php-general Digest 24 Mar 2003 01:56:22 -0000 Issue 1956
Topics (messages 140755 through 140789):
PHP Session Management
140755 by: CDitty
140756 by: CDitty
Re: Password Authentication
140757 by: trlists.clayst.com
Re: Removing Risky Characters
140758 by: trlists.clayst.com
140764 by: David Otton
numbers problem
140759 by: Emanuele
140760 by: David Otton
140772 by: Hugh Danaher
140781 by: John W. Holmes
trouble with cURL & Linkpoint
140761 by: Doug Parker
Temporary Files
140762 by: Lars Tvedt
140763 by: Jason Sheets
reloading a page..
140765 by: Beauford.2002
140766 by: David Otton
140767 by: Beauford.2002
140768 by: Leo Spalteholz
140784 by: Beauford.2002
who is on the page?
140769 by: Oliver Witt
140774 by: Dan Rossi
140775 by: Dan Rossi
140777 by: The Head Sage
140779 by: John W. Holmes
Re: (newbie)calling GLOBAL arrays
140770 by: Bobby Rahman
Re: Ayudaaa
140771 by: reven
Finding out which file is retrieved over HTTP
140773 by: Jens Lehmann
140776 by: David Otton
mail function
140778 by: John Love
140785 by: Jason Sheets
Re: how to pass variable for $_GET
140780 by: DomIntCom
140783 by: Daevid Vincent
Re: htaccess writable by httpd
140782 by: John W. Holmes
Re: [PHP-DB] when click on button, how renew info on page?
140786 by: L0vCh1Y
[systems] cvs server moving
140787 by: James Cox
Calculating the difference between two dates
140788 by: Beauford.2002
Problem with imagerotate()
140789 by: Mike Brum
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hello all. I am trying to figure out some session management that is in
the O'reilly book - Web Database Applications. I am getting the following
error - Error 1045 : Access denied for user: '[EMAIL PROTECTED]' (Using
password: YES)
Normally, I would think that this is because the userid and/or password for
the database is incorrect. However, they are not. I have verified that
the userid and password are correct and the database server is active.
Anyone have any ideas?
Here is the code....
sessions.php
---------------------
<?
// Database connection information
$hostName = "localhost";
$databaseName = "development";
$username = "userid";
$password = "password";
// Error handling
function showerror()
{
die("Error " . mysql_errno() . " : " . mysql_error());
}
// Returns current time as a number
// Used for recording the last session access
function getMicroTime()
{
// microtime() returns the number of seconds
// since 0:00:00 January 1, 1970 GMT as a
// microsecond part and a second part.
// eg: 0.08344800 1000952237
// Convert the two parts into an array
$mtime = explode(" ", microtime());
// Return the addition of the two parts
return($mtime[1] + $mtime[0]);
}
// The database connection
$connection;
// The global variable that holds the table name
$session_table;
function sessionOpen($database_name, $table_name)
{
// Save the database name in a global variable
global $connection;
global $hostName;
global $username;
global $password;
if(!($connection = @mysql_connect($hostName, $username, $password))){
showerror();
}
if(!mysql_select_db($database_name, $connection)){
showerror();
}
// Save the table name in a global variable
global $session_table;
$session_table = $table_name;
return true;
}
// This function is called whenever a session_start()
// call is made and reads the session variables
// Returns "" when a session is not found
// (serialized)string - session exists
function sessionRead($sess_id)
{
// Access the DB connection
global $connection;
// Access the global variable that holds the name
// of the table that holds the session variables
global $session_table;
// Formulate a query to find the session
// identified by $sess_id
$search_query = "select * from $session_table where session_id =
'$sess_id'";
// Execute the query
if(!($result = @mysql_query($search_query, $connection))){
showerror();
}
if(mydql_num_rows($result) == 0){
return "";
}else{
// Found a session - retun the seialized string
$row = mysql_fetch_array($result);
return $row["session_variable"];
}
}
// This function is called when a session is initialized
// with a session_start() call, when variables are
// registered or unregistered, and when session variables
// are modified. Returns true on success.
function sessionWrite($sess_id, $val)
{
global $connection;
global $session_table;
$time_stamp = getMicroTime();
$search_query = "select session_id from $session_table where
session_id = '$sess_id'";
// Execute query
if(!($result = @mysql_query($search_query, $connection))){
showerror();
}
if(mysql_num_rows($result) == 0){
// No session found, insert a new one
$insert_query = "insert into $session_table (session_id,
session_variable, last_accessed) values ('$sess_id, '$val', $time_stamp)";
if(!mysql_query($insert_query, $connection)){
showerror();
}
}else{
// Existing session found - Update it
$update_query = "update $session_table set
session_variable = '$val', last_accessed = $time_stamp where session_id =
'$sess_id'";
if(!mysql_query($update_query, $connection)){
showerror();
}
}
return true;
}
// This funstion is executed on shutdown of the session
// Always returns true
function sessionClose($sess_id)
{
return true;
}
// This is called whenever the session_destroy()
// funstion call is made. Returns true is the session
// has successfully been deleted.
function sessionDestroy($sess_id)
{
global $connection;
global $session_table;
$delete_query = "delete from session_table where session_id =
'$sess_id'";
if(!($result = @mysql_query($delete_query, $connection))){
showerror();
}
return true;
}
// This function is called on a session's start up with
// the probability specified in session.gc_probability.
