[PHP] Re: sessions
You forgot the session_start(); call. You will have to do that before you
can tap into registered vars. Hope that helps.
Jas
"Alexander Ross" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm trying to understand sessions so I can set session variables. I set up
2
> very simple pages:
>
> Page 1:
>
> session_start();
> $test_var = "froggy";
> session_register('test_var');
> ?>
> Click here
>
>
> Page 2:
>
> print $test_var."!";
> ?>
>
>
> This doesn't seem to work though. $test_var doesn't seem to have a value
> when I go the second page. What am I missing. Thanks for helping a
newbie.
>
> Alex
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Credit card checks?
Just wondering if anyone has come across the need to develop a class to test a string of numbers based on a credit card type. If you have where would I be able to get information on what string of numbers is consistent with each of the different credit cards? Any help would be appreciated! Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Credit card checks?
So there is no way to use some sort of string comparison to check the number then? I would have to have a merchant account? Sorry for being nieve, just never tried to work with credit card numbers etc. Jas "Kristopher Yates" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You should contact Visa International Service Association to determine > what constitues a "valid" credit card number. Just FYI, a valid format > is 16 digits; ---. I believe VISA normally begins with > "41" as the first two digits, however, I am not a Visa Int. agent but I > am a client. Ultimately, you would need a merchant account to verify its > validity, AFTER you have verified its format for accuracy. HTH Kris > > Jas wrote: > > >Yeah, I have looked at that class file and I don't want someone elses > >example to use, I want to build my own but have no way of knowing what makes > >up a valid visa number etc > >Jas > > > >"Richard Baskett" <[EMAIL PROTECTED]> wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >>Try this: > >> > >>http://www.AnalysisAndSolutions.com/code/ccvs-ph.htm > >> > >>Rick > >> > >>A sense of humor can help you over look the unattractive, tolerate the > >>unpleasant, cope with the unexpected, and smile through the unbearable. - > >>Moshe Waldoks > >> > >> > >> > >>>From: "Jas" <[EMAIL PROTECTED]> > >>>Date: Tue, 23 Jul 2002 12:09:48 -0600 > >>>To: [EMAIL PROTECTED] > >>>Subject: [PHP] Credit card checks? > >>> > >>>Just wondering if anyone has come across the need to develop a class to > >>> > >>> > >test > > > > > >>>a string of numbers based on a credit card type. If you have where > >>> > >>> > >would I > > > > > >>>be able to get information on what string of numbers is consistent with > >>> > >>> > >each > > > > > >>>of the different credit cards? Any help would be appreciated! > >>>Jas > >>> > >>> > >>> > >>>-- > >>>PHP General Mailing List (http://www.php.net/) > >>>To unsubscribe, visit: http://www.php.net/unsub.php > >>> > >>> > >>> > > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Credit card checks?
Yeah, I have looked at that class file and I don't want someone elses example to use, I want to build my own but have no way of knowing what makes up a valid visa number etc.... Jas "Richard Baskett" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Try this: > > http://www.AnalysisAndSolutions.com/code/ccvs-ph.htm > > Rick > > A sense of humor can help you over look the unattractive, tolerate the > unpleasant, cope with the unexpected, and smile through the unbearable. - > Moshe Waldoks > > > From: "Jas" <[EMAIL PROTECTED]> > > Date: Tue, 23 Jul 2002 12:09:48 -0600 > > To: [EMAIL PROTECTED] > > Subject: [PHP] Credit card checks? > > > > Just wondering if anyone has come across the need to develop a class to test > > a string of numbers based on a credit card type. If you have where would I > > be able to get information on what string of numbers is consistent with each > > of the different credit cards? Any help would be appreciated! > > Jas > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parse error - new set of eyes?
I am getting a parse error on line 14, I am trying to make sure session vars
are being set before rendering the page. This is lines 12,13,14 & 15. Any
help is appreciated.
Jas
if ((!$u_name) || (!$p_word)){
header("Location: index.php");
session_destroy();
exit; }
/* Check for missing session vars */
elseif ((!isset($HTTP_SESSION_VARS['clk']) ||
(!isset($HTTP_SESSION_VARS['holy_cow']) ||
(!isset($HTTP_SESSION_VARS['ipaddy']) || (!isset($HTTP_SESSION_VARS['a'])) {
/* Begin logging of client info to database table since session vars are
not present */
require '/path/to/connection/class/db.php';
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] dir to array?
Not sure why this isn't working, any help is appreciated. I am trying to
read the files in a directory and place them into an array. Here is the
code:
/* Function to create array of directory contents */
function dCNTS($files) {
$dir = opendir("/path/to/directory/");
while($imgs = readdir($dir)) {
if (($imgs != ".") && ($imgs != "..")) {
$cnt[count($imgs)] = $cnt;
} else {
print "Cannot create array of files in directory!"; }
}
closedir($dir);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] dir to array? - SOLVED
I got it fixed, thanks again. Just in case anyone else needs help with this
type of item look at readdir() at http://www.php.net
Jas
"Jason Wong" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Thursday 01 August 2002 03:00, Jas wrote:
> > Not sure why this isn't working, any help is appreciated. I am trying
to
> > read the files in a directory and place them into an array. Here is the
> > code:
> >
> > /* Function to create array of directory contents */
> > function dCNTS($files) {
> > $dir = opendir("/path/to/directory/");
> > while($imgs = readdir($dir)) {
> >if (($imgs != ".") && ($imgs != "..")) {
> > $cnt[count($imgs)] = $cnt;
> >} else {
> > print "Cannot create array of files in directory!"; }
> >}
> > closedir($dir);
> > }
>
> HOW isn't it working?
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
>
> /*
> One person's error is another person's data.
> */
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Passing hidden form var?
I think I am just over looking something here, a new pair of eyes would be
useful. Thanks in advance.
The var $ipaddy is not getting passed to code listed below
/* Form for IP checking */
$table = "cm_sessions";
$record = @mysql_query("SELECT * FROM $table",$dbh);
while ($row = mysql_fetch_array($record)) {
$session = $row['session'];
$ipaddy = $row['ipaddy'];
$host = $row['host'];
$referrer = $row['referrer'];
$hck = $row['hck'];
$nrml = $row['nrml'];
$hour = $row['hour'];
$date_stamp = $row['date_stamp'];
$stats .= "$session
$ipaddy
$host
$hck
$nrml
$date_stamp
https://localhost/admin/view.whois.php')
\" name=\"whois\">
"; }
/* Function to check IP vs. Whois db */
$ipaddy = "";
function message($msg){
echo "$msg";
flush();
}
function arin($ipaddy){
$server = "whois.arin.net";
if (!$ipaddy = gethostbyname($ipaddy))
$msg .= "Can't check Whois without an IP address.";
else{
if (! $sock = fsockopen($server, 43, &$num, &$error, 20)){
unset($sock);
$msg .= "Timed-out connecting to $server (port 43)";
}
else{
fputs($sock, "$ipaddy\n");
while (!feof($sock))
$buffer .= fgets($sock, 10240);
fclose($sock);
}
if (eregi("RIPE.NET", $buffer))
$nextServer = "whois.ripe.net";
else if (eregi("whois.apnic.net", $buffer))
$nextServer = "whois.apnic.net";
else if (eregi("nic.ad.jp", $buffer)){
$nextServer = "whois.nic.ad.jp";
#/e suppresses Japanese character output from JPNIC
$extra = "/e";
}
else if (eregi("whois.registro.br", $buffer))
$nextServer = "whois.registro.br";
if($nextServer){
$buffer = "";
message("Deferred to specific whois server: $nextServer...");
if(! $sock = fsockopen($nextServer, 43, &$num, &$error, 10)){
unset($sock);
$msg .= "Timed-out connecting to $nextServer (port 43)";
}
else{
fputs($sock, "$ipaddy$extra\n");
while (!feof($sock))
$buffer .= fgets($sock, 10240);
fclose($sock);
}
}
$buffer = str_replace(" ", " ", $buffer);
$msg .= nl2br($buffer);
}
message($msg);
}
echo arin($ipaddy);
echo $ipaddy;
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] secure?
Ok, I am not a security expert so I would like to know if my security
measures I have implimented is adequate enough to keep people out. Any
pointers on this would be very helpful as I am trying to impliment a secure
way for people to update a website through the use of a content management
application. Example of code is as follows
// Login form - index.php
Select an image to identify yourself as an administrator.
image01
image02
image03
image04
image05
// Authentication checker - auth_done.php
#check fields for valid entries in form
if ((!$u_name) || (!$p_word) || (!$image)){
header("Location: index.php");
exit;
}
connects to database
require '/path/to/database/connection/script/dbcon.php';
#selects database table containing users that are allowed to
use application
$db_table = 'users';
$sql = "SELECT * from $db_table WHERE un = \"$user\" AND pw =
password(\"$pw\")";
$result = @mysql_query($sql,$dbh) or die("Couldn't execute query");
#loops through all records to find a match
$num = mysql_numrows($result);
if ($num !=0) {
#creates variables for sessions
$p_hash = "$p_word";
$to_hash = "$image";
#creates md5 hash of image user selected
$pstring = md5($to_hash);
#creates md5 hash of password user entered
$image_sel = md5(uniqid(microtime($p_word),1));
#starts session for user
session_start();
#registers variables created (md5 of password, username, &
image) in session
session_register('user');
session_register('$pstring');
session_register('$image_sel');
#captures users ip address (logging stuff, not listed in this
code for security reasons)
$ipaddy = $REMOTE_ADDR;
#echoes success message to authenticated user
$msg_success = "You have been authorized to make changes to the
website! Your IP address has been recorded and sent to the administrator:
$ipaddy";
} else {
#this prints if user name and password combination is not
found in database
print "You are not authorized to use this application!";
exit;
}
Now on each page in the content management app I have these lines of code:
#Start the session#
session_start();
#check session variables#
if (isset($HTTP_SESSION_VARS['user']) ||
isset($HTTP_SESSION_VARS['$image_sel']) ||
isset($HTTP_SESSION_VARS['$pstring'])) {
$main = "Some kinda message for page in question";
#connects to database#
require '/path/to/database/connection/script/dbcon.php';
#if session variables not registered kick the user back to
login form#
} else {
header ("Location: index.php");
}
Now just so you know I have changed all the variables to something other
than what I am currently using, however I have made sure that this is a
working example so everything should work as is. Also I have tested this a
few different ways, including: creating a page that tries to include one of
the pages I have my security checks on from another website, linking
directly to a script within the application etc. In any event, I also have
logging setup on each and every script which I have not included here
(different topic), just in case someone does get in I can at least "try" to
find them. Any help, pointers, tutorials, examples, etc. would be
appreciated!!!
TIA
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Anyone?
I posted this yesterday and did not get any response at all? Just wondering
if someone can give me some insight into some security measures for a
content management application...
Posted 06/05/2002
Ok, I am not a security expert so I would like to know if my security
measures I have implimented is adequate enough to keep people out. Any
pointers on this would be very helpful as I am trying to impliment a secure
way for people to update a website through the use of a content management
application. Example of code is as follows
// Login form - index.php
Select an image to identify yourself as an administrator.
image01
image02
image03
image04
image05
// Authentication checker - auth_done.php
#check fields for valid entries in form
if ((!$u_name) || (!$p_word) || (!$image)){
header("Location: index.php");
exit;
}
connects to database
require '/path/to/database/connection/script/dbcon.php';
#selects database table containing users that are allowed to
use application
$db_table = 'users';
$sql = "SELECT * from $db_table WHERE un = \"$user\" AND pw =
password(\"$pw\")";
$result = @mysql_query($sql,$dbh) or die("Couldn't execute query");
#loops through all records to find a match
$num = mysql_numrows($result);
if ($num !=0) {
#creates variables for sessions
$p_hash = "$p_word";
$to_hash = "$image";
#creates md5 hash of image user selected
$pstring = md5($to_hash);
#creates md5 hash of password user entered
$image_sel = md5(uniqid(microtime($p_word),1));
#starts session for user
session_start();
#registers variables created (md5 of password, username, &
image) in session
session_register('user');
session_register('$pstring');
session_register('$image_sel');
#captures users ip address (logging stuff, not listed in this
code for security reasons)
$ipaddy = $REMOTE_ADDR;
#echoes success message to authenticated user
$msg_success = "You have been authorized to make changes to the
website! Your IP address has been recorded and sent to the administrator:
$ipaddy";
} else {
#this prints if user name and password combination is not
found in database
print "You are not authorized to use this application!";
exit;
}
Now on each page in the content management app I have these lines of code:
#Start the session#
session_start();
#check session variables#
if (isset($HTTP_SESSION_VARS['user']) ||
isset($HTTP_SESSION_VARS['$image_sel']) ||
isset($HTTP_SESSION_VARS['$pstring'])) {
$main = "Some kinda message for page in question";
#connects to database#
require '/path/to/database/connection/script/dbcon.php';
#if session variables not registered kick the user back to
login form#
} else {
header ("Location: index.php");
}
Now just so you know I have changed all the variables to something other
than what I am currently using, however I have made sure that this is a
working example so everything should work as is. Also I have tested this a
few different ways, including: creating a page that tries to include one of
the pages I have my security checks on from another website, linking
directly to a script within the application etc. In any event, I also have
logging setup on each and every script which I have not included here
(different topic), just in case someone does get in I can at least "try" to
find them. Any help, pointers, tutorials, examples, etc. would be
appreciated!!!
TIA
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Anyone?
I cannot believe that no one with alot of PHP and MySQL experience has not
replied to this post yet. Is PHP not a secure scripting language? I would
really like a little insight into this question, anyone?
"Jas" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I posted this yesterday and did not get any response at all? Just
wondering
> if someone can give me some insight into some security measures for a
> content management application...
>
> Posted 06/05/2002
> Ok, I am not a security expert so I would like to know if my security
> measures I have implimented is adequate enough to keep people out. Any
> pointers on this would be very helpful as I am trying to impliment a
secure
> way for people to update a website through the use of a content management
> application. Example of code is as follows
>
> // Login form - index.php
>
>
>
> Select an image to identify yourself as an administrator.
