phplib-users Mailing List for PHPLIB (Page 41)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Giancarlo <gia...@na...> - 2002-10-07 18:20:23
|
Il 13:00, luned=EC 7 ottobre 2002, Marko Kaening ha scritto: > I cannot reproduce this behaviour with my current version of phplib, wh= ich > is Joe's snapshot from sourceforge. If a session is timed out, then=20 the This bug has been fixed there. and also the $user->register funtion we're= =20 speaking (if it has to, otherwise also session4.inc's register() in the=20 snapshot hasn't to) We're making this snapshot really nice there, default auth is fixed. I po= sted=20 the latest-latest for Joes, with a good working example of defauth.php3 a= nd=20 the log/reg/logout in auth->login_if(). Here is what to add over snapsot 20021005.pathes http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D561500&group= _id=3D31885&atid=3D403613 > is no chance of getting access by the back button. But maybe it's cause= d > by my auth... > > Marko |
|
From: Giancarlo <gia...@na...> - 2002-10-07 17:54:10
|
Il 18:34, luned=EC 7 ottobre 2002, hai scritto:
> Hello Giancarlo,
>
> Monday, October 07, 2002, 8:12:41 PM, you wrote:
>
> G> So re-register all and only the variables needed, and only them
> G> (uregister_all-reregister), every time?
>
> One time per User data instance. Rate User as neverending session.
>
> G> I was used to register variables independently, even in code locatio=
n,
> than G> their definitions.
>
> G> does the $_SESSION behave like that, or is that mechanism ineherentl=
y
> less G> dangerous?
> Well, You should prepare a value You want to assign to $_SESSION.=20
I've tried now this script, to test the behave of doing that with both=20
$_SESSION and session_register(), and they don't complain with this scrip=
t.
I tell you this because I was stuck in this same thing when I wrote the=20
session4.inc register() function, which I added to imitate what was also =
the=20
behavior of phplib's pt array: decoupled registration from assignment.
try this script,=20
<?php
echo gettype($a)." <- gettype a<br>";
echo gettype($_SESSION["b"])." <-gettype b<br>";
$_SESSION['b']=3D$_SESSION['b']+1;
session_register("a");
$a=3D$a+1;
echo "session ID ".session_id()."<br>";
echo "A is $a <br>";
echo "B is". $_SESSION["b"]." <br>";
#
session_unregister ("a");
unset ($_SESSION["b"]);
?>
gives this result
NULL <- gettype a
NULL <-gettype b
session ID 885b4ba8058361e4124e579a37748254
A is 1=20
B is1=20
|
|
From: Giancarlo <gia...@na...> - 2002-10-07 16:44:19
|
Il 12:56, luned=EC 7 ottobre 2002, Marko Kaening ha scritto: > A lot of php notices get produced, that's what happens. There are quite= a ha> few samples of code in phplib which do produce tons of them, e.g. ooh= forms > as I already pointed out. Don't think it's a good way of coding... > > > G> So that patch solves this. > > I guess it might work only temporally! What I say is that you don't eve know the session vars that are made glob= als=20 for you, because you inherit them from previous scripts and apps. I prefe= r=20 objects, and objects slots, than global vars, anyway.=20 The test is_object() can't as easily be circumvented as isset(), not at l= east=20 of I know. > > > G> BTW all these isset, is_object etc, sometimes are pretty useless, > > I wouldn't say so. It's not only good coding style, it makes your code > also less sensitive to future changes of the php engine. This kind of > illegal assignments might cause different things with different php > versions or at least setups. that's true. But if I had to choose between an error message or a sneak=20 through, I prefer the first Gian |
|
From: Giancarlo <gia...@na...> - 2002-10-07 16:16:59
|
Il 10:49, luned=EC 7 ottobre 2002, Maxim Derkachev ha scritto: > G> } // end func register > ............................................................ > G> This is wrong, because register has to register something, even if t= hat > thing G> does not exixts yet. > > I don't buy this statement. The isset() check was made intentionally. > register(), IMO, should register only things that exist. Assigning > $GLOBALS[$this->vars_array][$thing] =3D& $GLOBALS[$thing] is erroneous > when $GLOBALS[$thing] does not exist (turn on E_NOTICE and You'll see > why). The most common and secure way is to assign variables before > registering them. > So re-register all and only the variables needed, and only them=20 (uregister_all-reregister), every time? I was used to register variables independently, even in code location, th= an=20 their definitions. does the $_SESSION behave like that, or is that mechanism ineherently les= s=20 dangerous? But why not register them as a persistent slots of an object (= and=20 eventually globalize it) and use that? As objects cannot be passed via=20 GET/POST?=20 Sorry, I get lost. Gian |
