php-windows Digest 11 Jun 2002 04:31:47 -0000 Issue 1185
Topics (messages 14153 through 14172):
Re: How to pass passwd Server <-> Client in a "secure" way
14153 by: Stuart Dallas
14154 by: Svensson, B.A.T. (HKG)
14156 by: Ross Fleming
14161 by: Scott Hurring
Apache 2.0.36 + PHP + Win2000 Server
14155 by: Matt Babineau
14159 by: Scott Hurring
14160 by: Matt Babineau
14162 by: Scott Hurring
14163 by: Ross Fleming
14164 by: Scott Carr
Re: Somebody please help beginner with variable problem
14157 by: Si Ming
beginner question to variables
14158 by: Si Ming
HTTP_WEREFERER / HTTP_REFERER
14165 by: hippo
14166 by: Scott Hurring
self processing forms
14167 by: Bill Hudspeth
Re: PHP 4.2.1 And WinXP
14168 by: Fester
14169 by: Stuart Dallas
14171 by: Fester
14172 by: Steve Yates
Stripping Domain from username
14170 by: Blaine Dinsmore
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Monday, June 10, 2002, 2:49:14 PM, you wrote:
> But before I start all this implementation, I wonder what other
> kinds of solution other might have been using - I would prefer
> not to have scripts running on the client side, but a public
> key system force me to do this. (And I can use php, so it
> pointless to refer to any php specific methods.)
The best way is to send it across an SSL connection.
--
Stuart
--- End Message ---
--- Begin Message ---
> > But before I start all this implementation, I wonder what other
> > kinds of solution other might have been using - I would prefer
> > not to have scripts running on the client side, but a public
> > key system force me to do this. (And I can use php, so it
> > pointless to refer to any php specific methods.)
>
> The best way is to send it across an SSL connection.
Thank for pointing out SLL.
But it could argued weather SSL is The Best way to do it. If you trust
SSL to much, then you are swimming in deep water. But of course I am
going to use SSL - as a first line of defense, but I do also want to
have a second wall of defense. Since SSL is not unbreakable I would
like not to pass the passwd in plain text. And that's what I am asking
for, weather some one has been using some special solution here?
--- End Message ---
--- Begin Message ---
Anders, what's wrong with SSL? It uses both the cipher suites you mention
(DES is no longer deemed "secure" by the way, 3DES is the way to go, and you
can't use DES on its own, since you need to exchange your private keys
somehow, hence they must encrypted with a public key). 3DES is faster than
RSA.
Authentications supported by SSL:
v2 - RSA or X.509 certs
v3 - anonymous Diffie-Hellman
Encryption supported by SSL:
v2 - 40 bit RC2, RC4
v3 - 56 bit DES-CBC, 128 bit RC2, RC4, 3DES CBC 168-bit
MAC supported by SSL
v2 - MD5
v3 - SHA
If you insist on doing it yourself, then Public Key cryptography is a good
method for a one time only (ie send the password once and your done). If
however you will be repeatedly sending encrypted data then you may find that
a combination of public key and private key may be a better bet. All public
key encryption is computationally intensive, with a combination, you can
take the SSH approach and use public key to negotiate a private key between
client & server and use this for the remainder of the session. However SSL
does all this for you. I'd therefore suggest SSL.
Both methods allow you to not worry about the fact that it is calculated
client-side, since a good crypto suite should not be compromised simply by
having the algorithm available. In fact, for a secure connection, at least
some of the work must be done at the client end.
Hope that helps! :)
Cheers
Ross
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:[EMAIL PROTECTED]]
> Sent: 10 June 2002 14:49
> To: Php Win32 list
> Subject: [PHP-WIN] How to pass passwd Server <-> Client in a "secure"
> way
>
>
> Dear Mr/Miss/Mrs/Madam/Sir All,
>
> I am currently thinking of how to transport the passwd between
> the database and the client. One suggestion would be to use a
> one pad chipper, but this is pointless if I want to update
> the passwd: the key has to be distributed. So I was thinking
> of using a public key system , for example RSA (would DES take
> to long time?).