// Performs garbage collection by removing all sessions
// that haven't been updated in the last $max_lifetime
// seconds as set in session.gc_maxlifetime.
// returns true if the delete query succeeded.
function sessionGC($max_lifetime)
{
global $connection;
global $session_table;
$time_stamp = getMicroTime();
$delete_query = "delete from $session_table where last_accessed <
($time_stamp - $max_lifetime)";
if(!($result = @mysql_query($delete_query, $connection))){
showerror();
}
return true;
}
// Call to register user callback functions
session_set_save_handler("sessionOpen", "sessionClose", "sessionRead",
"sessionWrite", "sessionDestroy", "sessionGC");
?>
Here is the calling code.
sessTest.php
---------------------
<?
// include the sessions handlers
include("sessions.php");
// initialize a session. This call either creates a new session
// or re-establishes an existing one.
session_start();
// if this is a new session, then the variable $count is not registered
if(!session_is_registered("count"))
{
session_register("count");
session_register("start");
$count = 0;
$start = time();
}else{
$count++;
}
$sessionId = session_id();
?>
<p>This page points at a session (<?=$sessionId ?>)<br>
count = <?=$count ?>.<br>
start = <?=$start ?>.<br>
<p>This session has lasted
<?
$duration = time() - $start;
echo "$duration";
?>
seconds.
--- End Message ---
--- Begin Message ---
Got it fixed. Turns out there are typos in the book
Thanks Jason for the help.
Chris
At 08:50 AM 3/23/2003, CDitty wrote:
Hello all. I am trying to figure out some session management that is in
the O'reilly book - Web Database Applications. I am getting the following
error - Error 1045 : Access denied for user: '[EMAIL PROTECTED]' (Using
password: YES)
Normally, I would think that this is because the userid and/or password
for the database is incorrect. However, they are not. I have verified
that the userid and password are correct and the database server is active.
Anyone have any ideas?
Here is the code....
sessions.php
---------------------
<?
// Database connection information
$hostName = "localhost";
$databaseName = "development";
$username = "userid";
$password = "password";
// Error handling
function showerror()
{
die("Error " . mysql_errno() . " : " . mysql_error());
}
// Returns current time as a number
// Used for recording the last session access
function getMicroTime()
{
// microtime() returns the number of seconds
// since 0:00:00 January 1, 1970 GMT as a
// microsecond part and a second part.
// eg: 0.08344800 1000952237
// Convert the two parts into an array
$mtime = explode(" ", microtime());
// Return the addition of the two parts
return($mtime[1] + $mtime[0]);
}
// The database connection
$connection;
// The global variable that holds the table name
$session_table;
function sessionOpen($database_name, $table_name)
{
// Save the database name in a global variable
global $connection;
global $hostName;
global $username;
global $password;
if(!($connection = @mysql_connect($hostName, $username, $password))){
showerror();
}
if(!mysql_select_db($database_name, $connection)){
showerror();
}
// Save the table name in a global variable
global $session_table;
$session_table = $table_name;
return true;
}
// This function is called whenever a session_start()
// call is made and reads the session variables
// Returns "" when a session is not found
// (serialized)string - session exists
function sessionRead($sess_id)
{
// Access the DB connection
global $connection;
// Access the global variable that holds the name
// of the table that holds the session variables
global $session_table;
// Formulate a query to find the session
// identified by $sess_id
$search_query = "select * from $session_table where session_id =
'$sess_id'";
// Execute the query
if(!($result = @mysql_query($search_query, $connection))){
showerror();
}
if(mydql_num_rows($result) == 0){
return "";
}else{
// Found a session - retun the seialized string
$row = mysql_fetch_array($result);
return $row["session_variable"];
}
}
// This function is called when a session is initialized
// with a session_start() call, when variables are
// registered or unregistered, and when session variables
// are modified. Returns true on success.
function sessionWrite($sess_id, $val)
{
global $connection;
global $session_table;
$time_stamp = getMicroTime();
$search_query = "select session_id from $session_table where
session_id = '$sess_id'";
// Execute query
if(!($result = @mysql_query($search_query, $connection))){
showerror();
}
if(mysql_num_rows($result) == 0){
// No session found, insert a new one
$insert_query = "insert into $session_table (session_id,
session_variable, last_accessed) values ('$sess_id, '$val', $time_stamp)";
if(!mysql_query($insert_query, $connection)){
showerror();
}
}else{
// Existing session found - Update it
$update_query = "update $session_table set
session_variable = '$val', last_accessed = $time_stamp where session_id =
'$sess_id'";
if(!mysql_query($update_query, $connection)){
showerror();
}
}
return true;
}
// This funstion is executed on shutdown of the session
// Always returns true
function sessionClose($sess_id)
{
return true;
}
// This is called whenever the session_destroy()
// funstion call is made. Returns true is the session
// has successfully been deleted.
function sessionDestroy($sess_id)
{
global $connection;
global $session_table;
$delete_query = "delete from session_table where session_id =
'$sess_id'";
if(!($result = @mysql_query($delete_query, $connection))){
showerror();
}
return true;
}
// This function is called on a session's start up with
// the probability specified in session.gc_probability.
