .zip file. By playing with the code snippet (of which there are about 100), the web visitor can then learn more about how the Visual Basic control works. The code archive should have all the usual features: description of how the code snippet works, date entered into the archive etc. In a nutshell, the code archive should look something like the one at: http://www.zend.com/codex.php Before I start work on my own, I was wondering if anyone else had created such a code archive? Or whether there perhaps exists one as an open source project somewhere? If you have any idea where I could get such a (set of) script(s), I would love to hear from you. TIA S _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] The definitive source for PHP news, tutorials and articles (also, as XML)
Hello all I posted a link to Coding The Web (CodingTheWeb.com) a while ago as they had a channel dedicated to Google. It seems that they have updated the site a bit in the past few days and now have a news channel for PHP too. It is pretty cool: http://www.codingtheweb.com/projects/newslog/portal/1_1.htm What is really cool is the fact that you can syndicate their content for free. Take a look at the bottom of the page. There are two links to XML files: http://www.codingtheweb.com/projects/newslog/portal/1_2.xml (RDF) http://www.codingtheweb.com/projects/newslog/portal/1_3.xml (RSS) You can use this content on your own web site for free! Parsing out the data from an RDF file is pretty easy. Take a look at this tutorial to learn more: http://www.webmasterbase.com/article/560 (or see: http://www.phpclasses.org/browse.html/package/259.html http://www.phpclasses.org/browse.html/package/61.html http://www.phpclasses.org/browse.html/package/80.html ) I have already added the RDF file to my personal start page. It makes sure that I always know about the latest PHP articles, tutorials, news etc. To the Webmaster of CodingTheWeb.com if you are reading this: Thanks for creating this simple news portal. It works well, loads fast and you offer your content as XML. Nice. Well done. Stefen _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Secure MySQL connections in PHP with 'stunnel'
Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
Thank you Carl, for your suggestion.
You are correct. In this case, it would be possible to use mysqldump to
create a file, then SSH to transfer it and then pipe it into the database.
However, I am interested in learning how to connect directly to the MySQL
port, as in a second step of the project I am working on, various data from
various servers will be handled. The 'dump to a file' approach, while fine
in my little example below, will no longer be manageable in step two.
Do you have any experience with stunnel or indeed, any other method of
securely transferring data between 2 MySQL servers??
Stefen
>From: "Cal Evans" <[EMAIL PROTECTED]>
>Reply-To: <[EMAIL PROTECTED]>
>To: "Stefen Lars" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
>Date: Mon, 29 Apr 2002 10:31:00 -0500
>
>
>My suggestion, if you just want to move data between the 2 servers, is to
>mysqldump to a file, scp the file to the destination server and then mysql
><
>filename to get it into the second server. You can't do it under
>programmatic control but it will work and your data will remain secure in
>transport.
>
>=C=
>*
>* Cal Evans
>* Journeyman Programmer
>* Techno-Mage
>* http://www.calevans.com
>*
>
>
>-Original Message-
>From: Stefen Lars [mailto:[EMAIL PROTECTED]]
>Sent: Monday, April 29, 2002 10:24 AM
>To: [EMAIL PROTECTED]
>Subject: [PHP] Secure MySQL connections in PHP with 'stunnel'
>
>
>Hello all
>
>I have written a very simple PHP script to copy the data from one MySQL
>database table on SERVERA to another MySQL database table on SERVERB.
>
>Using PHP, I simply connect to each server and copy the data across. That
>works well.
>
>However, natively, MySQL works with clear text. i.e. the data is copied
>across the Internet in clear text (a bad thing).
>
>I would now like encrypt the MySQL data between SERVERA and SERVERB.
>
>After searching with Google, I see that stunnel is a tool to use.
>
>However, I have been trying with no avail to create an encrypted connection
>between the two servers from MySQL to work.
