phpwebsite-developers Mailing List for phpWebSite Content Management System (Page 22)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Oh...  I forgot to mention this...  the link to the module is:
	index.php?module=classads&Classads_op=plist

I need to add this to my TODO list.

Regards,

Ken Nordquist

Hey Y'all,

I am almost finished with a classified ads module modeled after a
newspaper's classified ads.  The structure is: Sections (parent) and
Categories (child). There is a central menu to select Sections without
having to move between screens. This also applies to Classads records
add / edit function.

This is a release candidate and there are some things which need to be
done. See BUGS_TODO.txt for a partial list.

Any and all feedback is solicited and welcomed.

The first release candidate of the Classads module for phpWebsite. You
can download here: http://geekystuff.net/files/classads-0.1.1rc1.tar.gz

Regards,

Ken Nordquist

On 19 Aug 2005, at 17:10, Marino Pascal wrote:

> Shaun,
> you've probably thought about it already but how about using
> http://gallery.sourceforge.net  ?
>
> It has all the features you are looking for, it's a mature product,  
> actively developed, open source.
> It has support for
> Nuke 5.0+
> NSN-nuke
> Post-nuke
> Geek Log
> phpBB2
> Mambo
>
> and at an earlier life for PHPWS 8.

Used it before. It's ok, but I'd rather stick with phpWebSite modules  
so I don't have to hack a 3rd party product each time either changes.  
It's a false economy and the integration always looks a right dogs  
dinner with two very different interfaces sharing the same page. That  
just wouldn't do for a professional site.

In any case, I've just about finished hacking photoalbum myself now.  
Had an excess of programming juice one night and a few hours later....

It now has personal albums that each user can upload into, assignable  
ownership of albums by an admin, search facilities, better resizing  
of images and comments. Just got to tidy up the config a bit so it's  
more general purpose and I'd like to replace some of the error  
handling so that users don't get errors about recompiling GD when  
they try to upload a Windows bitmap.

It probably also needs integrating into Approval for creation of  
albums by users as at the moment they have to ask an admin to create  
one and assign ownership before they can upload.

Other than that, done. Thanks to Jim for reminding me there was an  
owner field, it proved much more simple than I thought.

I then went on to add private forums to phpwsBB. That's done too  
now. ;-)

Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

> So: Where's the first module using AJAX? :-)

I was using Ajax for Fallout's image manager class but I removed it.
Lesson I learned: use it when you should, not when you can ;-)

> 
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

=20

> -----Urspr=FCngliche Nachricht-----
> To: phpwebsite-developers-list=20
> <php...@li...>
> From: Shaun Murray <sh...@ae...>
> Date: Sat, 20 Aug 2005 13:27:58 +0100
> Subject: [Phpwebsite-developers] AJAX and clean XHTML
> Reply-To: php...@li...

> It allows you to remove the javascript from your HTML and=20
> stick it in CSS. Much, much cleaner. It'd mean that we could=20
> use the same templates for AJAX themes as for non-AJAX. Just=20
> the css changes to point at the behaviour javascript code.

I like the Behavior lib, thanks for the pointer. Even though I am a =
great
fan of AJAX we shouldn't forget: We need a fallback to non-JavaScript
enabled browsers, too.

So: Where's the first module using AJAX? :-)

On 20 Aug 2005, at 02:47, Jim Wilson wrote:

>
> This seems just a little vague, but the photoAlbum module is fairly  
> simple so it shouldn't be hard to find help.  The photo albums all  
> have an "owner" property so basically all you have to do is check  
> against that.  You might want to add an admin option to "change the  
> owner" of a gallery, but really if you aren't adding dozens of  
> these at a time, you could just as easily type an update statement  
> into some sql admin tool in order to assign owners to albums.   
> There should be no need for a specific module maintainer to take  
> this particular task on.  Anyone who has written a phpwebsite  
> module could do it.  I would, but I guess I'm doing the same  
> "working too hard...lifestyle thing" (as everyone else?).
>

The point was more to give back to the original module developer  
first whose code I've been using for years, but yes, after that, it's  
open to anyone.