// Performs garbage collection by removing all sessions
// that haven't been updated in the last $max_lifetime
// seconds as set in session.gc_maxlifetime.
// returns true if the delete query succeeded.
function sessionGC($max_lifetime)
{
global $connection;
global $session_table;
$time_stamp = getMicroTime();
$delete_query = "delete from $session_table where last_accessed <
($time_stamp - $max_lifetime)";
if(!($result = @mysql_query($delete_query, $connection))){
showerror();
}
return true;
}
// Call to register user callback functions
session_set_save_handler("sessionOpen", "sessionClose", "sessionRead",
"sessionWrite", "sessionDestroy", "sessionGC");
?>
Here is the calling code.
sessTest.php
---------------------
<?
// include the sessions handlers
include("sessions.php");
// initialize a session. This call either creates a new session
// or re-establishes an existing one.
session_start();
// if this is a new session, then the variable $count is not registered
if(!session_is_registered("count"))
{
session_register("count");
session_register("start");
$count = 0;
$start = time();
}else{
$count++;
}
$sessionId = session_id();
?>
<p>This page points at a session (<?=$sessionId ?>)<br>
count = <?=$count ?>.<br>
start = <?=$start ?>.<br>
<p>This session has lasted
<?
$duration = time() - $start;
echo "$duration";
?>
seconds.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On 23 Mar 2003 Justin French wrote:
> That's in the user notes... ignor it... md5() does not have to be salted...
> infact, you WANT the md5() to be static... because you will compare the
> md5()'d password in the database with the md5()'d password that they submit
> on a form.
Exactly. On this point the docs seem to be messed up.
----------
Tom Rawson
--- End Message ---
--- Begin Message ---
On 22 Mar 2003 David Otton wrote:
> The thing that is most likely to trip you up is people who cut'n'paste
> from Word. High-ASCII characters can slip in like that, also some
> characters that are common in European languages (accents and umlauts).
> All of these need to be translated into HTML entities.
I understand that that needs to be done for display.
My question was about input. What happens if someone enters an ASCII
147 or 148 in a form field, for example? Will PHP interpret them as
quotes? Or is only an ASCII 34 seen as a quote. If the former, will
addslashes() add shashes to them?
----------
Tom Rawson
--- End Message ---
--- Begin Message ---
On Sun, 23 Mar 2003 10:51:43 -0500, you wrote:
>My question was about input. What happens if someone enters an ASCII
>147 or 148 in a form field, for example? Will PHP interpret them as
>quotes? Or is only an ASCII 34 seen as a quote. If the former, will
>addslashes() add shashes to them?
I see. No, they're not quotes in the PHP sense - they can be used as
part of a string literal without escaping.
However, in your example (form submission) it's a moot point - HTTP
multipart/form-data uses MIME (CRLF + a content boundary), not quotes,
to bracket data. See the end of
http://www.w3.org/TR/REC-html40/interact/forms.html to get a feel for
what a raw form submit from a browser looks like.
--- End Message ---
--- Begin Message ---
Hi, I'm using a mysql connection to dinamically fill a table with
descriptions, prices, and so on...
But when the script takes the price of a Plasma Monitor, that costs 8025.00
$, it outputs only 8,00.
I recall it by typing :
echo $row_Recordset1['Prezzo']
And please note that I've seen that it happens only when
$row_Recordset1['Prezzo'] > 1000
Can anyone tell me why and what can I do ?
Please answer me, it's very important...
Thanks
--- End Message ---
--- Begin Message ---
On Sun, 23 Mar 2003 14:09:26 +0100, you wrote:
>And please note that I've seen that it happens only when
>$row_Recordset1['Prezzo'] > 1000
What's the largest number you can get from the table? Exactly? 1000 is
suspiciously close to 1024. Is it possible that your table is using a
smaller data type than normal to store the value?
"DESC tablename" to check
--- End Message ---
--- Begin Message ---
Emanuele,
Some parts of the world use the coma as the separator between whole numbers
and decimals (e.g. Germany & France) and php is formating the number
according to this style. I surmise that the numbers stored in your database
have been stored with comas separating the thousands from the hundreds
(English & US style), so you'll need to grab the number, eliminate the coma
(something like $num=ereg_replace(",","",$num) will do this but there is
likely a more direct php command for this), then when you want to display
the number use number_format($num,2,".",",").
Hope this helps.
Hugh
----- Original Message -----
From: "Emanuele" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 23, 2003 5:09 AM
Subject: [PHP] numbers problem
> Hi, I'm using a mysql connection to dinamically fill a table with
> descriptions, prices, and so on...
>
> But when the script takes the price of a Plasma Monitor, that costs
8025.00
> $, it outputs only 8,00.
