phplib-users Mailing List for PHPLIB (Page 77)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Michael C. <mdc...@mi...> - 2002-01-24 01:26:55
|
On Wed, Jan 23, 2002 at 02:27:39PM -0600, Lindsay Haisley wrote: > I appreciate notice that there's some kind of security problem with phplib > 6.1, but until I get something specific w. regard to exactly what this is, I > really can't consider it more than a rumor. The software isn't broken. It > works fine. Everyone is happy. I'd like to upgrade to take advantage of > new features in php4, and I'd really rather hold off on upgrading phplib > until v8 comes out which, I understand, will take advantage of native php4 > session management. |Message-ID: <3B5...@na...> |Date: Sat, 14 Jul 2001 10:26:36 +0200 |From: giancarlo pinerolo <gia...@na...> |Organization: navigare.net |X-Mailer: Mozilla 4.08 [en] (X11; I; Linux 2.2.12-20smp i686) |MIME-Version: 1.0 |To: "php...@li..." |<php...@li...>, | "php...@li..." <php...@li...> |Subject: security: READ THIS! |Content-Type: text/plain; charset=us-ascii |Content-Transfer-Encoding: 7bit | |Gosh |with regards to this paper, named PHP Security Paper (a study in scarlet)... | |http://www.securereality.com.au/studyinscarlet.txt | |I always thought _PHPLIB was a defined constant, now I realize it is an array |try this script please, which can override the $_PHPLIB[libdir] value. | |in the third input field, which overrides _PHPLIB[libdir], type '/tmp/', |and it will include a file named 'test' there > > Package management is great. But PHP changes too quickly, and the > > upgrades are too important to miss, for package management to be an > > option. Breath deep, download the sources, and do a build. And get > > used to it. > > The bottom line is, 'if it works, don't fix it'. Unless there are known, > documented exploits with a given piece, or known bugs that make it really > problematic, the only difference between old and new is more features. If I Please see the php.net web site for a full list of vulnerabilities. Note also that session management is flakey in 4.0.6, the broken version that you wish to upgrade to. > I had hoped to get more technical specifics from people on this list, but > all I've received is grandfatherly advice, which really hasn't told me > anything I don't already know. We're giving you "grandfatherly advice" because you need it. Sorry to sound like I'm looking down my nose at you; I'm not. But you're making some bad decisions which could negatively impact your customers. > I have a replacement server in the planning stage, and it'll be set up with > php4 (a recent version) and a more recent version of phplib, but unless and > until I get more information on exactly what breaks in phplib 6.1 between > php3 and php4 I don't plan to migrate stuff on the existing server. Not a bad idea. Note, folks: we're getting through. > > The reason that we're not answering that is because your version of > > phplib is so incredibly old that we have no idea what all will break. > > Incredibly old? The file dates indicate that it was installed in Nov of > 1998? That's a little over 3 years ago, really not long enough, I would > hope, for everyone to forget about it, but long enough that there should be > some solid evidence w. regard to problems in a php version upgrade. > Granted, with the growth of php and phplib, I expect that _most_ people on > this list weren't using phplib in Nov. of 1998. Oh well... > > > I cannot fathom that someone would update software so rarely. > > If it works, don't fix it. migration from phplib 6.1 to v7.x involves > code rewrites for subclasses so that they can be properly serialized. Other > than a greatly expanded feature set, I have seen no reason to upgrade and > have to do all this work. What we're trying to explain to you, and you'll have none of it, is that sometimes software looks like it's working, but in fact there are potential problems and real problems. Exploitability is a real problem. > > I suppose that you're still running an > > exploitable 2.2 kernel, too. > > Actually, yes. Exploits in the 2.2 kernels involve the ability to install > rogue modules from a shell. There are no shell accounts on the server, > other than administrative accounts. I know of no exploits implicating the > Linux 2.2 kernel involving attack from external sources, except possibly > from potentiail DoS attacks. Frankly, I don't believe there are any. The > system is secure and has never been compromised. There are also remote exploits with tcp/ip in some versions, please see your favorite security-oriented web site for details. Sorry, you need to learn how to find this stuff out yourself. Also, if you're running telnetd, and you didn't update it since last July, then it is fully exploitable (remote root shell) without needing access to an account on the box. There are plenty of other problems throughout the last couple of years, unless you're keeping up with them your box is vulnerable. > > I would highly recommend that you get in the habit of upgrading PHP and > > Apache when upgrades are available, and update phplib when upgrades are > > available. You do your customers a great disservice by not doing this. > > A disservice? How? No one complains? No accounts have been compromised? > I really have a