php-windows Digest 18 Sep 2001 09:15:42 -0000 Issue 760
Topics (messages 9390 through 9399):
Re: Please Help with incorrect Date Code
9390 by: max
Re: File uploading
9391 by: Angie Tollerson
Re: Safe mode w/ IIS4 + PHP
9392 by: Eric R. Gavin
Re: securing PHP on Win32
9393 by: Eric R. Gavin
Re: How can I retreive a users Windows logon name?
9394 by: Eric R. Gavin
9399 by: Christian Sandfeld
Applying the memory-limit patch
9395 by: Gaylen Fraley
Re: Help:About the Apache log files problems,too strange
9396 by: leo g. divinagracia iii
File Upload In Form
9397 by: Mad Nas
Income on the Net!
9398 by: Noel Hadfield
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Dean,
Thanks for the response Dean, I didn't even think about daylight savings
time! Changed the hour on the initial timestamp as you suggested and all is
well again ;)
Thanks again,
Max
-----Original Message-----
From: Dean Bennett [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001 11:24 AM
To: max
Subject: Re: [PHP-WIN] Please Help with incorrect Date Code
Someone else discovers daylight savings. Once a year, one day has 25 hours,
so
24 hours after 10/28/01 00:00 is 10/28/01 23:00. Use an hour other than
00:00
in your initial timestamp, Or you could just keep incrementing $dy - mktime
knows that 10/32 is 11/1.
max wrote:
>
> I'm posting a snippet of code which prints each date within a week. For
> example on the day of 10/21/01 it will print the dates 10/21/01, 22, 23,
24,
> 25, 26, and 27.
>
> The problem I am having is on the week of 10/28/01 it will print 10/28
> twice. for example 28,28,29,30,31,1,2,3. As far as I can tell every
other
> date seems to work fine except for the week of the 28th, where I get the
> 28th twice. I'm hoping someone will take a quick look at the code below
and
> maybe have an idea as to why this is occuring or see something I dont see.
>
> I greatly appreciate any help or advince.
>
> Thanks.
>
> <?
> $yr = "2001";
> $mnth = "10";
> $dy = "28";
>
> $sunday_stamp =
> mktime(0,0,0,$mnth,$dy-date("w",mktime(0,0,0,$mnth,$dy,$yr)),$yr);
> $last_sunday = date("Y-m-d", $sunday_stamp);
> $next_saturday =
>
date("Y-m-d",mktime(0,0,0,$mnth,$dy+6-date("w",mktime(0,0,0,$mnth,$dy,$yr)),
> $yr));
>
> $next_day = $last_sunday;
> $next_stamp = $sunday_stamp;
> while($next_day <= $next_saturday)
> {
> $newsplit = explode("-", $next_day);
> $date = date("m/d/y",
> mktime(0,0,0,$newsplit[1],$newsplit[2],$newsplit[0]));
> $dayoweek = date("l",
> mktime(0,0,0,$newsplit[1],$newsplit[2],$newsplit[0]));
>
> echo "$dayoweek $date<BR>";
>
> $next_stamp = $next_stamp + 86400; // stamp plus # of seconds in a
day
> $next_day = date("Y-m-d",$next_stamp);;
> }
> ?>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
Frankie,
the function is copy($old, $new);
so it needs to be from the exact path to the exact path....what is the folder you want
to store the file in eventually? the best thing to do is to set the path for the
folder where the new file will be residing and tack on the image
for example:
$PATH = "../news/archive/images/";
$userpath = "c:\windows\images\picture.jpg"; // ( gotten by them doing a browse of
computer using type="file" ??? maybe??)
$newimagename = "new.jpg";
copy($userpath, $PATH.$newimagename);
hope that helps,
Angie
>>> "Frankie" <[EMAIL PROTECTED]> 09/17/01 02:01PM >>>
I have a problem with the file uploading.
I copied a script from a book on PHP and I followed instructions about the
upload temp dir (upload_tmp_dir = c:/Windows/temp). The script was developed
for an Unix machine and the line is:
@copy("$img1","/usr/local/apache_1.3.12/htdocs/$img1_name") or die...