> I recall it by typing :
>
> echo $row_Recordset1['Prezzo']
>
> And please note that I've seen that it happens only when
> $row_Recordset1['Prezzo'] > 1000
>
> Can anyone tell me why and what can I do ?
> Please answer me, it's very important...
> Thanks
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
> Hi, I'm using a mysql connection to dinamically fill a table with
> descriptions, prices, and so on...
>
> But when the script takes the price of a Plasma Monitor, that costs
> 8025.00
> $, it outputs only 8,00.
> I recall it by typing :
>
> echo $row_Recordset1['Prezzo']
>
> And please note that I've seen that it happens only when
> $row_Recordset1['Prezzo'] > 1000
Check what the type is on your column. Since you show it has a comma in
it, I'll assume it's a varchar. Since you can't store a number over
1000, I'll also guess that it's a varchar(3) column.
If you're typing in 8025.00 and it's getting stored as 8,00 then how are
you processing it before storing it? Something has to add in the comma,
right?
Prices should be stored as a DECIMAL column type. You should validate
what the user puts in and _make_ it into a decimal. Can you always
assume that a period is the decimal separator? Some countries use a
comma for a decimal separator and the period as the thousands separator.
You must validate everything from the user and format it to match what
you need and reject everything else. Plain and simple. :)
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
I'm having trouble getting cURL to work with a remote server. I'm using
Linkpoint to process a credit card transaction. (Does anyone have any
experience with Linkpoint?) I have tested my script on another server
and cURL seems to retrieve the information fine. However, I'm getting a
blank html page when I try the linkpoint form processor. When I
submitted the form directly to Linkpoint, everything worked OK.
Here's the script I submit to on my server:
$postfields = array();
$postfields[] = array("bname", $_POST['bname']);
$postfields[] = array("baddr1", $_POST['baddr1']);
$postfields[] = array("baddr2", $_POST['baddr2']);
$postfields[] = array("bcity", $_POST['bcity']);
$postfields[] = array("bstate", $_POST['bstate']);
$postfields[] = array("bzip", $_POST['bzip']);
foreach($postfields as $subarray) {
list($foo, $bar) = $subarray;
$bar = urlencode($bar);
$postedfields[] = "$foo=$bar";
}
$urlstring = join("\n", $postedfields);
$urlstring = ereg_replace("\n", "&", $urlstring);
$ch = curl_init("https://www.linkpointcentral.com/lpc/servlet/lppay";);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $urlstring);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_REFERER,
"http://www.mysite.com/mypage.html";);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
curl_close($ch);
echo $data;
--- End Message ---
--- Begin Message ---
Im trying to create a way of storing php scripts in a mySQL database, and
then execute them using temporary files as executable script buffers..
The database retrieval is working fine but the file does not...
Ive got a table with 4 fields: execID, execName, execDesc and execProc
The last one contains php code.
This is what i have so far:
<?php
mysql_connect($host,$user,$pw);
mysql_select_db($db);
$query = "SELECT execProc FROM exec WHERE execID = 1";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))
{
$proc = $row['execProc'];
}
$handle = tmpfile();
fwrite($handle, $proc);
include("name of the temporary file");
fclose($handle);
?>
But i need to get the name of the tempfile in order to include it..
All i have now is the handle_id
Any help appreciated.
--- End Message ---
--- Begin Message ---
Rather than writing the code to a temporary file and then including the
file why not just use eval() on the code fetched from the database
(http://www.php.net/eval)?
Otherwise you could use generate a unique filename yourself rather than
using tmpfile.
$filename = md5(uniqid());
Of course you may want to through some checking in there to make sure
the file doesn't already exist but the chances of getting the same exact
filename in the short time the file is required is fairly low.
Jason
Lars Tvedt wrote:
Im trying to create a way of storing php scripts in a mySQL database, and
then execute them using temporary files as executable script buffers..
The database retrieval is working fine but the file does not...
Ive got a table with 4 fields: execID, execName, execDesc and execProc
The last one contains php code.
This is what i have so far:
<?php
mysql_connect($host,$user,$pw);
mysql_select_db($db);
$query = "SELECT execProc FROM exec WHERE execID = 1";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))
{
$proc = $row['execProc'];
}
$handle = tmpfile();
fwrite($handle, $proc);
include("name of the temporary file");
fclose($handle);
?>
But i need to get the name of the tempfile in order to include it..
All i have now is the handle_id
Any help appreciated.
--- End Message ---
--- Begin Message ---
Not sure why things like this are so difficult. I have an authentication
script which allows users access to certain pages based on their user level.
If they click on a link to go to a page their not allowed to, I want to be
able to just reload the page their on and display a message saying they are
not authorized to view that page - do you think I can get the page to
reload.....I've tried the header thing (but can't because headers are
already sent), I've tried playing around with $PHP_SELF with no luck, I've
looked for javascripts with no luck. Anyone have any ideas?
TIA
--- End Message ---
--- Begin Message ---
On Sun, 23 Mar 2003 12:15:25 -0500, you wrote:
>Not sure why things like this are so difficult. I have an authentication
>script which allows users access to certain pages based on their user level.
>If they click on a link to go to a page their not allowed to, I want to be
First, why are the pages they can't access displayed as active links?