very high retention rate for customers, and almost all my > new business comes from referrals from satisficed existing customers. Me too, so what? You've already said your customers know nothing about what you're doing. > Michael, thank you for your recommendations. I will take your obvious > wisdom and many years of experience as a system administrator into account > when I consider your advice in planning future upgrades here. Since you think you're too smart to listen to me, why not listen to everybody on here who's saying the exact same thing? I've been doing Unix administration professionally for well over 10 years now, and dynamic web content for 8 years (well, in two weeks, groups.google.com for more information), I've picked up a thing or two in that time. You'd be wise to get off the know-it-all kick and listen. You've received a lot of excellent suggestions from this group. I would recommend that you consider it all. Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
|
From: Lindsay H. <fm...@fm...> - 2002-01-23 20:27:42
|
Thus spake Michael Chaney on Tue, Jan 22, 2002 at 10:12:03PM CST > On Tue, Jan 22, 2002 at 02:52:19PM -0600, Lindsay Haisley wrote: > > Actually, I installed phplib from a tar package from the author's website. > > When I installed it, v 6.1 was the newest version. All my customer's > > websites are built against phplib 6.1. > > I'm still not sure why this is the case, unless you built them all years > ago and haven't had any new business since then. My customers are > informed enough to know that software changes, and that periodically > they'll get updated. Yes, they were built years ago, and I've had plenty of new business, but becuase PHP and phplib are installed at the system level, new sites are built against the same functionality. > As many of us have > said, you are running old software which has known security problems, and > worse yet you're thinking of upgrading to another broken version of PHP. I appreciate notice that there's some kind of security problem with phplib 6.1, but until I get something specific w. regard to exactly what this is, I really can't consider it more than a rumor. The software isn't broken. It works fine. Everyone is happy. I'd like to upgrade to take advantage of new features in php4, and I'd really rather hold off on upgrading phplib until v8 comes out which, I understand, will take advantage of native php4 session management. > Package management is great. But PHP changes too quickly, and the > upgrades are too important to miss, for package management to be an > option. Breath deep, download the sources, and do a build. And get > used to it. The bottom line is, 'if it works, don't fix it'. Unless there are known, documented exploits with a given piece, or known bugs that make it really problematic, the only difference between old and new is more features. If I build sites utilizing a given php/phplib API and they work fine, in the absense of security problems which would permit mischief from random sources elsewhere on the Internet, there's absolutely no reason to upgrade, so I beg to differ with you on this. I had hoped to get more technical specifics from people on this list, but all I've received is grandfatherly advice, which really hasn't told me anything I don't already know. I have a replacement server in the planning stage, and it'll be set up with php4 (a recent version) and a more recent version of phplib, but unless and until I get more information on exactly what breaks in phplib 6.1 between php3 and php4 I don't plan to migrate stuff on the existing server. > The reason that we're not answering that is because your version of > phplib is so incredibly old that we have no idea what all will break. Incredibly old? The file dates indicate that it was installed in Nov of 1998? That's a little over 3 years ago, really not long enough, I would hope, for everyone to forget about it, but long enough that there should be some solid evidence w. regard to problems in a php version upgrade. Granted, with the growth of php and phplib, I expect that _most_ people on this list weren't using phplib in Nov. of 1998. Oh well... > I cannot fathom that someone would update software so rarely. If it works, don't fix it. migration from phplib 6.1 to v7.x involves code rewrites for subclasses so that they can be properly serialized. Other than a greatly expanded feature set, I have seen no reason to upgrade and have to do all this work. > I suppose that you're still running an > exploitable 2.2 kernel, too. Actually, yes. Exploits in the 2.2 kernels involve the ability to install rogue modules from a shell. There are no shell accounts on the server, other than administrative accounts. I know of no exploits implicating the Linux 2.2 kernel involving attack from external sources, except possibly from potentiail DoS attacks. Frankly, I don't believe there are any. The system is secure and has never been compromised. > I would highly recommend that you get in the habit of upgrading PHP and > Apache when upgrades are available, and update phplib when upgrades are > available. You do your customers a great disservice by not doing this. A disservice? How? No one complains? No accounts have been compromised? I really have a very high retention rate for customers, and almost all my new business comes from referrals from satisficed existing customers. Michael, thank you for your recommendations. I will take your obvious wisdom and many years of experience as a system administrator into account when I consider your advice in planning future upgrades here. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | |
