Re: [PHP] Nasty DoS in PHP | Windows only?

- Original Message - From: "Jason Murray" <[EMAIL PROTECTED]> To: "'Jason Soza'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 11:36 PM Subject: RE: [PHP] Nasty DoS in PHP | Windows only? > > I'd be interested in knowing your versions and the versions > > of t

[PHP] ImageMagik

I have used PHP to generate a series of JPEG files, which after doing: convert -delay 0 *.jpg animated.gif make a rather nifty animated GIF file. Just one tiny problem... How the heck do 8 files, ~24 K each, turn into 3 *MEGS* worth of animation?... I mean, I've read the GIF spec, and there j

RE: [PHP] Nasty DoS in PHP | Windows only?

> I'd be interested in knowing your versions and the versions > of the first guy that posted about this. Maybe he has the same > setup as me, or close enough, but both of us are different > from you. Actually, I just thought about it - maybe you guys are both running it on Windows (shame on y

RE: [PHP] Nasty DoS in PHP

Very odd indeed. Well, here's my setup: Windoze2K PHP 4.1.2 Apache 1.3.something Accessing it via IE 6.0, although this should not have any bearing on anything I'd be interested in knowing your versions and the versions of the first guy that posted about this. Maybe he has the same setup as me, o

Re: [PHP] PHP and Quicktime...

Twas 4/18/02 1:48 AM, when "Pusta" <[EMAIL PROTECTED]> said: > Hello all, > > I'm new at PHP but learning and loving it. For a school project, I have to > use PHP to display a video on a web page using QuickTime. Can anyone point > me to where I can get some info on how to do this? http://dev

RE: [PHP] Nasty DoS in PHP

> Mine produced the same error message as yours, Jason, but the memory > and CPU usage continued until I hit the 'stop' button on the browser. > It seemed to have overridden both time and memory limits, as it had > racked up 320 megs of my RAM by the time I stopped it. It certainly didn't do t

RE: [PHP] Nasty DoS in PHP

Mine produced the same error message as yours, Jason, but the memory and CPU usage continued until I hit the 'stop' button on the browser. It seemed to have overridden both time and memory limits, as it had racked up 320 megs of my RAM by the time I stopped it. Jason -Original Message- F

RE: [PHP] PHP and Quicktime...

you don't need php to do this - use html's to do it -Original Message- From: Pusta [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: [PHP] PHP and Quicktime... Hello all, I'm new at PHP but learning and loving it. For a school project, I

RE: [PHP] Nasty DoS in PHP

> So that was both as an Apache mod and a CGI binary? Sounds like it's > reproducible. Running as an Apache module here, it terminated as expected at 30 seconds. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Nasty DoS in PHP

In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Jason Soza) wrote: > Interesting, check out my apache error log: > [Wed Apr 17 18:35:53 2002] [error] PHP Fatal error: Maximum execution time > of 30 seconds exceeded in d:\html\loop.asp on line 7 LOL. You use *.asp for your PHP scripts? Wou

[PHP] PHP and Quicktime...

Hello all, I'm new at PHP but learning and loving it. For a school project, I have to use PHP to display a video on a web page using QuickTime. Can anyone point me to where I can get some info on how to do this? Thanks, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscrib

RE: [PHP] need your help

is this a local server you're connecting to (as in, on the same machine as the script) if it is, then the ip address would prob. need to be "127.0.0.1" and not "172.0.0.1" -Original Message- From: Waty [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 1:29 PM To: [EMAIL PROTECTED]

[PHP] need your help

Hi, i got error when open the imap: my code : $mail_server = "172.0.0.1"; $mail_port = "143"; $utg_box =1; $mail_id = "username"; $mail_pass = "password"; $open_mail_box = "{".$mail_server.":".$mail_port."}INBOX.".$utf_box; $mbox = imap_open($open_mail_box, $mail_id, $mail_pass); error: C

RE: [PHP] Nasty DoS in PHP

> A big "if", since the OP has not yet verified that the time limit and > memory limit are in effect at the outset of the loop as supposed. > Someone else want to test for this scenario? Someone, that is, who > can deliberately bring down their server without getting kicked > off permanently

