I was learning Drupal and saw it had a db_query function that accepts the query as a string and the variables
September 3, 2007 at 6:02 pm
· Filed under Uncategorized
Personal Web Hosting | Personal Hosting
haha, ya thats rediculous
I dunno if the Visa one needed a symbol, but definitely the other 3
MD5 is algorithmic, but it's asynchronously algorithmic
are you trying to say that it can't be "unencrypted"?
Anyway, just cowboy up and use SHA256 or Haval256,5
MD5 isn't encryption though I thought
is there any native sha256 function? because I so would use it if there was.
It
It's not.
gotcha
md5 works on a stream of bits, but it has weaknesses wherein it's possible to break into that stream at some point, enter new data, and then work it back itno the original stream, thereby hiding your changes
Yes, hash() is native.
That's…. not entirely accurate….
w00t!
please update what I said then, so I can learn more
Too much rum in me to explain it…
that's what I understood of it when reading about those people that had broken it. after seeing those two postscript files with different content and the same md5sum, I was impressed
i think it has to do with the randomness of the algorithm. For instance, two strings "hello man" and "hello woman" are supposed to have equal chances to change each bit randomly of the final output but people have discovered some patterns
There is no randomness.
It's 100% deterministic.
It's just a very chaotic pattern.
MD5 is the CE of D&D.
obvoiusly, there's no such thing as real randomness in this sort of thing
http://www.cits.rub.de/MD5Collisions/ that's the postscript example I was talking about
All digest algorithms work on the exact same principles…. just with different degrees and types of chaos.
it's interesting
a good hash algorithm will have an equal likelihood to change any bit in the final output from any change made in the input
$myvar_foo(foo of the $foo variable). Does possible ?
the most reliable hashing mechanism is to use two or more hashes together
e.g. md5sum(file.txt) sha256(file.txt) and confirm they both match
you may be able to break one, but never two together
What of the what and what?
the hashes use completely different algos, you would never get two differing files which had matching hashes for two different algos
that was a really niche type joke that I knew wouldn't work, don't worry about it 
even for weak hashes like crc32
Of course not, but with sufficient storage space and processing power you could composite two separate, but complete sets of reversals
I am talking about securing the authenticity of a piece of data, by using two separate hashnig methods on it
*hashing
md5+sha1 is really just mycompositie-288
e.g. those two postscript files on that URL above I mentioned, if you used crc32 on them, they wouldn't match
I understand that.
so why did you chuckle at never ? it is a never case
They wouldn't because the person making them match didn't both to make the crc32 case match as well.
It's NOT a never case.
md5 has a 128 bit collision space. sha1 has a 160 bit collision space. md5+sha1 has a 288 bit collision space.
1 in 2^288 is not zero.
some of us live in reality though
they are exploiting weaknesses in one particular system. there's no way another hash type would end up with a match using the firsh hashes weakness
And 640k is enough for anybody.
I'm not talking about pure random collisions, those would be possible on some *extremely, extremely* rare data
You're missing the point. md5 isn't the only "weak" algorithm.
I'm talking about ones like that broken md5sum, where they are manually modifying a file to create a matching checksum
Every algorithm is weak.
people also did that a lot on BitTorrent, to spam torrents they didn't like
giving fake pieces that matched the checksum
So?
lol, that's quite fun
If BT were checking MD5 and CRC32 values it would just be harder. Not impossible.
md5 + crc32 wouldn't have the *same* weakness, so you wouldn't be able to create two files that match one checksum for each
YES
YOU
WOULD
i love pollita's literalness
You would just have to address their UNIQUE weaknesses independently.
foutrelis, thats second time today you've wished that. you need a new client
Indeed
well I don't think that any modern checksums will ever be made to match even with user-provided-data … and what I was talking about was data provided by ones self to others, and then letting them validate it
the person trying to cause problems would need to match a new file to both the original checksums
I'm talking about the same thing.
And they could.
alright. I don't agree with your assumption. let's move on now
Quick check…. how many hashing algorithms have you actually implemented?
’cause http://us.php.net/manual/en/function.hash-algos.php Example 847 shows a subset of the list I've done.
’cause a href="http://us.php.net/manual/en/function.hash-algos.php"http://us.php.net/manual/en/function.hash-algos.php/a Example 847 shows a subset of the list I've done.
size only goes up to 7
perhaps you mean style="font-size: 200px"
The channel has a bb code parser that changes those tags to CSS
Pollita, why did you implement those?
omg
Because I wanted to learn as much as I could about crypto, and hashing is a part of that.
are all of those digests?
yes.
