How can I parse parameters sent with the URL of an pgp site?
Example: I call the site with
http://www.server.xyz/sub/site.php?a1=123&a2=312
How can I get the values of a1 and a2?
Thanks, folks!
Andy.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL P
Hi,
Is there any way to get the raw POST data sent by the client? I mean the
full data, before parsing into PHP variables.
I am using PHP 3.0.16 with Apache.
Regards,
Xavier
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
Hi!
I wanna do something like in ur mailboxes. if u check
ur hotemail or yahoo a/c u can find checkboxes on the
left side of each message. U can check the boxes and
delete the messages..
I want to delete certain rows that come out of a
database. So if I have 20 records coming out of the
database
Hello:
I would like to know if there's any routine to check if a URL is valid,
my purpose is have all the links on my web in this form:
http://www.myweb.com/checker.php?url=http://www.someurl.com
and if http://www.someurl.com is invalid, redirect the user to a friendly
page and send me a
$allowed_path = '/www/sites/mysite/teaching';
$file = realpath($file);
if(ereg("^$allowed_path", $file)) {
// it's OK
} else {
// possible attack!
}
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 4 iulie 2001 15:29
> To: [EMAIL PROTECTED]
"Ian Bagley" <[EMAIL PROTECTED]> writes:
> Indeed, SSL is the only way to properly protect from 'stealing' a
> SID, but still, the MD5 solution does tend to protect the integrity
> of the query string.
Yes, I like the MD5 trick very much. It seems that if using Cookies
and POST employing
window.location = 'http://url?yourVar=' + yourVar;
> -Original Message-
> From: Romeo Manzur [mailto:[EMAIL PROTECTED]]
> Sent: 5 iulie 2001 07:56
> To: [EMAIL PROTECTED]
> Subject: [PHP] javascript var on a php var...
>
>
> hi, I want to know how could I save a javascript variable on a
> -Original Message-
> From: Christopher Ostmo [mailto:[EMAIL PROTECTED]]
>
> Ian Bagley pressed the little lettered thingies in this order...
>
> > One thing which would prevent hijacks from simply guessing SIDS
> would be to
> > add an md5 hash to the end of a url
> >
[
"Steve Werby" <[EMAIL PROTECTED]> writes:
> "Arcady Genkin" <[EMAIL PROTECTED]> wrote:
> > If I understand correctly, vrfy does not wholy depend on that
> > functionality to be supported by the server. I think that it simply
> > connects to the smtp port of the mail exchanger and emulates an ema
"Matthew Loff" <[EMAIL PROTECTED]> wrote:
> There really isn't any surefire way to verify whether an e-mail exists
> or not, except to try to send to it, correct?
Bingo. And with catchall accounts and unexpected mail server behavior you
may get no response even if an email address is not valid.
"Arcady Genkin" <[EMAIL PROTECTED]> wrote:
> If I understand correctly, vrfy does not wholy depend on that
> functionality to be supported by the server. I think that it simply
> connects to the smtp port of the mail exchanger and emulates an email
> delivery, aborting halfway.
I hadn't used the
Hi,
I need some help with a class that I am writing.
class myclass
{
function query($query)
{
// connect
$connection = mysql_connect($this->hostname, $this->user, $this->pass) or
die ("Cannot connect to database");
// run query
$ret = mysql_db_quer
It seems still not to work.
i have tried all the header options mentioned. adding a query string is out of the
option I am using javascript and it dont like that stuff. and my browser still
caches everything and drives me nuts. maybe i am putting it in the wrong file? but i
really cant ima
hi, I want to know how could I save a javascript variable on a php
variable???
Thanks...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTE
I've had the same experience with VRFY... Our copy of sendmail was
preconfigured to allow VRFY from localhost only...
There really isn't any surefire way to verify whether an e-mail exists
or not, except to try to send to it, correct?
-Original Message-
From: Steve Werby [mailto:[EMAI
"Steve Werby" <[EMAIL PROTECTED]> writes:
> So unfortunately vrfy will only be useful when checking servers that haven't
> disabled that command. :-(
If I understand correctly, vrfy does not wholy depend on that
functionality to be supported by the server. I think that it simply
connects to th
> "Steve Werby" <[EMAIL PROTECTED]> writes:
> > Like Tom said, use regex to check the email is of a valid format. A
small
> > percentage of servers can be contacted to find whether an email address
is
> > valid, but fewer and fewer are allowing this so it's completely
unreliable.