>able to just reload the page their on and display a message saying they are
>not authorized to view that page - do you think I can get the page to
You don't need to reload the page. At the top of each page, put your
check routine.
if (access_granted == FALSE) {
show_access_denied_message;
exit;
}
show_regular_page;
>reload.....I've tried the header thing (but can't because headers are
>already sent),
Either rewrite your page so the security check comes before any output
is sent, or use the output buffering functions (ob_start(), etc)
>I've tried playing around with $PHP_SELF with no luck, I've
That's passed to the script from its environment... changing it will
have no effect on the script's environment.
>looked for javascripts with no luck. Anyone have any ideas?
You can't rely on Javascript for security.
--- End Message ---
--- Begin Message ---
One other problem is that I need to know the page the came from in order to
reload it. i.e. if they try to access a restricted page from six.html I
want to reload six.html - if they try from eight.html then eight.html needs
to be reloaded.
----- Original Message -----
From: "David Otton" <[EMAIL PROTECTED]>
To: "Beauford.2002" <[EMAIL PROTECTED]>
Cc: "PHP General" <[EMAIL PROTECTED]>
Sent: Sunday, March 23, 2003 12:37 PM
Subject: Re: [PHP] reloading a page..
> On Sun, 23 Mar 2003 12:15:25 -0500, you wrote:
>
> >Not sure why things like this are so difficult. I have an authentication
> >script which allows users access to certain pages based on their user
level.
> >If they click on a link to go to a page their not allowed to, I want to
be
>
> First, why are the pages they can't access displayed as active links?
>
> >able to just reload the page their on and display a message saying they
are
> >not authorized to view that page - do you think I can get the page to
>
> You don't need to reload the page. At the top of each page, put your
> check routine.
>
> if (access_granted == FALSE) {
> show_access_denied_message;
> exit;
> }
>
> show_regular_page;
>
> >reload.....I've tried the header thing (but can't because headers are
> >already sent),
>
> Either rewrite your page so the security check comes before any output
> is sent, or use the output buffering functions (ob_start(), etc)
>
> >I've tried playing around with $PHP_SELF with no luck, I've
>
> That's passed to the script from its environment... changing it will
> have no effect on the script's environment.
>
> >looked for javascripts with no luck. Anyone have any ideas?
>
> You can't rely on Javascript for security.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On March 23, 2003 10:22 am, Beauford.2002 wrote:
> One other problem is that I need to know the page the came from in
> order to reload it. i.e. if they try to access a restricted page
> from six.html I want to reload six.html - if they try from
> eight.html then eight.html needs to be reloaded.
Firstly, as David mentioned, if the user is not allowed to access the
page then the link shouldn't be there in the first place. If there
is no link then there is no need to refresh the page or generate an
error or anything. If you really want to you can have the link but
instead of an href to the page you would replace it with a Javascript
alert saying "access denied".
But thats beside the point because if they enter the restricted page
into the address bar directly it also has to deny them access. You
should write a script that checks the users credentials and then
include it at the top of EVERY page. If the user can no be validated
then an access denied message is displayed. Even better, if a user
cannot be validated then you can redirect them back to where they
came from (referrer). That would effectively achive your goal by
refreshing the original page no matter where they;re coming from.
Leo
--- End Message ---
--- Begin Message ---
The link in question is there by design and should be there, but below is
what I am talking about.
> Even better, if a user cannot be validated then you can redirect them back
to where they
> came from (referrer). That would effectively achive your goal by
> refreshing the original page no matter where they;re coming from.
This is what I have, but no matter what I do I can not get a message to
appear on the referring page saying you have no access to the other page,
and I have also read that 'HTTP_REFERER' is not very reliable....
if($userlevel != $neededlevel) {
include ($_SERVER['HTTP_REFERER']);
$message = $no_permission;
$exit;
}
...on referring page....
<? if ($message) { echo $message; } ?>
----- Original Message -----
From: "Leo Spalteholz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 23, 2003 2:06 PM
Subject: Re: [PHP] reloading a page..
> On March 23, 2003 10:22 am, Beauford.2002 wrote:
> > One other problem is that I need to know the page the came from in
> > order to reload it. i.e. if they try to access a restricted page
> > from six.html I want to reload six.html - if they try from
> > eight.html then eight.html needs to be reloaded.
>
> Firstly, as David mentioned, if the user is not allowed to access the
> page then the link shouldn't be there in the first place. If there
> is no link then there is no need to refresh the page or generate an
> error or anything. If you really want to you can have the link but
> instead of an href to the page you would replace it with a Javascript
> alert saying "access denied".
> But thats beside the point because if they enter the restricted page
> into the address bar directly it also has to deny them access. You
> should write a script that checks the users credentials and then
> include it at the top of EVERY page. If the user can no be validated
> then an access denied message is displayed. Even better, if a user
> cannot be validated then you can redirect them back to where they
> came from (referrer). That would effectively achive your goal by
> refreshing the original page no matter where they;re coming from.
>
> Leo
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hi everybody,
I've been looking for a script to determine who is on my page (people
have to log in). So far, I've been using a script that updates the time
in the database continuously as long as the person is on the page. That
way, the script could determine whether the user is still online or not.