I''ve extra code myself to write and I've 48MB of content to sift  
through to go on the site so extra hands would be nice.

> Off the topic a bit, your local government legal department is  
> actually correct.  The code does not have to be given away.  If you  
> choose to redistribute the modified GPL or LGPL code in some way,  
> then the changes must be distributed in the same manner as the  
> original code (e.g. under and according to the terms of the GPL).   
> Just the same, kudos to you for convincing them to release all the  
> work :-)

Again - this falls under the "giving back" thing. ;-)

Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Came across this little bit of javascript whilst looking for a better  
way to still have clean html but allowing AJAX style interfaces

http://www.ripcord.co.nz/behaviour/

It allows you to remove the javascript from your HTML and stick it in  
CSS. Much, much cleaner. It'd mean that we could use the same  
templates for AJAX themes as for non-AJAX. Just the css changes to  
point at the behaviour javascript code.

It'd also mean this could be implemented now, cleanly, by theme  
developers with the existing 0.10.x codebase, to produce some richer  
interfaces and get some of the way there to producing what AJAX can do.

Shaun
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

> From: Shaun Murray
> 
> Hi all
> 
> I've got a long term community project on at the moment which is  
> growing in scope daily and needs some extra developers. As and when  
> the features mature enough in our requirements I hope I can pass on  
> the dev work to the relevant module developers and for them to  
> possibly get some payback for their time if they are available.
> 
> The project is a community of creative industry pros, freelancers and  
> artists here in this part of West Yorkshire, UK. It's part government  
> funded which means there's 'some' money about but we're trying not to  
> use it all up straight away so we can keep the project running for as  
> long as possible. The server is paid for, for a year for instance but  
> marketing probably will last till December.
> 
> Hopefully once it's running I can attract some more funding either  
> via members or the various arts and media funding bodies which can  
> continue development funding. Where I am in the post-industrial north  
> of England, they like funding things like this to regenerate local  
> industry although I just missed out on one round last week.
> 
> We're also implementing this as branches so once we've rolled it out  
> to the creative industry, we hope to add branches for other parts of  
> the local community such as rural development, a youth/kids branch,  
> business assoc or whatever.
> 
> Anyway,
> 
> The first thing on the list is for each user to have their own  
> personal photoalbum that they can upload their own work into. That  
> way we can create a portfolio of every artist, sculptor, designer or  
> whatever and the world can view their photoalbums yet each user can  
> manage their own individual album.
> 
> Unfortunately, Darren, photoAlbum's developer, is doing the 'working  
> too hard with multiple jobs and school' lifestyle thing just now so  
> has declined the offer, so if anyone else fancies it, drop me an  
> email or catch me on #phpwebsite
> 
> The site is going live at the beginning of October so it's being  
> based on the 0.10.x codebase as fallout will be a little fresh for us  
> by then unfortunately.
> 
> Any work must be passed back to the phpWebSite community and be  
> completely open source. AppState will have the right to include it in  
> the main codebase, or not as they wish. You wouldn't believe how long  
> I spent arguing with the local gov legal dept that code had to be  
> given away. 
> 
> 

Hi Shaun,

This seems just a little vague, but the photoAlbum module is fairly simple so it shouldn't be hard to find help.  The photo albums all have an "owner" property so basically all you have to do is check against that.  You might want to add an admin option to "change the owner" of a gallery, but really if you aren't adding dozens of these at a time, you could just as easily type an update statement into some sql admin tool in order to assign owners to albums.  There should be no need for a specific module maintainer to take this particular task on.  Anyone who has written a phpwebsite module could do it.  I would, but I guess I'm doing the same "working too hard...lifestyle thing" (as everyone else?).

Off the topic a bit, your local government legal department is actually correct.  The code does not have to be given away.  If you choose to redistribute the modified GPL or LGPL code in some way, then the changes must be distributed in the same manner as the original code (e.g. under and according to the terms of the GPL).  Just the same, kudos to you for convincing them to release all the work :-)

Best regards,

Jim Wilson

Shaun,
you've probably thought about it already but how about using
http://gallery.sourceforge.net  ?