"Arcady Genkin"
hello all,
i just recently looked at this thread, so i don't know
what's been discussed before today. i thought i'd
point everyone at:
http://lwn.net/2001/0704/a/study-in-scarlet.php3
however. just came out yesterday. very relevant.
tiger
--
Gerald Timothy Quimpo [EMAIL PR
I have see my php.ini and i fill with my stmp server in my network
but still i can't...
which stmp server should i add it.
in my network, there are smtp serverbut i not the server
note : i have add to php.ini my smtp server is mail.pesat.net.id
but still not working...
can any one hel
How do you (re)compile PHP on Mandrake???
I need it to be a module in Apache, but --with-apache gives me the error cannot find
httpd.h ( the file is not on the system)
PHP works fine the way it sits, but I need mssql support and attempted to upgrade to
4.0.6 with dbx support.. but have no lu
Normally when I'm looking for a function I start at a given spot, for
example, you've found yourself here :
http://www.php.net/manual/en/function.fopen.php
>From there, a good place to go is the given section, which in this case
is here :
http://www.php.net/manual/en/ref.filesystem.php
Whi
file() http://php.net/file
- Original Message -
From: JCampbell <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 05, 2001 10:48 AM
Subject: [PHP] Basic fopen() question
> I had an example of a function to open a file and read its contents into
an
> array. It worked so tha
Todd,
I'm not sure if you can write text to an existing image as I add to a new
one but here is the code I use...
$updateTime = date("F d, Y - h:ia");
$text = "New Movie Reviews @hyrum.net ".$updateTime;
$image = ImageCreate(500, 70);
$bg = ImageColorAllocate($image, 255, 255, 255);
$blue = Ima
I had an example of a function to open a file and read its contents into an
array. It worked so that each line of the file was one element of the array.
I can't find my example, nor can I get it to work the way I'd like. Any
help?
=-
Jonathan Campbell ( [EMAIL PROTECTED] )
Mid days haze and I'm
Okay I'm trying to use fopen() to open a file just uploaded via a form. like
this:
echo "parsing uploaded file . . .";
$path = fopen($form_data, "r");
echo "opeing a path . . .";
$thesize = filesize($form_data);
echo "getting size . . .";
$tmpdata = fread($path, $thesize);
echo "reading data
[EMAIL PROTECTED] writes:
> On Wed, 04 Jul 2001, Arcady Genkin wrote:
>
> > Does PHP provide no high-level means of iterating over the UNIX
> > /etc/group file, a la getgrent() C function? The task is to figure
> > out all groups that a user is in on a system with PHP in _safe mode_
> > (hence,
"Steve Werby" <[EMAIL PROTECTED]> writes:
> "Clayton Dukes" <[EMAIL PROTECTED]> wrote:
> > How can I write code that will search the database and check the
> > validity > of an email address, and if it's bad, to remove that
> > entry from the database?
>
> Like Tom said, use regex to check the e
Hi Arcady!
On Wed, 04 Jul 2001, Arcady Genkin wrote:
> Does PHP provide no high-level means of iterating over the UNIX
> /etc/group file, a la getgrent() C function? The task is to figure
> out all groups that a user is in on a system with PHP in _safe mode_
> (hence, cannot read from /etc/group
"Richard Kurth" <[EMAIL PROTECTED]> wrote:
> I have 5 checkbox's in a form that I what to make sure at least one of
> the checkbox is checked.
>
>
>
>
>
>
if ( $interest == 'basic' || $interest3 == 'Internet access' || ...
$interest2 == 'platinum' )
{
echo "At least one was checked.";
}
"Sascha Schumann" <[EMAIL PROTECTED]> wrote:
> On Wed, 4 Jul 2001, Steve Werby wrote:
>
> > "Jon Haworth" <[EMAIL PROTECTED]> wrote:
> > > Yes, I would have thought this would do it:
> > >
> > > if (strstr($file, "/usr/local/apache/htdocs/") {
> > > show_source($file);
> [..]
> > Something along t
I am a newbie attempting to get Apache working with PHP 4 and MySQL on 7.2.
All three are installed, Apache is running, it says that the PHP module is
installed and I can manually log into mysql.
>From http://localhost:
Operating system: [ SuSE Linux 7.2 (i386) ]
Host: [ linux.local, Kernel:
I have 5 checkbox's in a form that I what to make sure at least one of
the checkbox is checked.