RE: [PHP] save html created by loop in variable

Thanks for your reply... I just tried it with ob_start(); and I think I'm almost on the right track. Just one small issue. Since the records are in a while loop, the results are printed line by line as expected. However, I need to print something obtained from the sql query just once then the rest

RE: [PHP] Nasty DoS in PHP

Interesting, check out my apache error log: [Wed Apr 17 18:35:53 2002] [error] PHP Fatal error: Maximum execution time of 30 seconds exceeded in d:\html\loop.asp on line 7 So PHP recognized the max execution time of 30 seconds being exceeded, but neither it nor apache shut down the script. Jaso

Re: [PHP] Re: Screen Scraping using PHP

Colleagues, The term "screen scraping" as I am familiar with it comes from mainframe terminal circles, and refers to capturing the character-based output in a terminal window (or, at one point in history, the terminal "screen") as a text file. I have seen the term used specifically in respect

[PHP] trying to use gzlib & ZZIPlib within PHP

Dear PHPers, I downloaded and compiled the zlib from www.gzip.org/zlib and recompiled the php and apache, but somehow I get gzcompress and gzuncompress undefined. Then I tried with ZZIPlib with --with-zip switch when compiling PHP then recompile apache. After restarted the apache, I do see vari

[PHP] mod_rewrite (solution)

Thanks to everyone who tried to help. Apparently, I'm better at this stuff than I thought. The four lines below provide the perfect solution to the problem I was having. RewriteEngine on RewriteBase/ RewriteCond%{REQUEST_FILENAME} !-f RewriteRule^(.+) /index.php __

Re: [PHP] Nasty DoS in PHP

I crashed a server yesterday from PHP code that was trying to create an image with GD. The same scenerio happened in that my entire box froze. No keyboard control, no mouse, no CTRL-ALT-F2, nothing. This was also due to a header() in an infinite loop. From my perspective I thought that was bad

Re: [PHP] Nasty DoS in PHP

Do you have a PHP binary compiled too? If Apache can be taken out of the equation and the script still exceed memory/time limits, that would sure appear to be a PHP bug. (FWIW, I can't find an existing bug report about this behavior at bugs.php.net. Perhaps you and the OP could run backtraces

RE: [PHP] Nasty DoS in PHP

It shows the memory and CPU time being used by apache. I have PHP installed as a module, that may be why. (?) Jason Soza - Original Message - From: Martin Towell <[EMAIL PROTECTED]> Date: Wednesday, April 17, 2002 6:37 pm Subject: RE: [PHP] Nasty DoS in PHP > Is that memory usage used

RE: [PHP] Nasty DoS in PHP

Is that memory usage used by PHP or apache? -Original Message- From: Jason Soza [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 12:35 PM To: CC Zona Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Nasty DoS in PHP For what it's worth, I just ran this script on my server, and desp

Re: [PHP] Nasty DoS in PHP

For what it's worth, I just ran this script on my server, and despite the 30 second time limit and 8mb memory limit in php.ini, the script ran longer than 30 secs, CPU usage went between 60% and 100% and my memory usage reached 352000 before I stopped it. As far as a DoS, I don't think so. A b

RE: [PHP] Nasty DoS in PHP

[snip] > > If this allows a DoS attack, then this is a very real security problem. > > Why should it? Even if there is a verifiable bug allowing time/memory > limits to be exceeded when header() goes into an infinite loop, how could > someone exploit this from the outside? If a scripter is l

Re: [PHP] Nasty DoS in PHP

In article , [EMAIL PROTECTED] (Richard Archer) wrote: > At 8:55 PM -0400 17/4/02, Justin Farnsworth wrote: > > >This is a rather meaningless thread. It is a > >security issue that is displaced. > > If PHP is not honoring the time limit and memory usage

[PHP] mod_rewrite

I could really use your help with this. The examples I have received from everyone thus far have not worked, including the last one that you posted. This is the situation: I have multiple domains, each with multiple subdomains, all of which automatically point to the root of my web environme

Re: [PHP] Nasty DoS in PHP

At 8:55 PM -0400 17/4/02, Justin Farnsworth wrote: >This is a rather meaningless thread. It is a >security issue that is displaced. If PHP is not honoring the time limit and memory usage directives when outputting headers, then this is a bug in PHP. If this allows a DoS attack, then this is a v