That "whirlpool" algorithm sounds like fun
well there's quite a bit more to learn then
hrm…now http://pastebin.ca/664112 returns 0…could this be another thing that needs to be "fixed" for php5?
ext/crypto is still waiting for lawyer approval
stream ciphers, block ciphers… uh… tons more
I couldn't include all the hash algos I worked on in PHP because of patent issues and stupid crap like that
But those are all PD or otherwise unemcumbered
How am I supposed to read UTF8 string from $_GET?
*strings
hi folks! i've got a rather simple problem. my visitor-counter stores the number in a simple file, which i open with fgets. for every visitor, i open the file, increment the number and write it back. unfortunatelly, my number seems to be limited to 16 bits. how to resolve that?
like $num=fgets("thefile");
$num++;
then i write it back
it overflows after 65k
store it as ascii perhaps?
how to resolve that? i want a full 4 byte integer at least
or si that what you're already doing?
well, how so?
i just use fputs($num,$file)
file_get_contents(); file_put_contents(); ?
thanks, i think that's what i want. gonna look it up in the manual
although using your method, if two sessions open it at the same time, it won't end up incrimenting
I mean, it would incriment by 1 rather than 2
That….doesn't make any sense…. there's no reason it should overflow at 16bits
but it does
starts at 0 again then
does the Zend Debugger support live representation of what's going on on my php hosting server?
I find top to bottom execution a little useless
this is a rather old php 4.3 i think
That's doesn't matter.
pastebin the code
PHP uses signed long (which means -2billion to +2billion for your average 32bit prox)
strange … now it doesn't anymore
weird
i wonder why this happened before 
a miracle
probably
that can well be
how can i make this thread safe?
Though try casting to an int when you fgets()
Is there any chance that the behaviour of heredoc will be changed in PHP6? I mean so that the ending can be indented.
$num = (int)fgets($fp);
That has nothing to do with race conditions
you sure?
But it might be related in other ways
As to racing…. just apply read locks
exclusive locks rather
alright, i'm gonna look that up
No, there isn't.
Awww
Worst thing about the heredoc is that it makes the code messy near the end
No, that's not the worst thing…
!+strings
[STRINGS] Please read http://php.net/types.string for a basic understanding of how strings work in PHP, as well as http://php.net/strings for functions to manipulate strings. Be sure to read 'user comments' as
well.
erm…
!+string
Sara knows, and now you can too! See http://blog.libssh2.org/index.php?/archives/28-How-long-is-a-piece-of-string.html
That's the one
What do you guys think of the book PHP and MySQL Web Development (if any of you have actually checked it out)
i have a page that lets users input paragraphs of text. what is the proper way of retaining and outputting the line breaks and stuff they put in?
(im using mysql db)
Consty, who's the pblisher?
Sams
I edited the 3rd edition and I can say it's a damn fine title for beginners, but if you already know your way around, you should look at "Advanced PHP Programming"
i prefer orielly
I know enough to fiddle my way around and such, but I'm looking for a more indepth coverage.
I'll check that book out though
http://pastebin.ca/664112 returns 0…could this be another thing that i need to fix for php5?
my eyes are bleeding! separate presentation from logic and I'll help you
hi
I have a WYSIWYG and in it you can write javascript and HTML Form code, I want to strip out this code, any idea how to do this?
i need stript them out before save it on the data base
i have just switched to php5 from 4, i recently changed my vars around so that the code could work without with register_gloabls off…it now works fine except that move_uploaded_file returns 0 which i describe as "Upload folder does not exist on server"….it clearly exists from what i
see
Sup gangsters
$actions = new $module."actions" ; ?
Does possible ?
can you please rephrase your question?
i did here: $classname = $module."actions"; $class = new $classname (); Thanks
$classname = $module."actions"; $class = new $classname (); worked. Thanks
ok..
$class-Action($somevar);
he said he got it working
O
i've got a question about sessions
i'm doing a login system that allows uses cookies to remember users, so I authenticate a user and then set a cookie with his unique user id
but i don't want malicious users to modify this user id to another user's id
do sessions automatically solve this problem or do I need another cookie with a secret value shared by the server and the user?
sessions create a session_id thats saved in the cookie and you can "remember" data using the $_sessions[] where you can plonk info in to share between pages - you'll need to read up on sessions
Is it php hosting security bug if I can overwrite remotely the $_SERVER['SERVER_NAME'] variable with custom user input or it is supposed to be allowed ?