I am checking for blank field buy doing this below How can I check for at
least one of the above check boxes is checked
if ($name == "") {
$name_err = "
Please enter your
"Clayton Dukes" <[EMAIL PROTECTED]> wrote:
> How can I write code that will search the database and check the validity
of
> an email address, and if it's bad, to remove that entry from the database?
Like Tom said, use regex to check the email is of a valid format. A small
percentage of servers c
Sorry!!! I'm stupid! I forgot to mention that the list of causes has to be
for a specified accident_report.weekending
Cheers
Simon
> -Original Message-
> From: Don Read [mailto:[EMAIL PROTECTED]]
> Sent: 04 July 2001 23:21
> To: Simon Kimber
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP]
If I have a JPEG image, what is the best way to put text or another
image at a certain place using the gd library?
Todd
--
Todd Cary
Ariste Software
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
On 04-Jul-01 Simon Kimber wrote:
> Hi All,
>
> Does anyone know if this can be done with one query?
>
> I have to create a chart based on info in two tables that are four tables
> apart.
>
> Here are the relevant tables and just the most relevant fields...
>
> accident_report
> - ID
> - weeke
Possibilities for improving security on a sourec displayer.
1) Maybe you could restrict your source shower to only look at
particular types of files - maybe the file has to end in ".php"
or ".inc" before it is even considered.
2) Given that something that displays the source needs to re
"Tim Taubert" <[EMAIL PROTECTED]> wrote:
> mh this is bad...
>
> can i do anything else instead of this ?
crypt the password before inserting it into the user account?
--
Henrik Hansen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additi
Hi All,
Does anyone know if this can be done with one query?
I have to create a chart based on info in two tables that are four tables
apart.
Here are the relevant tables and just the most relevant fields...
accident_report
- ID
- weekending (this is a -MM-DD format date)
- (and others)
PHP version 4.0.5 under:
SunOS 5.8 Generic_108528-07 sun4u sparc SUNW,Ultra-Enterprise
magic_quotes_gpc = On
magic_quotes_runtime = Off
It appears that PHP by default escapes arguments of any commands
passed to exec() and friends (passthru(), popen()). As a result I am
not able to pass an ar
You could popen() the command, I believe, and do it interactively...
-Original Message-
From: Tim Taubert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 04, 2001 4:47 PM
To: PHP Mailingliste
Subject: RE: [PHP] Executing UNIX commands with PHP
mh this is bad...
can i do anything els
mh this is bad...
can i do anything else instead of this ?
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
.o] -Original Message-
"Tim Taubert" <[EMAIL PROTECTED]> writes:
> how can i execute a UNIX command like
> 'newuser "Tim Taubert" tim password'
> ? and am i able to fetch the results of such commands?
Since someone else replied to your question, I'll just mention that
running such command may be a really bad idea. If
Thanks a lot Henrik!
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
.o] -Original Message-
.o] From: Henrik Hansen [mailto:[EMAIL
"Tim Taubert" <[EMAIL PROTECTED]> wrote:
> Hi all,
> how can i execute a UNIX command like
>
> 'newuser "Tim Taubert" tim password'
$output = system("unix_command");
echo "The result was" . $output;
more info at:
www.php.net/system
--
Henrik Hansen
--
PHP General Mailing List (http:/
It is (finally!) available at http://www.phpauction.org -
Everyone interested in helping with the localization project,
translating to other languages than english is welcome!
Thanks
Gianluca
--
ALBASOFTWARE
C/ Mallorca 186 - 3º 1ª
08036 Barcelona (Spain)
Tel. +34 93454009 - +34 934549324
Hi all,
how can i execute a UNIX command like
'newuser "Tim Taubert" tim password'
? and am i able to fetch the results of such commands?
Please help.
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/
This should work too:
$sql = "SELECT rowid FROM numbers WHERE ABS(number - mynumber) <= 10";
-Original Message-
From: Chris Anderson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 04, 2001 1:24 PM
To: [EMAIL PROTECTED]; PHP Mailingliste
Subject: Re: [PHP] writing a query that returns
You don't need a character class here (signified by [] brackets); you can use
$line = split('&|//', $field);
As you can see, this is identical to ReDucTor's solution, except that
the brackets are omitted. Character classes only work for single
characters, not multiple character strings
Thanks that helped, this is what I used:
if (ereg("&", $field)) $line = explode("&", $field);
else $line = explode("//", $field);
On Thu, 5 Jul 2001 05:29:11
ReDucTor wrote:
>$line2 = explode("", $field);
>for($i = 0; $i < sizeof($line2); $i++){
> if($line2[$i] == "&")
> $useand = 1;
>
Thanks for replying ReDucTor but that didn't work either. I tried
$line = explode("[(&|//)]", $field); and
$line = explode("[(&|)]", $field); and
$line = explode("[(&|\/\/)]", $field);
with no success. Any other ideas?