>
> image01
> image02
> image03
> image04
> image05
>
>
>
>
>
> // Authentication checker - auth_done.php
> #check fields for valid entries in form
> if ((!$u_name) || (!$p_word) || (!$image)){
> header("Location: index.php");
> exit;
> }
> connects to database
> require '/path/to/database/connection/script/dbcon.php';
> #selects database table containing users that are allowed to
> use application
> $db_table = 'users';
> $sql = "SELECT * from $db_table WHERE un = \"$user\" AND pw =
> password(\"$pw\")";
> $result = @mysql_query($sql,$dbh) or die("Couldn't execute query");
> #loops through all records to find a match
> $num = mysql_numrows($result);
> if ($num !=0) {
> #creates variables for sessions
> $p_hash = "$p_word";
> $to_hash = "$image";
> #creates md5 hash of image user selected
> $pstring = md5($to_hash);
> #creates md5 hash of password user entered
> $image_sel = md5(uniqid(microtime($p_word),1));
> #starts session for user
>session_start();
> #registers variables created (md5 of password, username, &
> image) in session
>session_register('user');
>session_register('$pstring');
>session_register('$image_sel');
> #captures users ip address (logging stuff, not listed in
this
> code for security reasons)
> $ipaddy = $REMOTE_ADDR;
> #echoes success message to authenticated user
> $msg_success = "You have been authorized to make changes to the
> website! Your IP address has been recorded and sent to the administrator:
> $ipaddy";
> } else {
> #this prints if user name and password combination is not
> found in database
> print "You are not authorized to use this application!";
> exit;
> }
>
> Now on each page in the content management app I have these lines of code:
> #Start the session#
> session_start();
> #check session variables#
> if (isset($HTTP_SESSION_VARS['user']) ||
> isset($HTTP_SESSION_VARS['$image_sel']) ||
> isset($HTTP_SESSION_VARS['$pstring'])) {
> $main = "Some kinda message for page in question";
> #connects to database#
> require '/path/to/database/connection/script/dbcon.php';
> #if session variables not registered kick the user back to
> login form#
> } else {
> header ("Location: index.php");
> }
>
> Now just so you know I have changed all the variables to something other
> than what I am currently using, however I have made sure that this is a
> working example so everything should work as is. Also I have tested this
a
> few different ways, including: creating a page that tries to include one
of
> the pages I have my security checks on from another website, linking
> directly to a script within the application etc. In any event, I also
have
> logging setup on each and every script which I have not included here
> (different topic), just in case someone does get in I can at least "try"
to
> find them. Any help, pointers, tutorials, examples, etc. would be
> appreciated!!!
> TIA
> Jas
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Help on Session and cockies
With sessions, the session_start(); function will initiate a session in the
severs tmp directory with a file name such as 55abhc8a83kqk etc. The
session_name("name_of_var"); function allows you to create a unique name for
your session vs. the 55abhc8a83kqk. A good way to check your sessions is to
do something like this:
$session_id";
?>
Or if you want to assign session vars, or unique variables you can do
something like this
$unique_number is your session id$unique_number is your
registered variable";
?>
If you go to php.net you can look up session() in the function list and it
will break it down alot better for you
HTH
Jas
"Marcos Lois BermúDez" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
A have two webs made in php, both uses a authentication based on session
suport.
I use in every page a session_start(); and a session_name( name); to get
different name for the sessions but when i get login i one web, and then go
to the other i get the same login.
what happend?
What means the session_name?
I use php-4.2.0 and apache-1.3.24 in a lunux box.
Any help will be apreciated.
Regards.
Marcos Lois Bermúdez
[EMAIL PROTECTED]
IQC-Services.
Carretera provincial 60 - 1
36210 Vigo - Pontevedra
Tel: +34 986 281 830
Fax: +34 986 415 074
http://www.iqc-services.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Anyone?
Ok, so you have pointed out an problem, now that you have been so kind to do this could please recommend how to resolve this? Thanks, Jas "Jay Blanchard" <[EMAIL PROTECTED]> wrote in message 002201c20d80$552be430$8102a8c0@niigziuo4ohhdt">news:002201c20d80$552be430$8102a8c0@niigziuo4ohhdt... > [snip] > I cannot believe that no one with alot of PHP and MySQL experience has not > replied to this post yet. Is PHP not a secure scripting language? I would > really like a little insight into this question, anyone? > [/snip] > > [rant warning!] > I'll bite! ;-( > > A. You gave so much code that those of us on the list who may be working may > have not had time to set it all up and test it. > 2. Security from what standpoint? That you can't be hacked? That people > can't use your CMS without authorization? That your code is complicated > enough to be impressive? Test your code...if it works you're good, if > not...fix it. > III. Your code is somewhat bloated, you don't have to go through everything > you go through to assure yourself security. Is this for an Intranet? If so > is the URL to the CMS accessible through the firewall? If for an Internet > site have you thought about putting the CMS on an SSL. > > Dang...and D. PHP is secure. You may, to assuage any further fears, encrypt > any username password information that gets transmitted from the login to > the server the first time. That is very insecure. I could port sniff your > butt to kingdom come and gain usernames and passwords all day long. You > cannot believe that no one with alot of PHP and MySQL experience has not > replied to this post yet. I cannot believe that anyone asking about security > would transmit the initial login as plain text...so we're even. > [/rant] > > Jay > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Anyone?
Sorry, never thought about using a search on forms to check my existing security measures... I am currently employing the use of SSL, however I am not that familiar with "securing forms" in the traditional sense so I do appreciate your comments. And also, I am not trying to "show off" my code, simply find ways to improve my existing ideas. Thanks again, jas "Jay Blanchard" <[EMAIL PROTECTED]> wrote in message 002301c20d82$444a6130$8102a8c0@niigziuo4ohhdt">news:002301c20d82$444a6130$8102a8c0@niigziuo4ohhdt... > [snip] > Ok, so you have pointed out an problem, now that you have been so kind to do > this could please recommend how to resolve this? > [/snip] > > You may want to do some research on securing plain text transmission. > http://www.ariadne.ac.uk/issue5/securing-forms/ > http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8&q=securing+plain+text&btn > G=Google+Search > > HTH! > > Jay > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Anyone?
Ok, I think you have gotten my point... I simply want to make sure that the
code I am writting is "up to par" on security issues such as you listed.
Maybe there are some examples of what to do vs. what not to do when writting
code that would be near impossible to exploit. I simply do not need some
script kiddie messing with the time and research I have put into making this
application. Any resources would be appreciated!
Jas
"Scott Hurring" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> No language is "secure" becuase there's no such thing.
> even supposedly secure Java VM sandboxes have well-known
> security exploits.
>
> PHP code is as secure as you write it.
> Bad programmer = bad code
>
> Name any language or program and there are
> well-documented ways to subvert it. Buffer
> overflows in "C", and flawed Double-byte char
> support in "IIS", to name a few recent and
> better-known exploits.
>
> ---
> Scott Hurring
> Systems Programmer
> EAC Corporation
> [EMAIL PROTECTED]
> Voice: 201-462-2149
> Fax: 201-288-1515
>
> > -Original Message-
> > From: Adam Voigt [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, June 06, 2002 1:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] Re: Anyone?
> >
> >
> > Yes, PHP is a secure programming language.
> >
> > On Thu, 2002-06-06 at 13:18, Jas wrote:
> > > I cannot believe that no one with alot of PHP and MySQL
> > experience has not
> > > replied to this post yet. Is PHP not a secure scripting
> > language? I would
> > > really like a little insight into this question, anyone?
> > >
> > > "Jas" <[EMAIL PROTECTED]> wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > I posted this yesterday and did not get any response at all? Just
> > > wondering
> > > > if someone can give me some insight into some security
> > measures for a
> > > > content management application...
> > > >
> > > > Posted 06/05/2002
> > > > Ok, I am not a security expert so I would like to know if
> > my security
> > > > measures I have implimented is adequate enough to keep
> > people out. Any
> > > > pointers on this would be very helpful as I am trying to
> > impliment a
> > > secure
> > > > way for people to update a website through the use of a
> > content management
> > > > application. Example of code is as follows
> > > >
> > > > // Login form - index.php
> > > >
> > > >
> > > >
> > > > Select an image to identify yourself as an administrator.
> > > >
> > > > image01
> > > > image02
> > > > image03
> > > > image04
> > > > image05
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > // Authentication checker - auth_done.php
> > > > #check fields for valid entries in form
> > > > if ((!$u_name) || (!$p_word) || (!$image)){
> > > > header("Location: index.php");
> > > > exit;
> > > > }
> > > > connects to database
> > > > require '/path/to/database/connection/script/dbcon.php';
> > > > #selects database table containing users
> > that are allowed to
> > > > use application
> > > > $db_table = 'users';
> > > > $sql = "SELECT * from $db_table WHERE un = \"$user\" AND pw =
> > > > password(\"$pw\")";
> > > > $result = @mysql_query($sql,$dbh) or die("Couldn't
> > execute query");
> > > > #loops through all records to find a
> > match
> > > > $num = mysql_numrows($result);
> > > > if ($num !=0) {
> > > > #creates variables for sessions
> > > > $p_hash = "$p_word";
> > > > $to_hash = "$image";
> > > > #creates md5 hash of image user selected
> > > > $pstring = md5($to_hash);
> > > > #creates md5 hash of password user
> > entered
> > > > $image_sel = md5(uniqid(microtime($p_word),1));
> > > > #start
[PHP] video file properties?
I am trying to see if there is a way to get the height and width attributes of a .mpg or .avi file, and the codec used in the file. I have been looking at php.net for a function to get these types of properties, however I have been unsuccessful at finding any. Has anyone accomplished something to this effect, and if so could you give me the names of the functions you used to get said properties? TIA Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] security advice...
I am wondering if anyone out there knows of a good and quick way to test the security of a site for multiple vulnerabilities; cross site scripting, etc. Of course any examples of secure coding techniques might be a better question to ask, so if anyone knows of some good resources for this please let me know where I can do some good research on this subject. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dreamweaver MX?
It also has support for snippits, or a code library that you can add, edit or delete. Saves alot of time in re-using code. I definately recommend it, not only for that reason for but for the code debugging options available. HTH Jas "John Holmes" <[EMAIL PROTECTED]> wrote in message 002101c213ca$36cfba20$b402a8c0@mango">news:002101c213ca$36cfba20$b402a8c0@mango... > Yes, download it and see. Gives you a GUI to program recordsets from the > database, and drag and drop for results. Other PHP stuff along with > highlighting built in. If it didn't cost so much, I'd recommend it. > > ---John Holmes... > > > -Original Message- > > From: Lazor, Ed [mailto:[EMAIL PROTECTED]] > > Sent: Friday, June 14, 2002 12:39 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] Dreamweaver MX? > > > > Does Dreamweaver MX have good PHP support? > > > > Thanks, > > > > -Ed > > > > > > ** > > ** > > This message is intended for the sole use of the individual and entity > to > > whom it is addressed, and may contain information that is privileged, > > confidential and exempt from disclosure under applicable law. If you > are > > not the intended addressee, nor authorized to receive for the intended > > addressee, you are hereby notified that you may not use, copy, > disclose or > > distribute to anyone the message or any information contained in the > > message. If you have received this message in error, please > immediately > > advise the sender by reply email and delete the message. Thank you > very > > much. > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] compare variables from text fields...
What is the best function or operator to compare two text strings being inputted by a text field within a form? Any help is appreciated. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] support@bignickel.net
http://www.adobe.com/products/premiere/demodnld.html#win -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] another pair of eyes?
Hello all,
I have a parse error and I am not sure why, I think my eyes are giving up on
me, or its a friday. Any help is appreciated.
// just trying to compare the session var $date to timeout if older than 5
minutes
[snippit]
/* Begin Session and register timeout, random image & client info variables
*/
session_start();
session_register('$var1);
session_register('$var2');
session_register('$var3');
session_register('$var4');
session_register('$var5');
} elseif (isset($HTTP_SESSION_VARS[$hour]) => $hour + 5*60)) {
header("Location: https://localhost/index.php"};
} else {
endif(); }
[end snippit]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php.security newsgroup any time?
I am wondering how we can get a newsgroup for security type of things, with either php, mysql or apache... To be honest I am interested in the php security newsgroup the most being as there is for the following two applications. How can one ask a moderator about that type of newsgroup? Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] timer on sessions?
Not sure how to go about setting up a function to parse the date, hour, minutes, seconds, take the seconds and register them in a session var, then do a check on the session var (seconds) vs. the seconds var + 5*60 (or 5 minutes) to time out the session and force the user to log back in. My problem is finding the correct way to check the seconds in php. Any help or pointers is appreciated. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] timer on sessions?
I am not able to test from this machine so please tell me if I am right or
wrong on this:
$tmp = time();
$tme = time() - 5*60;
session_register('tmp');
if ($tmp >= $tme) {
echo 'Time has not reached 5 minutes, session still valid';
} else {
echo 'Timer has reached 5 minutes, you will need to log back in to
continue.'; }
"Asmodean" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> J> Not sure how to go about setting up a function to parse the date, hour,
> J> minutes, seconds, take the seconds and register them in a session var,
then
> J> do a check on the session var (seconds) vs. the seconds var + 5*60 (or
5
> J> minutes) to time out the session and force the user to log back in. My
> J> problem is finding the correct way to check the seconds in php. Any
help or
> J> pointers is appreciated.
> J> Jas
>
> time() will give you a UNIX timestamp. Use it to do the math.
>
> --
> Best regards,
> Asmodeanmailto:[EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] timer on sessions?
So under the time() call, comparing it to a simple numerical value such as
"300" it knows that you are talking about 300 seconds? Is that because it
is a unix timestamp? I previously tried using date("s") to give me the
seconds from today's date then tried the compare, so using time() will work
better. Thanks a ton.
Jas
"Asmodean" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> J> I am not able to test from this machine so please tell me if I am right
or
> J> wrong on this:
> J> $tmp = time();
> J> $tme = time() - 5*60;
> J> session_register('tmp');
> if ($tmp >>= $tme) {
> J> echo 'Time has not reached 5 minutes, session still valid';
> J> } else {
> J> echo 'Timer has reached 5 minutes, you will need to log back in to
> J> continue.'; }
>
> J> "Asmodean" <[EMAIL PROTECTED]> wrote in message
> J> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >> J> Not sure how to go about setting up a function to parse the date,
hour,
> >> J> minutes, seconds, take the seconds and register them in a session
var,
> J> then
> >> J> do a check on the session var (seconds) vs. the seconds var + 5*60
(or
> J> 5
> >> J> minutes) to time out the session and force the user to log back in.
My
> >> J> problem is finding the correct way to check the seconds in php. Any
> J> help or
> >> J> pointers is appreciated.
> >> J> Jas
> >>
> >> time() will give you a UNIX timestamp. Use it to do the math.
> >>
> >> --
> >> Best regards,
> >> Asmodeanmailto:[EMAIL PROTECTED]
> >>
>
> Let's assume you've set your session timestamp (assume it's called
> $session_time) to time() at the time of login. Now, in the script...
>
> if ((time() + 300) > $session_time) {
>
> }
>
> This would be a check to see if the session is still valid. Timewise.
