php-windows Digest 10 Dec 2001 21:44:25 -0000 Issue 894
Topics (messages 10816 through 10833):
Re: A referer code needed
10816 by: Christian Sandfeld
PHP + IIS5 works like hell
10817 by: Silviu Bondalici
Re: Plug-in detection.
10818 by: G Schneider
Re: my MySQL hacked?
10819 by: G Schneider
10828 by: Mike Flynn
MySQL: What if .... ?
10820 by: G Schneider
10822 by: Asendorf, John
10824 by: Asendorf, John
10830 by: Hugh Bothwell
Re: How to know how long a person stay
10821 by: Michel Laine
Re: Has anyone gotten session_destroy() to actually wor k on Windows?
10823 by: Ayres, David
revision - IIS4 ASP hangs periodically after installing PHP
10825 by: Don Sanders
PHP + IIS5 lags
10826 by: Silviu Bondalici
mssql insert weird.
10827 by: Delbono
subject line complete
10829 by: Julian Easterling
security flaws
10831 by: ChaoticWorks.cs.com
10832 by: Rasmus Lerdorf
Microsoft Word .doc to HTML
10833 by: Ryan Marrs
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Either one of these preset vars should do:
$HTTP_REFERER
$HTTP_SERVER_VARS["HTTP_REFERER"]
$HTTP_ENV_VARS["HTTP_REFERER"]
/Christian
-----Original Message-----
From: Emad El-Din [mailto:[EMAIL PROTECTED]]
Sent: 5. oktober 2001 05:57
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] A referer code needed
Hi
I would like to know the function written to know the URL of the page the
user's browser was previously on if the user followed a link from that page
to my php script (as "referer" in perl script)
I'm using Apache webserver on win98 OS.
If any one know the code to be written plz send it to me as soon as
possible.
Thanks a lot
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
We have migrated our web server from NT4.0 (with PHP + IIS4.0) to Win2000
(with same PHP and IIS 5.0). When we used IIS4.0 the web paged were loading
in a sec. Now you must wait at least 5 sec. to get your page. Any
suggestions?
--- End Message ---
--- Begin Message ---
"Mark Hope" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm looking for a way to detect the flash plug-in, writing a suitable
> include file for those that have the plug-in, and another include for
> those that don't.
>
> Can anybody point me in the right direction.
>
> Mark Hope
Hi,
I don't think theres a way to do that using PHP :-(
But here's an alternative: Create a flash animation thats only something
like 10x10 pixels... and get the flash animation to redirect the browser to
your flash website after 2 or 3 seconds. That way, if the user has flash
installed, it will redirect him to the flash site. But then also use a
Javascript or Meta tag to redirect the other user to the non-flash website
after say... 10 seconds (enough time for the flash plug in to load).
Hope this helps
- Jefferrs
* e-mail: [EMAIL PROTECTED]
* homepage: http://webmastersdog.com
______________________________________
worlds' best webhosting:
http://www.openhosting.co.uk/?r=GB1500175
--- End Message ---
--- Begin Message ---
I found the problem.
There was a problem with FTP security, and a member decided to look in my
PHP files and find my MySQL password. He then, obviously, used that MySQL
password to trash our database.
Mystery solved.
- Jefferrs
"R'Twick Niceorgaw" <[EMAIL PROTECTED]> wrote in message
000601c1800f$423b1e80$273abe18@utkalika">news:000601c1800f$423b1e80$273abe18@utkalika...
> move to a unix box never trust IIS/W2k !
>
> -----Original Message-----
> From: G Schneider [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, December 08, 2001 10:39 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-WIN] my MySQL hacked?
>
>
> Okay, okay okay...
>
> I got up this morning to discover that my MySQL server has had ALL its
> databases DELETED except for the mysql.* one.
>
> When looking in the mysql.user table, I discovered that there were now TWO
> "root" users - except the new one required NO password.
> Also, another root-access user had been given a twin (same username), but
> requiring no password.
>
> Into the bargain, all records on the mysql.db table had been erased.
>
> Now what the HELL do you think caused this?
>
> The server is protected by a firewall, running on IIS5/Windows2000, and
> nope - nobody with root access gave their password away.
>
> Could it have been a virus? This morning several viruses were cleared off
> the hard-drive of the server (uploaded by members). Is there a virus that
> can do this? If so, what is it?
>
> Thankfully the MySQL server was not available for general use (to our
> members) but was undegoing a sort-of 'testing period'. So nothing
important
> was lost. But I don't want to see this happen again! So can anybody shed
any
> light onto what could have caused this?!??!
>
> Thanks,
> - Jefferrs
>
> (p.s. this post is being cross-posted to both alt.comp.lang.php and
> alt.php.sql)
>
> - Jefferrs
>
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>
>
--- End Message ---
--- Begin Message ---
At 06:11 PM 12/9/2001 +0000, you wrote:
>I found the problem.
>
>There was a problem with FTP security, and a member decided to look in my
>PHP files and find my MySQL password. He then, obviously, used that MySQL
>password to trash our database.
>
>Mystery solved.