It has all the features you are looking for, it's a mature product, 
actively developed, open source.
It has support for
Nuke 5.0+
NSN-nuke
Post-nuke
Geek Log
phpBB2
Mambo

and at an earlier life for PHPWS 8.

Marino Pascal

Hi all

I've got a long term community project on at the moment which is  
growing in scope daily and needs some extra developers. As and when  
the features mature enough in our requirements I hope I can pass on  
the dev work to the relevant module developers and for them to  
possibly get some payback for their time if they are available.

The project is a community of creative industry pros, freelancers and  
artists here in this part of West Yorkshire, UK. It's part government  
funded which means there's 'some' money about but we're trying not to  
use it all up straight away so we can keep the project running for as  
long as possible. The server is paid for, for a year for instance but  
marketing probably will last till December.

Hopefully once it's running I can attract some more funding either  
via members or the various arts and media funding bodies which can  
continue development funding. Where I am in the post-industrial north  
of England, they like funding things like this to regenerate local  
industry although I just missed out on one round last week.

We're also implementing this as branches so once we've rolled it out  
to the creative industry, we hope to add branches for other parts of  
the local community such as rural development, a youth/kids branch,  
business assoc or whatever.

Anyway,

The first thing on the list is for each user to have their own  
personal photoalbum that they can upload their own work into. That  
way we can create a portfolio of every artist, sculptor, designer or  
whatever and the world can view their photoalbums yet each user can  
manage their own individual album.

Unfortunately, Darren, photoAlbum's developer, is doing the 'working  
too hard with multiple jobs and school' lifestyle thing just now so  
has declined the offer, so if anyone else fancies it, drop me an  
email or catch me on #phpwebsite

The site is going live at the beginning of October so it's being  
based on the 0.10.x codebase as fallout will be a little fresh for us  
by then unfortunately.

Any work must be passed back to the phpWebSite community and be  
completely open source. AppState will have the right to include it in  
the main codebase, or not as they wish. You wouldn't believe how long  
I spent arguing with the local gov legal dept that code had to be  
given away. ;-)

Shaun (aka singletrack)
aegis design - http://www.aegisdesign.co.uk
aegis hosting - http://www.aegishosting.co.uk

Hi Shaun and Greg :)

Thanks for your input. I've replied/commented inline below...

best regards,
verdon

On 26-Jul-05, at 5:51 PM, Shaun Murray wrote:

>
> On 26 Jul 2005, at 16:18, Verdon Vaillancourt wrote:
>>
>> if (!function_exists('mime_content_type')) {
>>     function mime_content_type($f) {
>>         $f = escapeshellarg($f);
>>         return trim( `file -bi $f` );
>>     }
>> }
>> $type = mime_content_type($file);
>>
>> However, I suspect this will not work on a windows server.
>
> I suspect it won't work in safe_mode either.
>
> How about using...
>
> http://pear.php.net/package/MIME_Type
>
> ...which does the grunt work for you.
>
> <?php
> require 'MIME/Type.php';
> echo MIME_Type::autoDetect('file.mp3');
> ?>
>
> It uses either the php function, or the file command if available, 
> otherwise it raises an error.

I like this idea! The MIME package is not included with the pear 
libraries, distributed with phpWS, but I have discovered that putting 
Type.php in my mod's class directory, and including it in my class, 
does the job. Ideally, I'd like to find a way to test if this will work 
at my edit function step (before the user gets to the save function), 
so I can completely hide the import option from the edit screen for 
those users who will still not be handled by the Pear function.

I'll have to play a little further yet, but think you have put me on 
the right track. It's hard for me to test, when the 2 servers I have to 
test on both meet the requirements (file or mime_content_type) in one 
way or another ;)

All this has shown me I need to spend a little more time poking around 
the Pear site and documentation!

>
> There's also http://www.phpclasses.org/browse/package/922.html which 
> runs off file extensions and a mime.types file but that's a little 
> dangerous. Stick with PEAR.