[PHP] HTTP_POST_FILES and Mozilla 0.9.9

Hi all, I'm having a difficult time determining if this is a Mozilla .99 bug, or something in PHP [currently using 4.0.6 under linux 2.4.8]. Using 2 small test files: ## upload1.html ## upload test   ## upload2.php ## With Mozilla .9.4.1 [eg: Netscape 6.2.2 for windoze], Netscape 4.79

[PHP] Re: HTTP gzip-compression and fopen

In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Trond Arve Nordheim) wrote: > I was writing a slashdot RSS-parser for my homepage, and wrote a simple > function to fetch the slashdot.rdf-file from slashdot, and parse it > using PEAR's XML/RSS.php. > > Here's the core reading the remote file:

Re: [PHP] HTTP gzip-compression and fopen

On Thu, Apr 18, 2002 at 01:55:47AM +0200, Trond Arve Nordheim wrote: > Now, it seems like slashdot is doing som on-the-fly gzip-compression (it > sends a "Content-Encoding: gzip"-header), and that fopen can't cope with > this, and I'm stuck with some binary data. I've tried using > gzuncompress()

Re: [PHP] Nasty DoS in PHP

Guys: This is a rather meaningless thread. It is a security issue that is displaced. Anybody can take down his own machine with a couple of lines of code. It is not the (entire) responsibility of the language to protect the machine from resource exhaustion or whatever. In security, you have t

RE: [PHP] Nasty DoS in PHP

Well, if you were able to upload a PHP script, you'd also be able to upload a binary file, which would have the ability to run exec("yourbinary"); ... -Original Message- From: Dustin E. Childers [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:41 AM To: James Cox Cc: [EMAIL PR

RE: [PHP] document root

Thanks Miquel, I asked it hopeless. Senih -Original Message- From: Miguel Cruz [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:25 AM To: Senih Özkiper Cc: [EMAIL PROTECTED] Subject: Re: [PHP] document root On Thu, 18 Apr 2002, [iso-8859-9] Senih Özkiper wrote: > What is the

Re: [PHP] Nasty DoS in PHP

You can't upload a binary file to a server and access it through a web browser. The most it will do is either show the 'source' for file or ask you to download it. Yes, this is probably not a major DoS attack..and there aren't many free hosts out there that have PHP support. The most you could pro

RE: [PHP] Nasty DoS in PHP

> "If the user has enough access to the server to place files on it" ? > > There are hosting places that have PHP and you can just upload the PHP > script through FTP and access it in your browser. ... in which case all you'll accomplish is taking out your own server, which is not a DoS attack.

RE: [PHP] Nasty DoS in PHP

so why not upload a binary file and execute that ? quick root-kit later and you're in. -Original Message- From: Dustin E. Childers [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:22 AM To: Jason Murray Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Nasty DoS in PHP "If the user h

Re: [PHP] Sending a variable without it being seen

You can pass it using POST rather than GET-style arguments, but that will require structuring your pages so that people use buttons to get from one to the next, and it will only keep really dumb people from seeing the variables. Other than that, look at the manual's section on Sessions. migue

Re: [PHP] save html created by loop in variable

On Wed, 17 Apr 2002, Jason Dulberg wrote: > I have a WHILE loop that I am interested in storing the html that is > generated based on its results to a variable. This variable would then be > echoed later on. Check in the manual under Output Buffering. miguel -- PHP General Mailing List (http:

Re: [PHP] Arranging Data

I'm not going to give you code because that would make it too easy. Start a counter variable at 0. Increment it with each cell you draw. Once it reaches the number of cells you want across, set your counter back to zero and draw the appropriate stuff. Presto. miguel On Wed, 17 Apr 2002, Ja

Re: [PHP] document root

On Thu, 18 Apr 2002, [iso-8859-9] Senih Özkiper wrote: > What is the best way, to find out the directory, where web documents stored, > on a .nix web server? > I need that, because I want to install my application files on customers web > server directly and automatically from my web server using

Re: [PHP] Nasty DoS in PHP

"If the user has enough access to the server to place files on it" ? There are hosting places that have PHP and you can just upload the PHP script through FTP and access it in your browser. Dustin E. Childers Security Administrator. CEO, Digitux Security, Inc. http://www.digitux.net/ - Orig

