phplib-users Mailing List for PHPLIB (Page 30)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Maxim D. <max...@bo...> - 2002-11-27 08:23:04
|
Hello, Giancarlo, Wednesday, November 27, 2002, 12:21:49 AM, you wrote: G> In the one just downloaded the class is missing G> var $register_globals I treat it like a private variable, and it will appear after assignment. I added it, though, and changed $_SERVER to $HTTP_SERVER_VARS in the new code (missed yesterday). G> And I still cannot incremet the counter. It seems as the $__session_ip G> field is not made persisntent in function register; G> I am tryng this with php 4.0.6 I see, you turned globals off in 4.0.6. The problem might be because 4.0.6 knows nothing about $_SESSION array, which is referenced in many places, so the session variables aren't globalized and saved in the session... I have no pre-4.2 setup here, so can not test this... -- Best regards, Maxim Derkachev mailto:max...@bo... IT manager, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru |
|
From: Giancarlo <gia...@na...> - 2002-11-26 21:22:42
|
Maxim Derkachev wrote:
>First, incorporated all the changes from php-lib-stable version.
>Second, changed some strings there, performance-wise - trashed repeated
>ini_get('register_globals') calls (moved the single one to the
>constructor) and cleaned up some hacks with 'global' & eval
>
In the one just downloaded the class is missing
var $register_globals
And I still cannot incremet the counter. It seems as the $__session_ip
field is not made persisntent in function register;
I am tryng this with php 4.0.6
in start meth, I saw that setting
$GLOBALS[$session_ip] = remoteaddr
does not work
changing so does set the global though
<end of method start>
if($this->forgery_check_enabled && $this->session_ip) {
// save current IP
$$this->session_ip= $HTTP_SERVER_VARS['REMOTE_ADDR'];
if(!$this->is_registered($this->session_ip)) {
$this->register($this->session_ip);
echo "THIS SESS_IP:".$$this->session_ip."<br>";
echo "SESS_IP:".$_SESSION[$this->session_ip]."<br>";
echo "GLOB SESS_IP:".$$this->session_ip."<br>";
.....
But still does not work: I see that is saving a new, different sess_file each reload, empty, but no cookie is left after the first
Maybe my 4.06 is too old, but I am runnning apache2 as an devel alternative, and couldn't compile php there ;-)
Gian
>Third, and most significant. Added a workaround for the vulnerability,
>addressed by Giancarlo several times. Please, look at this and test it
>properly - with coookies and without, reg-globals on/off. It should
>solve the session hijacking problem. See comments for details.
>Look forward for your feedback urgently.
>NOTE - it's in the php-lib repository, not php-lib-stable.
>Bye for now.
>
>
>
>
|
|
From: Maxim D. <max...@bo...> - 2002-11-26 17:56:12
|
Hello friends,
Just made some additions to the session4.inc in the current CVS
(php-lib)
First, incorporated all the changes from php-lib-stable version.
Second, changed some strings there, performance-wise - trashed repeated
ini_get('register_globals') calls (moved the single one to the
constructor) and cleaned up some hacks with 'global' & eval.
Third, and most significant. Added a workaround for the vulnerability,
addressed by Giancarlo several times. Please, look at this and test it
properly - with coookies and without, reg-globals on/off. It should
solve the session hijacking problem. See comments for details.
Look forward for your feedback urgently.
NOTE - it's in the php-lib repository, not php-lib-stable.
Bye for now.
--
Best regards,
Maxim Derkachev mailto:max...@bo...
IT manager,
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
www.books.ru, www.symbol.ru
|
|
From: Chris J. <ch...@ch...> - 2002-11-26 00:52:55
|
In all recent versions of PHPLIB, including the current CVS, all of the
database abstraction modules have code to check for errors when connecting
to the database. That is, the files named db_*.inc, in method connect(),
all have code similar to this:
if (!$this->Link_ID) {
$this->halt("connect($Host, $User, \$Password) failed.");
return 0;
}
This is a Good Thing. The halt() method can be extended to customize
messages to whatever format the user wants.