>
>- Jefferrs
A good way to help avoid this is to have all of your database connections
done via include files, and make the include file reside outside the domain
of any servers (i/e web, FTP, etc).
So a page on my site may say something like:
require('/path/to/file/dbconnect.php');
Where that path resides outside the web server and any other server's
accessible areas.
-Mike
--- End Message ---
--- Begin Message ---
What do you do if the only root user has removed all his own privileges?
How do you rectify the situation without reinstalling MySQL?
Thanks,
- Jefferrs
P.S. This message is also being posted to alt.comp.lang.php, alt.php, and
alt.php.sql
--- End Message ---
--- Begin Message ---
There's a section of MySQL just for this problem
http://www.mysql.com/doc/R/e/Resetting_permissions.html
Make sure you follow ALL of the instructions. If you need further help,
please feel free to contact me directly. I JUST went through this, so it's
still rather fresh.
John
---------------------
John Asendorf - [EMAIL PROTECTED]
Web Applications Developer
http://www.lcounty.com - NEW FEATURES ADDED DAILY!
Licking County, Ohio, USA
740-349-3631
Nullum magnum ingenium sine mixtura dementiae fuit
> -----Original Message-----
> From: G Schneider [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 09, 2001 12:00 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-WIN] MySQL: What if .... ?
>
>
> What do you do if the only root user has removed all his own
> privileges?
>
> How do you rectify the situation without reinstalling MySQL?
>
> Thanks,
> - Jefferrs
>
> P.S. This message is also being posted to alt.comp.lang.php,
> alt.php, and
> alt.php.sql
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
--- End Message ---
--- Begin Message ---
Note, step one, for a windows user = "stop the MySQL service"
---------------------
John Asendorf - [EMAIL PROTECTED]
Web Applications Developer
http://www.lcounty.com - NEW FEATURES ADDED DAILY!
Licking County, Ohio, USA
740-349-3631
Nullum magnum ingenium sine mixtura dementiae fuit
> -----Original Message-----
> From: Asendorf, John [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 10, 2001 8:19 AM
> To: G Schneider; Php-Windows (E-mail)
> Subject: RE: [PHP-WIN] MySQL: What if .... ?
>
>
> There's a section of MySQL just for this problem
>
> http://www.mysql.com/doc/R/e/Resetting_permissions.html
>
> Make sure you follow ALL of the instructions. If you need
> further help,
> please feel free to contact me directly. I JUST went through
> this, so it's
> still rather fresh.
>
> John
>
> ---------------------
> John Asendorf - [EMAIL PROTECTED]
> Web Applications Developer
> http://www.lcounty.com - NEW FEATURES ADDED DAILY!
> Licking County, Ohio, USA
> 740-349-3631
> Nullum magnum ingenium sine mixtura dementiae fuit
>
>
> > -----Original Message-----
> > From: G Schneider [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, December 09, 2001 12:00 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-WIN] MySQL: What if .... ?
> >
> >
> > What do you do if the only root user has removed all his own
> > privileges?
> >
> > How do you rectify the situation without reinstalling MySQL?
> >
> > Thanks,
> > - Jefferrs
> >
> > P.S. This message is also being posted to alt.comp.lang.php,
> > alt.php, and
> > alt.php.sql
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
--- End Message ---
--- Begin Message ---
"G Schneider" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What do you do if the only root user has removed all his own privileges?
>
> How do you rectify the situation without reinstalling MySQL?
>
> Thanks,
> - Jefferrs
MySQL keeps its own privileges database as a set of files
in mysql/data/mysql ... if you have a backup of this directory,
you could restore it.
Failing that, possibly someone could tell you how to
manually patch one or more of these files to reset the
privileges.
--- End Message ---
--- Begin Message ---
Hey! don't blame me....
I am just a newbie trying to help.
...and let me point out that i said "I do not believe that this is possible,
not as you would it to work anyway." - Where is the text saying that it *can't*
be done?
PHP still amazes me after one year. I'm on your side - "Anything is possible"
Gerald Davis wrote:
> NEVER SAY it is impossible. Anything is possible
>
> Michel the question is do you want to do the work needed?
>
> 1) setup a simple static "testbed" website. With index.html and 4-5
> page1-5.html
> 2) setup the site to use the built in sessions feature of php4. If you
> don't know what this is stop, and read manual or a good boook on php
> 3) don't call the pages directly. Create a script that is passed the page
> you need as a variable.
> i.e pages.php?p=index.html would grab the index.html page.
> a) Have the script record the page, the "on time" (that is time page is
> loaded first), and the session_id into a mysql database.
> b) Have the script check to see if that session_id was on any other pages.
> if so and there is no off-time then the on-time for this page is the
> off-time for the old page.
> c) Have the script parse the page and change all the direct links to
> page.php links. I.e if the script sees page1.html it would change that to
> page.php?p=page1.html
>
> Now all your data is trapped in a mysql database
> You should be able to write a simple script to extract it into some
> meaningful reports, or a csv for further processesing.
>
> ANYTHING is possible with PHP & MySQL.