However, this script has way too many queries and uses too much server
resources. Is there anything else? I'm wondering if the
connection_status() function would help in any way...
thx,
Olli
--- End Message ---
--- Begin Message ---
how bout add a last logged in field , and then do a check where the last
logged in field is NOW() etc ..
-----Original Message-----
From: Oliver Witt [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 6:24 AM
To: [EMAIL PROTECTED]
Subject: [PHP] who is on the page?
Hi everybody,
I've been looking for a script to determine who is on my page (people
have to log in). So far, I've been using a script that updates the time
in the database continuously as long as the person is on the page. That
way, the script could determine whether the user is still online or not.
However, this script has way too many queries and uses too much server
resources. Is there anything else? I'm wondering if the
connection_status() function would help in any way...
thx,
Olli
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
oh silly me you might need also an on/off flag , but need a way to determine
when they close the connection
-----Original Message-----
From: Oliver Witt [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 6:24 AM
To: [EMAIL PROTECTED]
Subject: [PHP] who is on the page?
Hi everybody,
I've been looking for a script to determine who is on my page (people
have to log in). So far, I've been using a script that updates the time
in the database continuously as long as the person is on the page. That
way, the script could determine whether the user is still online or not.
However, this script has way too many queries and uses too much server
resources. Is there anything else? I'm wondering if the
connection_status() function would help in any way...
thx,
Olli
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
What you might want to try is to set a cookie when the user first enters the
page, but set it's length to 5 minutes. Then everytime the cookie is resent
to the page you count it as a user. But if they leave, then the cookie
destroy's itself. You can have the cookie reset it's self, or set to when
ever the browser closes. But thats up to you
----- Original Message -----
From: "Oliver Witt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 24, 2003 6:23 AM
Subject: [PHP] who is on the page?
> Hi everybody,
> I've been looking for a script to determine who is on my page (people
> have to log in). So far, I've been using a script that updates the time
> in the database continuously as long as the person is on the page. That
> way, the script could determine whether the user is still online or not.
> However, this script has way too many queries and uses too much server
> resources. Is there anything else? I'm wondering if the
> connection_status() function would help in any way...
> thx,
> Olli
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
> I've been looking for a script to determine who is on my page (people
> have to log in). So far, I've been using a script that updates the
time
> in the database continuously as long as the person is on the page.
That
> way, the script could determine whether the user is still online or
not.
> However, this script has way too many queries and uses too much server
> resources. Is there anything else? I'm wondering if the
> connection_status() function would help in any way...
Connection_status() is for something else.
Remember how HTTP works. The server receives a request, it sends a file,
you receive it, and that's it. There is no more communication. There is
_no_ way to tell how many people are on your page, plain and simple.
What you can do, however, is something like you're doing now. With each
_request_ to a page (not every second, or however you're doing it now),
update a time in a database. To see how many people are "on your site"
you can select a count of how many users have times that are less than X
minutes old. You have to assume that if they requested a page X minutes
ago, they are more than likely still on your page.
Since this isn't rocket science, this assumption will be adequate for
your needs.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
Hiya
Im having difficulties calling array values from outside script.
I have db.api.php
<?
session_start();
function db_fetch($querystring)
{
$db_result = mysql_query($querystring);
$row = mysql_fetch_row($db_result);
session_register('row');
$username = $row[0];
$password = $row[1];
$email = $row[2];
echo "THE USERNAME IN DB.API IS $username";
echo "THE PASSWORD IN DB.API IS $password";
echo "THE EMAIL IN DB.API IS $email";
}
?>
// this works fine but now when I try and call these variables from
// another php script user.api.php
<?
session_start();
require_once("db_api.php");
$querystring = ("select username, password , email
from user where username=
'$username'");
db_fetch($querystring);
echo "THE USERNAME IN USER API2 IS $row[0]";
echo "THE PASSWORD IN USER API IS $password";
?>
// I have tried to print to screen these variables from the
//global array $row two different ways and seem to get nothing on screen
// I have also tried registering the variables seperately such as
session_register('username'); with no luck
Can anyone see what I am doing wrong or suggest any tutorials which may
describe using arrays with sessions.
Thanks
_________________________________________________________________
Worried what your kids see online? Protect them better with MSN 8
http://join.msn.com/?page=features/parental&pgmarket=en-gb&XAPID=186&DI=1059
--- End Message ---
--- Begin Message ---
Hola Gairo,
No es que te pueda ayudar mucho, pero por si te sirve de algo yo instalé
Apache 2.0 y PHP 4.2.x en un sistema Red Hat a partir de los RPM's
disponibles en los CD's de redhat (o en su web) y no tuve que preocuparme de
compilar ni nada. No dices si tu sistema es *nix o MS-W, pero espero que te
sirva
--- End Message ---
--- Begin Message ---
The following short script retrieves a file over HTTP:
$url = 'http://www.example.com/';
implode('',file($url)); // or file_get_contents()
Now I'd like to find out which file was really retrieved, for instance
http://www.example.com/index.html. Is this possible and how?