>
> --
> Best regards,
> Asmodeanmailto:[EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IIS Ports
Well what version of Windows are you running? NT, 2K, XP etc. Have you looked at what ports are open? What services do you need to run? Obviously IIS to serve up web pages, but what else is running? SMTP, FTP etc? Do you need those other services? If not turn them off... NT :: Administrative tools / services / locate service corresponding to port you wish to close and set to 'disabled' 2K :: Control panel / Administrative tools / services / locate service and set to 'disabled' XP :: Control panel / Administrative tools / services / locate service and set to 'disabled' Linux :: edit the file name xinet.d, init.d, ftpd, httpd, etc to disable from starting service A list of port assignments can be found here. http://www.iana.org/assignments/port-numbers Information on securing your box can be found here. http://www.securityfocus.com // recent exploits and tools to help secure your box http://www.nsa.gov/snac/index.html // for windows and linux HTH Jas "Stephen Craton" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I'm not sure where he tried to find the ports that were open but I'd guess from his apartment in Lafayette. We have a hardware firewall protecting the entire network. We're connected with a cable line and I'm really clueless as to what to do. I run windows update every day to make sure I'm not lagging behind. So far I have no real enemies that want to hack me, but I'm bound to make some eventually. I'll probably end up getting apache sometime or something. Oh, and um, I would beat up my brother but he was in the military (he dropped out because of the 5am 5 mile runs) and he's 5 years older then me... Thanks, Stephen Craton http://www.melchior.us -- http://www.melchior.us/portfolio -Original Message- From: Jeff McKeon [mailto:[EMAIL PROTECTED] Sent: Saturday, September 27, 2003 4:10 PM To: Stephen Craton; [EMAIL PROTECTED] Subject: RE: [PHP] IIS Ports can't you just beat up your brother? It won't fix your pc but it will probably make you feel better. :o) Chances are your bro is no genious and just using scripts (script kiddie) that other people write for known exploits. If this is the case, then you probably haven't been keeping up with your MS updates. What connection did he get to your pc/server though? was he inside the network or coming in from the internet. If he came in from the internet, what kind of connection are you running (cable, DSL etc)? Do you have a hardware firewall between the internet and your network? If not, you should. I make all my friend's/family who have cable/DSL modems spend the money and install them. Very often they've asked me to install them and just for gigles I turn on logging. Usually I see port scans within 10 minutes of the firewall coming up on the cable/DSL modem. Pretty scary. Whether your running MS or Linux, you should check for patches and updates EVERY DAY for all your systems and especially those acting as servers of any kind. There are also plenty of books on hacking that you can read to familarize yourself with the techniques of hacking. This will help you understand what's going on and better equip your network to deal with it. There are also many books on "box hardening" AKA firewalling. If your going to runs servers available on the internet, I suggest you read up on these things. good luck. -Original Message- From: Stephen Craton [mailto:[EMAIL PROTECTED] Sent: Sat 9/27/2003 4:31 PM To: PHP List Cc: Subject: [PHP] IIS Ports This is kind of off topic but kind of not, it's your call. My brother came home this weekend from college this weekend acting all cool since he has been learning to hack. He was telling us (the family) how he did random port penetration on the home network and he said my computer was the most vulnerable with around 25 ports open. I didn't really care until about an hour later he hacked into my computer and then reset it causing me to loose all my important information. I told my dad and my brother promptly lied about anything of the sort. What I want to know.since I know the majority of my ports open are from IIS.is how I can close these. I only need my local server accessible by just my computer but the entire network too.just not the network. I thought the ports would just be open on my computer and not the hardware firewall and everything. I went ahead and turned on the Windows XP firewall but I've heard it really sucks. So is there any way of closing the IIS ports so my brother, and any other hacker, can't get in here and cause havoc? Thanks, Stephen Craton http://www.melchior.us -- http://www.melchior.us/portfolio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] form not working...
For some reason my form to edit selected items is not working, I think I
need a new set of eyes.
Any help is appreciated...
Jas
// inc.php
function db_retrieve() {
require 'dbase.inc.php';
$tble = $_SESSION['table'];
$show = @mysql_query("SELECT * FROM $tble LIMIT 0, 15",$db)or
die(mysql_error());
while ($row = @mysql_fetch_array($show)) {
@list($nItemSKU, $bActive, $nUserID, $nItemConfig, $tItemType,
$tDepartment, $blSerialNumber, $nPropertyNumber, $blHostName, $nIPID,
$tRoomNumber, $tNotes) = $row;
$_SESSION['table'] .= "$nItemSKU
$bActive
$nUserID
$nItemConfig
$tItemType
$tDepartment
$blSerialNumber
$nPropertyNumber
$blHostName
$nIPID
$tRoomNumber
$tNotes
"; }
$_SESSION['number'] = mysql_num_rows($show); }
$bActive
$nUserID
$nItemConfig
$tItemType
$tDepartment
$blSerialNumber
$nPropertyNumber
$blHostName
$nIPID
$tRoomNumber
$tNotes
"; }
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mcrypt libraries?
Curt Zirzow wrote: * Thus wrote Jas ([EMAIL PROTECTED]): I am not sure if I should post my question here but I will anyways. Ok, I have compiled the mcrypt libraries on a Redhat 9 box running apache 2 with php4. And I need to know the next step(s) in getting php to use the libmcrypt libraries. If anyone has set this up in the past or has some pointers (other than reading the manual) I would appreciate it. Did you read the next step: Installation http://php.net/mcrypt Curt Yes I have and I guess I was looking for a method of using the libmcrypt library without having to recompile php. Sorry for the confusion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mcrypt libraries?
I am not sure if I should post my question here but I will anyways. Ok, I have compiled the mcrypt libraries on a Redhat 9 box running apache 2 with php4. And I need to know the next step(s) in getting php to use the libmcrypt libraries. If anyone has set this up in the past or has some pointers (other than reading the manual) I would appreciate it. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mcrypt libraries?
Evan Nemerson wrote: On Tuesday 18 November 2003 01:13 pm, Jas wrote: Curt Zirzow wrote: * Thus wrote Jas ([EMAIL PROTECTED]): I am not sure if I should post my question here but I will anyways. Ok, I have compiled the mcrypt libraries on a Redhat 9 box running apache 2 with php4. And I need to know the next step(s) in getting php to use the libmcrypt libraries. If anyone has set this up in the past or has some pointers (other than reading the manual) I would appreciate it. Did you read the next step: Installation http://php.net/mcrypt Curt Yes I have and I guess I was looking for a method of using the libmcrypt library without having to recompile php. Sorry for the confusion. Have you tried using phpize? Actually I have not, not sure what phpize is but I will look it up. If you know of a URL where some fairly detailed instructions on compiling PHP with the mcrypt libraries are please post it. Thanks again, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session vars not echoing?
Not sure why this is happening but I think it has something to do with
an include statement...
[Server environment]
Apache/2.0.47 (Unix) DAV/2 PHP/4.3.3
register_globals On On
report_memleaks On On
safe_mode Off Off
safe_mode_exec_dir no value no value
Session Support enabled
[Script registering vars - sessions.php]
/* Format Date & Time */
$hour = (date("H:i:s"));
$day = (date("d"));
$date = (date("F $day, Y"));
/* Register vars */
$_SESSION['date'] = $date;
[Main script - index.php]
require 'scripts/sessions.php';
echo $_SESSION['date']; //This is not showing up in browser?
Any help is appreciated...
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Session vars not echoing?
Yeah I did that, sorry I just didn't note it in the snippit.. and it is
now working with the $_SESSION function, i just had to restart the
browser to clear the cache after updating the code.
jas
Pete M wrote:
need to issue a
session_start()
at top of page
Pete
Jas wrote:
Not sure why this is happening but I think it has something to do with
an include statement...
[Server environment]
Apache/2.0.47 (Unix) DAV/2 PHP/4.3.3
register_globalsOnOn
report_memleaksOnOn
safe_modeOffOff
safe_mode_exec_dirno valueno value
Session Support enabled
[Script registering vars - sessions.php]
/* Format Date & Time */
$hour = (date("H:i:s"));
$day = (date("d"));
$date = (date("F $day, Y"));
/* Register vars */
$_SESSION['date'] = $date;
[Main script - index.php]
session_start()
require 'scripts/sessions.php';
echo $_SESSION['date']; //This is not showing up in browser?
Any help is appreciated...
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Remote computer name?
I am at a loss here but doesn't $_SERVER['HTTP_HOST'] return the remote computer name? [Snippit used] $ipaddy = $_SERVER['REMOTE_ADDR']; $host = $_SERVER['HTTP_HOST']; // as of now it is getting the name of the server (i.e. localhost, 168.2.2.1) jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] eregi function?
Not sure how to do this but I have a call to a database which pulls the
contents of a table into an array and I need a eregi string which will
sift through the contents and put a line break (i.e. \n or ) after
each ";", "}" or "{". here is what I have so far...
while($b = mysql_fetch_array($sql)) {
list($id,$date,$user,$level,$global,$vlan01,$hosts01,$vlan02,$hosts02,$vlan03,$hosts03,$vlan04,$hosts04,$vlan05,$hosts05,$vlan06,$hosts06,$vlan07,$hosts07,$vlan08,$hosts08,$vlan09,$hosts09,$vlan10,$hosts10)
= $b; }
if(!eregi("^[{]+[}]+[;]$",
$id,$date,$user,$level,$global,$vlan01,$hosts01,$vlan02,$hosts02,$vlan03,$hosts03,$vlan04,$hosts04,$vlan05,$hosts05,$vlan06,$hosts06,$vlan07,$hosts07,$vlan08,$hosts08,$vlan09,$hosts09,$vlan10,$hosts10))
// insert line break here
}
Any help with this would be appreciated
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] function problems...
I call this function it checks a session variable then displays 1 of 3
menus... for some reason it will only display the first menu regardless
of the results of my decoded session var. Any help or just a new pair
of eyes would help. Thanks in advance.
jas
function menu() {
$lvl = base64_decode($_SESSION['lvl']);
echo $lvl;
if (($lvl != "admin") || ($lvl != "user") || ($lvl == "view")) {
$_SESSION['menu'] = "";
} elseif (($lvl != "admin") || ($lvl == "user") || ($lvl != "view")) {
$_SESSION['menu'] = "Manage hosts
Update DHCP
";
} elseif (($lvl == "admin") || ($lvl != "user") || ($lvl != "view")) {
$_SESSION['menu'] = "Global DHCP config.
Manage VLANS
Manage hosts
Update DHCP
Users
Logs";
} else {
$_SESSION['menu'] = ""; }
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: function problems...
Nevermind, I got it to work...
cheers
Jas wrote:
I call this function it checks a session variable then displays 1 of 3
menus... for some reason it will only display the first menu regardless
of the results of my decoded session var. Any help or just a new pair
of eyes would help. Thanks in advance.
jas
function menu() {
$lvl = base64_decode($_SESSION['lvl']);
echo $lvl;
if (($lvl != "admin") || ($lvl != "user") || ($lvl == "view")) {
$_SESSION['menu'] = "";
} elseif (($lvl != "admin") || ($lvl == "user") || ($lvl != "view")) {
$_SESSION['menu'] = "Manage hosts
Update DHCP
";
} elseif (($lvl == "admin") || ($lvl != "user") || ($lvl != "view")) {
$_SESSION['menu'] = "Global DHCP config.
Manage VLANS
Manage hosts
Update DHCP
Users
Logs";
} else {
$_SESSION['menu'] = ""; }
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Regular expression assistance...
I am trying to match data from a database that would like like
host dhcp-01 {
hardware ethernet 00:D0:B7:BD:D2:8D;
fixed-address 155.97.1.190;
}
Using this expression
if eregi("^[host]\s+[{]\s+[hardware
ethernet]\s+[fixed-address]\s+[}]$",$b) {
echo "Put into array"; }
Any help would be great, or maybe some insight into the various
characters used (besides the basic, ^, $, +, etc).
Thanks in advance.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password protection/encryption
Some questions to ask yourself... 1. Am I storing personally identifiable information (eg. Names, addresses, phone numbers, email addresses, credit card data)? 2. Will this data be stored in a text file or database? 3. Is this text file or database directly connected to the internet? 4. What type of data am I trying to protect? Answer these questions and you will know if you need to use public/private key encryption technology in your application. You are currently interested (from your post) in encrypting the data link layer of your website using SSL (Secure Socket Layer). The SSL or lock icon as you pointed out only encrypts data in a streaming manner (eg. when I click the submit button my username / password combination gets passed to the SSL protocol and wrapped in a layer of encryption to be decoded on the server). If you are storing data in a text file / database that would be a "yes" answer to the 4 quesitons listed above I would recommend using some sort of public / private key encrytion. PHP has several encryption functions for your use and links are listed below. When in doubt consult the manual at php.net. http://us4.php.net/manual/en/function.base64-encode.php http://us4.php.net/manual/en/function.base64-decode.php http://us4.php.net/manual/en/function.crypt.php http://us4.php.net/manual/en/ref.mcrypt.php Also a great recommendation... google.com is your friend you can find all sorts of good tips locating information on various encryption techniques and definitions. A great primer on public / private encrytion vs. one-way encryption can be found here... http://www.webopedia.com/TERM/e/encryption.html This site gives you basics of encryption and how it works. http://computer.howstuffworks.com/encryption.htm SSL information can be found here. http://www.webopedia.com/TERM/S/SSL.html Hope this helps Jas Chris Mach wrote: Greetings, I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted). In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products. So my question is.. At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong? How secure is a password protected page done with just PHP? Thanks Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] new set of eyes?
I think I am loosing my mind this afternoon... could someone review this
snippit and tell me why it isn't working?
$sql = mysql_query("SELECT $i FROM $table WHERE $i = $i",$db)or
die(mysql_error());
while($b = mysql_fetch_array($sql)) {
while($ar = current($b) != 0) {
$v = array();
list($v) = explode("}",$ar); }
print_r($v); }
I am hoping to get something like
array([0]=>first row of data[1]=>second row of data)
Any help would be great...
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] new set of eyes?
I should probably clarify a bit more on the data in the field and what I
am trying accomplish..
First the data:
host dhcp-01 {
hardware ethernet 00:D0:B7:BD:D2:8D;
fixed-address 155.97.1.190;
}
host dhcp-02 {
hardware ethernet 00:02:B3:A2:B6:FD;
fixed-address 155.97.1.191;
}
Second the plan:
Trying to break up (only one row in database & always will be only one
row to retrieve) contents of field into an array so I can break it down
into individual editable fields (eg.
etc.)
the explode() is so I can separate numerous static dhcp hosts into one
big array of each setting.
eg.
$hosts = array("0" => "host",
"1" => "dhcp-02",
"2" => "{",
"3" => "hardware",
"4" => "ethernet",
"5" => "00:02:B3:A2:B6:FD",
"6" => ";",
etc...