I use an id that stores a specific "session" ID, the IP, and so on, as well as a hash of all those combined with the password hash, which is not stored in the cookie. No way around that afaik.
s/I use an id/I use a cookie/
hello all! hey, if i know the timezone of the user in GMT ("+3") etc.., there is anyway to calculate the date and time? … thanks!
what the oppersite to ceil so to round down?
floor, maybe, but I don't know if that's in PHP.
kieran491 - look down it's the floor
another option is to just cast to int, and even back to whatever you were using if need be.
ahh floor
floor is the one
i thought neo was….?
ok, but if I want a user to stay logged in for however long they choose (up to a month for example), doesn't the php session ID expire long before then?
I'm pretty sure that session expiration is the same for every user, whatever you set it to. Then again, I've never used sessions.
schorchsaber
you can set the session expiration
I thought it was set in the ini file?
sure, but you can set ini options at runtime
one sec
let me get you a link
ahh
there's this for setting the ini
http://us3.php.net/ini_set
so if I change the session expiration to 1 month for example, do I even need to set any cookies then or will the user automatically be remembered?
and more specifically for session http://us3.php.net/manual/en/function.session-cache-expire.php
or http://us3.php.net/manual/en/function.session-set-cookie-params.php
hexdump
don't do session exp 1 month
just don't
ok but I'm wondering on what the best way to do this login system is
if I want a user to be remembered for a month
and the session expires before then…what happens?
i was thinking that I could have another cookie with their userid that expires in one month and the server hosting would start a new session
ok, so you want a secure login for a month
sure
that's the usual way
sup ^_^
but you're worried about cookie manipulation
just md5 the value, store that in the cookie
what value?
whatever value you're storing in the cookie
yeah, crumbly cookies are no good in milk
mmm, cookies
storing and md5 hash in a cookie huh?
:P
sure
an*
sounds good to me
but can't somebody just take the md5 of another users id and put that in their own cookie and get access to the other users account?
just dont let mister plod know
sure
hash cookies are illegal unless medicinal
but that's quite the edge case
( in many places at least )
and I'm sure that will never happen
what kind of sevice is this?
ummm…I think I'd rather have a secure login system then just pretend nobody would do such a bad thing
lets weight the security issues
weigh*
it's not a real service
programmers tend to think in edge cases
i just want a secure login system
i am a programmer and I do think in edge cases
well, a secure login system would not let you stay logged in
if you want a secure cookie, store a value inside the cookie which is required to validly re-load the cookie manually, or put the users IP inside the cookie or something
sure, but an experienced programmer knows when an edge case is useless and silly
in the session data
is it possible to do something like if ( dd/mm/yy date() )
well here's what I was thinking
ive just had a total brain lapse and cant think how i could do it
go to php.net and look at the date and time functions
convert them both to unixtime
when the cookie is created a random value is stored in the cookie which is also stored in the mySQL database…when the user presents the cookie (and his session has expired) the random value is checked with the one in the sql database. that way, if I
change my user id in the cookie I can't get into their account because I don't know their random value
if the random value matches the user is granted a new session
record connection dedicated ip hosting in cookie :
:P
what good is that?
I'm running lighttpd + php-cgi, and just browsing my website by myself seems to spawn 10+ php-cgi processes each using large amounts of memory
these are excessive solutions
is this normal?
well, if connecting from a different IP, they cant use the cookie
but they can just modify the IP in the cookie!
no, not if its stored in the session associated with the cookie
the session data is not user-writable
so load cookie, check to see if IP matches, if not, die
wait a second…explain how the session data is not user writable
$_SESSION — stored server side
then thats not a cookie is it?
the only thing thats stored client side is the cookies ID
ok, but the session will expire before the cookie does
then manually maintain an association table in the database associating cookie ID's with IP's
so what is a cookie ID?
any unique number, it matters not
any unique string for that matter
but isn't my random value idea better…it's not realistic to expect that most users will have the same IP for a month
a 3rd party sniffing the connection and re-running the data through the server, so verification on cookie alone is prone to abuse .
ok, but like I said, what about the IP changing
mysql_query("UPDATE testdb SET ip = '$_SERVER['REMOTE_ADDR']' WHERE username = '$username'"); can I use a comma or something to update two or more variables at once?
your wanting them to be remembered for a month automatically eh?
yes
are you guys talking about remembering for logins?
unless they choose to log out
yes
http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/
well, the best you can do is store 2 or more unique cookies and require all 3 to be present.
it's rather easy, use the cookie random key and IP
if someone gets your IP, the idea is they don't have the cookie, hopefully
I've only been using php for like 7 days so meh, I could easily be wrong
the problem is, dialup users will not have that benefit
exactly
their ip fluctuates like the wind
who uses dial-up?