RE: [PHP] Nasty DoS in PHP

> It's a default PHP installation. We aren't calling set_time_limit(). > I know its an infinite loop, the point is that if a user wanted to > attack a server (happens every day) they would be able to use this > method to take the server down. But, if the user has enough access to the server to

RE: [PHP] Nasty DoS in PHP

but to do so, they would need to be on the box, and there are a bunch of better methods in that situation. given that php's default install sets a max time limit of 30 seconds on a script timeout, it can't have run for 10+ minutes, nor is that a reasonable length of time for a DoS on a monitored

Re: [PHP] Nasty DoS in PHP

It's a default PHP installation. We aren't calling set_time_limit(). I know its an infinite loop, the point is that if a user wanted to attack a server (happens every day) they would be able to use this method to take the server down. Dustin E. Childers Security Administrator. CEO, Digitux Securi

RE: [PHP] Nasty DoS in PHP

> It does not stop after its execution time. Is your PHP actually configured to stop running after 30 seconds, though? Its the default, but you may have overridden it. > We have let this run for 10+ minutes to see if it would crash the > server, and it did. Is it possible you're called set_t

Re: [PHP] Nasty DoS in PHP

In article <000401c1e67b$dd64c820$2fa3f318@blackbox>, [EMAIL PROTECTED] (Dustin E. Childers) wrote: > It does not stop after its execution time. We have let this run for 10+ > minutes to see if it would crash the server, and it did. It does not affect > the person that loads the code in the brow

[PHP] Re: mod_rewrite (the solution)

In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Cc Zona) wrote: > In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > wrote: > > > RewriteEngine on > > RewriteBase/ > > RewriteRule$.* index.php > > RewriteRule takes a regular expression as its first parameter >

[PHP] HTTP gzip-compression and fopen

Hi. I was writing a slashdot RSS-parser for my homepage, and wrote a simple function to fetch the slashdot.rdf-file from slashdot, and parse it using PEAR's XML/RSS.php. Here's the core reading the remote file: $fp = @fopen("http://slashdot.org/slashdot.rdf";, "r"); if (!$fp) { return 0; } $raw

Re: [PHP] Nasty DoS in PHP

It does not stop after its execution time. We have let this run for 10+ minutes to see if it would crash the server, and it did. It does not affect the person that loads the code in the browser, just affects the server running the code. Dustin E. Childers Security Administrator. CEO, Digitux Secu

RE: [PHP] Nasty DoS in PHP

> I have found something interesting that can kill the server. > I'm not sure if this is because of Apache or PHP. If you use > PHP to send a header() inside of a while loop, the httpd > process will begin to use massive CPU and Memory until it is > killed, or the server is killed. Here is wha

[PHP] Re: session_is_registered

Thanks everyone. I solved the problem by upgrading 4.0.6 to 4.1.2. Norman -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Nasty DoS in PHP

php.ini: memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) That is in there, I execute the code from a browser. ps aux: nobody 60155 84.6 16.8 88644 87424 ?? R 5:15PM 0:23.23 /www/bin/httpd using 84.6% of CPU and 16.8% of Memory. Dustin E. Childers Securi

[PHP] hosts, suggestions?

I'm looking for good service, uptime, blah blah, plus: Please respond as to whether you have these features or not _ |_| access to '.htaccess' files in our directories.? |_| ability to put apache 'rewrite' instructions in our '.htacces' file? |_| -or- sys admin will put a mod rewrite instruction

[PHP] Re: mod_rewrite (the solution)

In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > RewriteEngine on > RewriteBase/ > RewriteRule$.* index.php RewriteRule takes a regular expression as its first parameter . The "$" regex meta-character is an end-

Re: [PHP] Would this work? (mod_rewrite)

In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > But now I am receiving a 404 error message and the following message in my > error log: > > [Wed Apr 17 18:31:26 2002] [error] [client 172.131.190.148] File does not > exist: /home/swiften/public_html/404.shtml > > [Wed Apr 17 18:31:

[PHP] mod_rewrite (the solution)