I hope this clarifies my problem. I have tried a few things such as a
eregi statement, explode etc. and so far explode has done what i need it
to by separating one db entry into multiple components for editing.
Jas
David Otton wrote:
On Sat, 06 Dec 2003 11:38:18 -0700, you wrote:
I think I am loosing my mind this afternoon... could someone review this
snippit and tell me why it isn't working?
$sql = mysql_query("SELECT $i FROM $table WHERE $i = $i",$db)or
die(mysql_error());
while($b = mysql_fetch_array($sql)) {
while($ar = current($b) != 0) {
$v = array();
list($v) = explode("}",$ar); }
print_r($v); }
I am hoping to get something like
array([0]=>first row of data[1]=>second row of data)
Your code doesn't have any context, so I can't be sure whether you're doing
something very smart or very dumb with the SQL statement. The explode() is
kinda weird, too.
Try running this:
$rs = mysql_query ($sql, $db) or die (mysql_error ());
$result = array();
while ($row = mysql_fetch_array ($rs))
{
$result[] = $row;
}
print_r ($result);
?>
and let us know how close it comes.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] new set of eyes?
Ok well I think I have it partially solved...
$table = "settings";
$db_vlans =
array("hosts01","hosts02","hosts03","hosts04","hosts05","hosts06","hosts07","hosts08","hosts09","hosts10");
$vlans =
array("VLAN-22","VLAN-27","VLAN-29","VLAN-56","VLAN-57","VLAN-151","VLAN-314","Empty-01","Empty-02","Empty-03");
$i = str_replace($vlans,$db_vlans,$_POST['dhcp_hosts']);
$_SESSION['dhcp_table'] = $i;
$sql = mysql_query("SELECT $i FROM $table WHERE $i = $i",$db)or
die(mysql_error());
$result = array();
while($b = mysql_fetch_array($sql)) {
$result[] = explode(" ",$b);
print_r($result);
$num = count($result);
print $num;
for ($x = 0; $x < $num; $x++) {
print "$result[$x]\n"; }
?>
On data in "one" field that looks like:
host dhcp-01 {
hardware ethernet 00:D0:B7:BD:D2:8D;
fixed-address 155.97.1.190;
}
host dhcp-02 {
hardware ethernet 00:02:B3:A2:B6:FD;
fixed-address 155.97.1.191;
}
Is returning this:
Array ( [0] => Array ( [0] => Array ) ) 1Array
So it sees 1 array and inside are two indexes both containing a new
array... now I need to know how to pull the contents out of the second
arrays.
Sorry, still trying to figure out arrays.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Array problem....
Not very good at arrays so I figured i would look here
$sql_subs = mysql_query("SELECT * FROM $t_02",$db)or
die(mysql_error());
while(list($id,$sub,$msk,$dns01,$dns02,$rtrs,$rnge) =
mysql_fetch_row($sql_subs)) {
print $sub;
print "";
print $msk;
print "";
print $dns01;
print "";
print $dns02;
print ""; }
?>
This pulls each row form a table and assigns a variable to each field,
but what I need to do is something like this...
$sql_subs = mysql_query("SELECT * FROM $t_02",$db)or
die(mysql_error());
while(list($id,$sub,$msk,$dns01,$dns02,$rtrs,$rnge) =
mysql_fetch_row($sql_subs)) {
$_session[''] =
"$sub+$msk+$dns01...
}
I have been scouring the various functions and as of yet have yet to
accomplish what I need. Any help would be great.
Thanks in advance,
jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array problem....
having no idea you could use numbers as session variable names I kinda
feel like a retard right now. You solution worked, thank you very much.
Jas
Chris W. Parker wrote:
Jas <mailto:[EMAIL PROTECTED]>
on Wednesday, December 10, 2003 3:21 PM said:
while(list($id,$sub,$msk,$dns01,$dns02,$rtrs,$rnge) =
mysql_fetch_row($sql_subs)) {
$_session[''] =
"$sub+$msk+$dns01...
}
No exactly sure what you mean but here goes:
$iCtr = 0;
while(list(...)) = mysql_fetch_row(...))
{
$_SESSION[$iCtr] = "$sub+$msk...";
$iCtr++;
}
HTH,
Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array problem....
Well just so you understand "why" I needed something like that here is
the finished result below
function show() {
require 'path/to/dbconnector.inc';
$sql_subs = mysql_query("SELECT * FROM $t_02",$db)or die(mysql_error());
$i = 0;
while(list($id,$sub,$msk,$dns01,$dns02,$rtrs,$rnge) =
mysql_fetch_row($sql_subs)) {
$_SESSION[$i] = "subnet $subnetmask $msk {option
domain-name-servers $dns01, $dns02;option routers $rtrs;range
$rnge;}";
$i++; }
?>
Then ...
And you get...
subnet 128.110.22.110
netmask 255.255.255.0 {
option domain-name-servers 128.110.22.4, 128.110.29.3;
option routers 128.110.22.1;
range ;
}
Which allows for easy reading of configuration variables and the ability
to modify the individual vars using a form etc.
Thanks again for all who gave me some pointers on using numbers instead
of names for my session vars.
Jas
Chris W. Parker wrote:
Jas <mailto:[EMAIL PROTECTED]>
on Wednesday, December 10, 2003 3:44 PM said:
having no idea you could use numbers as session variable names I kinda
feel like a retard right now. You solution worked, thank you very
much.
It's an array just like any other which you probably realize now. ;)
Also, unless you're doing some math or something with those variables
you might to split them up into their own cells (I don't really know if
this is going to be useful for you or not):
{
$_SESSION[$iCtr]['var1'] = $var1;
$_SESSION[$iCtr]['var2'] = $var2;
$_SESSION[$iCtr]['var3'] = $var3;
$_SESSION[$iCtr]['var4'] = $var4;
$_SESSION[$iCtr]['var5'] = $var5;
...
}
HTH,
Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to reduce CPU usage in a cycle? [ag]
Can we get the code posted so we know what is going on?
Sometimes there are a dozen different ways to accomplish the same
objective and looking at what your code is doing may assist us in
assisting you.
Jas
Taualex wrote:
Hello!
I'm having a problem with my php script on my linux web server. In that
script there is a cycle with some math calculations (about ~30 steps), the
execution time is less 1 second, but the script loads the server CPU up to
90%...
I've optimized script already to the minimum math function, anyway, it still
overloads the CPU.
How can I reduce the CPU load? It seems that usleep() does not help much,
especially in Windows (it's not supported).
How can I give system a portion of time in the end of each step (I don't
mind if it will increase the job time)? Is there a solution for both Windows
and Linux?
For instance, in C++ under Windows I would do this:
do
{
[... math calculations ...]
while(::PeekMessage(&message,NULL,0,0,PM_NOREMOVE))
if (!theApp.PumpMessage()) break;
} while(!quit);
This gives system to redraw screen, process any other events during long
cycles...
Is there similar approach in PHP for web server programming?
p.s. Would be nice to know other techniques to reduce CPU load ;)
Thank you!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array problem....
Yeah I understand that and it would be perfect if I only had to call
this type of function once on a page... and on any other pages that need
something like this I will do it that way but with the counter set to 0
or whatever number I choose which is a sort of view all page so your
solutions works better for this page. Thanks again.
Jas
Chris W. Parker wrote:
Jas <mailto:[EMAIL PROTECTED]>
on Thursday, December 11, 2003 7:21 AM said:
Well just so you understand "why" I needed something like that here is
the finished result below
[snip]
$i = 0;
while(list(...) = mysql_fetch_row(...)) {
$_SESSION[$i] = "...";
$i++;
}
I want to change my suggestion and recommend that you go along with what
John Holmes suggested a little after my post. Read his post again and
see if it is helpful to you. Keep note of the following aspect:
You can remove the $i = 0; and the $i++; by changing $_SESSION[$i] =
"..."; to $_SESSION[] = "...";.
i.e. The following two code blocks perform the same task:
Current:
$i = 0;
while(list(...) = mysql_fetch_row(...)) {
$_SESSION[$i] = "...";
$i++;
}
New:
while(list(...) = mysql_fetch_row(...)) {
$_SESSION[] = "...";
}
Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to reduce CPU usage in a cycle? [ag]
Well have you tried to define one function to include the for all variables that require mt_rand()? Jas Brent Baisley wrote: Personally, I wouldn't worry about it unless it is actually interfering with other processes. The OS will give any process or thread 100% of the CPU if there is nothing else that needs the CPU. What does you context switching numbers look like? If there is a lot of context switching, then your processes or threads are getting kicked off the CPU before they can accomplish much. And that's a problem. The duration of your script is less than a second, so that's not really a long enough time have an affect on other parts of the system. Heck, it may even being completing within just a couple of time slices (the length of time the OS allows a process/thread to use the CPU). You could always adjust the priority level (nice value in Unix) of whatever PHP is running under (i.e. Apache). Although you should understand what you are doing if you are adjusting nice values. On Dec 11, 2003, at 10:03 AM, TauAlex wrote: Hello! I'm having a problem with my php script on my linux web server. In that script there is a cycle with some math calculations (about ~30 steps), the execution time is less 1 second, but the script loads the server CPU up to 90%... I've optimized script already to the minimum math function, anyway, it still overloads the CPU. How can I reduce the CPU load? It seems that usleep() does not help much, especially in Windows (it's not supported). How can I give system a portion of time in the end of each step (I don't mind if it will increase the job time)? Is there a solution for both Windows and Linux? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to reduce CPU usage in a cycle? [ag]
ex.
function rand($attack,$skills,$damage,$armor) {
$do = array($attack,$skills,$damage,$armor);
finish=false
while (!finish) {
$do = mt_rand(mktime(microtime(1,100)); }
while($do = list($attack,$skills,$damage,$armor)) {
calculate total damage for opponent }
}
?>
I read that the use of mt_rand will produce the same results each time
the page is called with a certain number... so I would recommend using
microtime in conjunction with your mt_rand calls to ensure true random
numbers.
By throwing your vars into an array and looping through it applying your
random points deduction then listing the contents of the array (with new
values) it might improve cpu performance but then again. I am still
fairly new to php.
Jas
Jas wrote:
Well have you tried to define one function to include the for all
variables that require mt_rand()?
Jas
Brent Baisley wrote:
Personally, I wouldn't worry about it unless it is actually
interfering with other processes. The OS will give any process or
thread 100% of the CPU if there is nothing else that needs the CPU.
What does you context switching numbers look like? If there is a lot
of context switching, then your processes or threads are getting
kicked off the CPU before they can accomplish much. And that's a problem.
The duration of your script is less than a second, so that's not
really a long enough time have an affect on other parts of the system.
Heck, it may even being completing within just a couple of time slices
(the length of time the OS allows a process/thread to use the CPU).
You could always adjust the priority level (nice value in Unix) of
whatever PHP is running under (i.e. Apache). Although you should
understand what you are doing if you are adjusting nice values.
On Dec 11, 2003, at 10:03 AM, TauAlex wrote:
Hello!
I'm having a problem with my php script on my linux web server. In that
script there is a cycle with some math calculations (about ~30
steps), the
execution time is less 1 second, but the script loads the server CPU
up to
90%...
I've optimized script already to the minimum math function, anyway,
it still
overloads the CPU.
How can I reduce the CPU load? It seems that usleep() does not help
much,
especially in Windows (it's not supported).
How can I give system a portion of time in the end of each step (I don't
mind if it will increase the job time)? Is there a solution for both
Windows
and Linux?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess autologin
Combination of session vars and cookie vars... example... [login page] sets cookie with auth=0 (variable) sets session with auth=0 (variable) [logged in page(s)] sets cookie with auth=1 (variable -client side) sets session with auth=1 (variable -server side) hash of users password as client side var then just write a function to look on the users machine for a cookie from your site with auth=1, then if you see that present simply authenticate the user. HTH Jas Evan Nemerson wrote: On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote: I've dug around quite a bit and can't figure out how I might use PHP to handle an .htaccess login. For example, if I wanted a script to log in the user, rather than the user logging in with the standard .htaccess dialog. Any ideas? I could be wrong, but I think this would be rather client-dependent. I don't think HTTP remembers who you throughout a session- i think the headers get sent every time. My only idea from PHP would be to set the $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do anything. I just don't think there's a way to ask the browser to set that info through http. Maybe ask @ javascript forum? If you find a solution, I'd love to hear it... Since the .htaccess vars are stored in the browser, should I be looking at a PHP/JavaScritpt 1-2 punch? Thanks, Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session var not being passed?
New set of eyes maybe or maybe I am indeed regressing...
Page calling functions looks like such...
require 'sessions.php';
require 'inc.php';
if (($_SESSION['user'] == "") || ($_SESSION['pass'] == "") ||
($_SESSION['lvl'] == "")) {
$_SESSION['msg_01'] = "You have not entered the correct authorization
information. Please enter your user name, password & department ID.";
$_SESSION['msg'] = $dberrors[1];
call_user_func("db_logs");
//call_user_func("exit_app");
} elseif (($_SESSION['user'] != "") || ($_SESSION['pass'] != "") ||
($_SESSION['lvl'] != "")) {
if ((strlen($_SESSION['user'] >= 255)) || (strlen($_SESSION['pass'] >=
255)) || (strlen($_SESSION['lvl'] >= 255))) {
$_SESSION['msg'] = $dberrors[3];
call_user_func("db_logs");
call_user_func("exit_app");
} elseif ((strlen($_SESSION['user'] <= 255)) ||
(strlen($_SESSION['pass'] <= 255)) || (strlen($_SESSION['lvl'] <= 255))) {
$_SESSION['msg'] = $dberrors[10];
call_user_func("db_logs");
call_user_func("menu");
} else {
$_SESSION['msg'] = $dberrors[11];
call_user_func("db_logs");
call_user_func("exit_app"); }
} else {
$_SESSION['msg'] = $dberrors[8];
call_user_func("db_logs");
call_user_func("exit_app"); }
?>
Then in body of page I call
Now the contents of inc.php is below (at least the "menu" and
"dhcp_vlans" functions)
function menu() {
$lvl = base64_decode($_SESSION['lvl']);
if ($lvl == "view") {
$_SESSION['menu'] = "custom menu 01";
$_SESSION['lvl'] = base64_encode($lvl);
} elseif ($lvl == "user") {
$_SESSION['menu'] = "custom menu 02";
$_SESSION['lvl'] = base64_encode($lvl);
} elseif ($lvl == "admin") {
$_SESSION['menu'] = "custom menu 03";
$_SESSION['lvl'] = base64_encode($lvl);
} else {
$_SESSION['menu'] = "custom menu 04"; }
$_SESSION['lvl'] = base64_encode($lvl); // recreate session variable
for more checks
}
function vlans_dhcp() {
$lvl = base64_decode($_SESSION['lvl']); // this session variable is
dissapearing from the second nested if / elseif statement?
if ($lvl != "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs");
} elseif ($lvl == "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
if ($_POST == "") {
$_SESSION['lvl'] = base64_encode($lvl);
session_unset($_SESSION['list']);
,create automatic form...";
$_SESSION['lvl'] = base64_encode($lvl);
//unset($table,$sql,$db_vlans,$vlans,$x);
} elseif ($_POST != "") || (isset(var)) { //What happened to my session
'lvl' var?