|
From: Rob H. <rob...@ws...> - 2002-10-07 14:59:55
|
Yeah, I was just trying to be lazy and not have to rewrite what was already built and workable. Thanks, > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Joe > Stewart > Sent: Monday, October 07, 2002 10:36 AM > To: php...@li... > Subject: Re: [Phplib-users] Combining Features > > > On Mon, Oct 07, 2002 at 10:22:24AM -0400, Rob Hutton wrote: > > Guys, I'm probably missing something obvious, but it looks > like it is hard > > if not impossible to combine features like sessions, auth with > the templates > > in that the session, auth examples have php code in the example > pages and > > that code wouldn't be run if it was passed through the template > engine. Am > > I missing something? > > > > The auth supports templates OK. Like you said, the auth examples don't > show this, but auth->loginform can be replaced with a template based > method just fine. > |
|
From: Joe S. <jo...@be...> - 2002-10-07 14:38:10
|
On Mon, Oct 07, 2002 at 10:22:24AM -0400, Rob Hutton wrote: > Guys, I'm probably missing something obvious, but it looks like it is hard > if not impossible to combine features like sessions, auth with the templates > in that the session, auth examples have php code in the example pages and > that code wouldn't be run if it was passed through the template engine. Am > I missing something? > The auth supports templates OK. Like you said, the auth examples don't show this, but auth->loginform can be replaced with a template based method just fine. |
|
From: Rob H. <rob...@ws...> - 2002-10-07 14:19:01
|
Guys, I'm probably missing something obvious, but it looks like it is hard if not impossible to combine features like sessions, auth with the templates in that the session, auth examples have php code in the example pages and that code wouldn't be run if it was passed through the template engine. Am I missing something? I guess the question boils down to, is there a way to get php code embedded in a page to be evaluated once the page has been passed through the template engine? Thanks, Rob Hutton Web Safe www.wsafe.com ********************************************************************** Introducing Symantec Client Security - Integrated Anti-Virus, Firewall, and Intrusion Detection for the Client. Learn more: http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 View our Symantec Client Security Demo: http://enterprisesecurity.symantec.com/symes238.cfm?JID=3&PID=11624271 Download the Symantec Client Security Fact Sheet: http://enterprisesecurity.symantec.com/symes238.cfm?JID=4&PID=11624271 Download the Symantec Client Security Brochure: http://enterprisesecurity.symantec.com/symes238.cfm?JID=5&PID=11624271 |
|
From: Marko K. <M.K...@os...> - 2002-10-07 11:05:16
|
I cannot reproduce this behaviour with my current version of phplib, which is Joe's snapshot from sourceforge. If a session is timed out, then there is no chance of getting access by the back button. But maybe it's caused by my auth... Marko |
|
From: Marko K. <M.K...@os...> - 2002-10-07 10:56:12
|
> I don't buy this statement. The isset() check was made intentionally. Think so too! > register(), IMO, should register only things that exist. Assigning Should be coded as safe as possible. > $GLOBALS[$this->vars_array][$thing] =& $GLOBALS[$thing] is erroneous > when $GLOBALS[$thing] does not exist (turn on E_NOTICE and You'll see > why). A lot of php notices get produced, that's what happens. There are quite a few samples of code in phplib which do produce tons of them, e.g. oohforms as I already pointed out. Don't think it's a good way of coding... > G> So that patch solves this. I guess it might work only temporally! > G> BTW all these isset, is_object etc, sometimes are pretty useless, I wouldn't say so. It's not only good coding style, it makes your code also less sensitive to future changes of the php engine. This kind of illegal assignments might cause different things with different php versions or at least setups. Marko |
|
From: Maxim D. <max...@bo...> - 2002-10-07 08:50:13
|
Hello, Giancarlo,
Sunday, October 06, 2002, 1:20:04 AM, you wrote:
G> found a strange beehavior and probably a fix for it
G>
G> the problems lies in use4.inc register function.