>
> But before I start all this implementation, I wonder what other
> kinds of solution other might have been using - I would prefer
> not to have scripts running on the client side, but a public
> key system force me to do this. (And I can use php, so it
> pointless to refer to any php specific methods.)
>
> //Anders
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
You should also keep in mind that it's exceedingly dangerous
to "re-invent the wheel" when it comes to cryptography. Heavily
peer-reviewed algorithms (which are not always the most secure)
are always your best bet.
Even though SSL isn't the best overall option for 100%
total security, if you go about putting another home-brewed
layer over SSL, you'll only marginally increase your security,
while increasing your workload by quite a lot (and give yourself
a false sense of security)
Another option nobody has mentioned:
Perhaps install PGP/GPG on the server and email out encrypted
passwords... this way, speed won't be such an issue, and you
can use 3072-bit keys, which are quite secure. Of course, this
would mean the client MUST have PGP/GPG installed on his
computer.... :-)
--
Scott Hurring
Systems Programmer
EAC Corporation
scott (*) eac.com
"Ross Fleming" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Anders, what's wrong with SSL? It uses both the cipher suites you mention
> (DES is no longer deemed "secure" by the way, 3DES is the way to go, and you
> can't use DES on its own, since you need to exchange your private keys
> somehow, hence they must encrypted with a public key). 3DES is faster than
> RSA.
>
> Authentications supported by SSL:
> v2 - RSA or X.509 certs
> v3 - anonymous Diffie-Hellman
>
> Encryption supported by SSL:
> v2 - 40 bit RC2, RC4
> v3 - 56 bit DES-CBC, 128 bit RC2, RC4, 3DES CBC 168-bit
>
> MAC supported by SSL
> v2 - MD5
> v3 - SHA
>
> If you insist on doing it yourself, then Public Key cryptography is a good
> method for a one time only (ie send the password once and your done). If
> however you will be repeatedly sending encrypted data then you may find that
> a combination of public key and private key may be a better bet. All public
> key encryption is computationally intensive, with a combination, you can
> take the SSH approach and use public key to negotiate a private key between
> client & server and use this for the remainder of the session. However SSL
> does all this for you. I'd therefore suggest SSL.
>
> Both methods allow you to not worry about the fact that it is calculated
> client-side, since a good crypto suite should not be compromised simply by
> having the algorithm available. In fact, for a secure connection, at least
> some of the work must be done at the client end.
>
> Hope that helps! :)
>
> Cheers
>
> Ross
>
>
> > -----Original Message-----
> > From: Svensson, B.A.T. (HKG) [mailto:[EMAIL PROTECTED]]
> > Sent: 10 June 2002 14:49
> > To: Php Win32 list
> > Subject: [PHP-WIN] How to pass passwd Server <-> Client in a "secure"
> > way
> >
> >
> > Dear Mr/Miss/Mrs/Madam/Sir All,
> >
> > I am currently thinking of how to transport the passwd between
> > the database and the client. One suggestion would be to use a
> > one pad chipper, but this is pointless if I want to update
> > the passwd: the key has to be distributed. So I was thinking
> > of using a public key system , for example RSA (would DES take
> > to long time?).
> >
> > But before I start all this implementation, I wonder what other
> > kinds of solution other might have been using - I would prefer
> > not to have scripts running on the client side, but a public
> > key system force me to do this. (And I can use php, so it
> > pointless to refer to any php specific methods.)
> >
> > //Anders
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
--- End Message ---
--- Begin Message ---
Hello all;
I am looking into a solution for a company and I want to use PHP.
However I want to use PHP on Windows but do not want to use IIS.