|
From: Michael C. <mdc...@mi...> - 2002-01-23 04:08:49
|
On Tue, Jan 22, 2002 at 02:52:19PM -0600, Lindsay Haisley wrote: > Actually, I installed phplib from a tar package from the author's website. > When I installed it, v 6.1 was the newest version. All my customer's > websites are built against phplib 6.1. I'm still not sure why this is the case, unless you built them all years ago and haven't had any new business since then. My customers are informed enough to know that software changes, and that periodically they'll get updated. > I would very much like to upgrade the whole she-bang. The issue, which > everyone seems to have missed, is that this is a _production server_. I > host sites which my customers are paying me to keep online rock-solid and > unbroken. I don't think any of us missed that. I am in the exact same business as you, except that my customers understand that keeping anything running rock solid means updates to fix security problems and bugs occassionally, but continually as an ongoing effort. As many of us have said, you are running old software which has known security problems, and worse yet you're thinking of upgrading to another broken version of PHP. Package management is great. But PHP changes too quickly, and the upgrades are too important to miss, for package management to be an option. Breath deep, download the sources, and do a build. And get used to it. > If I intend to upgrade to php4, I need to know _very > specifically_ what I can expect to break in existing code so that can either > preempt any problems or fix them quickly if I get complaints that something > on someone's site has stopped working. The reason that we're not answering that is because your version of phplib is so incredibly old that we have no idea what all will break. I started with it two years ago and it was version 7.2 then. I cannot fathom how old the 6.1 version is, and I cannot fathom that someone would update software so rarely. I suppose that you're still running an exploitable 2.2 kernel, too. I would highly recommend that you get in the habit of upgrading PHP and Apache when upgrades are available, and update phplib when upgrades are available. You do your customers a great disservice by not doing this. Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
|
From: Andrew C. <An...@Ev...> - 2002-01-23 02:28:54
|
FWIW: With the low cost of hardware and the high cost of pissing off customers these days, the best way to do this is to (1) set up the new configuration you want on a new server, (2) install the customer sites, one at a time, on the new server, (3) resolving any problems you discover, one at a time, then (4) make the new server live (either by changing DNS records (preferred) or by decommissioning the old server and re-assigning its IP address to the new one (less preferred.)) That way, you have much less potential for interruption in service and can immediately revert to the previous configuration in the event of disaster. If you have two servers with identical hardware, you can "leapfrog" them: proceed as described above, when you are ready to do the next upgrade, re-install the older one with the new configuration and repeat. During normal operations, you can use the unused server as a redundant failover - i.e. configure it just like the live server and mirror data to it. If something bad happens to the first server, make the other one live. Andrew Crawford An...@Ev... At 02:52 PM 1/22/2002 -0600, you wrote: >Thus spake Layne Weathers on Tue, Jan 22, 2002 at 02:41:31PM CST > > > the version of phplib that is in testing and stable is very > > > out of date. > > > The version that stable is using was never released and > > > shouldn't be on > > > a production server. > > > grab the version of phplib from unstable, is it actually the > > > most stable > > > version. > > > http://packages.debian.org/unstable/web/phplib.html > > > > > > > > > At this point testing is more stable than stable for > > > apache/php4/phplib/mysql etc > > > > > > No, no, no. Why would you rely on a package created by a Linux distribution > > company? There is no way that they can keep up to date on all the little > > projects they include on their disks and if they are building their package > > from the latest releases instead of the CVS tree then you are really out of > > luck. > >Actually, I installed phplib from a tar package from the author's website. >When I installed it, v 6.1 was the newest version. All my customer's >websites are built against phplib 6.1. > >I would very much like to upgrade the whole she-bang. The issue, which >everyone seems to have missed, is that this is a _production server_. I >host sites which my customers are paying me to keep online rock-solid and >unbroken. If I intend to upgrade to php4, I need to know _very >specifically_ what I can expect to break in existing code so that can either >preempt any problems or fix them quickly if I get complaints that something >on someone's site has stopped working. > >-- >Lindsay Haisley | "Everything works | PGP public key >FMP Computer Services | if you let it" | available at >512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> >http://www.fmp.com | | > >_______________________________________________ >Phplib-users mailing list >Php...@li... >https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: J C L. <cl...@ka...> - 2002-01-22 21:33:12