Background:
I need to write a small link-checker (Intranet), which reads in all
links within a file and then looks if they're broken and collects some
information. Unfortunately I didn't find a simple, free link-checker
that's why I write my own. It would be good to find out the "complete"
url, because I want to collect the file-endings (.php,.html, ...).
Another thing is that my script is recursive, so I need a function
absolute_link() which takes a (possibly relative) path and an url to
find out which page to go next.
Example:
$url = http://www.example.com/foo/bar/
Somewhere in the source code:
... <a href="../articles/page.html" /> ...
My script reads in $path='../articles/page.html'. The function
absolute_link($url, $path) should return
'http://www.example.com/foo/articles/page.html'. However $url could be
http://www.example.com/foo/bar (bar can be file or dir here imho) or
http://www.example.com/foo/bar/index.php and in any case absolute_link()
should return the same. Of course this function is easier to implement
if I always have something like
http://www.example.com/foo/bar/index.php. Maybe there's already a useful
function besides parse-url() I can use here.
Jens
--- End Message ---
--- Begin Message ---
On Sun, 23 Mar 2003 21:21:39 +0100, you wrote:
>The following short script retrieves a file over HTTP:
>
>$url = 'http://www.example.com/';
>implode('',file($url)); // or file_get_contents()
>
>Now I'd like to find out which file was really retrieved, for instance
>http://www.example.com/index.html. Is this possible and how?
Difficult - you made a request, and the webserver returned a response.
Whether or not the webserver maps your request to a specific file - or
if it even has any concept of a file - is it's own internal matter.
Having said that, you could try the Content-Location header, and the 3xx
status codes.
>I need to write a small link-checker (Intranet), which reads in all
>links within a file and then looks if they're broken and collects some
>information. Unfortunately I didn't find a simple, free link-checker
>that's why I write my own. It would be good to find out the "complete"
>url, because I want to collect the file-endings (.php,.html, ...).
I really think this already exists. You should probably search a bit
harder.
--- End Message ---
--- Begin Message ---
The use of the standard mail(...) function is just not working and I
would really appreciate some patient soul's time to access:
http://www.up.net/~jolove/PHP/EMail/EmailPHP.php
and look at the code ... it really is very short ...
The function send() returns success, yet my mail client, Eudora is not
accepting emails when I send mail to myself.
The HTML source which accesses the above .php code is:
http://www.up.net/~jolove/email.php
Many, many thanks in advance ...
John Love
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Hello John,
Please make a copy of the file with a .phps or .txt extension so the
code is not parsed by PHP.
Thanks,
Jason
John Love wrote:
The use of the standard mail(...) function is just not working and I
would really appreciate some patient soul's time to access:
http://www.up.net/~jolove/PHP/EMail/EmailPHP.php
and look at the code ... it really is very short ...
The function send() returns success, yet my mail client, Eudora is not
accepting emails when I send mail to myself.
The HTML source which accesses the above .php code is:
http://www.up.net/~jolove/email.php
Many, many thanks in advance ...
John Love
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
thanks - found a solution... both method's worked for me
"Nate" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> stripslashes("\'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\'");
>
> "Domintcom" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > ok - found urldecode which is now giving me the following;
> >
> > \'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\'
> >
> > original string;
> >
> > '2003-1-3 00:00:01' AND '2003-3-10 23:59:59'
> >
> >
> > "Domintcom" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > ok - I know how to pass these variables by appending variables to the
> > link.
> > > however, I'm trying to pass the following string;
> > >
> > > '2003-1-1 00:00:01' AND '2003-3-20 23:59:59'
> > >
> > > now - when I pass it what I get is the following;
> > >
> > > date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59'
> > >
> > > it seems what I'm going to have to do is replace %20 with a space, but
> I'm
> > > unclear of how to do that with php.
> > >
> > > thanks,
> > >
> > > Jeff
> > >
> > >
> > >
> >
> >
>
>
--- End Message ---
--- Begin Message ---
Don't know if you realize this or not, but when you pass the variables, you
DO NOT enclose them in ' marks...
So...
http://blah.com/myscript.php?date=2003-2-1%2000:00:01'%20AND%20'2003-3-1%202
3:59:59&othervar=1234
Then on your myscript.php page,
$_GET['date'] will equal "2003-1-3 00:00:01 AND 2003-3-10 23:59:59" (sans
the " marks)
$_GET['othervar'] will equal "1234"
The browser pads the spaces with %20
If you really do need the ' marks, put them in the myscript.php page where
needed like this:
$sql = "SELECT * FROM foo WHERE blah = '".$_GET['othervar']."'";
> -----Original Message-----
> From: DomIntCom [mailto:[EMAIL PROTECTED]
> Sent: Sunday, March 23, 2003 2:08 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: how to pass variable for $_GET
>
>
> thanks - found a solution... both method's worked for me
>
>
> "Nate" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > stripslashes("\'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\'");
> >
> > "Domintcom" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > ok - found urldecode which is now giving me the following;
> > >
> > > \'2003-1-3 00:00:01\' AND \'2003-3-10 23:59:59\'
> > >
> > > original string;
> > >
> > > '2003-1-3 00:00:01' AND '2003-3-10 23:59:59'
> > >
> > >
> > > "Domintcom" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]
> > > > ok - I know how to pass these variables by appending
> variables to the
> > > link.