However, all of these methods also suffer from the same weakness: they
call their respective PHP database connection functions with using the '@'
syntax to suppress errors. That means if a connection fails, one also
gets the PHP error message, which may or may not have HTML wrapping it
depending on your PHP.INI setting of "html_errors". Often the PHP errors
are not desirable and/or are not formatted in the manner the user wants.
For example, in db_pgsql.inc and db_mysql.inc:
// db_pgsql.inc
if(!$this->PConnect) {
$this->Link_ID = pg_connect($cstr);
} else {
$this->Link_ID = pg_pconnect($cstr);
}
if (!$this->Link_ID) {
$this->halt("connect() failed.");
}
// db_mysql.inc
if(!$this->PConnect) {
$this->Link_ID = mysql_connect($Host, $User, $Password);
} else {
$this->Link_ID = mysql_pconnect($Host, $User, $Password);
}
if (!$this->Link_ID) {
$this->halt("connect($Host, $User, \$Password) failed.");
return 0;
}
And they are always followed by the PHPLIB halt() method error message
anyway.
I propose to change all database abstraction modules to add the '@'
calling syntax to suppress the PHP connect errors, so that the only
error messages which appear are those explicitly chosen by the programmer
using PHPLIB.
Proposed changes to samples above would change the calls to be:
$this->Link_ID = @pg_connect(...)
$this->Link_ID = @pg_pconnect(...)
$this->Link_ID = @mysql_connect(...)
etc. for all databases.
Does anyone either disagree with that proposal, or see a significant
problem with it?
--
..chris
|
|
From: Rob H. <rob...@ws...> - 2002-11-25 18:28:08
|
I have rewritten the oohforms library and posted it to the patches area. There are several show stopper problems I have found with it, so I am about to post a new patch. It includes the date, with some more features, and html editor additions from Sanisoft. I have a include/exclude element to add that I am about to post my version of auth also. My goal is to provide a oohforms and auth module that can be dropped in with no programming needed. Including an admin page to set options such as which mode to run register and login in, etc. I also have an email module to add. Rob Hutton Web Safe www.wsafe.com ********************************************************************** Introducing Symantec Client Security - Integrated Anti-Virus, Firewall, and Intrusion Detection for the Client. Learn more: http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Marko > Kaening > Sent: Monday, November 25, 2002 4:11 AM > To: phplib-users list > Subject: [Phplib-users] snapshot status > > > Hi, > > how about the status of the snapshot? > > I am still using phplib-0.74.20021015.dev without any problems. Currently > there is an 20021108 available. What are the diffs? > > When can we see these sources on sourceforge as a new cvs module? Is there > any progress in moving this forward to a phplib4? > > > Marko > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > |
|
From: Marko K. <M.K...@os...> - 2002-11-25 09:10:49
|
Hi, how about the status of the snapshot? I am still using phplib-0.74.20021015.dev without any problems. Currently there is an 20021108 available. What are the diffs? When can we see these sources on sourceforge as a new cvs module? Is there any progress in moving this forward to a phplib4? Marko |
|
From: Peter T. <pte...@te...> - 2002-11-22 11:02:46
|
It's in the PHPLib version I currently use: 7.2d
I'm not familiar with Back-End
Cheers,
Peter
At 08:35 22-11-2002, Willie D. Leiva wrote:
>On Fri, 22 Nov 2002, Peter Termaten wrote:
>
> > On line 68 change
> >
> > if(isset($user)) {
> >
> > to
> >
> > if(is_object($user)) {
> >
> > Seems to be a bug a page.inc
>
>Is it a bug in page.inc of the latest version
>of PHPlib or in page.inc of Back-End?
>
>Thanks for your attention,
>Willie Leiva
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
|
|
From: Willie D. L. <wd...@ic...> - 2002-11-22 09:35:17
|
On Fri, 22 Nov 2002, Peter Termaten wrote:
> On line 68 change
>
> if(isset($user)) {
>
> to
>
> if(is_object($user)) {
>
> Seems to be a bug a page.inc
Is it a bug in page.inc of the latest version
of PHPlib or in page.inc of Back-End?