>
>Following the instructions at:
>http://www.zataz.net/php-stunnel-tuneling.php
>
>I have come up with the following:
>
>SERVERA (master)
>/usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307
>/usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d
>3307 -r 3306
>
>SERVERB (slave)
>/usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307
>/usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d
>3307 -r 3306
>
>This does not work. When I connect to the slave with:
>
>
>$db_link = mysql_connect(SERVERB:3308, "User", "Pwd")
> or die("Cannot connect to db");
>
>mysql_select_db("DBNAME",$db_link)
> or die("Cannot select MASTER db\n");
>
>?>
>
>and select / insert data into SERVERB, the data is selected / inserted to
>the database on SERVERA. This is very strange.
>
>Has anyone else tried using stunnel to achieve what I want to do? If so, I
>would REALLY like to hear how you achieve the encrypted link.
>
>Or are there other ways of securely coping data from one MySQL server to
>another?
>
>Using stunnel seems rather fiddly
>
>Any comments on this subject will be well received.
>
>Stefen
>
>
>
>
>_
>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Turning OFF auto_prepend_file on a page by page basis
Hello all I am using auto_prepend_file to include a load of files. This is prepended to all PHP parsed files. The prepend files contain the HTML for the framework of my site. How I want to create an XML file for other web sites to use. I do this by getting some data from a database and packaging it as RSS. Correctly, PHP appends my prepend file HTML on top of the XML. I do not want that, as it produced invalid XML. :-(( Is there a way to say, for example: Prepend this file to all files, but NOT this one? i.e. is it possible to turn off the prepend functionality on a page by page basis?? Thanks for your comments S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis
Usually, I use the Apache directive to add the prepend option.
I already tried setting another prepend option in the apache directives, but
it seems one does not overwite the other. I tried prepending a blank file.
But that did not work. The other prepend file was prepended.
When you say use ini_set(), do you mean
ini_set("auto_prepend_file", "/a/blank/file.php");
??
>From: "Maxim Maletsky \(PHPBeginner.com\)" <[EMAIL PROTECTED]>
>To: "'Stefen Lars'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis
>Date: Fri, 3 May 2002 15:53:16 +0200
>
>
>.htaccess
>
>
>Not sure if ini_set() will work in your case. But try.
>
>
>
>Sincerely,
>
>Maxim Maletsky
>Founder, Chief Developer
>
>www.PHPBeginner.com // where PHP Begins
>
>
>
>
>-Original Message-
>From: Stefen Lars [mailto:[EMAIL PROTECTED]]
>Sent: Friday, May 03, 2002 3:02 PM
>To: [EMAIL PROTECTED]
>Subject: [PHP] Turning OFF 'auto_prepend_file' on a page by page basis
>
>
>Hello all
>
>I am using 'auto_prepend_file' to include a load of files.
>
>This is prepended to all PHP parsed files. The prepend files contain the
>
>HTML for the framework of my site.
>
>How I want to create an XML file for other web sites to use. I do this
>by
>getting some data from a database and packaging it as RSS.
>
>Correctly, PHP appends my prepend file HTML on top of the XML.
>
>I do not want that, as it produced invalid XML. :-((
>
>Is there a way to say, for example: Prepend this file to all files, but
>NOT
>this one?
>
>i.e. is it possible to 'turn off' the prepend functionality on a page by
>
>page basis??
>
>Thanks for your comments
>
>S.
>
>
>_
>Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp.
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Returning mutliple matches of a regex with preg_match()
Hello all
I have been scratching my head for the last two days about this regular
expression problem. I would be really VERY happy if someone could help me!