Currently on my test system I run IIS + WinXP + PHP, and I am running
PHP as a CGI executable. If I use Apache as the Web server software,
will I be able to take full advantage of PHP? Currently I know the CGI
runs slower then "navtive"? (is that correct?) If I install Apache on a
Win2k machine, will my PHP performance be equivalent to a Linux machine?
Thank for your response!
Matt Babineau
Freelance Internet Developer
-----------------------------------------
e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
p: 603.943.4237
w: <http://www.criticalcode.com/> http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
--- End Message ---
--- Begin Message ---
PHP support for Apache2 is still experimental, so i'd go with
Apache 1.3.x for now.
Most people i hear from say that PHP/apache is much faster
than PHP/IIS.
"Matt Babineau" <[EMAIL PROTECTED]> wrote in message
003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> Hello all;
>
> I am looking into a solution for a company and I want to use PHP.
> However I want to use PHP on Windows but do not want to use IIS.
> Currently on my test system I run IIS + WinXP + PHP, and I am running
> PHP as a CGI executable. If I use Apache as the Web server software,
> will I be able to take full advantage of PHP? Currently I know the CGI
> runs slower then "navtive"? (is that correct?) If I install Apache on a
> Win2k machine, will my PHP performance be equivalent to a Linux machine?
>
> Thank for your response!
>
> Matt Babineau
> Freelance Internet Developer
> -----------------------------------------
> e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> p: 603.943.4237
> w: <http://www.criticalcode.com/> http://www.criticalcode.com
> PO BOX 601
> Manchester, NH 03105
>
>
--- End Message ---
--- Begin Message ---
Yeah Scott, that's also what I have been hearing. I am wondering though
is the PHP support in Apache 1.3 or 2.0 even on Windows the same type of
support that you would get on a Linux machine? I am not a Linux person
but I may need to be if I can't get good performance out of Windows. I
am a Windows person by trade but I am slowly moving towards open source
primarily because I can develop for free. I also was rading about Apache
2.0 and it said that there was no SSL support for it. Does anyone know
if there is SSL support in Apache v1.3 for windows?
Matt Babineau
Freelance Internet Developer
-----------------------------------------
e: [EMAIL PROTECTED]
p: 603.943.4237
w: http://www.criticalcode.com
PO BOX 601
Manchester, NH 03105
-----Original Message-----
From: Scott Hurring [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 10, 2002 3:09 PM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
PHP support for Apache2 is still experimental, so i'd go with Apache
1.3.x for now.
Most people i hear from say that PHP/apache is much faster
than PHP/IIS.
"Matt Babineau" <[EMAIL PROTECTED]> wrote in message
003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> Hello all;
>
> I am looking into a solution for a company and I want to use PHP.
> However I want to use PHP on Windows but do not want to use IIS.
> Currently on my test system I run IIS + WinXP + PHP, and I am running
> PHP as a CGI executable. If I use Apache as the Web server software,
> will I be able to take full advantage of PHP? Currently I know the CGI
> runs slower then "navtive"? (is that correct?) If I install Apache on
> a Win2k machine, will my PHP performance be equivalent to a Linux
> machine?
>
> Thank for your response!
>
> Matt Babineau
> Freelance Internet Developer
> -----------------------------------------
> e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> p: 603.943.4237
> w: <http://www.criticalcode.com/> http://www.criticalcode.com PO BOX
> 601 Manchester, NH 03105
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Well, just IMO, i've used PHP/apache on both linux and windows
for almost 2 years now, and i've never had a single problem with
either platform.
I personally prefer using linux for server jobs and windows for
desktop jobs.... so i don't think i'd ever use windows as a
production server, but I do almost all my development work
on a Win2k machine running mysql/apache/php, i love it :-)
Apache is still classified "beta" on windows, but from what i've
seen, it's a VERY solid beta.
--
Scott Hurring
Systems Programmer
EAC Corporation
scott (*) eac.com
"Matt Babineau" <[EMAIL PROTECTED]> wrote in message
004e01c210b2$bef510f0$6501a8c0@developerx">news:004e01c210b2$bef510f0$6501a8c0@developerx...