...creat different form...
} elseif ($_POST != "") {
session_unset($_SESSION['list']);
require 'dbase.php';
$table = "subnets";
$_SESSION['list'] = "...different form again...";
//unset($table,$db_vlans,$vlans,$i,$x);
} else {
$_SESSION['lvl'] = base64_encode($lvl);
header("Location: login.vlans.php"); }
} else {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs"); }
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (0/T) executeing script below public
LMAO, I am in concordance. Jas Ryan A wrote: One wonders how two retards got together to give birth to a bigger retard like you. Hi, I am a bit puzzled here, I have to wipe my a$$ after taking a $hit...but I have to wipe while i'm on the toilet! My usual way is to stand up and do it. I noticed one funny thing about this way, its hard to get all that crap in one swipe...what kind of $hit is this? According to the documentation, the a$$ should be wiped in one of two motions like so Place toilet paper at forward most side of anus and wipe backward (or) Place toilet paper at backward most side of anus and wipe forward How do I do that? Thanks, -Riene fyi- my toilet is a flush-master 3001, if that matters. -Original Message- From: Ryan A [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 4:08 PM To: [EMAIL PROTECTED] Subject: [PHP] (0/T) executeing script below public Hi, Am a bit puzzled here, we have to run a script to start/stop a serverbut we have to run the script below the public folder! this is our structure /blah/theServer/public_html/ the script is located in /blah/theServer/ I noticed one funny thing about this script, it starts with: #!/bin/sh right on top but does not have a file extention...what kind of a file is this? According to the documentation the script has to be executed like so start (or) stop How do I do that? Thanks, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] var check not working...
For some reason this will not work... my $_POST variables check for no
form variables and display a form... if they choose an item from a
select box it queries the database for a field matching the $_post var
and builds a new form creating 8 separate $_post variables to check
for.. so far it works except when selecting an item from the select box
it will only display the first form when there are $_post vars present.
I think I am missing something, could someone look over my code?
Thanks in advance,
Jas
function vlans_dhcp() {
$lvl = base64_decode($_SESSION['lvl']);
if ($lvl != "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs");
} elseif ($lvl == "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
if (($_POST == "") || (!isset($_POST['dhcp_vlans'])) ||
(!isset($_POST['sub'])) || (!isset($_POST['msk'])) ||
(!isset($_POST['dns01'])) || (!isset($_POST['dns02'])) ||
(!isset($_POST['rtrs'])) || (!isset($_POST['vlans']))) {
create 1st form with dhcp_vlans as $_post var;
} elseif (($_POST != "") || (isset($_POST['dhcp_vlans'])) ||
($_POST['dhcp_vlans'] != "--") || (!isset($_POST['sub'])) ||
(!isset($_POST['msk'])) || (!isset($_POST['dns01'])) ||
(!isset($_POST['dns02'])) || (!isset($_POST['rtrs'])) ||
(!isset($_POST['vlans']))) {
create 2nd form based on dhcp_vlans $_post var and create 8 different
$_post vars...;
} elseif (($_POST != "") || (!isset($_POST['dhcp_vlans'])) ||
(isset($_POST['id'])) || (isset($_POST['sub'])) ||
(isset($_POST['msk'])) || (isset($_POST['dns01'])) ||
(isset($_POST['dns02'])) || (isset($_POST['rtrs'])) ||
(isset($_POST['rnge'])) || (isset($_POST['vlans']))) {
now put 8 $_post vars in database...;
} else {
$_SESSION['lvl'] = base64_encode($lvl);
header("Location: help.php"); }
} else {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs"); }
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Q on RegExp & extended Char
Well have you thought about maybe an array of illegal or extended
characters and simply replacing them?
eg.
$b = $_POST['whatever_variables_you_have'];
$match = array("ö","ç","ä");
$replace = array("o","c","a");
$z = str_replace($match,$replace,$b);
Might not be exactly what you want but hope it helps.
Jas
Jswalter wrote:
I've hit my limit on regular expressions.
I need to check a string to see if it contains legal characters...
A thru Z [a-z], SPACE, PERIOD, DASH/HYPHEN, APOSTROPHE [\' -,\.]
OK, this is not a problem.
My problem comes in with extended characters, as these examples...
González
Vänligen
före
innehålla
I'm trying to build a RegExp that will see if the string is a proper name
format or not.
Names only have A thru Z, extended characters for other languages (than
English), SPACE, PERIOD, DASH/HYPHEN, APOSTROPHE
Dr. Roger O'Malley
Mrs. Sara Harris-Henderson
I have a RegExp to do English letters, but not the extended set...
Manuel González
Försök Bokstäver
Contém Espaço-Válido
(Ok, these are not really names, but you get the idea)
Any ideas on this?
All I want to know is if a given string contains only these types of
characters. anything else would give me a FALSE.
Thanks
Walter
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: var check not working...
Sven wrote:
Jas schrieb:
For some reason this will not work... my $_POST variables check for no
form variables and display a form... if they choose an item from a
select box it queries the database for a field matching the $_post var
and builds a new form creating 8 separate $_post variables to check
for.. so far it works except when selecting an item from the select
box it will only display the first form when there are $_post vars
present. I think I am missing something, could someone look over my
code?
Thanks in advance,
Jas
function vlans_dhcp() {
$lvl = base64_decode($_SESSION['lvl']);
if ($lvl != "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs");
} elseif ($lvl == "admin") {
$_SESSION['lvl'] = base64_encode($lvl);
if (($_POST == "") || (!isset($_POST['dhcp_vlans'])) ||
(!isset($_POST['sub'])) || (!isset($_POST['msk'])) ||
(!isset($_POST['dns01'])) || (!isset($_POST['dns02'])) ||
(!isset($_POST['rtrs'])) || (!isset($_POST['vlans']))) {
create 1st form with dhcp_vlans as $_post var;
} elseif (($_POST != "") || (isset($_POST['dhcp_vlans'])) ||
($_POST['dhcp_vlans'] != "--") || (!isset($_POST['sub']))
|| (!isset($_POST['msk'])) || (!isset($_POST['dns01'])) ||
(!isset($_POST['dns02'])) || (!isset($_POST['rtrs'])) ||
(!isset($_POST['vlans']))) {
create 2nd form based on dhcp_vlans $_post var and create
8 different $_post vars...;
} elseif (($_POST != "") || (!isset($_POST['dhcp_vlans'])) ||
(isset($_POST['id'])) || (isset($_POST['sub'])) ||
(isset($_POST['msk'])) || (isset($_POST['dns01'])) ||
(isset($_POST['dns02'])) || (isset($_POST['rtrs'])) ||
(isset($_POST['rnge'])) || (isset($_POST['vlans']))) {
now put 8 $_post vars in database...;
} else {
$_SESSION['lvl'] = base64_encode($lvl);
header("Location: help.php"); }
} else {
$_SESSION['lvl'] = base64_encode($lvl);
$_SESSION['msg'] = $dberrors[12];
call_user_func("db_logs"); }
}
hi jas,
the problem is, that your second form is only executed if your first
condition is false (else if). but because of your or condition (||) only
one of them has to be true. right? right! so it doesn't matter if your
$_POST['dhcp_vlans'] is not set, when any other isn't set. a solution
might be:
hth SVEN
Yah I figured that out.. those operators always throw me off... Thanks
again.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: 4 project questions - help appreciated
1. MySQL is free, fairly easy to use and is way better than using a text
file.
2. I would use something to effect of a 'id' field in the database and
set that to be indexed, auto-incrementing and unique vs. using your
'public key' as the indexed portion of the database
3. Sounds like you already know what kind of function you need. If you
need an example here is one.
[snippit]
function keys() {
/* Connect to database */
$db = @mysql_pconnect('localhost','user_name','password') or
die(mysql_error());
/* Select databse to use */
@mysql_select_db('keys') or die("Could not connect to remote database.");
$tble = "messages";
/* Look for existing key */
$sql = mysql_query("SELECT * FROM $tble WHERE key = '$key'",$db)or
die(mysql_error());
/* Create array of variables retrieved */
while ($row = mysql_fetch_array($sql)) {
$id = $row["session"]; }
/* Check to see if any results were returned */
if (mysql_num_rows($sql) == 0) {
$insert = @mysql_query("INSERT INTO $tble VALUES
('','$var1','$var2','$var3','$var4','$var5')",$db)or die(mysql_error());
/* If key exists update data with form data */
} elseif (mysql_num_rows($sql) != 0) {
$update = @mysql_query("UPDATE $tble SET var1=\"$var1\",
var2=\"$var2\", var3=\"$var3\", var4=\"$var4\", var5=\"$var5\" WHERE
key=\"$key\"",$db)or die(mysql_error());
} else {
exit(); }
} else {
exit(); }
}
?>
[end snippit]
4. You are talking about a one way hash to be used as a public key
right? If you are I generate a unique key in this manner (I really don't
loop through any array's of numbers or letters) instead I pull an image
randomly selected from a specified directory and then through it through
a system of functions as illustrated below. You can record the key in
the database and use it as a "public key" so to speak so the person your
sending the secret message to would need to know that "public key".
[snippit]
/* Function to create array of images */
$rand_image = array();
$x = 0;
$x++; $rand_image[$x] = "shared/image01.jpg";
$x++; $rand_image[$x] = "shared/image02.jpg";
$x++; $rand_image[$x] = "shared/image03.jpg";
$x++; $rand_image[$x] = "shared/image04.jpg";
/* Randomly select image to encrypt and use as session variable */
function random_image() {
global $rand_image;
srand ((double) microtime() * 100);
print $rand_image[rand(1,sizeof($rand_image))]; }
/* Encryption function for random image */
$hash = md5(uniqid(microtime($rand_image),1));
}
echo $hash;
?>
[end snippit]
Hope that helps some...
Jas
Ryan A wrote:
Hi,
I am making a personal project like so:
I enter something in the text box (eg. "PHP REALLY ROCKS!!!")
then the program checks if that string already exists in the database, if
no, then it should enter it into the database and also generate a "key"
This key can be given to pals and they can read the "secret message"
Key:
Key should first be 1-1000 then a-z then A-Z then axxx (eg: a001, the xxx
will always be numbers) once it reaches 999 it should become Axxx then b
then B etc after a,A,b,B are done it should go for aaxx,AAxx etc always 4
characters
A few questions:
1.Looking at the above (database part) I figured that doing this via a mysql
database would be better rather than a text database...do you agree?
2.I was thinking of making the "key" field a primary key and unique and
indexedright?
3.The way I see it theres 3 sql statements that need to be run, a) connect
and see if string exists b)read the last key c)write to the
database...anyway to break the above to 2 statements or am I following this
wrong?
4. Logic for the key, I am coming up with crummy logic to make the "key",
basically a block of code for 1-1000,another block for a-z another block for
A-Z etc.. any ideas,links,URLs or code snippets off the top of your head
would be greatly appreciated.
Thanks in advance.
Cheers,
-Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php compile error with mysql undefined reference to `mysql_real_escape_string'
You really should be subscribing to the php.install list when asking questions of this type. But it sounds like you need to first install mysql, then install apache, then install php. In that order and you should be ok. When in doubt read the manuals for each application for further information on the different options available for your ./configure. HTH Jas Ivone Uribe wrote: Hi all! I'm installing php4.3.3, apache 1.3.28 with mysql3.22.32 I'm using this option --with-mysql=/usr/local/mysql But when I compile the php code, I get this error: ext/mysql/php_mysql.o: In function `zif_mysql_client_encoding': /root/fuente/archivos/php-4.3.3/ext/mysql/php_mysql.c:1118: undefined reference to `mysql_character_set_name' ext/mysql/php_mysql.o: In function `zif_mysql_real_escape_string': /root/fuente/archivos/php-4.3.3/ext/mysql/php_mysql.c:1705: undefined reference to `mysql_real_escape_string' collect2: ld returned 1 exit status To solve it..I try the option --disable-cli on ./configure, and all ok. But now I have the same problem (/php-4.3.3/ext/mysql/php_mysql.c:1118: undefined reference to `mysql_character_set_name') when I try to compile the apache... Please!!! Does anybody know how to solve it? Thanks in advance!! __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Security Question
Does your php.ini have Globals set to off?
Was your php installation compiled with session support?
If your answer to both of those questions is yes (you can check your
server config with a page containing this string )
Then use session to register a variable such as the example below...
Then say on your authentication module you do something like this
function authentication() {
if (!empty($_POST['username'])) && (!empty($_POST['password'])) {
// some code to check if username and password variables match database
entries or file containing credentials
// if a match is found do the rest of the code
session_start();
$_SESSION['auth'] = base64_encode(1); //encoded var to deter session
hijacking
} else {
header("location: login.html"); }
?>
Hope this helps a bit... more info on stuff like this is available at
google.com. =)
Jas
Thomas Andersen wrote:
Hello,
I'm trying to develop a secure web based application and my only tools are
php, mysql, and a SSL connection.
Does anyone know of any good references for this kind of development?
What I really need to do is to make sure that given users only gain access
to the parts of the application they are given rights to. I'm not sure if I
need to pass their user information along from page to page or if I should
set a cookie or whatever else would be appropriate. I also want people to
be bounced back to the login page if they enter a direct URL to part of the
application without logging in first, and I also want people to be able to
log out.
Thanks,
Thomas Andersen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Script timeout Problem
Have you tried setting a limit on your MySQL insert and update
statements to limit the amount trying to be processed?