I have the following text in the file 'text.htm', for example:
--
Cow, Cow, Cow, Cow, Cow
Cow, Cow, Cow, Cow, Cow
Cow, Cow, Cow, Cow, Cow
a lot of lines
boring stuff - we are not interested in this
Chicken, Chicken, Chicken
Chicken, Chicken, Chicken
Chicken, Chicken, Chicken
more lines
more boring stuff - we are not interested in this
Rabbit, Rabbit, Rabbit, Rabbit
even more boring stuff - we are not interested in this
Pig, Pig, Pig, Pig, Pig
--
I want to return all the stuff between ...
in an array. One element per match. For example, for the above text, I would
like to get back an array back like this:
array(
"Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow a
lot of lines",
"Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken,
Chicken more lines",
"Rabbit, Rabbit, Rabbit, Rabbit",
"Pig, Pig, Pig, Pig, Pig"
)
I have been trying to do this with (many variations of) the following code:
--
(.*)<\/P><\/BLOCKQUOTE>/i",$content,$matches))
{
echo "";
var_dump($matches);
echo "";
}
?>
--
For the above, var_dump() returns this:
--
array(2) {
[0]=>
string(556) " Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow,
Cow Cow, Cow, Cow, Cow, Cow a lot of lines boring
stuff - we are not interested in this Chicken,
Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken more
lines more boring stuff - we are not interested in
this Rabbit, Rabbit, Rabbit, Rabbit
even more boring stuff - we are not interested in
this Pig, Pig, Pig, Pig, Pig "
[1]=>
string(524) " Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow,
Cow, Cow, Cow a lot of lines boring stuff - we are not
interested in this Chicken, Chicken, Chicken
Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines
more boring stuff - we are not interested in
this Rabbit, Rabbit, Rabbit, Rabbit
even more boring stuff - we are not interested in
this Pig, Pig, Pig, Pig, Pig "
}
--
Clearly not what I want.
Is my approach here incorrect? Or is it indeed possible to construct a regex
to do what I want (with just one pass of the text)?
Thank you in advance.
:-))
S.
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Returning mutliple matches of a regex with preg_match()
Thank you James and Niklas.
Here is the code that I need:
(.*)<\/P><\/BLOCKQUOTE>/U",$content,$matches))
{
echo "";
var_dump($matches);
echo "";
}
?>
This returns exactly what I want (see my original post to learn what that
is.)
Thank again.
:-))
S.
>From: "liljim" <[EMAIL PROTECTED]>
>Reply-To: "liljim" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Re: [PHP] Returning mutliple matches of a regex with preg_match()
>Date: Thu, 21 Mar 2002 11:42:35 -
>
>Also, make sure that you make the match "ungreedy" with the U modifier, or
>use:
>(.*?)
>
>
>James
>
>"Niklas lampén" wrote in message
>000501c1d0aa$4a5d97f0$ba93c5c3@Niklas">news:000501c1d0aa$4a5d97f0$ba93c5c3@Niklas...
> > preg_match_all();
> >
> >
> > Niklas
> >
> > -Original Message-
> > From: Stefen Lars [mailto:[EMAIL PROTECTED]]
> > Sent: 21. maaliskuuta 2002 7:28
> > To: [EMAIL PROTECTED]
> > Subject: [PHP] Returning mutliple matches of a regex with preg_match()
> >
> >
> > Hello all
> >
> > I have been scratching my head for the last two days about this regular
> > expression problem. I would be really VERY happy if someone could help
> > me!
> >
> > I have the following text in the file 'text.htm', for example:
> >
> > --
> >
> >
> > Cow, Cow, Cow, Cow, Cow
> > Cow, Cow, Cow, Cow, Cow
> > Cow, Cow, Cow, Cow, Cow
> > a lot of lines
> >
> >
> > boring stuff - we are not interested in this
> >
> >
> > Chicken, Chicken, Chicken
> > Chicken, Chicken, Chicken
> > Chicken, Chicken, Chicken
> > more lines
> >
> >
> > more boring stuff - we are not interested in this
> >
> >
> > Rabbit, Rabbit, Rabbit, Rabbit
> >
> >
> >
> > even more boring stuff - we are not interested in this
> >
> >
> > Pig, Pig, Pig, Pig, Pig
> >
> >
> > --
> >
> > I want to return all the stuff between ...