> Yeah Scott, that's also what I have been hearing. I am wondering though
> is the PHP support in Apache 1.3 or 2.0 even on Windows the same type of
> support that you would get on a Linux machine? I am not a Linux person
> but I may need to be if I can't get good performance out of Windows. I
> am a Windows person by trade but I am slowly moving towards open source
> primarily because I can develop for free. I also was rading about Apache
> 2.0 and it said that there was no SSL support for it. Does anyone know
> if there is SSL support in Apache v1.3 for windows?
>
> Matt Babineau
> Freelance Internet Developer
> -----------------------------------------
> e: [EMAIL PROTECTED]
> p: 603.943.4237
> w: http://www.criticalcode.com
> PO BOX 601
> Manchester, NH 03105
>
>
> -----Original Message-----
> From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 10, 2002 3:09 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
>
>
> PHP support for Apache2 is still experimental, so i'd go with Apache
> 1.3.x for now.
>
> Most people i hear from say that PHP/apache is much faster
> than PHP/IIS.
>
> "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> 003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> > Hello all;
> >
> > I am looking into a solution for a company and I want to use PHP.
> > However I want to use PHP on Windows but do not want to use IIS.
> > Currently on my test system I run IIS + WinXP + PHP, and I am running
> > PHP as a CGI executable. If I use Apache as the Web server software,
> > will I be able to take full advantage of PHP? Currently I know the CGI
>
> > runs slower then "navtive"? (is that correct?) If I install Apache on
> > a Win2k machine, will my PHP performance be equivalent to a Linux
> > machine?
> >
> > Thank for your response!
> >
> > Matt Babineau
> > Freelance Internet Developer
> > -----------------------------------------
> > e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > p: 603.943.4237
> > w: <http://www.criticalcode.com/> http://www.criticalcode.com PO BOX
> > 601 Manchester, NH 03105
> >
> >
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Further to Scott's answer, he's right in the fact that Apache is beta for
windows, but stable, however the apache group have ALWAYS said that apache2
would be more secure/stable for windows, as it is an entirely new codebase,
as opposed to the direct port from *nix to win32. However I'd be dubious as
to how stable apache2 would be just now, and would personally stick with 1.3
My 2cents
Ross
> -----Original Message-----
> From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> Sent: 10 June 2002 20:25
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
>
>
> Well, just IMO, i've used PHP/apache on both linux and windows
> for almost 2 years now, and i've never had a single problem with
> either platform.
>
> I personally prefer using linux for server jobs and windows for
> desktop jobs.... so i don't think i'd ever use windows as a
> production server, but I do almost all my development work
> on a Win2k machine running mysql/apache/php, i love it :-)
>
> Apache is still classified "beta" on windows, but from what i've
> seen, it's a VERY solid beta.
>
> --
> Scott Hurring
> Systems Programmer
> EAC Corporation
> scott (*) eac.com
>
>
> "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> 004e01c210b2$bef510f0$6501a8c0@developerx">news:004e01c210b2$bef510f0$6501a8c0@developerx...
> > Yeah Scott, that's also what I have been hearing. I am wondering though
> > is the PHP support in Apache 1.3 or 2.0 even on Windows the same type of
> > support that you would get on a Linux machine? I am not a Linux person
> > but I may need to be if I can't get good performance out of Windows. I
> > am a Windows person by trade but I am slowly moving towards open source
> > primarily because I can develop for free. I also was rading about Apache
> > 2.0 and it said that there was no SSL support for it. Does anyone know
> > if there is SSL support in Apache v1.3 for windows?
> >
> > Matt Babineau
> > Freelance Internet Developer
> > -----------------------------------------
> > e: [EMAIL PROTECTED]
> > p: 603.943.4237
> > w: http://www.criticalcode.com
> > PO BOX 601
> > Manchester, NH 03105
> >
> >
> > -----Original Message-----
> > From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, June 10, 2002 3:09 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
> >
> >
> > PHP support for Apache2 is still experimental, so i'd go with Apache
> > 1.3.x for now.