90% of the wolrd
world*
i don't know that most cable/dsl companies allow users to keep a single ip for a month either!
here you can request a static ip
i do
I have mine for 3 days or until I reset my modem
how do normal sites do it?
3 days, not a month
my home dsl has static IP, all work ones, and what not
just a cookie?
most people I know have static IP dsl
if you want security, transfer the cookie over SSL
it will be transferred over ssl
but lets assume it's not for the sake of discussion
about my update question anyone use mysql
256bits ) or use several cookies to emulate the large cookie string
theJackal, what will a larger cookie string do?
the larger the cookie string the harder it is to guess
but it can just be sniffed
2^256 = a lot of open space
if you only use the cookie then all they need is a middle man attack
it cant be sniffed over SSL
like I said, it will be ssl, but what if it's not
I think suhosin does 2048 / 4096 bit cookies
from memory.
if not SSL, you have to rely the inherent security of the network i guess
meh, I don't think anyone is going to be bruteforcing it, so making it long is pointless
ok, lets say it's ssl
you could implement your own security system with request/reply running in java… but thats overkill
should I go with my random value idea to allow dial-up/dynamic-ip users to stay logged in for a month?
no java
Sure they will. NSA has server farms 10km square just for cookie brute forces.
if your worried about the NSA, you have bigger problems
jsoft, when the NSA wants into my site I'll let them
exactly…this has to be the most secure login on the face of the earth
and it has to last for a month
what if your site is based in 'mother russia'
what are you protecting?
nothing
secret plans and documents for world domination / solutions to rubix cubes
if you want security, abandon naked http.
i will
but i want the cookie to be secure
http://en.wikipedia.org/wiki/Freenet
Mmm cookie.
run everything over 32Kbit encrypted SSH tunnels via TOR
it has to be secure, not anonymous
using publickey/private key authenticationn
and then mail out the keys using CDROMS
and 'password' as password.
crap, you guessed my password
okay so is there a way to update mysql_query("UPDATE testdb SET ip = '$_SERVER['REMOTE_ADDR']', code = '$code' WHERE username = '$username'"); — will that work?
uokay so is there a way to update mysql_query("UPDATE testdb SET ip = '$_SERVER['REMOTE_ADDR']', code = '$code' WHERE username = '$username'"); — will that work?/u
lol
mine too!
:P
should do Sirisian
oh so I can update 2 things at once?
if not, then mysql blows
postgres can do it
I see
pgsql for the win.
I have postgres on the server next to me, I'll be using it later
ok then, assuming I'm using ssl and I want the login to last for longer than the session for all user (including those with dynamic ip's), what should I do? should I use the random-value stored in the sql database or is there a better way?
I was learning Drupal and saw it had a db_query function that accepts the query as a string and the variables as additional paramters, like the printf() syntax. I want to rip it, but this means ripping several functions and combining them. Isn't there a function available on the net that does
this?
you could probably find the key-pairs from the SSL transaction and maybe use them, .. i forget how SSL works
so jsoft. how about them sheep?
Sirisian, mysql should be able to do that. To be sure, try channel #mysql
ok, well thanks for the help everyone
#mysql
whoops lol
hmm?
nvm
Oh. Ahh har har. *cough*.
its just new-zealand hour in here atm
whois me :p
I dunno, who are you.
lol
beats me
i just figgured ther was a chance I know you somehow
anybody here running php 5.2.4? i keep finding it fails to terminte after receiving end of input on CLI apps and cant tell if its an extension to blame or not
Is there any reason why I shouldn't set PHP_FCGI_CHILDREN to 2 or even 1 for a small server?
where do you live? Manawatu?
nope ^^, chrissy crutch.
I set mine to 2 or 3
what the function name that turns new line into ?
nl2br
are you a chick?
nope ^^
bye :p
lol
have fun with your country blonds
Meh.
Ive got one with a sprog now. Damn it.
1.8GB memory used in FF
I like the sprog but shes a slut.
thanks
why cgi anyway?
Will reducing PHP_FCGI_MAX_REQUESTS decrease memory usage?
not really
its good though, set it to 500 or so
does including cgi add significantly?
does… does what?
Including cgi?
php-cgi vs. php
Oh
add to memory usage
I benchmarked it quite a bit, and its around about 15% slower on my systems.
it will use more memory, yes.
significantly more?
But, the advantage of php-cgi is _security_, in that you can SuxecUserGroup foo bar each php virtual host.
no.
okay, I'll keep it then
if you have a decent server you will be fine.
limited to 128MB D=
:
Thats a bit low.
What is the server for?