On Thu, 5 Jul 2001 04:50:29
ReDucTor wrote:
>$line = explode("[(&|//)]
On 03-Jul-01 Brad Hubbard wrote:
> On Tue, 3 Jul 2001 02:51, Don Read wrote:
>
>> $pstr='FltNum=2972&page=fi&selectDay=July+02';
>> $fp=openpost('dps2.usairways.com', '/cgi-bin/fi', $pstr);
>>
>> // i'm not so sure about that selectDay, javascript ain't my thing.
>
> This is implementation dep
In a script I have a query that gets the time of a desired track. It is
in SQL Server table with the smalldatetime type, whihc returns me something
that looks like '2001-07-04 12:04:12', but PHP is giving me 'Jul 04 2001
12:04AM'.
Why does this happen?
I want the seconds, where are they???
. [
You guys wouldnt have to worry if you chroot apache and php..
;]
then you cant access anything outside the jail, it works great!
Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the l
$line = explode("[(&|//)]",$field); should work, or you might have to put
but thats not \ so you shouldn't need to comment out the slash...
- Original Message -
From: David A Dickson <[EMAIL PROTECTED]>
To: php-general <[EMAIL PROTECTED]>
Sent: Thursday, July 05, 2001 4:37 AM
Subject:
I have a comma separated spreadsheet with one field that contains two dates. the dates
are formatted as dd/mm/yy and separated by either '&' or '//' ex:3/12/92&28/1/93 or
3/12/92//28/1/93
Problem: I need to split the field at the '&' or '//' separator but if I do
split('[&//]', $field);
it spli
On Wednesday 04 July 2001 16:12, ReDucTor wrote:
> http://sourceforge.net/source.php?page_url=/source.php look at that...
No problem. Have a look at what is done before the show_source () call.
That script *is* safe :)
> > It is not how secure PHP is, it is how well YOU protect it.
> > For exam
On Wednesday 04 July 2001 16:58, Kurt Lieber wrote:
> That domain name doesn't appear to be valid. Perhaps you meant:
>
> http://validator.w3.org ?
Um, yes. Why can't the w3c simply have "w3c" as domain name? *sigh*
> http://validator.w3c.org/
--
Christian Reiniger
LGDC Webmaster (ht
Hey,
First off grab the Developer Timer from
http://newbienetwork.net/phpcodems.php?as=viewcode&id=7 thats a great little class,
then make a .php file and paste the following in
start_timing();
$SecondsToTimeout = 120;
$foldertoview = ".";
ini_alter(max_execution_time, $SecondsToTimeout);
You can check that the *format* of the address is valid by using regular
expressions.. look at the regular expression pages on php.net (especially
the users comments.. they do exactly that!)
As for checking whether it is a real email or not.. you can't test this
without actually sending them an e
Howdy folks,
How can I write code that will search the database and check the validity of
an email address, and if it's bad, to remove that entry from the database?
Here's a dump one of the tables:
INSERT INTO users VALUES
(1,'','username','[EMAIL PROTECTED]','','','001.gif','Jul 04,
2001','','
Depends of course of which server you use. Which one is it?
Brave Cobra
- Original Message -
From: "Ramón Alvarez Rayo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 8:01 PM
Subject: [PHP] php3 and php-4.0.5
I had some sites that uses php3 but i did a upgrad
select rowid from numbers where number between mynumber-10 and mynumber+10;
on 7/4/79 10:48 AM, [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote:
> I have a database with numbers in one of the tables I'd like to ask mysql to
> renturn all numbers with say 10 of mynumber
>
> Sort of like this:
>
>
I had some sites that uses php3 but i did a upgrade to php-4.0.5, after
that my web server doesn´t works with files .php3, how can i make to
recognize .php3
please i need your help.
thanks.
Saludos fraternos,
***
Ramón Alva
Found it, I had it returning mbyte not mbytesarrrg
- Original Message -
From: ReDucTor <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 05, 2001 3:43 AM
Subject: [PHP] Division Problems
Hey, I made this little script, quiet useful on windows and unix machines,
but i h
Hey, I made this little script, quiet useful on windows and unix machines, but i have
a problem, division isn't returning a float, it just returns 0, would i need to do
something like convert $totalsize into a float?