> >
> > Most people i hear from say that PHP/apache is much faster
> > than PHP/IIS.
> >
> > "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> > 003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> > > Hello all;
> > >
> > > I am looking into a solution for a company and I want to use PHP.
> > > However I want to use PHP on Windows but do not want to use IIS.
> > > Currently on my test system I run IIS + WinXP + PHP, and I am running
> > > PHP as a CGI executable. If I use Apache as the Web server software,
> > > will I be able to take full advantage of PHP? Currently I know the CGI
> >
> > > runs slower then "navtive"? (is that correct?) If I install Apache on
> > > a Win2k machine, will my PHP performance be equivalent to a Linux
> > > machine?
> > >
> > > Thank for your response!
> > >
> > > Matt Babineau
> > > Freelance Internet Developer
> > > -----------------------------------------
> > > e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > > p: 603.943.4237
> > > w: <http://www.criticalcode.com/> http://www.criticalcode.com PO BOX
> > > 601 Manchester, NH 03105
> > >
> > >
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
>From what I understand, there is support for SSL just not in the Binary form of
Apache 2.0. You have to compile it yourself. The reason being is US export
laws of encryption stuff. The Apache Group is very if'y when it comes to that.
With DMCA and such laws, I can understand why.
--
Scott Carr
OpenOffice.org
Whiteboard-Doc Maintainer
http://whiteboard.openoffice.org/doc/
Quoting Matt Babineau <[EMAIL PROTECTED]>:
> Yeah Scott, that's also what I have been hearing. I am wondering though
> is the PHP support in Apache 1.3 or 2.0 even on Windows the same type of
> support that you would get on a Linux machine? I am not a Linux person
> but I may need to be if I can't get good performance out of Windows. I
> am a Windows person by trade but I am slowly moving towards open source
> primarily because I can develop for free. I also was rading about Apache
> 2.0 and it said that there was no SSL support for it. Does anyone know
> if there is SSL support in Apache v1.3 for windows?
>
> Matt Babineau
> Freelance Internet Developer
> -----------------------------------------
> e: [EMAIL PROTECTED]
> p: 603.943.4237
> w: http://www.criticalcode.com
> PO BOX 601
> Manchester, NH 03105
>
>
> -----Original Message-----
> From: Scott Hurring [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 10, 2002 3:09 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-WIN] Re: Apache 2.0.36 + PHP + Win2000 Server
>
>
> PHP support for Apache2 is still experimental, so i'd go with Apache
> 1.3.x for now.
>
> Most people i hear from say that PHP/apache is much faster
> than PHP/IIS.
>
> "Matt Babineau" <[EMAIL PROTECTED]> wrote in message
> 003101c21097$69822c40$6501a8c0@developerx">news:003101c21097$69822c40$6501a8c0@developerx...
> > Hello all;
> >
> > I am looking into a solution for a company and I want to use PHP.
> > However I want to use PHP on Windows but do not want to use IIS.
> > Currently on my test system I run IIS + WinXP + PHP, and I am running
> > PHP as a CGI executable. If I use Apache as the Web server software,
> > will I be able to take full advantage of PHP? Currently I know the CGI
>
> > runs slower then "navtive"? (is that correct?) If I install Apache on
> > a Win2k machine, will my PHP performance be equivalent to a Linux
> > machine?
> >
> > Thank for your response!
> >
> > Matt Babineau
> > Freelance Internet Developer
> > -----------------------------------------
> > e: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> > p: 603.943.4237
> > w: <http://www.criticalcode.com/> http://www.criticalcode.com PO BOX
> > 601 Manchester, NH 03105
> >
> >
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--- End Message ---
--- Begin Message ---
I have tried "<?php" it didn't help. I think Michael Davey was right in
that I have a problem with my config somewhere... But I have no idea what
the config problem is.