G>
G> Before:
G> ------
G> function register ($things) {
G> $things = preg_split('/\s*,\s*/', trim($things) );
G> foreach ($things as $thing) {
G> if (!isset($GLOBALS[$thing]))
G> continue;
G> $GLOBALS[$this->vars_array][$thing] =& $GLOBALS[$thing];
G> }
G> } // end func register
G>
G> Now
G> ----
G> function register ($things) {
G> $things = preg_split('/\s*,\s*/', trim($things) );
G> foreach ($things as $thing) {
G> $GLOBALS[$this->vars_array][$thing] =& $GLOBALS[$thing];
G> }
G> } // end func register
............................................................
G> This is wrong, because register has to register something, even if that thing
G> does not exixts yet.
I don't buy this statement. The isset() check was made intentionally.
register(), IMO, should register only things that exist. Assigning
$GLOBALS[$this->vars_array][$thing] =& $GLOBALS[$thing] is erroneous
when $GLOBALS[$thing] does not exist (turn on E_NOTICE and You'll see
why). The most common and secure way is to assign variables before registering them.
G> So that patch solves this.
G> BTW all these isset, is_object etc, sometimes are pretty useless, especially
G> with a loose language as php, and sometimes cn make very bad tricks
G> (I remeber that "if !isset(_PHPLIB)..." )
G> Gian
--
Best regards,
Maxim Derkachev mailto:max...@bo...
IT manager,
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
www.books.ru, www.symbol.ru
|
|
From: Giancarlo <gia...@na...> - 2002-10-07 07:06:30
|
I noticed that the session4 method, self_url(), now uses env(QUERY_STRING) to compose the url. session3 used $HTTP_SERVER_VARS[QUERY_STRING]. The fact is that functions that needed to rewrite the QUERY_S used to act on $HTTP_SERVER_VARS[Q_S], so these prepare that. Is there a problem to revert to that, or are those HTTP_SERVER_V only avail for some webserver/environ? Gian |
|
From: Blake G. <bl...@co...> - 2002-10-07 00:50:04
|
'man wget' and use that to make yourself a local copy, its just one level deep. wget -r -l 1 http://www.sanisoft.com/phplib/manual/html i had the same question a while back and then that solution dawned on me, worked fine. cheers blake ----- Original Message ----- From: "Rob Hutton" <rob...@ws...> To: "phplib-users list" <php...@li...> Sent: Sunday, October 06, 2002 4:41 PM Subject: [Phplib-users] Manual Download > I cannot find any way to download the whole online manual easily in one > tarball or something. Am I missing it? |
|
From: Rob H. <rob...@ws...> - 2002-10-06 20:38:12
|
I cannot find any way to download the whole online manual easily in one tarball or something. Am I missing it? |
|
From: Giancarlo <gia...@na...> - 2002-10-05 07:42:05
|
Il 04:27, sabato 5 ottobre 2002, hai scritto: > > You could add a field containing a unique authentication token to the > form. Once this token has been used once, invalidate it on the server. Patch submitted. https://sourceforge.net/tracker/index.php?func=detail&aid=618873&group_id=31885&atid=403613 Gian |
|
From: Richard A. <rh...@ju...> - 2002-10-05 02:36:01
|
At 19:20 +0200 4/10/02, Giancarlo wrote: >Did anyone notice that it is possible to sneak back from an authenticated but >expired page, with the browser back button, until we reach the submission of >the login POST data, hit reload and re-get authed without retipying >username/pass? >Do you know anything that can cure this? You could add a field containing a unique authentication token to the form. Once this token has been used once, invalidate it on the server. That way even if a username and password are re-POSTed, the token will be invalid and the auth will fail. Of course the username and pass must still be stored in memory on that computer somewhere, so if a wily hacker has access to the computer, well... ...R. |