How many sites/hits ?
personel box, my own blog + torrentflux
And obviously its not windows, right? I will slap you if its windows.
haha, no way
CentOS
CentOS!
does anyone know php-ajax based admin panel opensource
Yeah we are migrating from that atm :
you should be ok
From that to what?
centos/redhat stuff to freebsd
yeah, I would have gone for FreeBSD, but my host only provides FreeBSD 3.2 ;S
Er… what???
yeah
FreeBSD 3
3.2? You dont mean 4.2 or something do you?
Pretty sure it was 3, not sure about the 2
Tell them to get their shit together.
Seriously. Thats like giving windows 3.1 as an option.
yeah
ul does anyone know php-ajax based admin panel opensource
no.
try www.google.com.
try www.imapathetichumanspecies.com
yay. after much bluetaccing and wire twisting my headphones work again
www.imapathetichumanspecies.com not working give correct path
Macen www.imapathetichumanspecies.com not working give correct path
the channel does not support other scripts
other scripts being 3rd party scripts, I'm tired.
give me 3rd paty links
I suggest you try Google
out of curl, file_exists, fsockopen which one would be the fastest to tell if an image is on a server
on the local server? file_exists
datarecal, file_exists is probably easiest, you do mean a remote server yes?
yes
:|
hmmm can you not go = if( !file_exists($pic)
)
what is $pic?
a url to a file… it works fine without !
but i want if it returns false
hm? that conditional statement will return true when file_exists($pic) is false
hmmm the statement doesnt seem to work at all
http://pastebin.ca/664212
pastebin the code at pastebin.ca
hey friends
returns not
hi all
I have updated php4 to php5, now I get a blank site on my application but no errors, any idea whats wrong?
mysql_query("") or die("broke"); - is there a way to do 'or error' and let the script continue to run? OR ERROR does not work though
what high level library/framework would be advised to use AJAX on client-side (with PHP server-side) ?
afaik file_exists can only be used on the local hdd
so curl or fsockopen then
you need to change your php.ini to show errors, set your error level to E_ALL (for now)
I have error_reporting = E_ALL & E_NOTICE in /etc/php5/apache2/php.ini
i even tried 'or echo "error"'; but that failed
if (!mysq…) else …
I see notice but no warnings.
i see now
thanks
hm?
*but no errors.
link?
yes
why not fopen though?
got it?
loads fine for me
Undefined index: user in /var/www/oze/common/common.php on line 150
turn off e_ALL
yeah, but next page is blank when I logged in.
hm
did you code it?
it must be a error in LDAP_Login() or PC_CheckUser()
but it doesnt show errors.
yes
ok so simply echo 'here'; echo 'here2'; till you find where it stops no?
I could that but shouldnt php report me the errors?
i've noticed that when using curl sometimes the page freezes when the url it's trying to reach is false
with IF, can I match it to multiple conditions, ie. if ($temp = 1 OR $temp = 2) {}
?
and no errors are reported, do you use anything like that?
the "standard" is || for OR
not afaik.
thanks
($temp = 1 || $temp = 2)
"=="
ofc
but I use sessions, could that be the problem?
That would set $temp to 1, try using 1 == $temp to prevent typo's and annoying bugs
no
not afaik
humm
can you output text at all? maybe before session_start (for now obviously)
s/and/and thus
yes that works.
so find out when it stops working
then that's your problem
Does anyone have any idea why this isn't working?
http://www.pastebin.ca/664214
Its not my style of programming
but it is how my friend wants it…
I usually never have problems with file uploading
so this is driving me insane
php.net/is_uploaded_file
with php4 it worked fine.
you have no encapsulation on line 9
php4 ftw
I know, but thats worked before
Its strange, because It isn't working onw
now*
php.net/move_uploaded_file
I'll look at the php dot net link
check server permissions too
$ufile isn't set anywhere
The folder is CHMODed
I know, the funny thing is thoug
though*
I copied
I forgot the php5 ldap bindings. ^^
o/
from one of my old sites
and it worked perfectly
somewhere else
but when I put it here
it doesn't work
you should be using $_FILES['ufile']['tmp_name'] too
false); etc .. ?
you'd need to foreach () { } over the array and do some algorithm work
Okay
i figured as much
why would you want to do that?
http://en.wikipedia.org/wiki/Exponential_growth
I have concluded that
$path = "uploads/".$HTTP_POST_FILES['ufile']['name'];
that is the problem
because it returns
uploads/
instead of the filename too
Sorry for my multi line stuff, I'm trying not to wake up people.
anybody familiar with the PHP CLI fails to exit on EOF ? S
uanybody familiar with the PHP CLI fails to exit on EOF ? S/u
Even though they're several rooms away from me, I'd prefer not to take the risk .
how does adding extra characters keep them asleep?