"Michael Davey" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hmm - I would check your config again as I have just run your code on my
> server and it works without any problems...
>
> regards,
>
> Mikey
>
> "Sim" <[EMAIL PROTECTED]> wrote in message
> 000001c2081c$ac9b7190$6401a8c0@athlon">news:000001c2081c$ac9b7190$6401a8c0@athlon...
> > Hi,
> >
> > Please don't reply with RTFM. I just installed Apache 2.0.36 and PHP
> > 4.2 in Win XP Pro. Apache is running fine */localhost/ is working* and
> > <? phpinfo() ?> is showing the config. I have set register_globals =
> > On. So I practice following the source code from the book (and even
> > used the book's files), it seems that the form (in html) does not pass
> > the variable to the php file, all I can see is the html with the current
> > time (**echo date("H:i, jS F"); **). So if I can see the time output in
> > html that means PHP is working but why aren't the variables
> > passed/shown? I have been looking all over the mailing lists and I
> > can't find anybody with the exact same problem.
> >
> > --------------
> > HTML FILE:
> > --------------
> > <html>
> > <head>
> > <title>Bob's Auto Parts</title>
> > </head>
> > <body>
> > <h1>Bob's Auto Parts</h1>
> > <h2>Order Form</h2>
> >
> > <form action="processorder.php" method=post>
> > <table border=0>
> > <tr bgcolor=#cccccc>
> > <td width=150>Item</td>
> > <td width=15>Quantity</td>
> > </tr>
> > <tr>
> > <td>Tyres</td>
> > <td align=center><input type="text" name="tyreqty" size=3
> > maxlength=3></td>
> > </tr>
> > <tr>
> > <td>Oil</td>
> > <td align=center><input type="text" name="oilqty" size=3
> > maxlength=3></td>
> > </tr>
> > <tr>
> > <td>Spark Plugs</td>
> > <td align=center><input type="text" name="sparkqty" size=3
> > maxlength=3></td>
> > </tr>
> > <tr>
> > <td colspan=2 align=center><input type=submit value="Submit
> > Order"></td>
> > </tr>
> > </table>
> > </form>
> > </body>
> > </html>
> >
> > -------------------
> > PHP FILE:
> > -------------------
> > <html>
> > <head>
> > <title>Bob's Auto Parts - Order Results</title>
> > </head>
> > <body>
> > <h1>Bob's Auto Parts</h1>
> > <h2>Order Results</h2>
> > <?
> > echo "<p>Order processed at "; // Start printing order
> >
> > echo date("H:i, jS F");
> > echo "<br>";
> > echo "<p>Your order is as follows:";
> > echo "<br>";
> > echo $tyreqty." tyres<br>";
> > echo $oilqty." bottles of oil<br>";
> > echo $sparkqty." spark plugs<br>";
> >
> > $totalqty = 0;
> > $totalamount = 0.00;
> >
> > define("TYREPRICE", 100);
> > define("OILPRICE", 10);
> > define("SPARKPRICE", 4);
> >
> > $totalqty = $tyreqty + $oilqty + $sparkqty;
> > $totalamount = $tyreqty * TYREPRICE
> > + $oilqty * OILPRICE
> > + $sparkqty * SPARKPRICE;
> >
> > echo "<br>\n";
> > echo "Items ordered: ".$totalqty."<br>\n";
> > echo "Subtotal: $";
> > echo number_format($totalamount, 2);
> > echo "<br>\n";
> >
> > $taxrate = 0.10; // local sales tax is 10%
> > $totalamount = $totalamount * (1 + $taxrate);
> > $totalamount = number_format($totalamount, 2);
> > echo "Total including tax: $".$totalamount."<br>\n";