|
From: Rob H. <rob...@ws...> - 2002-10-04 20:55:21
|
You can ad a metta tag with a value of PRAGMA-NOCACHE I think. IBM has it on their site... Rob Hutton Web Safe www.wsafe.com ********************************************************************** Introducing Symantec Client Security - Integrated Anti-Virus, Firewall, and Intrusion Detection for the Client. Learn more: http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 View our Symantec Client Security Demo: http://enterprisesecurity.symantec.com/symes238.cfm?JID=3&PID=11624271 Download the Symantec Client Security Fact Sheet: http://enterprisesecurity.symantec.com/symes238.cfm?JID=4&PID=11624271 Download the Symantec Client Security Brochure: http://enterprisesecurity.symantec.com/symes238.cfm?JID=5&PID=11624271 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Giancarlo > Sent: Friday, October 04, 2002 1:20 PM > To: phplib-users > Subject: [Phplib-users] browser back button sneaks > > > Did anyone notice that it is possible to sneak back from an > authenticated but > expired page, with the browser back button, until we reach the > submission of > the login POST data, hit reload and re-get authed without retipying > username/pass? > Do you know anything that can cure this? > > Gian > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > |
|
From: Giancarlo <gia...@na...> - 2002-10-04 17:24:28
|
Did anyone notice that it is possible to sneak back from an authenticated but expired page, with the browser back button, until we reach the submission of the login POST data, hit reload and re-get authed without retipying username/pass? Do you know anything that can cure this? Gian |
|
From: Matt W. <li...@ye...> - 2002-10-04 10:21:33
|
Hi all I just downloaded the updated files that Joe put into CVS last night. The= se were local4.inc, session4.inc, session4_custom.inc and prepend.php. My current setup is php 4.1.2,apache 1.3.23 on linux. I have phplib working with php3 session and register globals off but as s= oon as I change over to use php4 sessions using prepend.php, it seems to try = to load the page a couple of times then I get "page cannot be displayed" in = the browser. If I turn register globals on it seems to work fine. I get no messages in my apache error logs. Has anyone come across this? Also, in prepend.php there is a reference made to local.inc which I think should be made to local4.inc. Cheers Matt ------------------------------------------------------- ------------------------------------------------------- |
|
From: MadBit <ma...@er...> - 2002-10-04 09:08:02
|
Hello!
I'm using apache 1.3.26 + php 4.2.3 + phplib-7.2d + mysql 3.23.49-nt
(All in W2k).
My problem is that always y tried to load a page for first time
(each time a session must be created I think), the load fails (with IE
gives a 'can't show page... cannot find server or DNS, and with mozilla
gives nothing, simply the page doesn't load). If I try again the pages
loads and works fine all the application.
Since this happens with the sample page of phplib must be some
misconfiguration. I installed the servers and the application on another
machine with the same result.
Thanks,
--
Rogelio H.
|
|
From: Hans-Peter Z. <han...@un...> - 2002-10-04 06:04:46
|
Thanks a lot! I don't use templates yet, but maybe later..
Regards
Hans-Peter
> Here are some code snippets that might help.
> Using both OOHForms and Templates
>
> Cheers,
> Peter
>
> -----------------------
>
> ...
>
> $f1->ae(array("type"=>"radio",
> "name" =>"RButton",
> "value"=>"L")); //this sets the default
>
> ...
