[PHP] password protection

? When filling out a form, for example: Enter your user name and password: ... User Name: Password: ... the TYPE="password" makes sure the browser doesn't echo the password as it is typed but it is still sent to the web server as clear text. How do folks deal with this

[PHP] are sessions single threaded?

). Apache 1.3.12 with PHP 4.0RC2 (it's just a test site at the moment) --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additio

Re: [PHP] are sessions single threaded?

At 4:04 PM -0800 3/6/01, Ernest E Vogelsinger wrote: >At 00:56 07.03.2001, Bill Rausch said: >[snip] >>What I mean is, if a user is connected to a php page that uses sessions and >>that is involved in a time consuming operation (say

[PHP] forms and RETURN key

st the way it is? :-( Or is this behavior controllable somehow? :-) --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands,

[PHP] Apache/PHP4/SSL, downloads fail with IE 5.5 only when usingsessions

dev/urandom session.cache_limiter = nocache ; set to {nocache,private,public} to ; determine HTTP caching aspects session.cache_expire = 180 ; document expires after n minutes Thanks, Bill --- Bill Rausch, Software Development, Unix, Mac, Windo

Re: [PHP] Apache/PHP4/SSL, downloads fail with IE 5.5 only whenusing sessions

At 9:11 AM -0700 5/4/01, Martín Marqués wrote: >On Sáb 05 May 2001 00:56, Bill Rausch wrote: >> Hi all, >> >> A customer has a problem. They've installed "Merlin" from Abriasoft. It is >> a pre-built Apache/PHP/SSL/MySQL/... package. Their problem is tha

RE: [PHP] Delivering NAMED pdf files

ooks something like: ... $uri = urldecode(substr($REQUEST_URI,8)); # skip over the /dl.php/ $x = strpos( $uri, "?" ); # get rid of trailing SID, etc. if( $x > 0 ) $uri = substr($uri,0,$x); header( ... header( ... readfile( "$realfileloc/$uri"

AW: [PHP] Stopping stolen / spoofed / linked sessions

ing the URL method. The only work around is to expire sessions quickly or to require that cookies be used? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe,

Re: [PHP] Stopping stolen / spoofed / linked sessions

cause they are already within my site? Is this just an insoluble problem using the URL approach and the only thing to do is require cookies be enabled? Bill -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Ma

[PHP] re: File Download IE behavior

uot;Connection: close" ); header( "Content-Type: application/pdf" ); readfile( "simple.pdf" ); Also, a php.ini setting of interest is: session.cache_limiter = Depending on SSL, cookies, and other things you might need to set this to either nothing at all or to publi

[PHP] session problem

r for the magic to occur where ?PHP_SESSID=... gets added to the URL automatically. If you just type in 1.php and then type in 2.php the session variable is not automatically sent along. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-086

[PHP] re: IE double download

7;) ) $z = substr( $z,1,strpos($z,':')-1 ); else $z = substr( $z,1 ); header( "Content-Type: " . FindMime($z) ); // FindMime is my function } else { header( "Conte

Re: [PHP] hacks we should know about

running except the web server? -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To cont

[PHP] nimda, etc.

ot; ); echo "404 File Not Found: "; echo $HTTP_SERVER_VARS["REDIRECT_URL"]; ?> I felt that if nothing else I could slow the worm down a little by wasting its time before it races off to the next potential target. Does what I'm doing make any sense or am I all confused

[PHP] floating point format

I've notice that I can read floating point format like: 1.932E+12 Is there any way to output such a number. The %f format string in printf just prints 19320.00. Then I tried %e and got very strange results. The 1.932 was printed with nothing after it. -- Bill R

[PHP] fprintf

There doesn't appear to be an fprintf function. I'm using: fputs( $fp, sprintf( $format, ... ) ); Is this the recommended workaround? I was wondering why fprintf was left out since so many other standard C library routines are present? -- Bill Rausch, Software Development,

[PHP] printf scientific notation?

(RH 7.1), Apache (1.3.20), PHP (4.0.6) Thanks. -- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [E

[PHP] Re: printf scientific notation?

12:09 AM -0500 10/5/01, Richard Lynch wrote: >You could roll your own... > >% and (int) / and round() are all you need. > >- Original Message - >From: Bill Rausch <[EMAIL PROTECTED]> >Subject: printf scientific notation? > > > Can PHP print floating point numbers us

[PHP] basic authentication and redirection

(or even know the username/password) on the remote site? This isn't intended to stop serious hackers, just enough security to stop casual passers-by. Thanks, Bill -- Bill Rausch We first make our habits and then our habits make us. --John Dryden -- PHP General Mailing List (http://w

[PHP] Fedora-Apache2-PHP exec() failure

t doesn't change though. No error message, no output. Just the 127 (-1?) So, what do I have to change in my setup to get the exec functions to work in the web server? Thanks, Bill Rausch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Fedora-Apache2-PHP exec() failure

At 13:22 -0800 3/23/05, Rasmus Lerdorf wrote: Bill Rausch wrote: Hi all, I'm having the same problem as Jim Poserina. Richard pointed out some things to try. Here's my story. We installed Fedora 3 on a new box. Then we installed Apache 2 and PHP 4.3.9 from the RPMs that came

[PHP] socket_bind function

I see reading the online docs that I'm supposed to go: socket_create... socket_bind... socket_connect... I've never used the bind function and it hasn't seemed to make any difference? I've always just done socket_create() and then socket_connect(). What benefit is there to putting a socket_bind

[PHP] ZVAL reference counter code execution

Hi all, Do I have to worry about the ZVAL overflow vulnerability if I don't use unserialize() in my code? Or is it used behind the scenes whether I call it directly or not? I have a web server running PHP 4.4.4 with only one custom application running on it. The server is dedicated to this o

[PHP] Re: PHP as Scripting Language

arning: Cannot send session cache limiter - headers already sent in Unknown on line 0 hello world Any ideas on what I've got configured wrong? Thanks. --- Bill Rausch, Software Development, Unix, Mac, Windows Numerical Applications, Inc. 509-943-0861 [EMAIL PROTECTED] -- PHP G