Haseeb Iqbal wrote:
hi,
i need to update a mysql table with a dbf file, the dbf file contains more then 16
records. i knew that the script will not be able to update 16 records in 1 go so i
am refreshing the page after speacific no of records. but still the same problem. the
script timeout.i tried changing the timeout limit to 300 secs but to noavail. i am
pasting the code here.plz take a look may by you can tell me what i am doing wrong
define("_MySqlEnable",TRUE);
set_time_limit(0);
require_once(strPath."paths.php");
$strDBName=strPath."uploads/".Date("d-m-Y")."-products.dbf";
$DBPointer=dbase_open($strDBName,0) or die("Cannot open file for reading");
$nNoOfRecs=dbase_numrecords($DBPointer);
$nLoopBreak=1500;
$nConn=GetCon();
if (empty($nLoopStart)) { $nLoopStart=1; }
if ($nNoOfRecs > $nLoopBreak)
{
$nLoopTill=$nLoopStart + $nLoopBreak;
$nFinal=FALSE;
}
else
{
$nLoopTill=$nLoopBreak;
$nFinal=TRUE;
}
for ($nCount=$nLoopStart;$nCount<=$nLoopTill;$nCount++)
{
$arrData=dbase_get_record($DBPointer,$nCount);
$GRP=CheckString($arrData[0]);
$CAT=CheckString($arrData[1]);
$SUB=CheckString($arrData[2]);
$VEND_CODE=CheckString($arrData[3]);
$MANU_PART=CheckString($arrData[4]);
$PART_NUM=CheckString($arrData[5]);
$DESCR=CheckString($arrData[6]);
$COST=CheckString($arrData[7]);
$RETAIL=CheckString($arrData[8]);
$QTY=CheckString($arrData[9]);
$LIST_PRICE=CheckString($arrData[10]);
$EFF_DATE=CheckString($arrData[11]);
$TECH_FAX=CheckString($arrData[12]);
$STATUS=CheckString($arrData[13]);
$UPC=CheckString($arrData[14]);
$strQuery="SELECT * FROM products WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND
vend_code='".$VEND_CODE."' AND manu_part='".$MANU_PART."' AND part_num='".$PART_NUM."'";
$nConn->doQuery($strQuery);
if ($nConn->cntResult()==0)
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.manu_part,products.part_num,products.desc,products.cost,products.retail,products.qty,products.list_price,products.eff_date,products.tech_fax,products.status,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','".$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRICE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."')";
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.manu_part,products.part_num,products.desc,products.cost,products.retail,products.qty,products.list_price,products.eff_date,products.tech_fax,products.status,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','".$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRICE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."'
LIMIT 200)";
else
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$RETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$TECH_FAX',status='$STATUS',upc='$UPC'
WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND vend_code='".$VEND_CODE."' AND
manu_part='".$MANU_PART."' AND part_num='".$PART_NUM."'";
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$RETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$TECH_FAX',status='$STATUS',upc='$UPC'
WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND
vend_code='".$VEND_CODE."' AND manu_part='".$MANU_PART."' AND
part_num='".$PART_NUM."'LIMIT 200";
//echo "nCOunt - > $nCount -".$strQuery;
$nConn->doQuery($strQuery);
}
$nCount++;
$nLoopStart=$nCount;
if ($nFinal==FALSE)
{
//1500 records updated so refresh the page
?>
}
else
{
// all records updated so redirst to calling page.
?>
}
?>
Haseeb
That might help out with the timeouts too.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: picking up a form name
Do you mean a variable being passed to the next page from within a form
ex. or
If you are talking about the input name for a text box use this snippit...
is(empty($_POST['variable_001']) {
// Do negative result code
} elseif(!empty($_POST['variable_001']) {
// Do positive result code
...
Or if it the name of the "actual form" you want try setting a hidden
field with the same name as the form.
ex.
HTH
Jas
Php wrote:
Hi,
If I have more than one form on a page, how can I get the
name of the form that was sent on the recieving page
without using javascript?
tia,
Craig
TOP DRAW INC.
p 780.429.9993
f 780.426.1199
[EMAIL PROTECTED]
www.topdraw.com
10210 - 111 Street,
Edmonton, Alberta
T5K 1K9
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Script timeout Problem
Let me know if that solves your problem if you would be so kind... I am
sure it will but I just want to make sure.
Jas
Jas wrote:
Have you tried setting a limit on your MySQL insert and update
statements to limit the amount trying to be processed?
Haseeb Iqbal wrote:
hi,
i need to update a mysql table with a dbf file, the dbf file contains
more then 16 records. i knew that the script will not be able to
update 16 records in 1 go so i am refreshing the page after
speacific no of records. but still the same problem. the script
timeout.i tried changing the timeout limit to 300 secs but to noavail.
i am pasting the code here.plz take a look may by you can tell me what
i am doing wrong
define("_MySqlEnable",TRUE);
set_time_limit(0);
require_once(strPath."paths.php");
$strDBName=strPath."uploads/".Date("d-m-Y")."-products.dbf";
$DBPointer=dbase_open($strDBName,0) or die("Cannot open file for
reading");
$nNoOfRecs=dbase_numrecords($DBPointer);
$nLoopBreak=1500;
$nConn=GetCon();
if (empty($nLoopStart)) { $nLoopStart=1; }
if ($nNoOfRecs > $nLoopBreak)
{
$nLoopTill=$nLoopStart + $nLoopBreak;
$nFinal=FALSE;
}
else
{
$nLoopTill=$nLoopBreak;
$nFinal=TRUE;
}
for ($nCount=$nLoopStart;$nCount<=$nLoopTill;$nCount++)
{
$arrData=dbase_get_record($DBPointer,$nCount);
$GRP=CheckString($arrData[0]);
$CAT=CheckString($arrData[1]);
$SUB=CheckString($arrData[2]);
$VEND_CODE=CheckString($arrData[3]);
$MANU_PART=CheckString($arrData[4]);
$PART_NUM=CheckString($arrData[5]);
$DESCR=CheckString($arrData[6]);
$COST=CheckString($arrData[7]);
$RETAIL=CheckString($arrData[8]);
$QTY=CheckString($arrData[9]);
$LIST_PRICE=CheckString($arrData[10]);
$EFF_DATE=CheckString($arrData[11]);
$TECH_FAX=CheckString($arrData[12]);
$STATUS=CheckString($arrData[13]);
$UPC=CheckString($arrData[14]);
$strQuery="SELECT * FROM products WHERE grp='".$GRP."' AND
cat='".$CAT."' AND sub='".$SUB."' AND vend_code='".$VEND_CODE."' AND
manu_part='".$MANU_PART."' AND part_num='".$PART_NUM."'";
$nConn->doQuery($strQuery);
if ($nConn->cntResult()==0)
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.manu_part,products.part_num,products.desc,products.cost,products.retail,products.qty,products.list_price,products.eff_date,products.tech_fax,products.status,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','".$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRICE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."')";
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.manu_part,products.part_num,products.desc,products.cost,products.retail,products.qty,products.list_price,products.eff_date,products.tech_fax,products.status,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','".$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRICE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."'
LIMIT 200)";
else
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$RETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$TECH_FAX',status='$STATUS',upc='$UPC'
WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND
vend_code='".$VEND_CODE."' AND manu_part='".$MANU_PART."' AND
part_num='".$PART_NUM."'";
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$RETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$TECH_FAX',status='$STATUS',upc='$UPC'
WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND
vend_code='".$VEND_CODE."' AND manu_part='".$MANU_PART."' AND
part_num='".$PART_NUM."'LIMIT 200";
//echo "nCOunt - > $nCount -".$strQuery;
$nConn->doQuery($strQuery);
}
$nCount++;
$nLoopStart=$nCount;
if ($nFinal==FALSE)
{
//1500 records updated so refresh the page
?>
}
else
{
// all records updated so redirst to calling page.
?>
} ?>
Haseeb
That might help out with the timeouts too.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Script timeout Problem
Ok, I posted an example in the body of this for your time out limits but
here it is again...
At the end of each of your SQL statements for UPDATE or INSERT simply
add ...LIMIT 2000";
That should limit the updating or inserting of database records until
the page is refreshed to add more...
HTH
Jas
Haseeb Iqbal wrote:
how can i do that?
btw the script runs on a local machine but updates the records on a
webserver i mean live server. this is also a factor for the timeout. the
script was running smoothly for 24000 recods before but now it suddenly
timeout after 800records. i dont know what is heppening
Haseeb
- Original Message -
From: "Jas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 3:16 AM
Subject: [PHP] Re: Script timeout Problem
Have you tried setting a limit on your MySQL insert and update
statements to limit the amount trying to be processed?
Haseeb Iqbal wrote:
hi,
i need to update a mysql table with a dbf file, the dbf file contains
more then 16 records. i knew that the script will not be able to update
16 records in 1 go so i am refreshing the page after speacific no of
records. but still the same problem. the script timeout.i tried changing the
timeout limit to 300 secs but to noavail. i am pasting the code here.plz
take a look may by you can tell me what i am doing wrong
define("_MySqlEnable",TRUE);
set_time_limit(0);
require_once(strPath."paths.php");
$strDBName=strPath."uploads/".Date("d-m-Y")."-products.dbf";
$DBPointer=dbase_open($strDBName,0) or die("Cannot open file for
reading");
$nNoOfRecs=dbase_numrecords($DBPointer);
$nLoopBreak=1500;
$nConn=GetCon();
if (empty($nLoopStart)) { $nLoopStart=1; }
if ($nNoOfRecs > $nLoopBreak)
{
$nLoopTill=$nLoopStart + $nLoopBreak;
$nFinal=FALSE;
}
else
{
$nLoopTill=$nLoopBreak;
$nFinal=TRUE;
}
for ($nCount=$nLoopStart;$nCount<=$nLoopTill;$nCount++)
{
$arrData=dbase_get_record($DBPointer,$nCount);
$GRP=CheckString($arrData[0]);
$CAT=CheckString($arrData[1]);
$SUB=CheckString($arrData[2]);
$VEND_CODE=CheckString($arrData[3]);
$MANU_PART=CheckString($arrData[4]);
$PART_NUM=CheckString($arrData[5]);
$DESCR=CheckString($arrData[6]);
$COST=CheckString($arrData[7]);
$RETAIL=CheckString($arrData[8]);
$QTY=CheckString($arrData[9]);
$LIST_PRICE=CheckString($arrData[10]);
$EFF_DATE=CheckString($arrData[11]);
$TECH_FAX=CheckString($arrData[12]);
$STATUS=CheckString($arrData[13]);
$UPC=CheckString($arrData[14]);
$strQuery="SELECT * FROM products WHERE grp='".$GRP."' AND
cat='".$CAT."' AND sub='".$SUB."' AND vend_code='".$VEND_CODE."' AND
manu_part='".$MANU_PART."' AND part_num='".$PART_NUM."'";
$nConn->doQuery($strQuery);
if ($nConn->cntResult()==0)
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.
manu_part,products.part_num,products.desc,products.cost,products.retail,prod
ucts.qty,products.list_price,products.eff_date,products.tech_fax,products.st
atus,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','"
$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRI
CE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."')";
$strQuery="INSERT INTO
products(products.grp,products.cat,products.sub,products.vend_code,products.
manu_part,products.part_num,products.desc,products.cost,products.retail,prod
ucts.qty,products.list_price,products.eff_date,products.tech_fax,products.st
atus,products.upc)
VALUES('".$GRP."','".$CAT."','".$SUB."','".$VEND_CODE."','".$MANU_PART."','"
$PART_NUM."','".$DESCR."','".$COST."','".$RETAIL."','".$QTY."','".$LIST_PRI
CE."','".$EFF_DATE."','".$TECH_FAX."','".$STATUS."','".$UPC."'
LIMIT 200)";
else
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$R
ETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$T
ECH_FAX',status='$STATUS',upc='$UPC' WHERE grp='".$GRP."' AND cat='".$CAT."'
AND sub='".$SUB."' AND vend_code='".$VEND_CODE."' AND
manu_part='".$MANU_PART."' AND part_num='".$PART_NUM."'";
$strQuery="UPDATE products SET
products.part_num='$PART_NUM',products.desc='$DESCR',COST='$COST',retail='$R
ETAIL',qty='$QTY',list_price='$LIST_PRICE',eff_date='$EFF_DATE',tech_fax='$T
ECH_FAX',status='$STATUS',upc='$UPC'
WHERE grp='".$GRP."' AND cat='".$CAT."' AND sub='".$SUB."' AND
vend_code='".$VEND_CODE."' AND manu_part='".$MANU_PART."' AND
part_num='".$PART_NUM."'LIMIT 200";
//echo "nCOunt - > $nCount -".$strQuery;
$nConn->doQuery($strQuery);
}
$nCount++;
$nLoopStart=$nCount;
if ($nFinal==FALSE)
{
//1500 records updated so refresh the page
?>
Haseeb
That might help out with the timeouts too.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] post var check failing?
Not sure why it isn't checking my post vars correctly... any help is
appreciated.
Thanks in advance Jas
while($a = mysql_fetch_array($x)) {
list($_SESSION['id01'],$hn,$ma,$i,$v) = $a; }
$_SESSION['search'] = "...new form with listed vars...";
} elseif ((empty($_POST['hosts01'])) && (empty($_POST['search'])) &&
(!empty($_POST['hn'])) && (!empty($_POST['ma'])) &&
(!empty($_POST['i'])) && (!empty($_POST['v']))) {
unset($_SESSION['search']);
// FiX POST VAR CHECK !
$_SESSION['search'] = "... show posted vars as successful submission ..."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] looping problem?
Problem with looping over a CSV file (3 results for each line)? Here is
the CSV file contents...
MTPC-01,00:02:B3:A2:9D:ED,155.97.15.11
MTPC-02,00:02:B3:A2:B6:F4,155.97.15.12
MTPC-03,00:02:B3:A2:A1:A7,155.97.15.13
MTPC-04,00:02:B3:A2:07:F2,155.97.15.14
MTPC-05,00:02:B3:A2:B8:4D,155.97.15.15
Here is the script...
$row = 1;
$file = "fa.csv";
$id = fopen("$file","r");
while($data = fgetcsv($id,100,",")) {
$num = count($data);
$row++;
for($c = 0; $c < $num; $c++) {
echo "host $data[0] {\nhardware ethernet $data[1];\nfixed-address $data[2];\n}\n"; }
}
fclose($id);
?>
And this is the output...
(notice 3 results for the first line in the CSV file)
host MTPC-01 {
hardware ethernet 00:02:B3:A2:9D:ED;
fixed-address 155.97.15.11;
}
host MTPC-01 {
hardware ethernet 00:02:B3:A2:9D:ED;
fixed-address 155.97.15.11;
}
host MTPC-01 {
hardware ethernet 00:02:B3:A2:9D:ED;
fixed-address 155.97.15.11;
}
Any help is appreciated...
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] function problem?
Not sure why the last section won't work...