> >
> > in an array. One element per match. For example, for the above text, I
> > would
> > like to get back an array back like this:
> >
> > array(
> > "Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow,
> > Cow, Cow a
> > lot of lines",
> > "Chicken, Chicken, Chicken Chicken, Chicken, Chicken Chicken,
> > Chicken,
> > Chicken more lines",
> > "Rabbit, Rabbit, Rabbit, Rabbit",
> > "Pig, Pig, Pig, Pig, Pig"
> > )
> >
> > I have been trying to do this with (many variations of) the following
> > code:
> >
> > --
> >
> > >
> > // open file
> > $fd = fopen ("./text.htm", "r");
> >
> > // load contents into a variable
> > while (!feof ($fd))
> > {
> > $content .= fgets($fd, 4096);
> > }
> >
> > // close file
> > fclose ($fd);
> >
> > // remove char returns and co.
> > $content = preg_replace("/(\r\n)|(\n\r)|(\n|\r)/", " ",$content);
> >
> > // match agains regex -- this does not work correctly
> > if
> > (preg_match("/(.*)<\/P><\/BLOCKQUOTE>/i",$content,$matche
> > s))
> > {
> > echo "";
> > var_dump($matches);
> > echo "";
> > }
> >
> > ?>
> >
> > --
> >
> > For the above, var_dump() returns this:
> >
> > --
> >
> > array(2) {
> > [0]=>
> > string(556) " Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow,
> > Cow,
> > Cow Cow, Cow, Cow, Cow, Cow a lot of lines boring
> > stuff - we are not interested in this Chicken,
> > Chicken, Chicken Chicken, Chicken, Chicken Chicken, Chicken, Chicken
> > more
> > lines more boring stuff - we are not interested in
> >
> > this Rabbit, Rabbit, Rabbit, Rabbit
> > even more boring stuff - we are not interested in
> > this Pig, Pig, Pig, Pig, Pig "
> > [1]=>
> > string(524) " Cow, Cow, Cow, Cow, Cow Cow, Cow, Cow, Cow, Cow Cow,
> > Cow,
> > Cow, Cow, Cow a lot of lines boring stuff - we are
> > not
> > interested in this Chicken, Chicken, Chicken
> > Chicken, Chicken, Chicken Chicken, Chicken, Chicken more lines
> > more boring stuff - we are not interested in
> > this Rabbit, Rabbit, Rabbit, Rabbit
> > even more boring stuff - we are not interested in
> > this Pig, Pig, Pig, Pig, Pig "
> > }
> >
> > --
> >
> > Clearly not what I want.
> >
> > Is my approach here incorrect? Or is it indeed possible to construct a
> > regex
> > to do what I want (with just one pass of the text)?
> >
> > Thank you in advance.
> >
> > :-))
> >
> > S.