The book suggests, for Windows machines, to change the root in:
/Apache/htdocs. I tried the program, but an error message appears: "It is
impossible to upload file" (message wrote in die command).
What is the exact command for uploading file?
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
I have an open bug submission for this subject; and even tried to append to
the documentation about the subject that you just mentioned (much of Safe
Mode not working under Win32 because of ownership issues.)
Rasmus Lerdorf suggested that I submit the bug report, and as far as I know
it is still "Open."
Eric Gavin
"Erick Baum" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am having a similar problem with Windows2000, IIS5, and the latest
stable
> PHP. I don't believe Safe Mode works in a Windows environment anyways,
> because it does not understand Windows permissions as far as ownership.
> However, I was told to use the open_basedir option which in php.ini. You
> set it to the root of where you want files to be able to be opened from.
> For example open_basedir = c:\inetpub\wwwroot\ which would only allow
them
> to open files located somewhere in that directory or a sub-directory under
> it. Or you're supposed to be able to do something like open_basedir = .
> which is supposed to tell it that a PHP script can only open files in the
> directory and sub-directories where the script resides. This would be the
> I can't believe there's no way to secure against something like this.
There
> must be a way. Lot's of ISP's are starting to support PHP. They
certainly
> all wouldn't be leaving something like this wide open. A good number are
> probably hosting on Win32 so I must be missing something.
There is, but it involves LOADS of file-system privilege "adjustments." You
are fortunate, in that you're running Win2000 and therefore have better
filesystem-priv management. (NT privs _suck_)
Anyway, the way I'm doing it, I have a single anonymous web user for each
virtual server that I have. Those users are denied various permissions in
certain key areas. You will run into problems, however, because those users
need to be able to Read/eXecute various files so that the web server will
actually RUN. Also if you want to do database connectivity via ADO or
something like that.
While you are locking down your server, you will inevitably "break"
something's ability to do something else.
That's why open_basedir would be so nice, because it would be nice to narrow
down the list of files they can mess with down to JUST c:\inetpub and from
there, managing individual permissions on each of the subdirectories is
_WAY_ easier.
Eric
>
> Thanks for the info.
>
> Erick
>
>
> "Cjd" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Best thing to do is create a user for the webserver/php and run as this
> > user. You can then restrict the access of that user to specific areas.
> This
> > is OK if you are running a single server/domain model, but if running
> > virtual domains or multiplue websites, to secure the other peoples
> websites,
> > you'll need to have a server per website to stop roaming. I have tested
> > inhouse and with a poorly constructed PHP script, I can browse most file
> > systems, access other websites on the server and even write files to
their
> > directories. If you are running a server and using PHP, then you need to
> do
> > a full security analysis of it before you launch it to the world,
> especially
> > on Win32. Not too bad if you're only hosting your own files and stuff,
but
> > can become a nightmare if you have it open to the 'public' to upload
their
> > php scripts.
> >
> >
> > "Erick Baum" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > We have been unable to secure our Windows 2000/IIS5 server from
allowing
> > > people to open any file on our server that they want to if they know
the
> > > path. The safe_mode doesn't really work on Windows. But I was told
to
> > use
> > > the open_basedir option in our php.ini. I added this option and it
had
> no
> > > effect on the ability for people to open files anywhere on the server.
> I
> > > tried numerous formats for the option, for example open_basedir =
> > > c:\inetpub\wwwroot open_basedir = "c:\inetpub\wwwroot"
open_basedir
> =
> > .
> > > and on and on, with quotes, without quotes, forward slashes,
> backslashes,
> > > even without the drive letter more like a unix path and nothing seemed
> to
> > > work.
> > >
> > > Has anyone actually got this to work? If so, I would be very
interested
> > to
> > > know what format you used for the option in the php.ini file. Or
> however
> > > else you managed to get this to work.
> > >
> > > Thanks,
> > > Erick
> > >
> > >
> > >
> >
> >
>
>
It's important to note that this only works for pages that require
authentication.
I don't believe that there is a way to retrieve username information via
pages that are accessed anonymously (i.e. if you were trying to retrieve the
name of the anonymous web user.)