|
On Tue, 22 Jan 2002 14:41:31 -0600 Layne Weathers <la...@if...> wrote: > No, no, no. Why would you rely on a package created by a Linux > distribution company? Please note that Debian is not produced by a company, but rather by volunteers at the individual package level. > There is no way that they can keep up to date on all the little > projects they include on their disks and if they are building > their package from the latest releases instead of the CVS tree > then you are really out of luck. You might be surprised at how well Debian does in this regard, tho you'll need to track /unstable to see (Debian's release process is glacial at best). -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. cl...@ka... He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. |
|
From: Lindsay H. <fm...@fm...> - 2002-01-22 21:23:32
|
Thus spake Layne Weathers on Tue, Jan 22, 2002 at 02:41:31PM CST > No, no, no. Why would you rely on a package created by a Linux distribution > company? There is no way that they can keep up to date on all the little > projects they include on their disks and if they are building their package > from the latest releases instead of the CVS tree then you are really out of > luck. Let me note here that I did the unthinkable year before last - I did a system-wide upgrade from Debian woody to Debian potato on my running production server, and only _one_ thing broke! Another required a reboot to get working properly. There were hundreds of packages involved. I have a lot of faith in Debian, and although I bitch about their fascist dependency enforcement, their packages are extremely well integrated and generally of excellent quality. I used to run Slackware on my production server many years ago and keep things up to date by recompiling everything from source, but I just couldn't keep up with all the updates, and things got out of sync and some stuff ended up being off in left field. It was a PITA. And stuff pulled from CVS is fine for experimental systems, and for people with a lot of time to tinker and make things work, but it's almost always alpha or early beta and unless you really know the development details, it's not suitable for a production server. Some projects, yes, but with others CVS releases are pretty much guaranteed to have problems. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | |
|
From: Lindsay H. <fm...@fm...> - 2002-01-22 21:12:45
|
Thus spake Daniel Bondurant on Tue, Jan 22, 2002 at 02:54:09PM CST > I would recommend installing the latest phplib, but put it in a > different folder, and let your users know of the new folder and let them > upgrade as needed. The php3.ini file references an include_path and an auto_prepend file which must be one place or another. I can't have it both ways. Most of my customers don't know PHP from last Sunday's fish chowder - they just know that their websites do what they expect and want me to keep them that way. > keep php3, just upgrade to the lastest version. There are a few things > that might break, and you can't really predict what they are. Well it seems that no one really knows what might break, although I was hoping that someone on the PHP list would have had some experience with this and analyzed the problem. I know that more recent versions of phplib _do_ require that class definitions be modified, so every class in every customer's pages will need to be fixed if I upgrade phplib. I'd rather start by upgrading php, if possible, hence my question. > If your > customers insist on php4, Far from insisting, my customers' eyes would glaze over if I tried to explain the difference. They're mostly non-techie folk. They just want their sites to work. I write all the PHP code for them. > then you might be better off installing it in > addtion to php3 (they can both be running on the same machine; assign > .php3 to php3 and .php to php4 in apache). I've thought of this. The fascist Debian dependencies won't let me do it from packages, so I'll probably build php4 from source and go that route. The php4 in Debian stable is out of date in any event. I could run a more recent phplib w. php4, modify class definitions on a site by site basis, and then switch the MIME types in the local .htaccess file to turn on php4 for each site. > the php3/php4 question is best left for the php mailing list. Well my question relates directly to phplib, so I was hoping to get an answer here. I don't think any of the code in these sites which doesn't depend on phplib is going to break. I don't push the envelope too hard. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | |
|
From: Daniel B. <bo...@io...> - 2002-01-22 21:00:30
|
