php-windows Digest 17 Jun 2003 08:35:30 -0000 Issue 1780
Topics (messages 20360 through 20369):
PHP 4.3.2 is Slower & Can't Echo to the CLI
20360 by: Jon Harrell
20366 by: Adam Goossens
Re: Undefined variables
20361 by: DvDmanDT
20369 by: Per Lundberg
Re: PHP mySQL testing server does not map to the URL
20362 by: Ildiko Nyari
20364 by: John Ellingsworth
20365 by: toby z
[PHP-WIN-IIS6] Header("HTTP authentication")...
20363 by: Alain Kumschick
Re: Back button error
20367 by: Adam Goossens
Re: Subject: Re: User Authentication...
20368 by: Guru P Chaturvedi
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
I noticed that compared w/ 4.2.3 (the last working
fdf/tk until now) that the CLI will not echo
correctly... it takes 30-60 seconds and then a
whole page is echoed... also simple scripts seems
to take minutes instead of seconds...
jh
--- End Message ---
--- Begin Message ---
It does? I'm running CLI 4.3.2, and it echo()'s when told to. My scripts
also run as quick as they normally would.
Are you certain it's not a scripting issue? Or provide some sample code?
-Adam.
Jon Harrell wrote:
I noticed that compared w/ 4.2.3 (the last working
fdf/tk until now) that the CLI will not echo
correctly... it takes 30-60 seconds and then a
whole page is echoed... also simple scripts seems
to take minutes instead of seconds...
jh
--- End Message ---
--- Begin Message ---
Because if you are reading a book, and want to try the samples, chances are
quite big you want to try it exactly bit by bit, not modifying it on your
own... And even more, if you get like a CD or something, it must feel VERY
bad to have to rewrite it all... Now, which part was depricated? And in
php.ini-dist, error_reporting is set to all but notices by default..
Register_globals are however bad, I'll agree to that... But still, all hosts
I know of has it enabled and besides, why not? I'm probably missing
something, but what is the insecure part of register_globals? I mean, for
the scripts that needs security, you can use $_POST and $_SESSION and so on,
but for things like "Enter two numbers to see which one is biggest", it
feels quite silly to disable it... The reason for that example is that books
often have very silly examples like that...
// DvDmanDT
"Per Lundberg" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On Tue, 2003-06-17 at 01:20, DvDmanDT wrote:
> Because if you are reading a book, and want to try the samples, chances are
> quite big you want to try it exactly bit by bit, not modifying it on your
> own... And even more, if you get like a CD or something, it must feel VERY
> bad to have to rewrite it all...
Agreed. But register_globals has been default to "off" since PHP 4.2.0,
which was released in April 2002. There sure must be PHP books that
have been published since then that don't rely on this semantics?
> Now, which part was depricated?
Writing code which presumes that register_globals = on. You see, at
some time, the register_globals directive might be dropped altogether
and the feature will not be there any more. Yes, you might be able to
work around it by writing your own register_globals() function, but
wouldn't it be better to fix the code instead?
My rationale is pretty simple: register_globals has been disabled for
good reasons. You can read more about it at
http://www.php.net/manual/en/security.registerglobals.php
> And in php.ini-dist, error_reporting is set to all but notices by default..
This is probably because there is so much bad code out there, that
generates tons of notices. In a development environment, regardless of
the programming language, be it PHP, C, C++, Java or something
different, I am very strongly in favor of all warnings being turned on.
This is because it will help you so much, avoiding common pitfalls. For
example, if notices are turned off, and you somewhere in a 25000 line
class misspell a variable, how would you know? The code wouldn't work,
and it would take a while to debug it to find where the error is. With
notices enabled, this error would be spotted immediately.
So, the conclusion: having notices turned on when developing PHP is
strongly encouraged, because: 1) it will make the code better. 2) it
will help you in the development.
> Register_globals are however bad, I'll agree to that... But still, all hosts
> I know of has it enabled and besides, why not?
The reason many hosts has it enabled is because there are so many scrips
that rely heavily on it being enabled.
> I'm probably missing something, but what is the insecure part of
> register_globals?
See the link I posted above.
> I mean, for the scripts that needs security, you can use $_POST and $_SESSION
> and so on, but for things like "Enter two numbers to see which one is biggest",
> it feels quite silly to disable it...
With all due respect, I believe this to be the big flaw in your
reasoning. "for the scripts that needs security" -- that says it all.
Now, I totally agree that there might actually be scripts that *don't*
need any NASA level of security, but still, the thinking is flawed,
because code changes. Your little "enter two numbers" script might end
up being used in a completely different environment to what you
thought. And *in that environment*, security might be highly important.