Is it possible to create a variable parameter?
function(${'var' . $number++}){echo ${'var' . $number};}
you're coding in completely the wrong way
variable variables are set with {} though
use an array, eg. $arr[$i]
imme, as Macen said, use an array.
But note that $GLOBALS is an array.
I think it's up to me to decide if I code wrong or right… anyways, arrays are also not allowed parameters
So if you do something like $somestring = "lol"; $GLOBALS[$somestring] = "hello world";
generaly, whether you code wrong or right is up to everybody except you… :/
It will set $lol to "hello world".
depends on what you're coding and for who.
do be quiet
Why?
It tells me syntax error unexepected '[' so my guess is that arrays are not allowed as parameters
pastebin the code at pastebin.ca
You're just jelous because you're not making a BNC in PHP.
jealous*
i see
yes, you see.
hello everybody, anyone familiar with MVC patterns including actions ? aren't actions part of the controller ?
yes
thanjs
thanks
(dvorak J-K error)
http://hashphp.org/pastebin.php?pid=27117 into some kind of recursive algorithm? input array ($arr) can be any length so I can't just uses what I have now.
http://pastebin.ca/664230
^ Macen
phone
I don't really get it.
You don't use $arr anywhere right now.
anybody sleeps every 2 days?
i know..
now i write it out completey
i want to change it so it uses $arr
Im generating an xml-document in utf-8 for a flash-plug to read, but it keeps making some of my characters as "?" instead of the proper char. Where do I start to find a solution to this?
why are you passing an array into a function? use php.net/func_num_args or such. Variables inside functions have a limited scope
okay, thanks.
That's what's called a parameter right?
Or is it called an argument, or both?
Usually an argument.
an argument
But I guess paramater makes sense too.
do be quiet
so parameter is synonym to variable?
Macen, make me.
If you can't help properly don't help at all.
Usually an argument.
Did you send the utf-8 encoding header?
What's the easiest/best way of finding out if a directory is owned by the webserver, with permissions 0700? Im thinking fileperms, then a call to is_readable() to see if the webserver holds the 7, but i appreciate this wouldnt work for other modes, so there must be a better way.
optiz0r, you could read the chmod permissions of the file
which file?
sorry, I mean directory
well that would get me the 0700 but how can i confirm the owner is teh webserver user?
I believe ftp_rawlist gives you the user data
well i know how to get the owner of the dir in either uid or nposix name format
but how can i get the uid/name of the /webserver/ user?
hi. Can somebody tell me the crypted chunk size, if I use 256 bit key with openssl decrypt&
**encrypt
optiz0r, afaik that is apache
meep
lol
in this case its "nobody", but i cant guarantee that to stay the same, or work on other servers
optiz0r, posix_getuid
Perfect. got there at last
ty
Not sure where to ask this question, I'm having problems with suPHP, after installation trying to access a site running it I get a forbidden error with the error_log saying permission denied reading .htaccess (which is set to be globally readable). Anyone know how to fix this?
hi, i use func_get_args to get the arguments but now i would like to pass argument 3-N to a second function. how would you do it?
cjk_, $args = func_get_args (); unset ($args[0], $args[1], $args[2]); myFunction ($args);
Hi
sean`, yes, but myFunction expects them to be myFunction(arg1,arg2,arg3,arg4) i can not change myFunction
how can I post a form without sending the parameters to the url?
thanks
cjk_, are you getting the data from myFunction also thru func_get_args?
logik-bomb, use a raw socket.
In that case I don't see a problem just assigning an array to it, as func_get_args also returns an array
(^-^)
sean`, no, ok i see where you are getting at
sean`, thanks, i think i will figure out now
another optiojn would be eval.. but I believe my way would be better
sean`, yes, i do not like eval
If you're worried about messed up keys, you can always use a sort method to re-arrange them
^-^
anyone here know about suPHP?
can anyone recommend a very lightweight php VC (no M required) framework?
just use a MVC framework and don't use the Model part of it
sure, of course - but I want to find something that is simple.
I tried Codeigniter, but I found a few issues with it. Something along the same lines would be great.
"open source php framework"
yeah, I know about google, but there are hundreds of them and every tom dick and harry seems to think they can write an MVC framework, but most of them are bad.
byeah, I know about google, but there are hundreds of them and every tom dick and harry seems to think they can write an MVC framework, but most of them are bad./b
So I was asking if anyone could *recommend* a framework, not a search engine
well.. define lightweight, what are you exactly looking for
sean`: something with controllers, views and layouts. don't need helpers or advanced routing, but partials would be nice.
sean`: i'm not going to use the model layer (we have our own).
sean`: know of any workarounds for posix_getuid if posix is disabled?
well.. if you have your own model layer, create the vc yourself too?
sean`: sigh. yeah, ok.