Thanks for your attention,
Willie Leiva
|
|
From: Peter T. <pte...@te...> - 2002-11-22 09:01:27
|
On line 68 change
if(isset($user)) {
to
if(is_object($user)) {
Seems to be a bug a page.inc
Peter
At 22:38 21-11-2002, Mike Gifford wrote:
>Hello,
>
>A user who was trying to set up the latest version of Back-End.org got
>the following error, but I'm not sure why (no one else has reported it).
>
>Back-End is shipping with a slightly different version of page.inc
>(think it is now closer to what is in the CVS), but pretty certain that
>we didn't touch this piece.
>
>Any ideas on how to proceed with this?
>
>Mike
>
>-----Forwarded Message-----
>
>From: Krishna E. Bera <ke...@cy...>
>To: bac...@li...
>Subject: [BE-support] $sess not an object
>Date: 20 Nov 2002 16:53:08 +0500
>
>i installed back-end0.5.1 from the tarball
>and am using phplib-0.7.2d
>the following error message always comes up at the end of every page:
>
>PHP Fatal error: Call to a member function on a non-object in
>/usr/local/phplib-7.2d/php/page.inc on line 68
>
>if i use the page.inc provided with back-end instead,
>the error occurs on line 71.
>
>--
>Mike Gifford, OpenConcept Consulting, http://www.openconcept.ca
>Open Source Web Applications for Social Change.
>Featured Campaign - Rooting Out Evil! - http://rootingoutevil.org
>Honest disagreement is often a good sign of progress. - Gandhi
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
----------
TERIS Information Services BV
Peter Termaten Phone: +31 23 565 2682
Aagje Dekenstraat 43 Fax: +31 23 565 2676
2135 RJ Hoofddorp Mobile: +31 653 65 8686
www.teris.nl
----------
|
|
From: Elwyn L. <el...@in...> - 2002-11-22 08:24:24
|
Hi, I'm quite new to PHP, and I need help with PHPLib. And I'm using MySQL = as my database. I have a program that works perfectly on one machine using PHPLib, a = user can login and then move from page to page just fine. But taking = that same program onto another machine, I changed the local.inc file to = configure the settings on that machine, and that I'm using the same = version of PHP and MySql, I have problems. A user can log in just fine, = but when I try to move from one page to the next, it'll ask me to login = again, this goes the same with submitting a form or clicking on a link = that would refresh itself. So I try to pass the session using the POST = and GET method and it'll work. So the session is not sent from one page = to the next. Does anybody know why? Has that got to do with the = php.ini file? Please help me. Thanks! Elwyn |
|
From: Willie D. L. <wd...@ic...> - 2002-11-22 06:53:55
|
Is there compatibility between Phplib release 7.4-pre1 and PHP version 4.3.0RC1? Thanks for your attention, Willie Leiva |
|
From: Mike G. <mi...@op...> - 2002-11-21 21:38:30
|
Hello, A user who was trying to set up the latest version of Back-End.org got the following error, but I'm not sure why (no one else has reported it). Back-End is shipping with a slightly different version of page.inc (think it is now closer to what is in the CVS), but pretty certain that we didn't touch this piece. Any ideas on how to proceed with this? Mike -----Forwarded Message----- From: Krishna E. Bera <ke...@cy...> To: bac...@li... Subject: [BE-support] $sess not an object Date: 20 Nov 2002 16:53:08 +0500 i installed back-end0.5.1 from the tarball and am using phplib-0.7.2d the following error message always comes up at the end of every page: PHP Fatal error: Call to a member function on a non-object in /usr/local/phplib-7.2d/php/page.inc on line 68 if i use the page.inc provided with back-end instead, the error occurs on line 71. -- Mike Gifford, OpenConcept Consulting, http://www.openconcept.ca Open Source Web Applications for Social Change. Featured Campaign - Rooting Out Evil! - http://rootingoutevil.org Honest disagreement is often a good sign of progress. - Gandhi |
|
From: Ernest B. <Er...@Be...> - 2002-11-17 06:45:31
|
Hi there, i am beginning some new projects, and I wonder if phplib still exists as an separate package? I've been looking at pear, but it seems to miss the great session/page/auth/perm/user feature of phplib. What do you thing, what should I use? phplib from sf.net? of pear? thanx for any comments. -- Ernest Beinrohr, OERNii eAdmin @ AxonPro.sk, http://www.AxonPro.sk +421-2-62410360, +421-905-241903 HomePage: http://www.oernii.sk |