Let me give another example, that will show you what I mean. Microsoft
developed Windows as a 16-bit extension to DOS, with some fluffy GUI
features. This was in the 80:s. Then, they worked on it and changed
bits and pieces here and there, and suddenly the Internet started
becoming popular, so a company developed a program called Trumpet
Winsock that would let you connect to the Internet. Fantastic! But
hey, what about security? Windows was never designed to be used in this
kind of environment, but still, it didn't matter too much since it was
mostly used with dialup connections.
Then, the development continued and in September 1994 (if I'm not
mistaken) Windows 95 was released. It was a revolution to the Windows
users. There were so many improvements to the old Windows 3.1 and 3.11
systems that they are too many to be mentioned here. One of the things
that was changed was that TCP/IP was now integrated in the main system,
shipped with the standard version. Still, the system had not been
redesigned; it was still a single-user system, where Internet
connectivity was simply a "plug-in" and not something that the system
was designed for (such as is the case with Unix which was designed with
multi-user and network in mind). This could clearly be seen with all
the security problems that appeared, in the Internet Explorer browser
for example, and in the IIS/PWS web servers.
And now, today, many people are connected to the Internet using
broadband connections, where their machines are accessible through the
Internet all day long. Using an operating system that was never
designed for this kind of environment. Oh, how I wish that Microsoft
would just have "set register_globals = off" at some time in the
past... (I hope you understand the analogy)
--
Best regards,
Per Lundberg / Capio ApS
Phone: +46-18-4186040
Fax: +46-18-4186049
Web: http://www.nobolt.com
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
In fact I am not sure I have installed php correctly. I have downloaded the php files
and Apache installed, and alos the phpmyadmin unzipped
here:
C:\mysql\bin where the mysql database is
and
C:\php where php is
C:\phpmyadmin is here
And now, how can I open phpmyadmin?
How should I set up my testing server map to the WHERE?
thanks,
ildiko
----- Original Message -----
From: Ildiko Nyari
To: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 8:05 PM
Subject: Fw: PHP mySQL testing server does not map to the URL
Somebody? Nobody?
C:\mysql\bin where the mysql database is
and
C:\php where php is
C:\phpmyadmin is here
how the hell can I make them running together,
testing server map to the WHERE?
thanks,
ildiko
----- Original Message -----
From: Ildiko Nyari
To: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 6:30 PM
Subject: PHP mySQL testing server does not map to the URL
Hello,
I just can't go beyond this point. I am trying to connect the website to the localhost
server (PHP mySQL) but I always get this message.
Any advise?
Thanks,
ildiko
The testing server specified for this site does not map to the
http://localhost/website/_MMServerScript/MMHTTPDB.php URL. Verify that the URL Prefix
maps to the root of the site.
--- End Message ---
--- Begin Message ---
PHP w/Apache or IIS? w/Apache I wrote some documentation here that may
help; let me know if not.
http://ellingsworth.org/john/modules.php?op=modload&name=News&file=article&s
id=10&mode=thread&order=0&thold=0
( http://ellingsworth.org/john/ )
Thanks,
John Ellingsworth
-----Original Message-----
From: Ildiko Nyari [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 8:22 PM
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] Fw: PHP mySQL testing server does not map to the URL
In fact I am not sure I have installed php correctly. I have downloaded the
php files and Apache installed, and alos the phpmyadmin unzipped
here:
C:\mysql\bin where the mysql database is
and
C:\php where php is
C:\phpmyadmin is here
And now, how can I open phpmyadmin?
How should I set up my testing server map to the WHERE?
thanks,
ildiko
----- Original Message -----
From: Ildiko Nyari
To: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 8:05 PM
Subject: Fw: PHP mySQL testing server does not map to the URL
Somebody? Nobody?
C:\mysql\bin where the mysql database is
and
C:\php where php is
C:\phpmyadmin is here
how the hell can I make them running together,
testing server map to the WHERE?
thanks,
ildiko
----- Original Message -----
From: Ildiko Nyari
To: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 6:30 PM
Subject: PHP mySQL testing server does not map to the URL
Hello,
I just can't go beyond this point. I am trying to connect the website to the
localhost server (PHP mySQL) but I always get this message.
Any advise?
Thanks,
ildiko
The testing server specified for this site does not map to the
http://localhost/website/_MMServerScript/MMHTTPDB.php URL. Verify that the
URL Prefix maps to the root of the site.