";
$handle = opendir($dir);
while (false!==($file = readdir($handle)))
Thanks a lot Alex!
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
.o] -Original Message-
.o] From: Alex Piaz [mailto
Hi,
I need to execute a command on my web host's machine. However they have safe
mode enabled.
PHP Version 4.0.3pl1 runs as a module on Apache.
>From php.ini
; Safe Mode
safe_mode = On
safe_mode_exec_dir = /etc/php4/execdir
Will a symlink located in safe_mode_exe
Try the LIKE wording in your statement. That should workI think
- Original Message -
From: <[EMAIL PROTECTED]>
To: "PHP Mailingliste" <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 1979 12:48 PM
Subject: [PHP] writing a query that returns similar numbers
> I have a database with numbe
hi
i have a problem with variables received from a formular..
imagine this is the important part of the form:
Cheese
Tomatoes
Onions
and now.. what does the variable $extras look like? is it an array? don't have any
imaginations...
please help
T
Mike,
I do believe you are right. Here are my apache logs for today, after I
attempted to connect to localhost:
[Wed Jul 4 09:43:33 2001] [crit] (98)Address already in use: make_sock:
could not bind to port 80
[Wed Jul 4 09:43:37 2001] [crit] (98)Address already in use: make_sock:
could not b
I have a database with numbers in one of the tables I'd like to ask mysql to
renturn all numbers with say 10 of mynumber
Sort of like this:
$sql = "SELECT rowid FROM numbers WHERE (mynumer is within 10 of number)";
but I've gotten stuck do I have to do this:
$sql = "SELECT rowid FROM numbers
Ian Bagley pressed the little lettered thingies in this order...
> One thing which would prevent hijacks from simply guessing SIDS would be to
> add an md5 hash to the end of a url
>
> e.g.
>
> If a page was:- doit.php?item=4&SID=237478
>
> then append the url with the md5 of the url PLUS
Delbono pressed the little lettered thingies in this order...
>
> maybe one could be
>
> $allowed_path = "/www/sites/mysite/teaching";
>
> if (substr($file, 0, str_len($allowed_path)) <> $allowed_path )
> {
> die("not allowed!");
> }
> else
> {
> show_source($file);
> }
> ?>
>
The only foo
Surely the lesson here is to NEVER NEVER NEVER write PHP code which accepts a
filename of any kind as one of its arguments. Yes, it will make some of your
code a bit less versatile and more long winded, but you can bet your bottom
dollar that someone can find a crafty way around whatever syntax
Yes, I supposed there could be that eventuality...
I supposed or hoped that wasn't a valid path.
> /usr/local/apache/htdocs/../../../../etc/passwd as path..
I'm not very practice of paths... actually
> On Wed, 4 Jul 2001, Steve Werby wrote:
>
> > "Jon Haworth" <[EMAIL PROTECTED]> wrote
One thing which would prevent hijacks from simply guessing SIDS would be to add an md5
hash to the end of a url
e.g.
If a page was:- doit.php?item=4&SID=237478
then append the url with the md5 of the url PLUS a secret key generated at the
begining of each session:-
i.e. add MD5("d
On Wed, 4 Jul 2001, Steve Werby wrote:
> "Jon Haworth" <[EMAIL PROTECTED]> wrote:
> > Yes, I would have thought this would do it:
> >
> > if (strstr($file, "/usr/local/apache/htdocs/") {
> > show_source($file);
[..]
> Something along those lines will work. Without some kind of limitations
> buil
"Hankley, Chip" <[EMAIL PROTECTED]> writes:
> Is it possible to have such a function on your site w/o giving access to ALL
> of your documents...
On top of everything the other users recommended, you can enable safe
mode. It will protect you from sloppy programming.
--
Arcady Genkin
i=1; while
"Jon Haworth" <[EMAIL PROTECTED]> wrote:
> Yes, I would have thought this would do it:
>
> if (strstr($file, "/usr/local/apache/htdocs/") {
> show_source($file);
> } else {
> echo "File must be in /usr/local/apache/htdocs!";
> }
>
> Modify as appropriate.
>
> Have I missed anything, or will this d
> $allowed_path = "/www/sites/mysite/teaching";
>
> if (substr($file, 0, str_len($allowed_path)) <> $allowed_path )
> {
> die("not allowed!");
> }
> else
> {
> show_source($file);
> }
> ?>
I've missed part of the discussion, but if my understanding of the issue
is correct (accepting a filename
I use something that accomplishes the same (displays the source of a file),
but doesn't accept the file name as a parameter. The script is also in a
directory with a password and is restricted by ip. Not perfect, but alot
better.