RewriteEngine on RewriteBase/ RewriteRule$.* index.php Original Message Follows From: "SHEETS,JASON (Non-HP-Boise,ex1)" <[EMAIL PROTECTED]> To: "'[ rswfire ]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP] Would this work? (mod_rewrite) Date: We

[PHP] Re: Nasty DoS in PHP

Dustin E. Childers wrote: > Hello. > > I have found something interesting that can kill the server. I'm not sure if this is >because of Apache or PHP. If you use PHP to send a header() inside of a while loop, >the httpd process will begin to use massive CPU and Memory until it is killed, or the

[PHP] Registration Form

Hi, I am using registration form with a number of different steps. And if, for instance, the user wants to come back to correct something, I am using the back img button with the link: javascript:history.back(1) I am wondering how many people are actually using the way I do, and if it's reliab

[PHP] Arranging Data

How would I have a script display results in a table, but make it so that once 3 or 4 results are displayed in one table row, a new table row would be started? Right now I have something like: printf("",$pic1); And all the records for $pic1 come out into a single column which, if I had many r

[PHP] RE: print on top

Hi Jule, You need to sort your records with "ORDER BY" clause . I don't know what your table looks like and obviously don't know if you have suitable columd for it.. Say you have a newsid field defined with int datatype with auto_increment property, then you can issue your statement as "SELECT ..

[PHP] document root

What is the best way, to find out the directory, where web documents stored, on a .nix web server? I need that, because I want to install my application files on customers web server directly and automatically from my web server using ftp. Better to explain; If for example header("Location:www.s

Re: [PHP] Nasty DoS in PHP

Turn on the memory-limit option On Wed, 17 Apr 2002, Dustin E. Childers wrote: > Hello. > > I have found something interesting that can kill the server. I'm not sure if this is >because of Apache or PHP. If you use PHP to send a header() inside of a while loop, >the httpd process will begin to

[PHP] Nasty DoS in PHP

Hello. I have found something interesting that can kill the server. I'm not sure if this is because of Apache or PHP. If you use PHP to send a header() inside of a while loop, the httpd process will begin to use massive CPU and Memory until it is killed, or the server is killed. Here is what I

[PHP] Re: Using one submit button (long, rambling, near-total rewrite)

"Jennifer Downey" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > I have no takers on this one? You would have more help if you didn't glumph a whole whack of code in... it takes five minutes just to sort out what's what. > if I have on item it is fine. If I have two items it

[PHP] save html created by loop in variable

I have a WHILE loop that I am interested in storing the html that is generated based on its results to a variable. This variable would then be echoed later on. Basically the html that is generated from the while loop is a bunch of table cell definitions and some data from the database - this data

[PHP] print on top

Hey guys and gals, I'm writing this script for my new webpage, and i'm using MySQL to read and add news articles to a page, but everytime i add a new article it puts it under the older one, how can i get it on top? thanks Jule $Link = mysql_connect ($Host, $User, $Password); $Query = "SELECT

RE: [PHP] Would this work? (mod_rewrite)

Well, it's half working :-( But now I am receiving a 404 error message and the following message in my error log: [Wed Apr 17 18:31:26 2002] [error] [client 172.131.190.148] File does not exist: /home/swiften/public_html/404.shtml [Wed Apr 17 18:31:26 2002] [error] [client 172.131.190.148] F

RE: [PHP] Would this work? (mod_rewrite)

And I fall victim to my own stupidity/cache again. You actually want RewriteEngine on RewriteBase / RewriteRule ^$ index.php This works for me on my domain, you can check it out by going to http://demo.shadotechdesigns.com and http://bug.shadonet.com Jason -Original Message- From: [

RE: [PHP] Would this work? (mod_rewrite)

You actually want RewriteEngine on RewriteBase / RewriteRule *$ index.php Jason -Original Message- From: [ rswfire ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 4:20 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Would this work? (mod_rewrite) This re

Re: [PHP] Would this work? (mod_rewrite)

This rewrite thing will actually be very good for me; my error log file will stop having a million "file not found" errors :-) I have to tell you guys, I love JTL Networks. They are the best host I have ever had ever! Original Message Follows From: Miguel Cruz <[EMAIL PROTECTED]> To

Re: [PHP] Would this work? (mod_rewrite)