You're asking a lot, cause you want just 1 bit of something..
You have 3 options.. 1 hopelessly continue on your search, 2 find an MVC and port it to your model layer, 3 write it yourself
optiz0r, hehe… stupid me :p
php.net/fileowner
I believe that also works for directories
yesyes i want the APACHE user :p
which you suggested posix_getuid
but posix is disabled
try out the fileowner function, it'll work out I think
how?!
itll get me the owner of the directory
yes
i want to check that the owner IS the apache user
ow yeah sorry
my mind isn't clear, I'm thinking about lunch :p
I would be, but i had a yoghurt 20mins ago
I'm not familiar with an alternate option
right ok. nasty haxhax itll have to be
optiz0r, quit while your ahead
doing any sort of proper file ownership with PHP is painful
unless your app is just for you / company
it is yes, but i cant guarantee they wont change something and break it after im gone
retainer
:d
i need to forcibly check the directory is only readable/writable by apache
student intern, so such luck
hmm is_writable is the lazy way
is_writable is_readable
doesnt check that someone *else* doesnt have read/write
oh only
i think compare perms to 0700, then check is_readable
only works because go perms are 00 though
optimus-prime, you could also just chmod it each tijme to 0700
optiz0r, just use fileperms($foo) i guess
is there a way to do addslashes just on double quotes?
why wouldn't ther
well it's done, but i cant say im proud of the method
howdy
ScottMac, sean`, thanks for the help
jessy_, assclashes($foo, '"')
err addclashes lol
thats almost bash worthy
LOL
addslashes() doesn't have a second paramater
ScottMac, whats on your mind?
thx ScottMac
AlexC_, addC
http://www.php.net/addclashes
http://www.php.net/addcslashes
bah
jessy_, go look at the URL above I can't type today
rza, morning
ahhh thought it was a type
s/type/typo
ScottMac, it's exactly what I need
thank you
i wonder if the bug occurs with the version edink compiles against
if not, then im clueless
rza, you can get the version edin compiles with
http://files.edin.dk/php/win32/zip.zip
thats his php_build directory
does that include the libs?
propably
how can I access an array index from an array, that is returned by a function - eg: $foo-getBar()[0];
bhow can I access an array index from an array, that is returned by a function - eg: $foo-getBar()[0];/b
been having fun time compiling on windows
yeah
its such a joyfull task
it includes stuff for every extension
rza, tell me about it
took me like two hours to just compile my test program
Enigma, $arr = $foo-getBar (); echo $arr[0];
ended up having weird crashes
you need to unzip the php_build directory in the one above the source
You have to assign it first to a variable.. PHP is not that far yet :p
rza, that may be a bug
sean`: and in one statement?
Enigma, $arr = $foo-getBar (); echo $arr[0];
Thats the only option you have..
there must be a workaround
this is a bug!
or an unsupported feature as they would call it
Enigma, the parser doesn't support it
the end
-.-
haha
Enigma, we accept patches
hmm bugs.php.net accepts forms
though people who want to play with flex are most likely insane
I think PHPshould have stuff like that implemented in PHP6 though..
$foo-bar ()[0]..
though people who want to play with flex are most likely insane This says a lot about /me/ tbh
but on the otherside.. it makes you more lazy
Enigma, there are bugs for your feature already
LOL, just got scared by my printer
http://bugs.php.net/bug.php?id=32153 - can you please vote for this bug?
_all_ of you
I'll bogus it for you
func()['foo'] looks ugly as sin
does ruby look better ?
plz provide link for ajax scripts
www.google.com
._:
It's not a bug.
ScottMac:
why am i getting linker errors when all needed libs should be included ?
And it's there since 1 Mar 2005 for a reason.
"or an unsupported feature as they would call it"
Enigma, I bogussed it for you
hello earlier today I asked something but nobody replied, I want to try again, maybe someone that knows the answer woke up or something … I want to know is it possible for the user to change the $_SERVER['SERVER_NAME'] variable ? I mean with browser request for example (not from inside
PHP)
yw
error LNK2019: unresolved external symbol __imp__MagickWandGenesis referenced in function _main
something like that
isnt that like implicit declaration?
all headers and libs are included
Its not my bug I found it while creating a new one
how can i encrypt/derypt (password protected) files using php ?
Well. tbh, I don't find a feature like that usefull. You only get one element of the array this way. You could just return that one element.
With hawt nekkid faerie gnomes.