> $f1->start("","POST");
>
> $t->set_var(array( "RADIO_1"=>"Text left Button",
> "RADIO_IN_1"=>$f1->ge('RButton', 'L'),
> "RADIO_2"=>"Text right Button",
> "RADIO_IN_2"=>$f1->ge('RButton', 'R'),
> "SUBMITBUTTON"=>$f1->ge('submit1', 'Submit')));
> $t->pparse("out",array("table"));
>
>
> $f1->finish();
>
>
> //$RButton variable returns either "L" or "R"...At 09:24 01-10-2002,
> Hans-Peter Zahno wrote:
> >Dear all,
> >
> >I just started using PHPLib and want to use some input fields
> >of type 'radio' in my forms.
> >Unfortunately I can't find any examples in the documentation
> >on how to define radio buttons.
> >I tried to use it in (more or less) the same way like the 'select'
> >type, but it doesn't work.
> >What would help me is a short sample code on using form elements
> >of type 'radio'.
> >Thanks for any help.
> >Hans-Peter
> >
|
|
From: Kevin F. <fre...@ip...> - 2002-10-03 15:27:48
|
We have used the mod_headers (http://httpd.apache.org/docs/mod/mod_headers.= html) optional module for apache to apply our compact policy.=20 Kevin Fredrick Software Technician Walter E. Helmke Library Indiana University - Purdue University Fort Wayne 260-481-5445 http://www.lib.ipfw.edu/ >>> John Dalbec <jpd...@cc...> 10/03/02 09:42AM >>> Is it possible to incorporate a "compact privacy policy" into PHPlib=20 session cookies? The "high" security setting on IE blocks them otherwise. Thanks, John Dalbec ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf=20 _______________________________________________ Phplib-users mailing list Php...@li...=20 https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Peter T. <pte...@te...> - 2002-10-03 15:12:41
|
Here are some code snippets that might help.
Using both OOHForms and Templates
Cheers,
Peter
-----------------------
...
$f1->ae(array("type"=>"radio",
"name" =>"RButton",
"value"=>"L")); //this sets the default
...
$f1->start("","POST");
$t->set_var(array( "RADIO_1"=>"Text left Button",
"RADIO_IN_1"=>$f1->ge('RButton', 'L'),
"RADIO_2"=>"Text right Button",
"RADIO_IN_2"=>$f1->ge('RButton', 'R'),
"SUBMITBUTTON"=>$f1->ge('submit1', 'Submit')));
$t->pparse("out",array("table"));
$f1->finish();
//$RButton variable returns either "L" or "R"...At 09:24 01-10-2002,
Hans-Peter Zahno wrote:
>Dear all,
>
>I just started using PHPLib and want to use some input fields
>of type 'radio' in my forms.
>Unfortunately I can't find any examples in the documentation
>on how to define radio buttons.
>I tried to use it in (more or less) the same way like the 'select'
>type, but it doesn't work.
>What would help me is a short sample code on using form elements
>of type 'radio'.
>Thanks for any help.
>Hans-Peter
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: DEDICATED SERVERS only $89!
>Linux or FreeBSD, FREE setup, FAST network. Get your own server
>today at http://www.ServePath.com/indexfm.htm
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
|
|
From: John D. <jpd...@cc...> - 2002-10-03 14:42:57
|
Is it possible to incorporate a "compact privacy policy" into PHPlib session cookies? The "high" security setting on IE blocks them otherwise. Thanks, John Dalbec |
|
From: Marko K. <M.K...@os...> - 2002-10-02 09:02:17
|
Hi, perhaps one should change in the user administration example the text input fields for the password to real HTML password inputs as <input type="password" name="password" size=12 maxlength=32 value=""> Marko |
|
From: Lars H. <ph...@qu...> - 2002-10-02 08:11:28
|
Hallo Karsten, > ich habe probleme sessions in durch ein template generierte seiten > einzubinden > der befehl wird mit geparsed Kannst Du Dein Programm angeben, inkl. der Fehlermeldung? Please post your source code to the list and give more information about the failure. > template. finally i get this error message: > Parse error: parse error in ...on line 17 Scheint eher ein Fehler in Deinem Source Code zu sein. Sounds like a failure in your code, not in phpLib. Viele Gr=FC=DFe, Regards, Lars |
17 messages has been excluded from this view by a project administrator.