[Wed Apr 17 18:04:19 2002] [alert] [client 172.131.190.148] /home/swiften/public_html/.htaccess: RewriteRule: cannot compile regular expression '*' Original Message Follows From: Miguel Cruz <[EMAIL PROTECTED]> To: "[ rswfire ]" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [

Re: [PHP] Would this work? (mod_rewrite)

Do you have access to your server's error_log file? With any luck there'll be a more informative message there (something like "Miguel was too lazy to pay sufficient attention to the following Rewrite caveat: xxx"). miguel On Wed, 17 Apr 2002, [ rswfire ] wrote: > mod_bwlimited, mod_php4,

[PHP] mod_rewrite

.htaccess (returns 500 misconfiguration error message) { RewriteEngine on RewriteBase/ RewriteRule* index.php } http://swifte.net/phpinfo.php (i did not use braces in the .htaccess file) _ Join the world’s largest e-mai

[PHP] Re: verify file types when uploading to server...

Nevermind... =) "Jas" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am wondering if any one has a good idea on how to do checking based on a > files extension, what I am trying to accomplish is to be able to upload > files to a webserver however I only want

Re: [PHP] Would this work? (mod_rewrite)

mod_bwlimited, mod_php4, mod_log_bytes, mod_frontpage, mod_ssl, mod_setenvif, mod_so, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_c

Re: [PHP] Would this work? (mod_rewrite)

Are you sure your server has mod_rewrite installed? miguel On Wed, 17 Apr 2002, [ rswfire ] wrote: > Miguel, if I get this working I am going to be so happy :-) > > I just tried putting the following in an .htaccess file in my root: > > RewriteEngine on > RewriteBase/ > RewriteRule*

Re: [PHP] Would this work? (mod_rewrite)

Miguel, if I get this working I am going to be so happy :-) I just tried putting the following in an .htaccess file in my root: RewriteEngine on RewriteBase/ RewriteRule* index.php And it came back with a server misconfiguration. So, did I do something wrong? Original Message

RE: [PHP] form posting to a fake page

I've done some testing, and it seems that Apache messes with the server variables when it sends the error document. Basically, Apache does *NOT* send an HTTP 302 response. It sends an HTTP 404 response, but outputs the full code from the ErrorDocument. Unfortunately, it changes the REQUEST_METHO

Re: [PHP] Would this work? (mod_rewrite)

On Wed, 17 Apr 2002, [ rswfire ] wrote: > Assume I want *.domain.*/*.* to automatically call index.php (without the > user knowing and without any redirecting at all): > > RewriteEngine on > RewriteBase/ > RewriteRule*.* index.php [R] > > I don't know what in the world the [R] is, but

[PHP] sorry i forgot something

*.domain.*/*.* AUTOMATICALLY goes to the root of my web (my isp set this up for me) _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- PHP General Mailing List (http:/

[PHP] Would this work? (mod_rewrite)

Assume I want *.domain.*/*.* to automatically call index.php (without the user knowing and without any redirecting at all): RewriteEngine on RewriteBase/ RewriteRule*.* index.php [R] I don't know what in the world the [R] is, but it's in almost all of the mod_rewrite examples... :-)

[PHP] verify file types when uploading to server...

I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas --

Re: [PHP] form posting to a fake page (another idea)

I'm really not good with the ereg stuff; I wouldn't even know where to start. It's really quite simple what I need to have happen. *.DOMAIN.COM/*.* needs to access /index.php My network handles multiple domains/subdomains; so it's important it can work with them all. Any ideas? Origin

Re: [PHP] form posting to a fake page

On Wednesday, April 17, 2002, at 04:57 PM, [ rswfire ] wrote: > $_POST[] variables do not exist on a redirected page; that's the > problem! They would exist if you were using a PHP script with header() to do your redirect rather than an Apache feature. I think this is what Miguel, and myse

Re: [PHP] form posting to a fake page (another idea)

Have a look at http://httpd.apache.org/docs/misc/rewriteguide.html which gives countless examples of using mod_rewrite rules for this sort of thing. You can direct all requests to a single page and then let that page sort things out as it pleases. These are processed internal to the server wi