This is the sort of thing I was alluding to with my option 3 idea, and 
yes, I feel it is too dangerous.

On 26-Jul-05, at 1:25 PM, Greg Tassone wrote:

> On Tue, 2005-07-26 at 11:18 -0400, Verdon Vaillancourt wrote:
>> In a module of mine, I have a case where I need to check the mimetype
>> of a file already on the server. In my initial attempt, I used...
>>
>> $type = mime_content_type($file);
>>
>> Then I discovered that mime_content_type may not be available in all
>> php builds, and/or that it may not be enabled in php.ini.
> ...
>
>> However, I suspect this will not work on a windows server.
>>
>> That leaves me with a couple options...
>>
>> 1) go with the above solution which I think will work for most people,
>> and provide documentation for the rest
>> 2) use function_exists('mime_content_type') and if it doesn't exist,
>> don't even offer the module feature to the end user
>> 3) use function_exists('mime_content_type') and if it doesn't exist,
>> use a file ext check instead and map to mimetype (not very good I 
>> know)
>
> I don't recommend option #1 at all.  It is usually problematic and more
> trouble than it's worth (e.g., it tends to generate support issues
> needlessly, even when documented).
>
> #2 would probably be my preference if a notification was included when
> the functionality was disabled.

Yes, I think in the long run, as it doesn't appear there will be any 
universal solution (except # 3 which I think is to mickey-mouse) the 
most graceful thing would be to detect what will work at the edit 
screen step, and if file or mime_content_type is not going to be 
available, then replace the Import feature with a note explaining why 
they can't import and will have to stick with upload.

>
> #3 might be nice as well except you still have the problems from
> earlier, such as:
> - Windows servers won't work with the "workaround" as you pointed out.
> - Some Linux and Unix systems don't provide the "file" command either.
> It would break there as well.
> - It's somewhat "hackish" and requires quite a bit of workaround for 
> you
> to implement properly.
>
> Therefore, I wouldn't do #3 unless you REALLY NEEDED this functionality
> at all costs.  Option #2 removes some ambiguity but still provides a
> clean implementation of the built-in PHP functionality.
>
>
>> What I wonder if, is there is something in the phpws api that will do 
>> a
>> similar job for me, that I am not aware of? Keep in mind, I'm dealing
>> with a file already on the server, not one being uploaded.
>
> I don't know enough about the "deep parts" of the api to answer this
> one.  I'll let the experts handle it. :-)
>
> Good luck!
>
> Greg
>

On 26 Jul 2005, at 16:18, Verdon Vaillancourt wrote:
>
> if (!function_exists('mime_content_type')) {
>     function mime_content_type($f) {
>         $f = escapeshellarg($f);
>         return trim( `file -bi $f` );
>     }
> }
> $type = mime_content_type($file);
>
> However, I suspect this will not work on a windows server.

I suspect it won't work in safe_mode either.

How about using...

http://pear.php.net/package/MIME_Type

...which does the grunt work for you.

<?php
require 'MIME/Type.php';
echo MIME_Type::autoDetect('file.mp3');
?>

It uses either the php function, or the file command if available,  
otherwise it raises an error.

There's also http://www.phpclasses.org/browse/package/922.html which  
runs off file extensions and a mime.types file but that's a little  
dangerous. Stick with PEAR.

Shaun
aegis design - http://www.aegisdesign.co.uk

On Tue, 2005-07-26 at 11:18 -0400, Verdon Vaillancourt wrote:
> In a module of mine, I have a case where I need to check the mimetype=20
> of a file already on the server. In my initial attempt, I used...
>=20
> $type =3D mime_content_type($file);
>=20
> Then I discovered that mime_content_type may not be available in all=20
> php builds, and/or that it may not be enabled in php.ini.
...