|
From: Benjamin H. <ho...@eu...> - 2002-11-12 08:53:35
|
I have a problem with a multiuser page where eg. are 4 pages that will = be get data like address, name lastname from the user and insert this = data on the last page to the database. My problem is that it is really tricky to make this in a single php = file, with templates and ooh forms because the template must be before validation and after. hmm how should i explain. the code seams not quite good for me, because i will make sometimes the = same stuff twice. i seperated the ooh forms settings and the parsing to 2 different = functions to call them when i need it. but i=B4m not sure if i make everything right or if i=B4am so stupid = that i can=B4t see a tree because of the whole forest. and doing this stuff much to complicated. (this file will be parsed in a nother file to make a table and the page = arround it ) <<my_user_insert.php>>=20 maybe someone could take a short look at it and make a suggestion if i = am soo wrong ;) thanks in advance because it=B4s making me crazy i really suggest to do this thing without ooh form and make a js = validation if there is no other solution. Benjamin |
|
From: <li...@ye...> - 2002-11-09 08:45:18
|
Quoting Jesse Swensen <je...@sw...>: > They want them to persist forever, somewhat like the user class does. > Except there is no user, so it would have to be based on session id. You > mentioned never expiring the session. How is that done. Realistically, I > suspect the sessions would eventually time out, say after three or four > months. > > Suggestions? Alter the session expire time in local.inc to the amount of time (in seconds I think) you want. Matt - |
|
From: <li...@ye...> - 2002-11-09 08:40:59
|
Quoting Jesse Swensen <je...@sw...>: > They want them to persist forever, somewhat like the user class does. > Except there is no user, so it would have to be based on session id. You > mentioned never expiring the session. How is that done. Realistically, I > suspect the sessions would eventually time out, say after three or four > months. > > Suggestions? Alter the session expire time in local.inc to the amount of time (in seconds I think) you want. Matt - |
|
From: <li...@ye...> - 2002-11-09 08:36:03
|
Quoting Jesse Swensen <je...@sw...>: > They want them to persist forever, somewhat like the user class does. > Except there is no user, so it would have to be based on session id. You > mentioned never expiring the session. How is that done. Realistically, I > suspect the sessions would eventually time out, say after three or four > months. > > Suggestions? Alter the session expire time in local.inc to the amount of time (in seconds I think) you want. Matt - |
|
From: Jesse S. <je...@sw...> - 2002-11-08 16:48:23
|
They want them to persist forever, somewhat like the user class does. Except there is no user, so it would have to be based on session id. You mentioned never expiring the session. How is that done. Realistically, I suspect the sessions would eventually time out, say after three or four months. Suggestions? -- Jesse > From: Chris Johnson <ch...@ch...> > Reply-To: Chris Johnson <ch...@ch...> > Date: Thu, 7 Nov 2002 21:44:00 -0600 > To: Jesse Swensen <je...@sw...> > Cc: "php...@li..." <php...@li...> > Subject: Re: [Phplib-users] Persistent sessions. > > On Thu, Nov 07, 2002 at 04:58:57PM -0500, Jesse Swensen wrote: >> It has been a while since I delved into phplib. But I have been asked to >> modify an existing site. When a user hits the site a session is started. >> No need to authorize, just create variables to be persistent for that >> session. Now the customer wants those variables to be persistent beyond the >> current session. Otherwise, the session never expires. > > They want the variables to persist until when? Until the user comes back? > How do you know it's the same user? By session ID? Might as well make the > session never expire, then. > > Either I don't understand what you are asking correctly, or what the customer > is asking for doesn't make sense. > > -- > ..chris |
|
From: Chris J. <ch...@ch...> - 2002-11-08 03:44:07
|
On Thu, Nov 07, 2002 at 04:58:57PM -0500, Jesse Swensen wrote:
> It has been a while since I delved into phplib. But I have been asked to
> modify an existing site. When a user hits the site a session is started.