>
> Gerald
>
> "Michel Laine" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I do not believe that this is possible, not as you would it to work
> anyway.
> > Something like this might be realized with sessions set to a very short
> > timeout, but then your users might get pissed (due to the short timeout).
> >
> > Patrick Silva wrote:
> >
> > > Hello
> > >
> > > is it possible with PHP to know how much time a person stay on a web
> page?
> > >
> > > thanks
> > > /---------------------------------------------/
> > > Patrick Silva
> > > Gestion serveurs et domaines
> > > Cyse Informatique
> > > 105 avenue du Général Leclerc
> > > 77400 Lagny sur marne (France)
> > > tel : (33)1 64303232 - Fax : (33)1 64303222
> > > tel : (33)5 55805498 - Fax : (33)5 55805499
> > > E-mail : [EMAIL PROTECTED]
> > > http://www.cyse.com
> > > /---------------------------------------------/
> >
> > --
> >
> > Michel Laine
> >
> >
--
Michel Laine
Engineer / Network Administrator
SYSTEM TECHNOLOGY SWEDEN AB
Phone:(+46)-8-982255
Fax:(+46)-8-982060
Snail mail: Vretenvagen 2, 171 54 SOLNA, SWEDEN
E-mail: [EMAIL PROTECTED]
WWW: http://www.systemtech.se
--- End Message ---
--- Begin Message ---
Thanks Egil,
But I've tried everything and can not get it to work. I also can't get it
to instantiate a session until I print the Session variables once to the
HTML Page, then the session finally works. It's really strange (I just wish
it were as stable as .Net). Thanks for your feedback...
David
-----Original Message-----
From: Egil Helland [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 07, 2001 6:07 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP-WIN] Has anyone gotten session_destroy() to actually
work on Windows?
On Fri, 7 Dec 2001 13:36:32 -0500, Ayres, David wrote:
>Okay, I'm going to throw my laptop through a window in a second!
>Why won't session_destroy() work? I can't be the only one with this
>problem.
>I know the session variables exist. I'm running PHP 4.0.6, anyone
>else ever have this problem? Please let me know if there's some
>sort of bug with this or something. Thanks!
>
Running 4.0.5 here, but session_destroy works just fine. Only thing
you need to do is to first initiate the session, with session_start,
probably you also want to empty up those vars with session_unset, and
the conclude the whole thing with session_destroy:
session_start();
session_unset();
session_destroy();
Works like a charm... :)
Regards,
EGil
-=//
Egil Helland / IKON AS - MCSE, Internet, Intranet
mailto:[EMAIL PROTECTED] http://egil.net
//=-
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
When I first posted this problem, I thought it was MS Access hanging but
after more testing, I realized it is ASP that stops responding about once a
week after I installed PHP, even pages that do not use database. Restarting
the server will run for another week then hang again.
--- End Message ---
--- Begin Message ---
We have migrated our web server from NT4.0 (with PHP + IIS4.0) to Win2000
(with same PHP and IIS 5.0). When we used IIS4.0 the web paged were loading
in a sec. Now you must wait at least 5 sec. to get your page. Any
suggestions?
--- End Message ---
--- Begin Message ---
Hello,
I have this simple
query:
insert into table1 ( fname) values ('test1')
I use odbc_exec() all goes fine. Insert is performed.
I use mssql_query(); Query returns 1, but no insert is done!!!
same, db, same table, same user.
Why!!?
mssql_query("select * from table1") works
odbc_exec("insert into table1 ( fname) values ('test1')") works
so it is not a problem of permission nor a problem of mssql_specific
function problem
I don't get any error, yet the QUERY IS PERFORMED
because I have
$res = mssql_query($q,$id);
echo "Last query was: [ <B>" . $q . "</B> ]<br>";
echo "Last message was: [ <B>" . mssql_get_last_message() . "</B> ]<BR>";
if ($res)
{
echo "OK<br>";
}
else
{
echo "NO!";
}
"OK" is printed out!
Please help this man..
Thank you,
Nicola
Nicola Delbono
[EMAIL PROTECTED]
Key5 di Delbono Nicola
V. G.M. Rossi, 12
25038 Rovato (Bs)
Tel 39 030 7242266
Fax 39 030 7242266
--- End Message ---
--- Begin Message ---
unsubscribe
--- End Message ---
--- Begin Message ---
what are all the security flaws of PHP? also...what other languages are more
secure? thanks.
--- End Message ---
--- Begin Message ---
All known flaws have obviously been fixed. I guess you are looking for a
list of unknown flaws? That's a bit hard to provide.
On Mon, 10 Dec 2001 [EMAIL PROTECTED] wrote:
> what are all the security flaws of PHP? also...what other languages are more
> secure? thanks.
>
--- End Message ---
--- Begin Message ---
I'm not entirely where to begin because I am not a VB Developer in anyway
shape or form, but I know how to use COM Objects with PHP. I am attempting
to read Word Documents and save them as an HTML. I've read through a few
messages that have already been brought up on this topic and I am still not
getting it. Does anyone have any reference code or a link to a tutorial I
could take a look at?
Thanks!
Ryan
--- End Message ---