> However, I suspect this will not work on a windows server.
>=20
> That leaves me with a couple options...
>=20
> 1) go with the above solution which I think will work for most people,=20
> and provide documentation for the rest
> 2) use function_exists('mime_content_type') and if it doesn't exist,=20
> don't even offer the module feature to the end user
> 3) use function_exists('mime_content_type') and if it doesn't exist,=20
> use a file ext check instead and map to mimetype (not very good I know)

I don't recommend option #1 at all.  It is usually problematic and more
trouble than it's worth (e.g., it tends to generate support issues
needlessly, even when documented).

#2 would probably be my preference if a notification was included when
the functionality was disabled.

#3 might be nice as well except you still have the problems from
earlier, such as:
- Windows servers won't work with the "workaround" as you pointed out.
- Some Linux and Unix systems don't provide the "file" command either.
It would break there as well.
- It's somewhat "hackish" and requires quite a bit of workaround for you
to implement properly.

Therefore, I wouldn't do #3 unless you REALLY NEEDED this functionality
at all costs.  Option #2 removes some ambiguity but still provides a
clean implementation of the built-in PHP functionality.

> What I wonder if, is there is something in the phpws api that will do a=20
> similar job for me, that I am not aware of? Keep in mind, I'm dealing=20
> with a file already on the server, not one being uploaded.

I don't know enough about the "deep parts" of the api to answer this
one.  I'll let the experts handle it. :-)

Good luck!

Greg

Hi :)

In a module of mine, I have a case where I need to check the mimetype 
of a file already on the server. In my initial attempt, I used...

$type = mime_content_type($file);

Then I discovered that mime_content_type may not be available in all 
php builds, and/or that it may not be enabled in php.ini. Some poking 
around the user comments on php.net showed me the following function, 
which seems to work well on my second server...

if (!function_exists('mime_content_type')) {
	function mime_content_type($f) {
		$f = escapeshellarg($f);
		return trim( `file -bi $f` );
	}
}
$type = mime_content_type($file);

However, I suspect this will not work on a windows server.

That leaves me with a couple options...

1) go with the above solution which I think will work for most people, 
and provide documentation for the rest
2) use function_exists('mime_content_type') and if it doesn't exist, 
don't even offer the module feature to the end user
3) use function_exists('mime_content_type') and if it doesn't exist, 
use a file ext check instead and map to mimetype (not very good I know)

What I wonder if, is there is something in the phpws api that will do a 
similar job for me, that I am not aware of? Keep in mind, I'm dealing 
with a file already on the server, not one being uploaded.

FYI... the module feature I am referring to above is one that I am 
calling an 'Import'. Basically, it allows the user to select a file 
already on the server (likely uploaded via ftp for instance) and 
register it with the module. By register it, I mean check the file for 
the correct/allowed mimetype, capture the mimetype, name, and size, and 
write it to the item's record in the db. I have provided this option as 
some users of the module could often be dealing with files larger than 
most servers max_upload_size.

Thanks for any thoughts,
verdon

Download the most recent version of Pear and install.

http://phpwebsite.appstate.edu/downloads/pear/pear-1.3.5.tar.gz

On Fri, 2005-07-22 at 21:52 -0400, George Brackett wrote:
> I just received the following message from my webhost.  Apparently
> (check http://www.securityfocus.com/bid/14088) all recent versions of
> phpWebSite up to 0.10.1 are vulnerable.  Should I be concerned?  If
> so, are any changes anticipated to deal with this problem?
> 
> 
> George
> 
> 
> Begin forwarded message:
> 
> From: su...@on...
> Date: July 22, 2005 8:19:50 PM EDT
> To: gbr...@lu...
> Cc: gbr...@co...
> Subject: Security Notice
> Reply-To: su...@on...
> 
> 
> 
> Dear George Brackett,
> 
> 
> Recently, a vulnerability associated with XML-RPC for PHP was
> discovered and
> reported to the security information community. The XML-RPC library is
> used
> in various content management systems. There is a possibility that a
> security hole can be introduced through this vulnerability whereby an
> attacker could execute arbitrary commands as the www user. Among other
> things, such an attack could lead to unauthorized access to your web
> files.
> Most of our customers are not affected by this vulnerability (98% are
> not at risk), but to be sure you should review the list and link below
> to see if you are using any of the software mentioned. A partial list
> includes:
> 
> 
> (1) WordPress, 
> (2) Serendipity
> (3) Drupal
> (4) egroupware
> (5) MailWatch
> (6) TikiWiki
> (7) phpWebSite
> (8) Ampache
> 
> 
> To see a full list of vulnerable software please view this link:
> http://www.securityfocus.com/bid/14088
> 
> 
> The only way to fix vulnerable software is to contact the
> vendor/provider
> and check for the availability of a security patch or an upgrade. If
> you use
> a content management system that is NOT listed in the report, you are
> strongly encouraged to contact the vendor/provider to confirm the
> integrity and safety of the application.
> 
> 
> We are working toward a global fix for this vulnerability, but in the
> meantime we urge you to follow the steps above.
> 
> 
> Sincerely,
> Support Team,
> One World Hosting
> 
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Sharondippity wrote to the forum (where posted this message when the  
one to this list was quarantined for a 'suspicious header') that this  
security problem is solved by phpwebsite_security_patch.20050707.