/* Function to search for hosts */
function search_dhcp() {
if ((empty($_POST['search'])) && (empty($_POST['hosts01'])) &&
(empty($_POST['hn'])) && (empty($_POST['ma'])) && (empty($_POST['i']))
&& (empty($_POST['v']))) {
unset($_SESSION['search']);
$_SESSION['search'] = "Search for individual computers to
edit**This feature will search all
VLAN's for individual machines to make host configuration changes
to.ex. 10.10.0.255 or dhcp-client Wildcards are marked as a
'%'.";
} elseif ((!empty($_POST['search_name'])) && (empty($_POST['hosts01']))
&& (empty($_POST['hn'])) && (empty($_POST['ma'])) &&
(empty($_POST['i'])) && (empty($_POST['v']))) {
unset($_SESSION['search']);
require 'dbase.inc.php';
$table = "hosts";
$x = @mysql_query("SELECT * FROM $table WHERE hostname LIKE
'$_POST[search_name]'")or die(mysql_error());
$num = mysql_num_rows($x);
if($num == "0") {
$_SESSION['search'] = "Search for individual computers to edit by
hostname**This feature will search
all VLAN's for individual machines to make host configuration changes
to.(ex. dhcp_client_003) Wildcards are marked as a
'%'. No hosts
matched your search for $_POST[search_name].";
} elseif ($num != 0) {
$_SESSION['search'] .= "Here are your search
results.**Please select the
machine you wish to make changes to.";
while($v = mysql_fetch_array($x)) {
list($_SESSION['id'],$_SESSION['hn'],$_SESSION['ma'],$_SESSION['i'],$_SESSION['v'])
= $v;
$_SESSION['search'] .= "$_SESSION[hn] | $_SESSION[i] | $_SESSION[v]";
}
$_SESSION['search'] .= "";
} else {
$_SESSION['search'] = "Search for individual computers to edit by
hostname(ex. dhcp_client_003)**This feature will search all VLAN's for individual
machines to make host configuration changes to. No hosts matched your search for
$_POST[search_name]."; }
unset($_SESSION['id'],$_SESSION['hn'],$_SESSION['ma'],$_SESSION['i'],$_SESSION['v']);
} elseif ((!empty($_POST['hosts01'])) && (empty($_POST['search'])) &&
(empty($_POST['hn'])) && (empty($_POST['ma'])) && (empty($_POST['i']))
&& (empty($_POST['v']))) {
unset($_SESSION['search']);
require 'dbase.inc.php';
$table = "hosts";
$x = mysql_query("SELECT * FROM $table WHERE hostname =
'$_POST[hosts01]' OR ip = '$_POST[hosts01]' OR mac =
'$_POST[hosts01]'")or die(mysql_error());
$num = mysql_num_rows($x);
if($num == "0") {
unset($_SESSION['search']);
$_SESSION['search'] = "Search for individual computers to edit by
hostname(ex. dhcp_client_003)**This feature will search all VLAN's for individual
machines to make host configuration changes to. You did not select a host to
edit.";
} elseif ($num != 0) {
while($a = mysql_fetch_array($x)) {
list($_SESSION['id01'],$hn,$ma,$i,$v) = $a; }
$_SESSION['search'] = "
You are about to make
changes to $hn | $i** Please fill
out all fields and be carefull when entering the MAC address. The
proper format is as such XX:XX:XX:XX:XX
Hostname
MAC-Address
IP-Address
VLAN / Subnet:
";
} elseif ((empty($_POST['hosts01'])) && (empty($_POST['search'])) &&
(!empty($_POST['hn'])) && (!empty($_POST['ma'])) &&
(!empty($_POST['i'])) && (!empty($_POST['v']))) {
unset($_SESSION['search']);
// Will not get to this point!
$_SESSION['search'] = "
Your changes to
$_POST[hosts01] were successfull**
To make your changes active you must use the \"UPDATE DHCP\" link on the
left
Hostname
$_POST[hn]
MAC-Address
$_POST[ma]
IP-Address
$_POST[i]
VLAN / Subnet:
$_POST[v]
";
} else {
unset($_SESSION['search']);
$_SESSION['search'] = " Something broke, please try again."; }
} else {
unset($_SESSION['search']);
header("Location: login.hosts.php"); }
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Checkboxes?
I am having a problem with checkboxes...
$_SESSION['logs'] .= "DateTimeIP
AddressPortLog MessageDetails?";
require 'database_script.php';
$table = "logs";
$sql = mysql_query("SELECT * FROM $table ORDER BY date",$db)or
die(mysql_error());
while($row = mysql_fetch_array($sql)) {
list($id,$date,$time,$ip,$host,$referer,$agent,$page,$pagecount,$message,$session)
= $row;
$_SESSION['logs'] .=
"$date$time$ip$host$message"; }
// Begin checking if variables are present...
if (empty($_POST['id'])) {
unset($_SESSION['details']);
$_SESSION['details'] = " You must select an access log(s)
to view the details of";
} elseif (!empty($_POST['id'])) {
unset($_POST['details']);
$_SESSION['details'] = "You have selected record number...";
} else {
unset($_SESSION['details']);
$_SESSION['details'] = " You must select an access log(s)
to view the details of."; }
?>
I think it has something to do with the naming or values of the
checkboxes but if someone could shed some light on it that would be great.
jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Looping problem?
require 'database.php';
$t_02 = "subnets";
$sql_subs = mysql_query("SELECT * FROM $t_02",$db)or
die(mysql_error()); while(list($id,$sub,$msk,$dns01,$dns02,$rtrs,$rnge)
= mysql_fetch_array($sql_subs)) {
$num = mysql_num_rows($sql_subs);
for($z = 0; $z < $num; $z++) {
$vlans[] = "subnet $subnetmask $msk {option domain-name-servers
$dns01, $dns02;option routers $rtrs;range $rnge;}"; }
}
// Write everything out formated...
echo $vlans[$z]\n;
Right now it only pulling the last record???
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Not working?
I think I must be missing something but this command isn't renaming the
file specified... Pointers, tips appreciated!
system("rename('/path/to/new.sh', '/path/to/old.$today')");
/to directory has permissions set to current user and is also owned by
the current user (test_user)... I can write files into the directory and
delete files form the directory using the 'unlink()' command but the
rename function I am having problems with.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] permissions with bash scripts in php?
Something I have never tried... seems fairly straight-forward but I am running into problems. My problem is that I need to call system to restart a daemon service like so... $cmd = "/path/to/shell/script/script.sh"; system($cmd . " &> /tmp/error "); ?> Script contains this command... #!/bin/bash /path/to/dhcpd -cf /path/to/config/dhcpd So far so good right? I mean it works from a command line so why not from php. Lets check some permissions... httpd as Apache:Apache script.sh as Apache:Apache Upon inspection of 'error file' in /tmp I find this... unable to create icmp socket: Operation not permitted Can't create new lease file: Permission denied And... Can't bind to dhcp address: Permission denied Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf. Also make sure you are not running HP JetAdmin software, which includes a bootp server. So lets set a sticky bit on the script.sh and /path/to/config/dhcpd $> chmod 1777 /path/to/config/dhcpd $> chmod 1777 script.sh So far so good but I am still recieving the same error, if anyone has some good tips on what would be the most efficient & SECURE way of starting this service please point me to the tutorial Thanks a ton. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions with bash scripts in php?
Jake McHenry wrote: - Original Message - From: "Jas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 12, 2004 4:47 PM Subject: [PHP] permissions with bash scripts in php? Something I have never tried... seems fairly straight-forward but I am running into problems. My problem is that I need to call system to restart a daemon service like so... /tmp/error "); ?> Script contains this command... #!/bin/bash /path/to/dhcpd -cf /path/to/config/dhcpd So far so good right? I mean it works from a command line so why not from php. Lets check some permissions... httpd as Apache:Apache script.sh as Apache:Apache Upon inspection of 'error file' in /tmp I find this... unable to create icmp socket: Operation not permitted Can't create new lease file: Permission denied And... Can't bind to dhcp address: Permission denied Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf. Also make sure you are not running HP JetAdmin software, which includes a bootp server. So lets set a sticky bit on the script.sh and /path/to/config/dhcpd $> chmod 1777 /path/to/config/dhcpd $> chmod 1777 script.sh So far so good but I am still recieving the same error, if anyone has some good tips on what would be the most efficient & SECURE way of starting this service please point me to the tutorial Thanks a ton. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php is the apache user and group able to run the script from the command line? I know under rh9, you have to be root to start / stop / restart just about all the services. Just an idea. Jake Just tried that and I am getting the same error. I guess what I am really looking for is a way to have apache restart the service without adding the apache user in the 'sudoers' file. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] permissions with bash scripts in php?
Jason Wong wrote: > On Tuesday 13 January 2004 06:46, Jas wrote: > > [Please trim your posts!] > > >>Just tried that and I am getting the same error. I guess what I am >>really looking for is a way to have apache restart the service without >>adding the apache user in the 'sudoers' file. > > > If you really must restart system services over insecure interfaces such as a > web browser then consider using something which was 'tailor-made' for the > purpose eg Webmin. Webmin is not ideal, but since you are having to ask the > question I would assume that it would be better than anything you could come > up with at this moment in time. > > If you still want develop your own, then have a look in the archives for > possible solutions using sudo, or cronjobs. > So instead of having a function to run a bash script which would restart the dhcp service after a new dhcpd.conf file has been written (which would run under the same user as the httpd service). You are suggesting to run a cron job which would maybe run every 5 or 10 minutes to run the bash script which restarts the service? Would this be the most secure method of accomplishing such a task? Or is there a way to put a hook in the bash script which php could execute as a privledged user? Thanks for the insight, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dynamic Forms
Matt Matijevich wrote:
[snip]
Can anyone suggest a PHP solution to creating a form that gets built
after a client enters a variable?
[/snip]
php runs on your server so to build the forms based on a user entered
form field, the form has to be submitted, so you would have to use
javascript to automatically submit the form or have the user push a
submit button to susbmit the form so php can do its thing.
I don't have a solution or tutorial per se'... Google might. Here is a
small example of a self processing form, if it helps.
";
} elseif((!empty($_POST['var01'])) || (!empty($_POST['var02']))) {
$form = "
";
} else {
$form = "$_POST[var01]
$_POST[var02]"; }
echo $form;
?>
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Ip Tracking Utilities
Rolf Brusletto wrote:
Hey all - I've heard mention of Ip database/tracking utilities in the
lists before, but I can't seem to find any mention when googling... does
anybody know of a good app to track multiple Class C spaces or larger?
Thanks,
Rolf Brusletto
--
http://www.phpExamples.net
http://www.emailfeeds.com
--
Have you tried using a system to ping a given range of IP's?
http://us4.php.net/manual/en/function.system.php
Something like...
"192.168.0.2",
"1" => "192.168.0.3",
etc...);
for($i = 0; $i > $network; $i++) {
$result = system("ping $network[$i]")
if($result != "") {
echo "host $network[$i] responded"; }
}
HTH
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Function for crypt and decript.
[EMAIL PROTECTED] wrote: Hi all, are in PHP, functions for crypt and decrypt string? I would to use this function in my script in PHP, how can I use this? I need of an example for use this and a list of this function. Thanks in advance. base64_decode() and base64_encode() http://us2.php.net/manual/en/ref.url.php crypt() http://us2.php.net/manual/en/function.crypt.php mcrypt() - Must have packages installed, but works very well http://us2.php.net/manual/en/ref.mcrypt.php openssl() - Also must have packages installed http://us2.php.net/manual/en/ref.openssl.php Hope this helps... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Suggestion on executing external programs from within php
Using system in this manner may work for small scripts/programs that
only need authentication of the webserver. But for something like
restarting a service I use a shell script run as a cron job then just
call a system("touch /path/to/temp/file") which the cronjob looks at to
see if it should restart a service.
just 2 cents
Jas
Ammar Ibrahim wrote:
maybe if you put Call1 and Call2 in seprate PHP files, and you call both of
them. i guess it would work
Ammar
"John Clegg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi
I would like to be able to execute 2 system calls simultaneously. I am
not interested in the output and I would like to do the equivalent of a
fork as these programs take a long time.
eg
system('/usr/local/bin/process_file file1');
system('/usr/local/bin/process_file file2');
Any suggestions on what to use???
Cheers
John Clegg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Tracking users...
I am fairly new to PHP and have setup a site that connects to a MySQL db to store different information from our users, however what I would like to setup is something that I could place on a few pages to track users for demographic purposes. What I need to do is as a page is visited I need to generate a random alpha numeric identifier to be used as a session variable for a cookie and also have that cookie's information be placed into a MySQL database for later retrieval. If anyone has a good resource tutorial on this type of function I would greatly appriciate it. Oh and yes I have done quite a bit of research on php.net on both the session() and the setcookie() functions. =) Thanks again. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Basic Authentication with IIS
Yeah basically on an IIS server you have a default www group that you can use because it has read only permissions, if you need to add a user just go to administrative tools on the server and then computer management if not in a domain or active directory users and groups if the server is a member of a domain. Once you are in the control panel for adding users and groups you will want to find the default www user which in 2000 i believe is named IIS and you can use that user or create new users with passwords and then add them to the IIS group which by default gives minimal privlidges to web users. I hope this helps, let me know if you get stuck or dont understand something k? Jas "Spamsucks86" <[EMAIL PROTECTED]> wrote in message 000601c1a468$9c9c2f40$7f523944@cc1966780a">news:000601c1a468$9c9c2f40$7f523944@cc1966780a... > With apache, you can easily match up a L/P to an htpasswd file. With > IIS, the user has to be created as the windows level. I'm moving a site > from an apache server to an IIS server, and need to figure out an easy > way to do basic authentication. I guess putting a chunk of code at the > top of every script to check headers would be appropriate, but that > would be a lot of work for this site, plus I have PHP scripts that I > didn't write and are very complex and trying to edit them in order to > accomplish this would be hell. What other alternatives do I have for > basic authentication on IIS? Is there a way maybe to make users on the > O/S and just give them minimal permissions? If there's an article > somewhere on this, just give me the link =) Thanks for your help! > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] general question...
Using php3 is there a way to have a page only be access if the user is coming from another page? I don't quite know how to word what I am thinking but for instance... Form <-- page that contains a form to submit an email address to a mailing list Confirm <-- page that confirms the users email address Submit <-- page that connects to database and submits users email address What I want to do is have users not be able to access the submit page unless they are refered from the confirm page... Using php is this possible? And if so could someone point out somewhere that has more info so I may begin incorporating this into my scripts. Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] General question...
Ok I think I know what I need to learn... how can I do a redirect based on whether or not a user came from a certain page? For example... if a user comes from a page called confirm.php then it takes them to a page called thanks.php and if the user came from a different server or typed the url directly then it would redirect the user to the index.php page? Thanks in advance... Jas P.S. A tutorial on this would definately prevent me from posting the same question again. =) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Formatting problem
I feel kinda dumb for posting this but here it is... I am trying to query a
table then format the results so it looks like the rest of the site and the
darn delete button to remove db entries keeps showing up at the top. Here
is the code... Thanks in advance.