FYI Debian is not a distribution "company," and all the packages, especially in unstable are *very* up to date. ie php4.1rc1 was available the day it was released. apt-get update will update all the packages you have installed on your system. It's very slick and smooth. And you really don't want to run a cvs version of anything on a production server. as for the orginal questions, running two version of phplib is the best bet, and questions of php3 vs. php4 are best left to the php mailing list. -----Original Message----- From: php...@li... [mailto:php...@li...]On Behalf Of Layne Weathers Sent: Tuesday, January 22, 2002 12:42 PM To: php...@li... Subject: Re: [Phplib-users] phplib 6.1, php3 and php4 > the version of phplib that is in testing and stable is very=20 > out of date. > The version that stable is using was never released and=20 > shouldn't be on > a production server. > grab the version of phplib from unstable, is it actually the=20 > most stable > version. > http://packages.debian.org/unstable/web/phplib.html >=20 >=20 > At this point testing is more stable than stable for > apache/php4/phplib/mysql etc No, no, no. Why would you rely on a package created by a Linux distribution company? There is no way that they can keep up to date on all the little projects they include on their disks and if they are building their package from the latest releases instead of the CVS tree then you are really out of luck. Go to <http://sourceforge.net/cvs/?group_id=3D31885>. Follow the instructions and check out the module php-lib-stable from CVS. Subscribe to the phplib-commit mailing list. When you receive mail from that list, update your checked-out copy of the php-lib-stable module. Layne Weathers Ifworld Inc. |
|
From: Lindsay H. <fm...@fm...> - 2002-01-22 20:52:22
|
Thus spake Layne Weathers on Tue, Jan 22, 2002 at 02:41:31PM CST > > the version of phplib that is in testing and stable is very > > out of date. > > The version that stable is using was never released and > > shouldn't be on > > a production server. > > grab the version of phplib from unstable, is it actually the > > most stable > > version. > > http://packages.debian.org/unstable/web/phplib.html > > > > > > At this point testing is more stable than stable for > > apache/php4/phplib/mysql etc > > > No, no, no. Why would you rely on a package created by a Linux distribution > company? There is no way that they can keep up to date on all the little > projects they include on their disks and if they are building their package > from the latest releases instead of the CVS tree then you are really out of > luck. Actually, I installed phplib from a tar package from the author's website. When I installed it, v 6.1 was the newest version. All my customer's websites are built against phplib 6.1. I would very much like to upgrade the whole she-bang. The issue, which everyone seems to have missed, is that this is a _production server_. I host sites which my customers are paying me to keep online rock-solid and unbroken. If I intend to upgrade to php4, I need to know _very specifically_ what I can expect to break in existing code so that can either preempt any problems or fix them quickly if I get complaints that something on someone's site has stopped working. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | |
|
From: Layne W. <la...@if...> - 2002-01-22 20:41:34
|
> the version of phplib that is in testing and stable is very > out of date. > The version that stable is using was never released and > shouldn't be on > a production server. > grab the version of phplib from unstable, is it actually the > most stable > version. > http://packages.debian.org/unstable/web/phplib.html > > > At this point testing is more stable than stable for > apache/php4/phplib/mysql etc No, no, no. Why would you rely on a package created by a Linux distribution company? There is no way that they can keep up to date on all the little projects they include on their disks and if they are building their package from the latest releases instead of the CVS tree then you are really out of luck. Go to <http://sourceforge.net/cvs/?group_id=31885>. Follow the instructions and check out the module php-lib-stable from CVS. Subscribe to the phplib-commit mailing list. When you receive mail from that list, update your checked-out copy of the php-lib-stable module. Layne Weathers Ifworld Inc. |
|
From: Daniel B. <bo...@io...> - 2002-01-22 19:28:49
|
the version of phplib that is in testing and stable is very out of date. The version that stable is using was never released and shouldn't be on a production server. grab the version of phplib from unstable, is it actually the most stable version. http://packages.debian.org/unstable/web/phplib.html At this point testing is more stable than stable for apache/php4/phplib/mysql etc -----Original Message----- From: Lindsay Haisley [mailto:fm...@fm...] Sent: Monday, January 21, 2002 9:51 PM To: php...@li... Subject: [Phplib-users] phplib 6.1, php3 and php4 I run professional online web services, some of them mission critical for a number of customers. I use Debian GNU/Linux v2.2, apache 1.3.9, php3 and phplib 6.1 - all of which are standard issue in Debian 2.2. I would like to upgrade php to v4.0.3 (the latest version in Debian's stable dist) to take advantage of a number of features in v4. What kind of problems, if any, will I run into w. phplib in such an upgrade? --=20 Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Michael C. <mdc...@mi...> - 2002-01-22 07:01:10