> >
> > ?>
> > </body>
> > </html>
> > -----------------
> > Result:
> > -----------------
> >
> >
> > Bob's Auto Parts
> >
> >
> > Order Results
> >
> > Order processed at 16:54, 30th May
> > Your order is as follows:
> > tyres
> > bottles of oil
> > spark plugs
> >
> > Items ordered: 0
> > Subtotal: $0.00
> > Total including tax: $0.00
> >
> > Sim
> >
> >
>
>
--- End Message ---
--- Begin Message ---
I have register_global = off. I know I have to use
$HTTP_POST_VARS["VarName"] to refer to the variable but what if I need it in
a calculation formula? and many variables in that formula. Ex:
<?php
echo "<p>Your order is as follows:</p><br>";
echo $HTTP_POST_VARS["tireqty"]. " tires<br>";
echo $HTTP_POST_VARS["oilqty"]. " bottles of oil<br>";
echo $HTTP_POST_VARS["sparkqty"]. " spark plugs<br>";
$totalqty = 0;
$totalamount = 0.00;
define("TIREPRICE",100);
define("OILPRICE",10);
define("SPARKPRICE",4);
------------ This is where I would like to know how to
proceed -------------------
$totalqty = $tireqty + $oilqty + $sparkqty;
$totalamount = ($tireqty * TIREPRICE) + ($oilqty * OILPRICE) + ($sparkqty *
SPARKPRICE);
$totalamount = number_format($totalamount, 2);
echo "<br>\n Items ordered: ".$totalqty."<br>\n";
echo "Subtotal: $".$totalamount."<br>\n";
$taxrate = 0.10;
$totalamount = number_format($totalamount, 2);
echo "Total including tax: $".$totalamount."<br>\n";
?>
Am I supposed to replace each variable with the the longer version? aka
$HTTP_POST_VAR[]?
$totalqty = $tireqty + $oilqty + $sparkqty;
---------- change it to -----------
$totalqty = $HTTP_POST_VAR["tireqty"] + $HTTP_POST_VAR["oilqty"] +
$HTTP_POST_VAR["sparkqty"]
and what about the $totalqty variable that has just been created? How do I
refer to it?
$HTTP_SESSION_VAR["totalqty"]?
--- End Message ---
--- Begin Message ---
Hi,
I found the following problem, When using variable HTTP_REFERER and
client has installed Norton Personal Firewall, Apache changes the
system variable
$_DEPENDS_ON_VERSION_PHP[HTTP_REFERER] on HTTP_WEREFERER.
I need to do check of HTTP_REFERER and can not say to the user do not use
NORTON. Is there any possibility to read changed variable or use some
other way to use HTTP_REFERER ?
it usually looks like this
HTTP_WEFERER = KJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT
Thanx for any response!
hippo
--- End Message ---
--- Begin Message ---
Why not check to see which one is set?
--
Scott Hurring
Systems Programmer
EAC Corporation
scott (*) eac.com
"Hippo" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I found the following problem, When using variable HTTP_REFERER and
> client has installed Norton Personal Firewall, Apache changes the
> system variable
> $_DEPENDS_ON_VERSION_PHP[HTTP_REFERER] on HTTP_WEREFERER.
>
> I need to do check of HTTP_REFERER and can not say to the user do not use
> NORTON. Is there any possibility to read changed variable or use some
> other way to use HTTP_REFERER ?
>
> it usually looks like this
> HTTP_WEFERER = KJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPT
>
> Thanx for any response!