Be concise.
Gnome rules.
but if you want the first row if an database result: $db-getAll()[0] would be a great feature
here goes away my question :-/ damn netsplit
$db-getFirst FTW
Yea I also have this function, but give me one reason good why it should be possible?
how can i encrypt/derypt (password protected) files using php ?
is the $_SESSION['uid'] created automatically or do i need to make it myself?
afaik that's not created, but you can get the session id with session_id()
ahh ok thanks
It has been there "open" for two years.. for a reason.
..
.. == "hello"?
foutrelis no ..= "am I connected?"
hmmm I'm not sure
have you figured it out already?
ok I'm not funny.. somebody please shoot me
payback for scratching my framework ^^
AlexC_ damn! you are faster than me
ha!
AlexC_ i was going to shoot him
hello
still can ^^
And now I'm crippled for life..
meh, it's only a flesh wound
i am trying to compile php 5.2.3 on RHEL4
error: Cannot find libmysqlclient under /usr."
Cannot find libmysqlclient under /usr."
i use –with-mysql=/usr/lib64/mysql
which libmysqlclient is it looking for?
oh let me play Trinity
damn matrix
ehm.. that sounded kinda of.. erase that from the logs plix
do i need to give another option?
lol ^^
do you have mysqlclient installed?
AlexC_, yes, of course
s/kinda\ of/kinda/ O_O
hum, interesting
Is there a function to reverse the lines in a string? (ex: line3 = line1 & line1 = line3)
earlier today I asked something but nobody replied, I want to try again, maybe someone that knows the answer woke up or something … I want to know is it possible for the user to change the $_SERVER['SERVER_NAME'] variable ? I mean with browser request for example (not from inside PHP)
LES BURP
[dev]Viper: it can not be injected, but it can be partially manipulated if there is server misconfiguration
AlexC_, http://pastebin.ca/664303
install -dev
192.168.0.51, test.com\'" magic quotes ?
[dev]Viper: WTF
print_r($_SERVER) ?
MikeSeth, MySQL-devel-5.0.45-0.glibc23
[dev]Viper: what server does that?
is installed
apache, all versions
no, Install libmysqlclient-whatever-dev
PHP 4 and PHP 5
I don't know if I found a bug or this is supposed to work like that
[dev]Viper: never saw it do anything like this. SERVER_NAME should correspond to the ServerName setting of the server or the current vhost
I wonder if I should report it to bugs.php.net
[dev]Viper: you should check if theres a bug like that first.
it does look like a bug, but might as well be bizzare problem/conflict in Apache
in fact, are you SURE you dont have the same values in your Apache config file?
ahh gottficken
I am setting those values from a PHP script use CURL to make the request
how can i encrypt/derypt (password protected) files?
bye all,
nope
MikeSeth, this doesn't seem to exist on Redhat
for SuSE, there is libmysqlclient-devel-5.0.45-2.1.x86_64.rpm
and also for Mandriva
Hi! A friend of mine (windows user) has started learning PHP. He is a very novice user and used to the IDEs / GUIs. Would you please recommend an editor? I would like it to be cross-platform open source.
Thanks
what?
anyone here use imagemagick?
I use Dev-PHP. It's interface sucks but you can get used to it.
There are other editors. I suggest you try a few.
Jafet, but it is only for windows, right?
I think it's cross-platform.
Jafet, I'm on linux and I don't really want an IDE for php. But my friend is on windows. And I want him to use an editor which he can later use on linux also (if he migrates )
IDE for php? Zend?
Zend Studio - for Windows, Linux..
It's written on Java, so it's multiplatform
Asmos, not free
hi
is there some easy way to print out the contents of an array, if u do not know the name of the elements?
e.g. I say: echo $test; and get "array" printed out
i want to see what is in that array
print_r($arr)
thanx
np
it prints out "Array ()" what does that mean?
That it's an array.
php.net/array
oh… got it… it means there is nothing in the array! got it…
"hi" ) for the others
thanx everyone
unserialize() [function.unserialize]: Error at offset 0 of 1 bytes in
Syntax error on line 101 of /etc/httpd/conf/httpd.conf:
Cannot load /usr/lib/apache/libphp5.so into server: /usr/lib/apache/libphp5.so: undefined symbol: _zval_dtor_func
i tryed to google on the error but found nothing similiar
php4 works fine..
d
the used php5 version = php-5.2.3
welcome back everyone.
wasn't it us that left?
Since we're the minority, of like 90 or so, and now everyone's back and it's over 400
hi, can i retrieve 'someString' from 'script.php?someString' ?
You can't.
I think
kh2803, $_GET['someString']