> No need to authorize, just create variables to be persistent for that
> session. Now the customer wants those variables to be persistent beyond the
> current session. Otherwise, the session never expires.
They want the variables to persist until when? Until the user comes back?
How do you know it's the same user? By session ID? Might as well make the
session never expire, then.
Either I don't understand what you are asking correctly, or what the customer
is asking for doesn't make sense.
--
..chris
|
|
From: Rob H. <rob...@ws...> - 2002-11-08 03:43:58
|
The current auth is just doing a sprintf to insert the username passed from the login for to the query, but a user name like: ";insert into auth_user_md5 (user_id, username, password) VALUES (5,'theif','password');" would get passed right through wouldn't it? Or would sprintf choke on the imbedded quotes? I will try it, I just don't have time right now. Rob Hutton Web Safe www.wsafe.com |
|
From: Jesse S. <je...@sw...> - 2002-11-07 21:59:10
|
It has been a while since I delved into phplib. But I have been asked to modify an existing site. When a user hits the site a session is started. No need to authorize, just create variables to be persistent for that session. Now the customer wants those variables to be persistent beyond the current session. Otherwise, the session never expires. I know I have seen this topic on a thread before but am unable to find it. Could someone fill me in? Thanks, -- Jesse |
|
From: <rm...@ya...> - 2002-11-07 21:40:45
|
Has anyone got phplib under RedHat 8.0 working OK? I installed it under Mandrake 9.0 and RedHat 8.0, with the 'showoff' example page working properly under Mandrake only. Under RedHat the pages write to the db successfully, but when you do the reload the page thing, the counter does not increase. The only thing I have noticed is when using 'showoff' under mandrake, there is allot of characters in the address bar (e.g. it is holding some variable??). I have tried all the suggestions in the documentation and nothing seems to solve the problem. Any suggestions? Thanks, Richard __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com |
|
From: Joe S. <jo...@be...> - 2002-11-07 20:06:05
|
On Thu, Nov 07, 2002 at 08:47:45PM +0100, Giancarlo wrote: > > > PHP4 session support is in the -stable cvs. There is no difference in > > this portion of the code from cvs to the dev snapshot. > > > > Then it was the register_globals off compliance. I approached the two at the > same time, so I considered it all 'php4 support' > The register_globals off compliance for session4 are the changes made to the -stable cvs after moving from the unsup/phplib cvs. There was a small compatibility issue with foreach as opposed to while. I'll see that these changes get made to session4. I had forgotten about a change to auth that is in the current -stable cvs. Support for the __sleep() function was added. Instead of changing auth.inc, an auth4.inc was created. > G > > > > ------------------------------------------------------- > This sf.net email is sponsored by: See the NEW Palm > Tungsten T handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Giancarlo <gia...@na...> - 2002-11-07 19:51:55
|
> PHP4 session support is in the -stable cvs. There is no difference in > this portion of the code from cvs to the dev snapshot. > Then it was the register_globals off compliance. I approached the two at the same time, so I considered it all 'php4 support' G |
|
From: Giancarlo <gia...@na...> - 2002-11-07 19:44:11
|
Il 17:23, gioved=EC 7 novembre 2002, Michael Chaney ha scritto: > On Wed, Nov 06, 2002 at 10:41:56PM +0100, Giancarlo wrote: > > the requested url passes in cleartext, even with SSL yes encrypted, thought not |
17 messages has been excluded from this view by a project administrator.