> hippo
>
>
>
--- End Message ---
--- Begin Message ---
I am using the O'Reilly "Programming PHP" manual, and have copied the code
from Example 7.3, p. 166. I have the magic_quotes_gpc set to ON in php.ini
(though toggling between on and off doesn't seem to have any effect). My
processed form reports "0.00F is -17.78C " regardless of the initial
fahrenheit temperature I enter. Moreover, using another version of this
script, as shown in Example 7.4, p. 167, simply clears the text field, and
never returns an output. I can't figure out why I am not getting a correct
output - perhaps something in my php.ini file? A copy of the code I am using
(Example 7.3) is as follows:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Untitled</title>
</head>
<body>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET'){
?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
Fahrenheit temperature:
<input type="text" name="fahrenheit' />
<input type="submit" name="Convert to Celsius!" />
</form>
<?php
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST') {
$fahr=$_POST['fahrenheit'];
$celsius=($fahr - 32) * 5/9;
printf("%.2fF is %.2fC", $fahr, $celsius);
//echo "The temperature in degrees celsius is $celsius";
} else {
die("This script only works with GET and POST requests.");
}
?>
</body>
</html>
**************************************************
Thanks much in advance, Bill
--- End Message ---
--- Begin Message ---
Thank you very much. I see that I must access variables using $_POST['var']
syntax. I'm disappointed that variable access appears not to be backward
compatible to earlier versions fo PHP, but such is life.
Thank you again,
Fester
"Stuart Dallas" <[EMAIL PROTECTED]> wrote in message
news:ae1qqm$so8$[EMAIL PROTECTED]...
> Monday, June 10, 2002, 12:57:49 PM, you wrote:
>
> > This seems to be a common theme for PHP4.2.1. I'm running on Win2k and
> > seeing the same problem, as is another poster (see: "Form Problem".)
Given
> > that several people are seeing the same thing, it does seem to indicate
a
> > problem with PHP 4.2.1 and not our individual installations. I hope
that
> > someone can contribute an answer to this.
>
> It is not a problem with PHP. Please read the release notes for the
software
> you have installed (http://www.php.net/release_4_2_1.php) and pay specific
> attention to the 'External variables' section. If you still don't
understand
> what is going on after that, feel free to let me know.
>
> --
> Stuart
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On Tuesday, June 11, 2002 at 3:39:21 AM, you wrote:
> Thank you very much. I see that I must access variables using $_POST['var']
> syntax. I'm disappointed that variable access appears not to be backward
> compatible to earlier versions fo PHP, but such is life.
It is. If you've read the notes linked from the release note you'll know that
if you turn register_globals on in php.ini then the variables will be
registered in global scope as they were in previous versions.
--
Stuart
--- End Message ---
--- Begin Message ---
"Stuart Dallas" <[EMAIL PROTECTED]> wrote in message
news:ae3dq7$50l$[EMAIL PROTECTED]...
> On Tuesday, June 11, 2002 at 3:39:21 AM, you wrote:
> > Thank you very much. I see that I must access variables using
$_POST['var']
> > syntax. I'm disappointed that variable access appears not to be
backward
> > compatible to earlier versions fo PHP, but such is life.
>
> It is. If you've read the notes linked from the release note you'll know
that
> if you turn register_globals on in php.ini then the variables will be
> registered in global scope as they were in previous versions.
That is what I tried to do initially (I had read the note). It seems to not
have worked, though.
> --
> Stuart
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
"Fester" <[EMAIL PROTECTED]> wrote in message
ae3dft$39s$[EMAIL PROTECTED]">news:ae3dft$39s$[EMAIL PROTECTED]...
> Thank you very much. I see that I must access variables using
$_POST['var']
> syntax. I'm disappointed that variable access appears not to be backward
> compatible to earlier versions fo PHP, but such is life.
However it's more secure in terms of users spoofing your variables. As
a tip, you can also use extract($_POST) to automatically create all the POST
variables, just like before. Add this to the beginning of "old" code to get
it to work while you fix all the individual references.
- Steve Yates
- Life's unfair...but the root password helps!
/ Taglines by Taglinator - www.srtware.com /
--- End Message ---
--- Begin Message ---
I'm authenticating users using $REMOTE_USER and was wondering if
basename($SERVER_[REMOTE_USER]); was a good method to strip out the domain ex:
MYDOMAIN\\username. I know the function is intended for cutting out directories but it
seems to work. If anyone else has an alternate method please let me know.
Thanks,
Blaine
--- End Message ---