> >
> >
> >
> >
> >
> >
> > _
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
>
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending HTML from PHP with 'mail' as a cron job
Hello all I have a script called report.php that generates a report in HTML. This report must be created at regular intervals; hence I have set up a cron job to call that script. The output of report.php must be sent by e-mail. I use the following command: /usr/bin/lynx -source http://server.com/report.php | mail -s "Report" [EMAIL PROTECTED] This works fine. The result of report.php is sent to [EMAIL PROTECTED] However, the results do not appear as HTML in the e-mail client, but as text. This is due to the fact that the headers saying This is HTML are missing from the e-mail message sent. Does anyone know how it is possible to get 'mail' to add suitable headers to the above command, so that the receiving e-mail client knows that it is getting an HTML and not a text message? Any help would be gratefully received. TIA. S. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Using Google's new SOAP based API in PHP
Hello all CodingTheWeb.com has several reports of Google's new SOAP based application programming interface: http://www.codingtheweb.com/projects/newslog/index.php?filter=Google Has anyone tries using this in PHP yet??? S. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Version 4.1.0's New Input Mechanism
Hello all Whereas I fully understand the security implications of PHP's old GET, POST and COOKIE variables and welcome with open arms the development team's decision to depreciate this facet of PHP, I am a little uncertain exactly why they have come up with the solution that appears in the version 4.1.0. If you have not yet heard of the new input mechanism, this is taken from the official announcement: -- To help users build PHP applications with register_globals being off, we've added several new special variables that can be used instead of the old global variables. There are 7 new special arrays: $_GET - contains form variables sent through GET $_POST - contains form variables sent through POST $_COOKIE - contains HTTP cookie variables $_SERVER - contains server variables (e.g., REMOTE_ADDR) $_ENV - contains the environment variables $_REQUEST - a merge of the GET variables, POST variables and Cookie variables. In other words - all the information that is coming from the user, and that from a security point of view, cannot be trusted. $_SESSION - contains HTTP variables registered by the session module -- The arrays $_GET, $_POST, $_COOKIE, $_SERVER contain exactly the same data as the arrays $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS. Try this to see for yourself: "; print_r ($_GET); print_r ($HTTP_GET_VARS); echo ""; print_r ($_POST); print_r ($HTTP_POST_VARS); echo ""; print_r ($_COOKIE); print_r ($HTTP_COOKIE_VARS); echo ""; print_r ($_SERVER); print_r ($HTTP_SERVER_VARS); echo ""; ?> Would it not have made more sense to depreciate the old variable input mechanism and suggest that the HTTP_*_VARS be used instead? Why introduce a new set of arrays? Additionally, there is the new array $_REQUEST, but from a security perspective, that is exactly the same as the old (4.0.6 and earlier) input method. OK, according to the documentation, there is no need to use the 'global' keyword when accessing the new arrays in a function, but I do not really consider that to be much of an advantage. Also from the official announcement: "Note: Some of these arrays had old names, e.g. $HTTP_GET_VARS. These names still work, but we encourage users to switch to the new shorter, and auto-global versions." May I ask why? What is the problem with the 'traditional' $HTTP_*_VARS arrays? Are these arrays going to be depreciated in the next version too? Previously, it was generally considered good practice to use the $HTTP_*_VARS array instead of the default method. Indeed, there have been several articles concerning the insecurities with PHP's default method of passing variables between pages. (As a result my PHP apps are built uniquely with the 'secure' variable passing method.) I would be _VERY_ interested in hearing your views on this new feature. Very best regards Stefen _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Insecurity with PHP authorization
Hello all I have just implemented a mySQL authorization: each html and php page checks to see whether a user is logged in by checking a cookie in the user browser. The user can log out and edit her profile (including password). If a page is called without the user being logged in, he is presented with a log in form. This works very well. There is an SSL connection to the server. Only a hash value of the password is stored in the database. However, if I directly request a graphic (or a ZIP file etc) from the site, by entering: https://www.myserver.com/photo.jpg for example, I can download that file without being logged in (naturally). In the particular *intranet* project that I am working on, this is particularly undesirable, as only personnel at the companys four locations may have access to the intranet. And there certainly will be a lot