|
On Mon, Jan 21, 2002 at 11:50:35PM -0600, Lindsay Haisley wrote: > I run professional online web services, some of them mission critical for a > number of customers. I use Debian GNU/Linux v2.2, apache 1.3.9, php3 and > phplib 6.1 - all of which are standard issue in Debian 2.2. I would like to > upgrade php to v4.0.3 (the latest version in Debian's stable dist) to take > advantage of a number of features in v4. What kind of problems, if any, > will I run into w. phplib in such an upgrade? First, I don't care what version is in Debian's stable dist, 4.0.3 has a number of significant bugs and security holes. Apache 1.3.9 probably needs patched (we're up to 1.3.20 now), and phplib is up to 7.2d. With PHP, you need to always download the very latest version straight from the tap, so to speak. And keep it updated. You need to learn how to build Apache + PHP + MySQL support + mod_ssl by yourself, make a script to do it. With that out of the way, what features of phplib do you use? For sessioning, PHP4 has built-in sessioning which is far faster than the phplib sessioning. If you don't have the latest version of phplib, you will have problems due to a couple of new "features" in php4. The version of phplib that you have probably also has a pretty major security vulnerability which was discovered recently. Note that php4 is, at the very least, 5 times as fast as php3. Even moreso if you get the Zend optimizer. It's not unusual to see an order of magnitude speed difference, so it'll be like you're getting a new computer. Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
|
From: Lindsay H. <fm...@fm...> - 2002-01-22 05:50:38
|
I run professional online web services, some of them mission critical for a number of customers. I use Debian GNU/Linux v2.2, apache 1.3.9, php3 and phplib 6.1 - all of which are standard issue in Debian 2.2. I would like to upgrade php to v4.0.3 (the latest version in Debian's stable dist) to take advantage of a number of features in v4. What kind of problems, if any, will I run into w. phplib in such an upgrade? -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | |
|
From: Joern M. <jo...@mu...> - 2002-01-18 07:09:04
|
Hi out there,
(possibly) after an update of php (to 4.0.6) and apache (to 1.3.22) my =
"program" fails to register variables using $sess->register("varname") - =
it has been working before. Are there necessary options for the =
configure -scripts or for the php.ini that may be missing?!
Thanx
Joern
|
|
From: Cristiana R. de S. - 1971259-1 <cri...@al...> - 2002-01-17 18:07:56
|
I want an authentication with php4 + phplib + interbase, but don't have
db_ibase.inc in phplib. I tryed build a module with interbase but its have
some
problems.
Somebody have some idea about this for me?
Thanks.
Cristiana
Brasil.
|
|
From: nathan r. h. <na...@ds...> - 2002-01-13 19:25:15
|
On Sun, 13 Jan 2002, Peter Holm wrote:
>
> ahhm, sorry, it=B4s OT, but is there a cvs-command to list all available
> modules on a server?
>
Not that I'm aware of, you can check out the CVSROOT and look in the
"modules" file, but that may or may not work with SourceForge, as they
don't specficly keep it up to date, they just let CVS handle it by adding
directories to the repostiry automagically. Grrr.
phplib has only two modules:
php-lib -> the original repository used for phplib. It's a mess
php-lib-stable -> release-only repository creaded with the 7.2b release.
Less of a mess and where most of the fixes are living
> Is there also a command to list all available releases (tags)?
>
cd /path/to/working_dir
cvs history -x T -a
This will only show history since the move to SourceForge
-n
--=20
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
nathan hruby / digital statement
na...@ds...
http://www.dstatement.com/
Public GPG key can be found at:
http://www.dstatement.com/nathan-gpg-key.txt
ED54 9A5E 132D BD01 9103 EEF3 E1B9 4738 EC90 801B
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
|
|
From: Peter H. <PH...@gm...> - 2002-01-13 19:08:56
|
Hi Layne Weathers! >Check out 'php-lib-stable'. ok thanks. ahhm, sorry, it=B4s OT, but is there a cvs-command to list all available modules on a server? Is there also a command to list all available releases (tags)? Thank you for your attention. Have a nice thread, Peter |
|
From: Matt F. <ma...@sp...> - 2002-01-12 02:59:44
|
I've just started using ooh forms. It's great. Thanks to all those who have made it possible. The question is: why isn't the textarea field validated? Am I missing something? What if I want to require an entry, the way I can with a text field? Could I add the validation functions to the textarea class? What would be a good way to do this? Has anyone added functionality like this to the textarea class? Thanks very much, Matt Friedman Web Applications Developer www.SpryNewMedia.com Email: ma...@Sp... |
|
From: Layne W. <la...@of...> - 2002-01-11 15:05:02
|
> am i doing something wrong? > > If I try to checkout from cvs I get: > > cvs server: cannot find module `phplib' - ignored > cvs [checkout aborted]: cannot expand modules Check out 'php-lib-stable'. Layne Weathers Ifworld Inc. |
|
From: Andrew C. <An...@Ev...> - 2002-01-11 07:32:11
|