Re: [PHP] sessions protection

On Wednesday, April 17, 2002, at 04:40 PM, Vladislav Kulchitski wrote: > Basically, let's say the cracker know that in my application I create a > session variable named "auth_user" for valid users. Is there a way to > hack into it if he knows this session variable name? > > Example: > > if($ac

Re: [PHP] (MySql) INSERTing into MULTIPLE tables

That's fine, but you don't need the intermediate select step. Just use mysql_insert_id() to get the value of userid. auto_increment values are guaranteed to be unique no matter how quickly you are inserting. miguel On Wed, 17 Apr 2002, Vladislav Kulchitski wrote: > Hi, I was wondering if the w

Re: [PHP] form posting to a fake page

Gotcha. My bad. Sounds like you're in for a long night's adventure with mod_rewrite. miguel On Wed, 17 Apr 2002, [ rswfire ] wrote: > No, the error handler does not have access to the posted data. The problem > in a nutshell: > > 1. Person fills out form; clicks submit > > 2. Form action p

Re: [PHP] form posting to a fake page (another idea)

I'm not trying to make the page redirect anywhere. I'm trying to create the illusion of there being many pages when there is only one doing all the work. For example: http://hsdnetwork.swifte.net/technicians.html The page, technicians.html, does not really exist. The server knows this and

Re: [PHP] file delete...

Did you check the manual? Like php.net/delete perhaps which tells you the PHP function that does this is actually called unlink(). -Rasmus On Wed, 17 Apr 2002, jas wrote: > How can I delete a file in php? > thanks in advance, > Jas > > > > -- > PHP General Mailing List (http://www.php.net/) >

Re: [PHP] form posting to a fake page

You could try the following but I don't know if it would work on your set up. 1. have the form go to a php page that has no output to the screen. 2. store the input info in a database or file. 3. use a header("location: index.php") to go to your website index page. 4. use php on your index.php pa

RE: [PHP] file delete...

On Wed, 2002-04-17 at 13:12, Leotta, Natalie (NCI/IMS) wrote: > According to this, you should actually use unlink, but delete is available. > > http://www.php.net/manual/en/function.delete.php > > -Natalie That's not actually what the page says...;) > -Original Message- > From: jas [ma

Re: [PHP] form posting to a fake page

No, the error handler does not have access to the posted data. The problem in a nutshell: 1. Person fills out form; clicks submit 2. Form action property is called; server notices the page is not real (Data is lost here) 3. Error handler is called Original Message Follows From: Mig

Re: [PHP] form posting to a fake page

Your error handler would read them and then construct a redirect containing the form data in querystring format. miguel On Wed, 17 Apr 2002, [ rswfire ] wrote: > $_POST[] variables do not exist on a redirected page; that's the problem! > > Original Message Follows > From: Miguel Cruz <

Re: [PHP] form posting to a fake page

$_POST[] variables do not exist on a redirected page; that's the problem! Original Message Follows From: Miguel Cruz <[EMAIL PROTECTED]> To: "[ rswfire ]" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [PHP] form posting to a fake page Date: Wed, 17 Apr 2002 15:56:32 -0500 (CDT)

Re: [PHP] form posting to a fake page

On Wed, 17 Apr 2002, [ rswfire ] wrote: > It would still require some knowledge of the posted data. If someone clicks > a submit button, and it is posting to a page that doesn't really exist, then > when the index.php file gets called as a 404 errordocument, the posted > variables are already

[PHP] sessions protection

Hi, can anyone advise about another issue that occurred to me. Basically, let's say the cracker know that in my application I create a session variable named "auth_user" for valid users. Is there a way to hack into it if he knows this session variable name? Example: if($action==edit_personalin

RE: [PHP] Global variable

The best way for this is to use sessions. What you do is you check the identity and if it's valid you create a session with name 'validuser' or whatever the name you want. Then any secure operations/actions along the script you'll check for this session name if it exists. I can demonstrate how I

Re: [PHP] mysql quickie..

- Original Message - From: Robert Cummings <[EMAIL PROTECTED]> To: Richard Emery <[EMAIL PROTECTED]> Cc: Kelly Meeks <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 1:49 PM Subject: Re: [PHP] mysql quickie.. Richard Emery wrote: >> >> I've seen other responses to

  1   2   >