of confidential ZIP and graphic files placed on the server. I do realize that if I were to place a .htaccess file in the root of the intranet server, I could prevent the above from happening, but then I loose the advantage of having the users profile in a database, where a user can easily change her password. Allowing a web user to edit a password in the .htaccess file poses more problems than it solves, especially as it certainly could occur that more than one persons wants to edit his password simultaneously. Could anyone suggest a method to allow a user to easily edit his password, but at the same time, not allow direct access to specific non-PHP files on the intranet server? Perhaps one method would be to restrict access to the companys four gateway servers (IP addresses). However, I feel this is not to secure, and these IPs could be spoofed (and this does not really solve the problem). Any enlightenment on this subject would be well received. TIA S. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Insecurity with PHP authorization
Hello Max Thank you for this interesting idea! I have implemented it on my test server and it seems to do what I want. However, at the moment, I do not fully understand what is happening. However, I will study the Apache docs right now. Thanks! Jonathan >From: Maxwell Hung <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [PHP] Insecurity with PHP authorization >Date: Tue, 7 Aug 2001 11:22:33 +0100 (BST) > >Hi Stefan > >You can do this > >#Add this httpd.conf N.B apache > 1.3.12 >SetEnvIfNoCase Referer "^http://www.mysite/"; >local_ref=1 > ># place the following into a .htaccess file in the dir >you wish to protect the files >Options -Indexes > ># change the extensions you want to protect > > Order Allow,Deny > Allow from env=local_ref > > >This will stop and direct requests to files as the env >var will not be set. > >I've used it on my setup and it's fine. As noted above >this will only work with apache > 1.3.12 > >If you get it working could you forward it to the php >list I can't get there through this a/c > >HTH > >M@ > --- Stefen Lars <[EMAIL PROTECTED]> wrote: > >Hello all > > > > I have just implemented a mySQL authorization: each > > html and php page checks > > to see whether a user is logged in by checking a > > cookie in the user browser. > > The user can log out and edit her profile (including > > password). If a page is > > called without the user being logged in, he is > > presented with a log in form. > > This works very well. There is an SSL connection to > > the server. Only a hash > > value of the password is stored in the database. > > > > However, if I directly request a graphic (or a ZIP > > file etc) from the site, > > by entering: > > https://www.myserver.com/photo.jpg for example, I > > can download that file > > without being logged in (naturally). > > > > In the particular *intranet* project that I am > > working on, this is > > particularly undesirable, as only personnel at the > > companys four locations > > may have access to the intranet. And there certainly > > will be a lot of > > confidential ZIP and graphic files placed on the > > server. > > > > I do realize that if I were to place a .htaccess > > file in the root of the > > intranet server, I could prevent the above from > > happening, but then I loose > > the advantage of having the users profile in a > > database, where a user can > > easily change her password. Allowing a web user to > > edit a password in the > > .htaccess file poses more problems than it solves, > > especially as it > > certainly could occur that more than one persons > > wants to edit his password > > simultaneously. > > > > Could anyone suggest a method to allow a user to > > easily edit his password, > > but at the same time, not allow direct access to > > specific non-PHP files on > > the intranet server? > > > > Perhaps one method would be to restrict access to > > the companys four gateway > > servers (IP addresses). However, I feel this is not > > to secure, and these IPs > > could be spoofed (and this does not really solve the > > problem). > > > > Any enlightenment on this subject would be well > > received. > > > > TIA > > > > S. > > > > > > >_ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > To contact the list administrators, e-mail: > > [EMAIL PROTECTED] > > > > > > > > >Do You Yahoo!? >Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk >or your free @yahoo.ie address at http://mail.yahoo.ie _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Insecurity with PHP authorization