- Original Message -
From: "Hankley, Chip" <[EMAIL PROTECTE
Adrian Ciutureanu pressed the little lettered thingies in this order...
> Here is something that happend to me: I forgot to tell Apache that .inc
> files must be parsed by PHP. All works fine if you include a .inc file, but
> if somebody guess .inc file name, he can see the content of that file!
Yes, I would have thought this would do it:
if (strstr($file, "/usr/local/apache/htdocs/") {
show_source($file);
} else {
echo "File must be in /usr/local/apache/htdocs!";
}
Modify as appropriate.
Have I missed anything, or will this do the trick?
Cheers
Jon
-Original Me
maybe one could be
$allowed_path )
{
die("not allowed!");
}
else
{
show_source($file);
}
?>
- Original Message -
From: "Hankley, Chip" <[EMAIL PROTECTED]>
To: "PHP Mailingliste" <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 5:45 PM
Subject: RE: [PHP] Security of PHP code
> O
OK,
I'm pretty new to PHP, and have been reading this thread, and am just a
little freaked.
If I understand this right, the only way reason we can view the source code
of those pages is that the web server on which the page resides essentially
has a PHP page somewhere on their site that has some
would be really silly if
http://www.php.net/source.php?url=/index.php
- Original Message -
From: "Tim Taubert" <[EMAIL PROTECTED]>
To: "PHP Mailingliste" <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 5:27 PM
Subject: RE: [PHP] Security of PHP code
> found 2 other servers
found 2 other servers having the same problem... mailed to the webmasters and admins
instead of
posting it.. now i feel a little bit better :)
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
mh i know it was the wrong decision. didn't think about it. already said that. feeling
guilty now
*argh*
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
---
To PHP-general group,
I have configured PHP to report all errors & warnings ("error_reporting
= E_ALL" on php.ini file), but since then I get tons of warning
messages for "Undefined variables". For example, referring $HTTP_HOST
directly leads a message like "Undefined variable: HTTP_HOST
Just for the respect of the community, Tim, you shouldn't have posted that.
Poor them, they are under the risks, of course the things will be probably
fixed, but if someone cares he might be already in the machine just for the
sake of it.
-maxim maletsky
-Original Message-
From: Tim Tau
oh thanks for the disclaimer ;) forgot it..
richard: didn't think about it.. but should have done it.. first and last time i did
it *promised*
:)
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
> you're totally right.. look at this
>
> *no comment* and not my site...
What on earth possesed you to post that url?!
Jeez!
--
Richard Heyes
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To c
Yup, I believe you - that's not your site.
That is what I meant: It is no PHP, it is how you use PHP.
DISCLAIMER:
No one's fault (except the programmer) that there was THAT BIG security hole
on the site.
-maxim maletsky
-Original Message-
From: Tim Taubert [mailto:[EMAIL PROTECTED]]
mh =) contacted the admin to fix this problem ;)
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
-
.o] -Original Message---
you're totally right.. look at this
http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph
p3?url=/etc/passwd
*no comment* and not my site...
Tim Taubert
-
Tim Taubert | [EMAIL PROTECTED] | http://www.
At http://www.floatographs.com , I reduce the resolution and put a
watermark in the JPEG. Not very clever, but it works.
Todd
P.S. The site is using PHP and Interbase plus a lot of help from all of
you folks!! Many thanks
--
Todd Cary
Ariste Software
[EMAIL PROTECTED]
--
PHP General M
Hi,
short question:
i want to use ereg_replace to replace something with an array-element,
this is my code and its not working:
ereg_replace("<\\$([0-9])>", "\$parmarray[\\1]", $string);
parmarray is of course an array with some elements,
Here are the facts:
$parmarray = array ("", "value1",
That domain name doesn't appear to be valid. Perhaps you meant:
http://validator.w3.org ?
--kurt
- Original Message -
From: "Christian Reiniger" <[EMAIL PROTECTED]>
To: "Jack Sasportas" <[EMAIL PROTECTED]>; "php"
<[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 3:19 AM
Subject: Re: [
On Wed, 04 Jul 2001, ..s.c.o.t.t.. wrote:
> there are two answers to this:
>
> 1) it cannot be done. as long as that image is on the person's
> computer screen, it is physically impossible to prevent that
> person from saving the image and using it.
> (a simple tap of the "print screen" will tak
1 - 100 of 132 matches
Mail list logo