I wrote a PHP script (standalone, no phplib components) to accept some data input through a secure (SSL) web form, present that information for review, and then process it. It works great. I modified the script so that it uses phplib templates (from phplib version 7.2d) for all of the output (the original form, the review page, and the final results page.) It works great ... except in IE 5 for Windows. In IE 5, the initial form loads fine. I fill in some data and press the submit button. IE pops up a dialogue that says: >You are about to leave a secure internet connection. It will be possible >for others to view the information you send. [Yes] [No] [More Info] This message should not appear. The connection is secure (well, as secure as it gets for web transactions - I know Bruce Schnier would have comments.) I changed all of the relative references in my template to absolute references, including the "https://". I changed all the graphics in the page and even the reference for the style sheet. So, I see nothing in the page that should cause it to retrieve anything via anything but https. If I hit "Yes" in response to the dialogue, I get a "this page cannot be displayed" error page, culminating in this error message: >Cannot find server or DNS Error I can then hit refresh and get back to the blank form with all input lost. If I hit "No" in response to the pop-up dialogue, it returns to the populated form and lets me try again. Either way, on the second try, there is no pop-up dialogue and the script proceeds as it should (as it does in all other browsers I have tested, including IE 5 for MacOS.) When submitting the okay for the review, the same thing happens. The problem disappears when accessing the same form with a regular http connection. So, this appears to be a problematic interaction among IE 5, SSL, and phplib templates. I loathe IE for always being part of problems like this but, it is in such widespread use, I have to support it. Anyone have any guesses about what might be causing this or how I can fix it? This is my first foray into using phplib templates (though I have been using phplib for other things for quite some time) so, this could easily be a known issue or a stupid user problem. I will be hesitant to use phplib templates in other projects until I can figure out what is wrong here. So, any insight would be appreciated. BTW, I notice that the initial comments block in template.inc appears to contain the wrong description: >/* > * Session Management for PHP3 > * > * (C) Copyright 1999-2000 NetUSE GmbH > * Kristian Koehntopp > * > * $Id: template.inc,v 1.5 2000/07/12 18:22:35 kk Exp $ > * > */ Shouldn't it be "Templates for PHP" or something rather than "Session Management?" Thank you for any suggestions you can render. Andrew Crawford An...@Ev... |
|
From: Peter H. <PH...@gm...> - 2002-01-11 02:13:41
|
Hi, am i doing something wrong? If I try to checkout from cvs I get: cvs server: cannot find module `phplib' - ignored cvs [checkout aborted]: cannot expand modules what=B4s wrong??? Have a nice thread, Peter |
|
From: Layne W. <la...@of...> - 2002-01-09 14:35:23
|
> Dear All
>
> I have a a php template script (see below). It references
> two templates,
> newuser.ihtml and select_dbout.ihtml (see below).
>
> What I am trying to do is use select_dbout.ihtml twice within
> new user.ihtml
> to give database driven select lists. It all works fine
> until I have both
>
> $templ->parse("rows", "row", true);
>
> statements when I get the following error message:
>
> Template Error: loadfile: row is not a valid handle.
> Halted.
>
> Can anyone explain why this and if it is possible to use the
> block template
> witihin the same file?
You already set the block on line 41, so the block is not there when you try
to set it on line 70. You only need to (and indeed are only able to) set the
block once - the row variable will still be there for you.
Yes, you can use the block multiple times, but you need to handle it a
little differently. In your example, put line 47's parse statement back in
and replace line 70 with
$templ->set_var("rows", "");
There is an easier way to do this though.
Make line 41:
$templ->set_block("select_dbout", "row");
(you won't be parseing select_dbout at all)
Make line 47:
$templ->parse("roles_dbOutput", "row", true);
Eliminate lines 51 and 70.
Make line 74:
$templ->parse("status_dbOutput", "row", true);
Then simple parse the newuser file.
On a side note, if you change your sql to:
"select id as key, name from roles" and
"select value as key, name from status"
then in your database loop you will only need to:
$templ->set_var($db->Record);
Layne Weathers
Ifworld Inc.
|
|
From: Herouth M. <he...@it...> - 2002-01-09 14:23:35
|
On 2002 January? 9 ,Wednesday 16:09, Rogers, Paul wrote:
> Can anyone explain why this and if it is possible to use the block
> template witihin the same file?
Once you use set_block the first time, that block no longer exists
within the original select_dbout. It has been replaced with the
string {rows}.
If you want to use it again, just set_var( 'rows', '' ), and start
filling the rows variable again, then parse select_dbout again.
Herouth
|
|
From: Rogers, P. <Pau...@mo...> - 2002-01-09 14:10:39
|
Dear All
I have a a php template script (see below). It references two templates,
newuser.ihtml and select_dbout.ihtml (see below).