> > > > however, I'm trying to pass the following string;
> > > >
> > > > '2003-1-1 00:00:01' AND '2003-3-20 23:59:59'
> > > >
> > > > now - when I pass it what I get is the following;
> > > >
> > > > date='2003-2-1%2000:00:01'%20AND%20'2003-3-1%2023:59:59'
> > > >
> > > > it seems what I'm going to have to do is replace %20
> with a space, but
> > I'm
> > > > unclear of how to do that with php.
> > > >
> > > > thanks,
> > > >
> > > > Jeff
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
> is this a dangerous feature ?
Depends what kind of server you're on to start with. If you have a
dedicated server, then it's not as big of a deal. If you're on a shared
server, then anyone else on that server can write your .htaccess files
for you (generally).
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--- End Message ---
--- Begin Message ---
-> gert
Monday, March 24, 2003 sent:
gv> hello everyone,
gv> with this code, a table is loaded with info from the mysql db with id = '1'.
gv> but now i want to make a button, and when it is clicked, he has to renew the
gv> table with the info from the db with id ='2'
gv> does anyone know has this should be done?
gv> thanks in advance!
gv> Greetings,
gv> Gert Vonck
gv> <html>
gv> <head> <title> </title> </head>
gv> <body>
gv> <?php
gv> mysql_connect("localhost","root","") or
gv> die ("Could not connect to database");
gv> mysql_select_db("oh") or
gv> die ("problems selecting database");
?>>
gv> <h2>Info_DJ</h2>
gv> <?php
gv> $result0 = mysql_query("SELECT
gv> naam,leeftijd,muziekgenre,favoriet_liedje,motto,picture_right FROM info_dj
gv> WHERE id='1'") or die (mysql_error());
gv> print"<table border=1>\n";
gv> $field_count = mysql_num_fields($result0);
gv> while ($get_info0 = mysql_fetch_row($result0))
gv> {
gv> print "<tr><td><table>";
gv> for($i = 0; $i < $field_count - 1 ; $i++){
gv> $value = $get_info0[$i];
gv> $column = mysql_field_name($result0,$i);
gv> print "\t<tr><td>$column</td><td>$value</td></tr>\n";
gv> }
gv> $last = $field_count - 1;
gv> print "</table></td><td><img src='$get_info0[$last]'></td></tr>\n";
gv> }
gv> print "</table>\n";
gv> mysql_close();
?>>
gv> </body>
gv> </html>
gv> _________________________________________________________________
So, what is problem in? Make button to lead to same page but with
$n++ variable. i.e.
<?
$n = isset($_GET['n']) ? $_GET['n'] : '';
$sql = 'SELECT `foo` FROM `bar` WHERE id = '.$n;
$n++;
if ($req = mysql_query($sql)) { any actions...; print '<a
href="foo.php?n='.$n.'">link</a>'; }
else die (mysql_error());
?>
And one more thing - try to use templates, if you work with HTML
parsing a lot. :]
Yours, L0vCh1Y [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Just a heads up,
we should be moving the cvs apparatus from one server to another in the next
few hours. The only down time will be whilst your dns updates, and this will
_only_ affect cvs COMMITS -- not checkouts.
Thanks for your patience.
James Cox
php sysadmin
--
James Cox :: [EMAIL PROTECTED] :: http://imajes.info/
Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/
--- End Message ---
--- Begin Message ---
Does any one know how to calculate the difference between two dates. I need
to find out the age of a user to make sure they are over the age of 13. I
have searched for hours on this and found nothing that will help.
TIA
--- End Message ---
--- Begin Message ---
I'm having some problems with imagerotate() - e.g. it won't work at all.
I've tried many different ways to get it to work, but I have yet to see it
do anything at all. I'm using PHP 4.3.1 on XP. I know that GD is working
properly because I can do other image-manipulation with it without error.
Plus, I installed PHP manually, not with the Windows installer (which I've
had problems getting GD to work properly on in the past).
I've added the last attempt at getting the code to work. Note that the
imagecopy() works fine and the new image displayed always ends up being an
exact copy of the destination image.
Any help would be greatly appreciated!
if (($degrees == "90") || ($degrees == "180") || ($degrees == "270")){
foreach($image_check as $temp_file){
$src_img = imagecreatefromjpeg("$inbox_dir\\$temp_file");
$new_img = imagecreatetruecolor(imagesx($src_img),imagesy($src_img));
imagecopy($new_img,$src_img,0,0,0,0,imagesx($new_img),imagesy($new_img));
if (function_exists(imagerotate)){
if(imagerotate($new_img, $degrees, 0)){
print "Image Rotated Successfully<br>";
} else {
print "Error Rotating Image<br>";
}
}
imagejpeg($new_img, "$inbox_dir\\new_image_path.jpg");
imagedestroy($src_img);
imagedestroy($new_img);
*code left off that's not important - though there's no syntax/compile
errors
--- End Message ---