George

On Jul 25, 2005, at 9:18 AM, Shaun Murray wrote:

On 23 Jul 2005, at 02:52, George Brackett wrote:

> I just received the following message from my webhost.  Apparently  
> (check http://www.securityfocus.com/bid/14088) all recent versions  
> of phpWebSite up to 0.10.1 are vulnerable.  Should I be concerned?   
> If so, are any changes anticipated to deal with this problem?
>

I think this one is fixed just by installing the PEAR XML-RPC fix.

'pear upgrade xml_rpc' if you're using system wide pear libs,  
otherwise, 'pear download xml_rpc' and copy it in over the lib/pear/  
version.

Latest version is v1.3.3

Shaun
aegis design - http://www.aegisdesign.co.uk

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Phpwebsite-developers mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

On 23 Jul 2005, at 02:52, George Brackett wrote:

> I just received the following message from my webhost.  Apparently  
> (check http://www.securityfocus.com/bid/14088) all recent versions  
> of phpWebSite up to 0.10.1 are vulnerable.  Should I be concerned?   
> If so, are any changes anticipated to deal with this problem?

I think this one is fixed just by installing the PEAR XML-RPC fix.

'pear upgrade xml_rpc' if you're using system wide pear libs,  
otherwise, 'pear download xml_rpc' and copy it in over the lib/pear/  
version.

Latest version is v1.3.3

Shaun
aegis design - http://www.aegisdesign.co.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt,

The issue of SourceForge support issues was brought up in the IRC
channel.  Please see the log here
http://www.phpwebsitemanual.com/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=103&date=20050723.
 SF has prevents -comm from doing many things.  So I raised the question
of another web hosting company providing support for the -comm wiki and
a later phpWebsite and blindman1344 wiki.  mhnoyes said I should bring
it to your attention.  Several people have offered free support for the
hosting.  I know that singletrack, wendal911 and blindman1344 have all
offered.  One of the issues with the wiki doc being in mediawiki is that
the -comm site then does not eat its very own dog food.  I agree and
know the issue.  However, at the same time I tried doc book using to
extend what you guys had already provided.  It sucked big time.  I just
didn't have the patience figure it all out.  However, with the content
management angle of phpWebSite and wiki they both lower the barrier to
produce  documentation.  I have gone on to collect FAQ material from the
forums.  I use the forum posters question and then create or reference
existing wiki doc.  It has been effective for me in answering the same
forum post over and over again.  The problem now with the SF web service
is that the page may not paint when a user goes to the answer.  Hence,
my question about the hosting issue.  Where should the -comm site be
moved to solve these problems?  I don't see an issue with the SF release
tools, etc so they can still be used but the capabilities of SF short
change what we can show for phpWebSite.

Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC4qrnxyxe5L6mr7IRAv09AJ4+VEbha5+CflYjWZFB2QO/xK2hCwCgogzs
plpCsvl6pwQBDZdtgzFm84s=
=53WC
-----END PGP SIGNATURE-----

I just received the following message from my webhost.  Apparently  
(check http://www.securityfocus.com/bid/14088) all recent versions of  
phpWebSite up to 0.10.1 are vulnerable.  Should I be concerned?  If  
so, are any changes anticipated to deal with this problem?

George

Begin forwarded message:

From: su...@on...
Date: July 22, 2005 8:19:50 PM EDT
To: gbr...@lu...
Cc: gbr...@co...
Subject: Security Notice
Reply-To: su...@on...

Dear George Brackett,

Recently, a vulnerability associated with XML-RPC for PHP was  
discovered and
reported to the security information community. The XML-RPC library  
is used
in various content management systems. There is a possibility that a  
security hole can be introduced through this vulnerability whereby an  
attacker could execute arbitrary commands as the www user. Among  
other things, such an attack could lead to unauthorized access to  
your web files.
Most of our customers are not affected by this vulnerability (98% are  
not at risk), but to be sure you should review the list and link  
below to see if you are using any of the software mentioned. A  
partial list includes:

(1) WordPress,
(2) Serendipity
(3) Drupal
(4) egroupware
(5) MailWatch
(6) TikiWiki
(7) phpWebSite
(8) Ampache

To see a full list of vulnerable software please view this link:
http://www.securityfocus.com/bid/14088

The only way to fix vulnerable software is to contact the vendor/ 
provider
and check for the availability of a security patch or an upgrade. If  
you use
a content management system that is NOT listed in the report, you are  
strongly encouraged to contact the vendor/provider to confirm the  
integrity and safety of the application.

We are working toward a global fix for this vulnerability, but in the
meantime we urge you to follow the steps above.

Sincerely,
Support Team,
One World Hosting

Hi Yves

THANK you very much for teh solution.. ye, in fact it was solution..

the total nu of users are: 90. SO I changed the value of mod_users_seq  to 
91 and it solves teh problem.. u r a genious!

very warm regards

Babul

>From: "Yves Kuendig" <ph...@fi...>
>Reply-To: php...@li...
>To: <php...@li...>
>Subject: AW: [Phpwebsite-developers] new user register error
>Date: Wed, 20 Jul 2005 19:05:05 +0200
>
>Matt is completely right;
>and try to change the value in mod_users_seq to a value, higher than the
>amount of allready installed users.
>
>Yves (ykuendig)
>
>-----Ursprüngliche Nachricht-----
>Von: php...@li...
>[mailto:php...@li...]Im Auftrag von
>Babul Gogoi
>Gesendet: Mittwoch, 20. Juli 2005 14:17
>An: php...@li...
>Betreff: [Phpwebsite-developers] new user register error
>
>
>Hi
>
>in my installation of phpwebsite, new user registration is not done saying
>the following error:
>
>SQL: insert mod_users (username, password, email, user_id) values ('sdada',
>'94786e1dff56760d254b631502779b21', 'adsa@fdghd.lo', 2)
>unknown error
>
>can someone pls let me know how to fix this problem?
>
>phpwebsite 0.10.1 is installed
>
>regards
>
>Babul
>
>
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>_______________________________________________
>Phpwebsite-developers mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
>
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
>_______________________________________________
>Phpwebsite-developers mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

Hi Greg

AFAIK the health module from rene http://www.kiesler.at/ do show the memory
consumption of the phpwebsite. But this is not working on all os's (it does
not on my windows-box)

Yves (ykuendig)

-----Ursprungliche Nachricht-----
Von: php...@li...
[mailto:php...@li...]Im Auftrag von
Greg Morgan
Gesendet: Mittwoch, 20. Juli 2005 06:33
An: php...@li...
Betreff: [Phpwebsite-developers] How to refine memory consumption
estimates?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Php_Configuratio
n#memory_limit
http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Official_Require
ments#Memory

If I look at these two pages, how can a go through and verify the
required memory consumption of phpWebSite?  Are these numbers still
good? How and with what tools would I teach others to estimate the
amount of memory that they should configure for their mix of modules?
If I go and make a handy dandy template like this one
http://en.wikipedia.org/wiki/Template:Infobox_Software used on this page
 http://en.wikipedia.org/wiki/PhpWebSite, how would I be able to
calculate the amount of memory in each module and then list it in a
similar "navigation/quick fact box"?