--- End Message ---
--- Begin Message ---
im sure u must have fixed up ur php.ini and httpd.conf files
and set ur document root
u ve to fix ur mysql'z config file too ....
n myadmin otta be in ur doccument root to work properly
good luck
toby
--- Ildiko Nyari <[EMAIL PROTECTED]> wrote: > In fact I am
not sure I have installed php correctly. I have
> downloaded the php files and Apache installed, and alos the
> phpmyadmin unzipped
> here:
>
> C:\mysql\bin where the mysql database is
> and
> C:\php where php is
> C:\phpmyadmin is here
>
> And now, how can I open phpmyadmin?
> How should I set up my testing server map to the WHERE?
>
> thanks,
> ildiko
>
>
>
> ----- Original Message -----
> From: Ildiko Nyari
> To: [EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 8:05 PM
> Subject: Fw: PHP mySQL testing server does not map to the URL
>
>
> Somebody? Nobody?
>
> C:\mysql\bin where the mysql database is
> and
> C:\php where php is
> C:\phpmyadmin is here
>
> how the hell can I make them running together,
> testing server map to the WHERE?
>
> thanks,
> ildiko
>
>
> ----- Original Message -----
> From: Ildiko Nyari
> To: [EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 6:30 PM
> Subject: PHP mySQL testing server does not map to the URL
>
>
> Hello,
> I just can't go beyond this point. I am trying to connect the
> website to the localhost server (PHP mySQL) but I always get this
> message.
> Any advise?
> Thanks,
> ildiko
>
> The testing server specified for this site does not map to the
> http://localhost/website/_MMServerScript/MMHTTPDB.php URL. Verify
> that the URL Prefix maps to the root of the site.
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
--- End Message ---
--- Begin Message ---
hi there,
how can i make "HEADER("HTTP AUTHENTICATE") work with IIS6?
alain
--- End Message ---
--- Begin Message ---
Harpeet,
Try:
session_cache_limiter('private');
See if that makes any difference.
-Adam.
Harpreet wrote:
I am getting the following error when i use the IE back button.
Warning: Page has Expired The page you requested was created using
information you submitted in a form. This page is no longer available. As a
security precaution, Internet Explorer does not automatically resubmit your
information for you.
To resubmit your information and view this Web page, click the Refresh
button.
I read by writing the following it should work.
session_cache_limiter('private_no_expire');
But no luck.
How do i change the headers to make my back button work.
Please help.
Regards,
Harpreet
--- End Message ---
--- Begin Message ---
Hi Neil,
Well is it basically to collect user name and password from user? What
actually i am looking for is skipping this screen and having the same
functionality thru a HTML form.
Lemme explain you in details... I have a set of files protected using the
Auth Directives. So user's need to provide user name and password to access
these files via browser. Now what i am looking at is using HTML form to
login like Yahoo! or MSN... but users who login using this method only
should be able to access files. Are there any ways of doing this... please
help me out in this regard.
Thanks in advance,
Guru.
"Neil Smith" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Try this. Please note that on windows you *cannot* raise a http auth box
> this way (PHP_AUTH_USER is not defined for Apache on windows), so you will
> need to use this on your live unix Apache/PHP server :
>
> function getUserAuthPW() {
> // If present, set user Authenticate Password box values
> global $_SERVER;
> if (isset($_SERVER["PHP_AUTH_USER"])) {
> $username=safestring($_SERVER["PHP_AUTH_USER"]);
> $password=safestring($_SERVER["PHP_AUTH_PW"]);
> return true;
> } else {
> header("WWW-Authenticate: Basic
> realm=\"CaptionKit\"");
> header("HTTP/1.0 401 Unauthorized");
> echo "You must enter a valid login ID and
password
> to access this resource\n";
> exit;
> }
> }
>
> What this does is to check for PHP_AUTH_USER and if it's not defined,
> raises a 401 error. The client interprets this as a request to enter user
> name & password, and brings up the grey box you see using .htaccess /
> .htpasswd files. The function safestring just adds slashes if there are
> characters which need escaping for your database (some people might just
> 'addslashes()' but I do a little more first, like trim and
htmlspecialchars).
>
> Cheers - Neil Smith.
>
> Please note : I do not accept email from hotmail, yahoo, AOL or msn
> accounts. All such mail *will* be bounced and deleted without being read.
> Thankyou for your understanding.
>
> At 07:36 16/06/2003 +0000, you wrote:
> >Message-ID: <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Reply-To: "Guru P Chaturvedi" <[EMAIL PROTECTED]>
> >From: "Guru P Chaturvedi" <[EMAIL PROTECTED]>
> >Date: Mon, 16 Jun 2003 01:16:53 +0530
> >Subject: Re: User Authentication...
> >MIME-Version: 1.0
> >
> >Hi,
> >
> >Any clues...please?!
>
--- End Message ---