Jas
Current
Inventory";
$count = -1;
while ($myrow = mysql_fetch_row($result)) {
$count ++;
echo "Type Of Car: ";
printf(mysql_result($result,$count,"car_type"));
echo "remove
\n";
echo "Model Of Car: ";
printf(mysql_result($result,$count,"car_model"));
echo "\n";
echo "Year Of Car: ";
printf(mysql_result($result,$count,"car_year"));
echo "\n";
echo "Price Of Car: $";
printf(mysql_result($result,$count,"car_price"));
echo "\n";
echo "VIN Of Car: ";
printf(mysql_result($result,$count,"car_vin"));
echo "\n";
}
echo "";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eregi() problems...
I must be doing something wrong, for that solution did not work.
"Robert Cummings" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> jas wrote:
> >
> > // second selection for main image on main page
> > $dir_name = "/path/to/images/directory/";
> > $dir = opendir($dir_name);
> > $file_lost .= "
> > ";
> > while ($file_names = readdir($dir)) {
> > if ($file_names != "." && $file_names !=".." &&
eregi('_[0-9]{4}.jpg$',
> > $file_name)) {
> > $file_lost .= " > NAME=\"$file_names\">$file_names";
> > }
> > }
> > $file_lost .= " > VALUE=\"select\">";
> > closedir($dir);
> >
> > My problem is with the eregi() function to filter out files without the
> > following criteria *_.jpg, it must have an underscore followed by 4
> > numbers and then ending in .jpg file extension. I have tried a few
> > different methods to try and get this to work however I think I am
missing
> > something. All of the documentation I have read on php.net states that
this
> > string should work as is... I have checked the contents of the directory
and
> > I only have files of these two types...
> > filename_logo.jpg
> > filename_0103.jpg
> > Could anyone enlighten me on how this is not working?
> > Thanks in advance,
>
> I hope I'm reading right... it seems you want to filter OUT files with
> the extension '_.jpg' the above check appears to be filtering out
> everything BUT these files. I think you want the following check:
>
> if( $file_names != "."
> &&
> $file_names !=".."
> &&
> !eregi( '_[0-9]{4}\.jpg$', $file_name) )
>
> Cheers,
> Rob.
> --
> .-.
> | Robert Cummings |
> :-`.
> | Webdeployer - Chief PHP and Java Programmer |
> :--:
> | Mail : mailto:[EMAIL PROTECTED] |
> | Phone : (613) 731-4046 x.109 |
> :--:
> | Website : http://www.webmotion.com |
> | Fax : (613) 260-9545 |
> `--'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Ereg ()
If you look on php.net and run a search on ereg() you will find examples on
how to use regex. Your string would look like this:
ereg('[a-z][A-Z][0-9]{7}')
With your special characters I am not sure how that would work but check out
php.net.
hth
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file delete...
How can I delete a file in php? thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] verify file types when uploading to server...
I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: verify file types when uploading to server...
Nevermind... =) "Jas" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am wondering if any one has a good idea on how to do checking based on a > files extension, what I am trying to accomplish is to be able to upload > files to a webserver however I only want to have .jpg files uploaded. If > anyone has a good way to do this please share. > Thanks in advance, > Jas > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: verify file types when uploading to server...
Oops... Hope this helps others, here is what I did:
// This is your form...
// this is the script to upload the file
// Note: if you want to only upload certain file types... change the
eregi('.jpg$ sting to whatever your file extension should be
// Also the directory in question needs permissions set to 755 for it to
work.
"Michael Andersson" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Maybe you want to share with the rest of us, or at least me how you did
it?
> :)
>
> /Micke
> "Jas" <[EMAIL PROTECTED]> skrev i meddelandet
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Nevermind... =)
> > "Jas" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I am wondering if any one has a good idea on how to do checking based
on
> a
> > > files extension, what I am trying to accomplish is to be able to
upload
> > > files to a webserver however I only want to have .jpg files uploaded.
> If
> > > anyone has a good way to do this please share.
> > > Thanks in advance,
> > > Jas
> > >
> > >
> >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Could you explain that a little more?
thanks,
Jas
"Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Not sure what you're tring to achieve, but that only checks the file's
> name. You might want to use file (man 1 file) to verify that it actually
> is a JPEG, since people can put malicious data into a file named xxx.jpg
> and perhaps fool IE into doing bad things.
>
> miguel
>
> On Wed, 17 Apr 2002, jas wrote:
>
> > Oops... Hope this helps others, here is what I did:
> > // This is your form...
> > > enctype="multipart/form-data">
> >
> >
> >
> >
> >
> >
> > // this is the script to upload the file
> > // Note: if you want to only upload certain file types... change the
> > eregi('.jpg$ sting to whatever your file extension should be
> > // Also the directory in question needs permissions set to 755 for it to
> > work.
> > > if ($img1_name != "" && eregi('.jpg$', $img1_name)) {
> > @copy("$img1", "/path/to/directory/$img1_name") or die ("Could not
upload
> > file, please try again after making sure the file is less than 2mb in
size
> > and the file name correct");
> > } else {
> >die("No file selected for upload, or the file was not the correct
type.
> > Please only upload .jpg files.");
> > }
> > ?>
> >
> > "Michael Andersson" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Maybe you want to share with the rest of us, or at least me how you
did
> > it?
> > > :)
> > >
> > > /Micke
> > > "Jas" <[EMAIL PROTECTED]> skrev i meddelandet
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Nevermind... =)
> > > > "Jas" <[EMAIL PROTECTED]> wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > I am wondering if any one has a good idea on how to do checking
based
> > on
> > > a
> > > > > files extension, what I am trying to accomplish is to be able to
> > upload
> > > > > files to a webserver however I only want to have .jpg files
uploaded.
> > > If
> > > > > anyone has a good way to do this please share.
> > > > > Thanks in advance,
> > > > > Jas
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Ok, I understand how it works at least, however I am not familiar enough with unix systems to know how to effectively use that command. Could you give me an example in code so I can mess around with it? Thanks again, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file extension validation
Here is what I have currently to validate the file type on upload to a server: Right now it just checkes the file extension, I would like to know how I can use this piece of code and add the functionality of actually checking the file first. If anyone can point me in the right direction that would be great. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] verify file before linking to another
I am wondering if there is a good tutorial or example of code on how to verify that a page has been hit before linking to the next. For example say you have a form, the form once all fields have been filled links to a confirmation page then from there it links to a thank you page which inserts data to a text file, how can one verify that someone is not just typing in the name of the last page and therefore inserting a blank entry into the text file? Any help would be great. Thanks in advance, jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions and outside of server root
I have been using a script for sessions and it has worked great until i decided to move everything outside of the server root for a little added security and everything works fine except for the sessions, I am wondering if I would need to specify the tmp directory on the server for the sessions to work, any help or pointers would be great. Thanks in advance, jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] arithimetic
This is a simple problem but for some reason it is eluding me...
I have a form that has text fields and check boxes, the function checks the
form, counts words, strips the slashes, then based on the number of words
and number of checkboxes selected calculates a cost... I have added 4 new
checkboxes and when i try to do the calculation $total *= $section; it will
not count the four check boxes and multiply the total by the number
selected... here is the code, any help would be great:
10) { # if the users ad has more than 10 words in it than
$quarters = the extra words times .20
$subtractor = $num - 10;
$quarters = $subtractor * .20;
}
$subtotal = $price + $quarters; # price plus the number of words over 10
$total = $papers * $subsubtotal; # new price multiplied by number of papers
$total *= $weeks * $section; # this is where I am stuck, doesnt calculate
the new checkboxes
$total = sprintf ("%01.2f", $total);
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions
I am a little confused on how to keep a variable registered on more than one
page. For example you log into a page which queries the database. Form
code is as follows...
User Name:
Password:
The auth_done.php then checks to see if the user entered anything for the
username and password and if it doesnt it will re-direct them to the login
page. If the un and pw has been entered it will then query the database for
a valid entry, code is as follows...
You have been authorized to make changes to the
web site.";
session_is_registered('u_name');
session_is_registered('p_word');
session_start();
} else {
header("Location: index.php");
exit;
}
?>
edit pages
The problem I am having is if the user clicks the link for edit.php the
session variables "u_name" and "p_word" are not being passed and I can't do
any other checking with out that. Please help, good tutorials on this are
very appreciated!
Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session problems...
Ok I think I am a little confused as to if this is working or not: I have
commented in the places where I am confused... if someone could please point
out why the variables "u_name & p_word" are not being registered that would
help me out a ton... thanks in advance,
Jas
--- Form to log user in ---
--- checks db to see if user exists ---
You have been authorized to make changes to
the web site.";
session_start();
#session_register(u_name); //cant tell if this has been registered with a
print statement
#session_register(p_word); //can't tell if this is either
$_session['u_name'] = $u_name; //this must be wrong too
$_session['p_word'] = $p_word; //still wont register session variables
} else {
header ('Location: index.php');
exit;
}
?>
edit more pages
--- page to see if variables are being passed to edit page ---
success?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reading dir contents...
here is a function to read the contents of a directory that then pulls it
into a drop down select list. You may want to modify it for your needs but
this should work for you.
$dir_name = "/virtual/path/to/images/directory/";
$dir = opendir($dir_name);
$file_list .= "
";
while ($file_name = readdir($dir)) {
if (($file_name != ".") && ($file_name !="..")) {
$file_list .= "$file_name";
}
}
$file_list .= "";
closedir($dir);
HTH
Jas
"Ashley M. Kirchner" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Take this function:
>
> function randomImg() {
> $numargs = func_num_args();
> $ImgArray = array($numargs-1);
> $arg_list = func_get_args();
> $ImgDir = $arg_list[0];
> srand((double)microtime()*1234567);
> $img = $arg_list[rand(1,count($arg_list)-1)];
> while(!$img) {
> $img = $ImgArray[rand(1,count($ImgArray))];
> }
> return "$ImgDir/$img";
> }
>
>
> ...it assumes two things: $arg_list[0] is a variable (which is always
> passed) that ends up being $ImgDir, and then there's $arg_list[1-n] where
'n'
> is >1 . Right now, I'm calling this function like so:
>
>
>
> However, I'd like to change it so that I don't have to specify the
image
> names ($arg_list[1..n]), but just the first variable. I'd like for it to
grab
> whatever it finds in that folder (passed as the variable), and use. This
way I
> can have any number of images in that folder without having to edit my
pages
> every time to add or remove more. And what if the image name changes,
once
> again I have to manually fix the function call in my pages.
>
> Can PHP do this; open that directory, read its contents and use it (if
so,
> how?) Or do I have to go to Perl for this?
>
> --
> W | I haven't lost my mind; it's backed up on tape somewhere.
> +
> Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
> IT Director / SysAdmin / WebSmith . 800.441.3873 x130
> Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6
> http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A.
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] security checks with sessions...
I am wondering if someone can help me understand a good way to use sessions to check to see if a user has entered a user name and password before allowing them to view the rest of the page. I need to have this check on each page, just not sure how I can pass the sessions to each page, as of yet I can get the variables I have registered to pass from the login form to the login check, and from there it seems to drop the session variable I registered. Any pointers would be great! Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] uh, oh errors?
Not sure how to resolve this, looked at php.net for the headers available
and this is the error I am recieving:
Warning: Cannot add header information - headers already sent by (output
started at /path/to/connection/script/db.php:6) in /path/to/login/checking
file/auth_done.php on line 13
Here is the code that is in auth_done.php:
session_start();
require '/path/to/login/checking file/db.php';
$db_table = 'auth_users';
$sql = "SELECT * from $db_table WHERE un = \"$u_name\" AND pw =
password(\"$p_word\")";
$result = @mysql_query($sql,$dbh) or die("Couldn't execute query");
$num = mysql_numrows($result);
if ($num !=0) {
session_register('u_name');
session_register('p_word');
$msg_success = "Good freakin job poindexter!!";
} else {
header ("Location: index.php"); // This is line 13 that is my error
generator
}
This is the code for the db.php script:
Any help would be great! I am assuming there is another way to redirect
users besides the header function, just not sure what it is or how to use
it. Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] uh, oh errors?
That worked, I had about 3 blank lines trailing my ?>. Thanks a ton!
Jas
"Rasmus Lerdorf" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What is on line 6 of the db.php file? Do you have a stray carriage return
> at the end of this file?
>
> On Thu, 16 May 2002, Jas wrote:
>
> > Not sure how to resolve this, looked at php.net for the headers
available
> > and this is the error I am recieving:
> >
> > Warning: Cannot add header information - headers already sent by (output
> > started at /path/to/connection/script/db.php:6) in
/path/to/login/checking
> > file/auth_done.php on line 13
> >
> > Here is the code that is in auth_done.php:
> >
> > session_start();
> > require '/path/to/login/checking file/db.php';
> > $db_table = 'auth_users';
> > $sql = "SELECT * from $db_table WHERE un = \"$u_name\" AND pw =
> > password(\"$p_word\")";
> > $result = @mysql_query($sql,$dbh) or die("Couldn't execute query");
> > $num = mysql_numrows($result);
> > if ($num !=0) {
> > session_register('u_name');
> > session_register('p_word');
> > $msg_success = "Good freakin job poindexter!!";
> > } else {
> > header ("Location: index.php"); // This is line 13 that is my error
> > generator
> > }
> >
> > This is the code for the db.php script:
> > > $dbh = mysql_connect('localhost','username','password') or die('Could
not
> > connect to database, please try again later');
> > mysql_select_db('db_name') or die('Could not select database, please try
> > again later');
> > ?>
> >
> > Any help would be great! I am assuming there is another way to redirect
> > users besides the header function, just not sure what it is or how to
use
> > it. Thanks in advance,
> > Jas
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: List content of folders?
readdir(); search for that and you should find what you need. HTH Jas "Hawk" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is there some var that does this automaticly? I don't really know what to > search for on php.net.. :P > If there isn't, is there any other way to do this? I know it's possible with > asp but I have no plans on using asp :P > > Håkan > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] verify file against array?
I am trying to register an array containing file types, htm, jpg, jpeg, gif
and pdf. I think I am missing something, if someone could look at this and
tell me what I am doing wrong that would be awesome, thanks in advance.
jas
"1",
".jpg"=>"2",
".jpeg"=>"2",
".htm"=>"3",
".pdf"=>"4");
if ($img1_name != "" && eregi('$types', $img1_name)) {
@copy("$img1", "/path/to/images/$img1_name") or die ("Could not upload file,
please try again after making sure the file is less than 2mb in size and the
file name correct");
} else {
die("No file selected for upload, or the file was not the correct type.
Please only upload .jpg files.");
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] in_array problems (another pair of eyes?)
I don't think I am using the syntax correctly, I have been looking at this function on php.net and everything I have seen says my code should be working. A form allows the user to upload a file: Resulting file (upload_done.php): And here is my error: Warning: Wrong datatype for first argument in call to in_array in upload_done.php on line 7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