What I am trying to do is use select_dbout.ihtml twice within new user.ihtml
to give database driven select lists. It all works fine until I have both
$templ->parse("rows", "row", true);
statements when I get the following error message:
Template Error: loadfile: row is not a valid handle.
Halted.
Can anyone explain why this and if it is possible to use the block template
witihin the same file?
Many thanks
Paul
<?php //newuser.php
include("common.inc"); // requires include_path to be functioning
global $PHP_SELF;
// instantiate new instance of DB class
$db = new DB_Mowlem;
# Define our Application Type
$AppType = "newuser";
# create Template instance called $templ
$templ = new Mowlem_Template("/usr/local/apache/htdocs/templates",
"keep");
# define variables named newuser and select_dbout referencing files
$templ->set_file(array(
"$AppType" => $AppType.".ihtml",
"select_dbout" => "select_dbout.ihtml"));
// ROLES FIELD
//Set up the query string......
$str_sql = "
select id, name
from roles"
;
// Send the DB Object the query
$db->query("$str_sql");
# extract the block named "row" from "select_dbout", creating a
# reference to {rows} in "select_dbout".
$templ->set_block("select_dbout", "row", "rows");
while ($db->next_record()) {
$templ->set_var(array("key" => $db->Record[id],
"name" => $db->Record[name]));
};
# build status_dbOutput from index...
$templ->parse("roles_dbOutput", "select_dbout");
// STATUS FIELD
//Set up the query string......
$str_sql = "
select value, name
from user_status"
;
// Send the DB Object the query
$db->query("$str_sql");
# extract the block named "row" from "select_dbout", creating a
# reference to {rows} in "select_dbout".
$templ->set_block("select_dbout", "row", "rows");
while ($db->next_record()) {
$templ->set_var(array("key" => $db->Record[value],
"name" => $db->Record[name]));
$templ->parse("rows", "row", true);
};
# build menuOutput from index...
$templ->parse("newuserOutput", "newuser");
# finish all Output and print it.
$templ->p("newuserOutput");
?>
----- template newuser.ihtml -------
<HTML>
<HEAD>
<TITLE>mowlem</TITLE>
<STYLE TYPE="text/css">
<!--
@import url(../styles/mowlem1.css);
-->
</STYLE>
</HEAD>
<body>
<div class="Header">
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.ca
b#version=5,0,0,0"
width="100%" height=144 >
<PARAM NAME=movie VALUE="../flash/mowlem.swf"> <PARAM NAME=quality
VALUE=high> <PARAM NAME=bgcolor VALUE=#000000>
</OBJECT>
</div>
<div class="Navigation">
</div>
<div class="Content">
<p><h3><b>Create A New User</b></h3></p>
<form method="POST" action="./None">
<input type="hidden" name="user_id" value="{user_id}">
<table>
<p>
<tr>
<td>
User Name:
<input type="text" name="user_uname">
</td>
<td>
<tr>
<td>
Status:
<select name="user_status">
{status_dbOutput}
</select>
</td>
<td>
Role:
<select name="user_role">
{roles_dbOutput}
</select>
</td>
</tr>
</table>
----- template select_dbout.ihtml -----
<!-- start dbout.ihtml -->
<!-- BEGIN row -->
<OPTION VALUE="{key}">{name}</OPTION>
<!-- END row -->
<!-- end dbout.ihtml -->
*****************************************************************************
This email and any attachments transmitted with it are confidential
and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the sender and do not store, copy or disclose the content
to any other person.
It is the responsibility of the recipient to ensure that opening this
message and/or any of its attachments will not adversely affect
its systems. No responsibility is accepted by the Company.
*****************************************************************************
|
|
From: Andres B. <and...@li...> - 2002-01-08 13:54:02
|
Hi,
I'm using phplib session features for logging and debugging purpouses. I'm
using phplib from a while, and I'm implementing new features for my
application when I have some spare time.
Now I was dealing with retriving data from phplib tables (val field in
active_sessions table in default installation).
I'm using this code:
eval ($sess->that->ac_get_value($tmp_sess, $tmp_name));
it works, I can access $GLOBALS with my data, but it is very slow.
Any suggestion?
Andres
____________
Andres Baravalle
http://www.baravalle.it
Tel: +39 011 6706773
Cel: +39 328 2953613
____________
Gli uomini d'azione sono poco pratici.
La stessa azione li allontana dalla loro meta.
Paco Ignacio Taibo I
|
17 messages has been excluded from this view by a project administrator.