I only say this because I tried to retrieve user name for debugging purposes
and couldn't do it. There are/were some POSIX functions/modules that
supposedly do this but I think I screwed something up trying to use them,
and needed to dl() the module or something like that, which I didn't do
because I'm the laziest person alive ^_^
> If you change the access control from Basic to NT LM for the Intranet web
site you will gain the following things:
>
[snip]
>
> 2) The users login name and auth method will be available in $AUTH_USER
and $AUTH_TYPE.
Eric,
Thanks for sharing. I too can not get the user name for pages where
anonymous access is allowed, but since it's on our intranet, that's ok (all
users are loged on to our NT domain).
Regards,
Christian
-----Original Message-----
From: Eric R. Gavin [mailto:[EMAIL PROTECTED]]
Sent: 17. september 2001 22:50
To: [EMAIL PROTECTED]
Subject: Re: [PHP-WIN] How can I retreive a users Windows logon name?
It's important to note that this only works for pages that require
authentication.
I don't believe that there is a way to retrieve username information via
pages that are accessed anonymously (i.e. if you were trying to retrieve the
name of the anonymous web user.)
I only say this because I tried to retrieve user name for debugging purposes
and couldn't do it. There are/were some POSIX functions/modules that
supposedly do this but I think I screwed something up trying to use them,
and needed to dl() the module or something like that, which I didn't do
because I'm the laziest person alive ^_^
> If you change the access control from Basic to NT LM for the Intranet web
site you will gain the following things:
>
[snip]
>
> 2) The users login name and auth method will be available in $AUTH_USER
and $AUTH_TYPE.
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
I've looked for instructions on this but have been unable to find them. How
do you apply the memory-limit patch for 4.0.6 on Windows?
--
Gaylen
[EMAIL PROTECTED]
http://www.gaylenandmargie.com
PHP KISGB v1.1 Guestbook http://www.gaylenandmargie.com/publicscripts
web crawlers, my first guess...
Thrack wrote:
>
> Hi,everyone:
>
> My system is Windows 2000 server,and I have created My website with
>Apache+Php+Mysql in it.My IP is an Internet static and valid IP address.Theses days
>I found some strange problems in the Apache log file(access.log),these logs below
>appeared in the ACCESS.LOG somtime(The xxx.xxx.xxx.xxx is the IP address):
> xxx.xxx.xxx.xxx - - [06/Sep/2001:14:59:35 +0800] "GET http://www.s3.com HTTP/1.1"
>200 13878
> xxx.xxx.xxx.xxx - - [06/Sep/2001:21:42:07 +0800] "GET http://www.ebay.com/ HTTP/1.1"
>200 14640
> xxx.xxx.xxx.xxx - - [06/Sep/2001:21:42:07 +0800] "GET http://www.netease.com/
>HTTP/1.1" 200 14640
> But in fact,My site has nothing with the sites
>www.s3.com,www.ebay.com,www.netease.com.
>
> Who knows the answer?
>
>
> Thanks.
--
Leo G. Divinagracia III
[EMAIL PROTECTED]
Hi All,
I must a file download with used html form, for example with this code:
<form enctype="multipart/form-data" method="post" action="_URL_">
<input type="file" name="userfile">
<input type="submit">
</form>
How can upload only GIF or JPG file?
I see for file size limit used a hidden parameter with name "MAX_FILE_SIZE"
for example :
<input type="hidden" name="MAX_FILE_SIZE" value="1024">
for limit file size in 1KB, Where i found any parameter for upload file ?
Thanks for answer and excuse me for poor english
Mad Nas
Here is an opportunity that you can take up FREE. If you join as an
affiliate, we'll teach you how to build a profitable business on the
Internet, using our system to create an income stream and earn income
globally, 24 hours a day.
Don't let this opportunity slip past you - our organization is now more
than three million strong and growing at around 6,000 each day! Join us and
let's work together to get a share of all those members.
Just hit:
mailto:[EMAIL PROTECTED]?Subject=Opportunity
To be removed from this list, hit:
mailto:[EMAIL PROTECTED]?Subject=Remove