I just have just found this article, that describes this technique: http://apachetoday.com/mailprint.php3?action=pv<sn=2000-06-14-002-01-PS#SetEnvIf Thank you all for your help. :-)) S >From: Maxwell Hung <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [PHP] Insecurity with PHP authorization >Date: Tue, 7 Aug 2001 11:22:33 +0100 (BST) > >Hi Stefan > >You can do this > >#Add this httpd.conf N.B apache > 1.3.12 >SetEnvIfNoCase Referer "^http://www.mysite/"; >local_ref=1 > ># place the following into a .htaccess file in the dir >you wish to protect the files >Options -Indexes > ># change the extensions you want to protect > > Order Allow,Deny > Allow from env=local_ref > > >This will stop and direct requests to files as the env >var will not be set. > >I've used it on my setup and it's fine. As noted above >this will only work with apache > 1.3.12 > >If you get it working could you forward it to the php >list I can't get there through this a/c > >HTH > >M@ > --- Stefen Lars <[EMAIL PROTECTED]> wrote: > >Hello all > > > > I have just implemented a mySQL authorization: each > > html and php page checks > > to see whether a user is logged in by checking a > > cookie in the user browser. > > The user can log out and edit her profile (including > > password). If a page is > > called without the user being logged in, he is > > presented with a log in form. > > This works very well. There is an SSL connection to > > the server. Only a hash > > value of the password is stored in the database. > > > > However, if I directly request a graphic (or a ZIP > > file etc) from the site, > > by entering: > > https://www.myserver.com/photo.jpg for example, I > > can download that file > > without being logged in (naturally). > > > > In the particular *intranet* project that I am > > working on, this is > > particularly undesirable, as only personnel at the > > companys four locations > > may have access to the intranet. And there certainly > > will be a lot of > > confidential ZIP and graphic files placed on the > > server. > > > > I do realize that if I were to place a .htaccess > > file in the root of the > > intranet server, I could prevent the above from > > happening, but then I loose > > the advantage of having the users profile in a > > database, where a user can > > easily change her password. Allowing a web user to > > edit a password in the > > .htaccess file poses more problems than it solves, > > especially as it > > certainly could occur that more than one persons > > wants to edit his password > > simultaneously. > > > > Could anyone suggest a method to allow a user to > > easily edit his password, > > but at the same time, not allow direct access to > > specific non-PHP files on > > the intranet server? > > > > Perhaps one method would be to restrict access to > > the companys four gateway > > servers (IP addresses). However, I feel this is not > > to secure, and these IPs > > could be spoofed (and this does not really solve the > > problem). > > > > Any enlightenment on this subject would be well > > received. > > > > TIA > > > > S. > > > > > > >_ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > To contact the list administrators, e-mail: > > [EMAIL PROTECTED] > > > > > > > > >Do You Yahoo!? >Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk >or your free @yahoo.ie address at http://mail.yahoo.ie _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Regex help
Hello all In the Apache config file, we have the following directive: SetEnvIfNoCase Referer "^http://www.oursite.com/"; local_ref=1 Order Allow,Deny Allow from env=local_ref We use this to prevent people from directly linking to .gif and .jpg files. This technique is covered here: http://apachetoday.com/mailprint.php3?action=pv
[PHP] Returning a specific 'record' from an XML file
Hello all I am looking for a PHP example or tutorial that shows how it is possible to return one particular record (is that the correct terminology for an XML file?) from an XML file. For example, consider this very simple XML file: Hannibal Thomas Harris Suspense 564 8.99 4 Run Douglas E. Winter Thriller 390 7.49 5 Hannibal - the return Thomas Harris Suspense 586 21.12 10 I would like to be able to say, give me all the data from books written by author 'Thomas Harris'. In this case, I would be returned with the first and last 'record' from the above file. It would then be possible to loop through the resulting array like one can do with mysql_fetch_array and co. I know that to perform such a query in MySQL is a piece of cake, but I am currently interested in learning a little more about XML handling. If someone could point me in the correct direction to learn how do this, I would be very grateful. Also, if anyone thinks that using XML for such an application is completely wrong, please also say that. Thank you in advance /S _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] XML parsing without the PHP4 XML functions
Hello all I have recently been assigned the task of parsing an xml file and format the contents of the file in HTML. The xml file lies on another server. Our web space provider does not provide the XML functions (nor is he willing to install them) :-gr. I am sure that I am not the only who has come across this problem. Would someone have already created a few functions to parse xml that they are willing to share? I have the following structure to deal with: ProductName Why does it not work Because it is not turned on There are whole load of s in the file. I then want to display the contents a bit like this: echo $product; echo $question; etc (of course with some HTML formatting, like a bulleted list). Any help would be really VERY appreciated! Thanks S _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