I am not sure where to start and I am curious how y'all figured these
numbers out originally.  I could use a tool like top but I don't know if
that is fined grained enough for what I'd like to do with the information.

Thanks,
Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC3dPwxyxe5L6mr7IRAsy5AJsGxqUKCYzm9dLlEFHCPZ2hCJwV3ACeOo6X
h5FaqPwtsvQzuWa4Macn7RU=
=Dwrp
-----END PGP SIGNATURE-----

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Phpwebsite-developers mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

Matt is completely right;
and try to change the value in mod_users_seq to a value, higher than the
amount of allready installed users.

Yves (ykuendig)

-----Urspr=FCngliche Nachricht-----
Von: php...@li...
[mailto:php...@li...]Im Auftrag von
Babul Gogoi
Gesendet: Mittwoch, 20. Juli 2005 14:17
An: php...@li...
Betreff: [Phpwebsite-developers] new user register error

Hi

in my installation of phpwebsite, new user registration is not done sayin=
g
the following error:

SQL: insert mod_users (username, password, email, user_id) values ('sdada=
',
'94786e1dff56760d254b631502779b21', 'adsa@fdghd.lo', 2)
unknown error

can someone pls let me know how to fix this problem?

phpwebsite 0.10.1 is installed

regards

Babul

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
=66rom IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dclic=
k
_______________________________________________
Phpwebsite-developers mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

Please direct technical questions to our Sourceforge forum or IRC chat
room.

On Wed, 2005-07-20 at 17:46 +0530, Babul Gogoi wrote:
> Hi
> 
> in my installation of phpwebsite, new user registration is not done saying 
> the following error:
> 
> SQL: insert mod_users (username, password, email, user_id) values ('sdada', 
> '94786e1dff56760d254b631502779b21', 'adsa@fdghd.lo', 2)
> unknown error
> 
> can someone pls let me know how to fix this problem?
> 
> phpwebsite 0.10.1 is installed
> 
> regards
> 
> Babul
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Hi

in my installation of phpwebsite, new user registration is not done saying 
the following error:

SQL: insert mod_users (username, password, email, user_id) values ('sdada', 
'94786e1dff56760d254b631502779b21', 'adsa@fdghd.lo', 2)
unknown error

can someone pls let me know how to fix this problem?

phpwebsite 0.10.1 is installed

regards

Babul

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Php_Configuration#memory_limit
http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Official_Requirements#Memory

If I look at these two pages, how can a go through and verify the
required memory consumption of phpWebSite?  Are these numbers still
good? How and with what tools would I teach others to estimate the
amount of memory that they should configure for their mix of modules?
If I go and make a handy dandy template like this one
http://en.wikipedia.org/wiki/Template:Infobox_Software used on this page
 http://en.wikipedia.org/wiki/PhpWebSite, how would I be able to
calculate the amount of memory in each module and then list it in a
similar "navigation/quick fact box"?

I am not sure where to start and I am curious how y'all figured these
numbers out originally.  I could use a tool like top but I don't know if
that is fined grained enough for what I'd like to do with the information.

Thanks,
Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC3dPwxyxe5L6mr7IRAsy5AJsGxqUKCYzm9dLlEFHCPZ2hCJwV3ACeOo6X
h5FaqPwtsvQzuWa4Macn7RU=
=Dwrp
-----END PGP SIGNATURE-----

2001	Jan	Feb (1)	Mar (265)	Apr (166)	May (25)	Jun (17)	Jul (20)	Aug (47)	Sep (6)	Oct (14)	Nov (66)	Dec (64)
2002	Jan (109)	Feb (64)	Mar (34)	Apr (23)	May (64)	Jun (9)	Jul (13)	Aug (6)	Sep (33)	Oct (272)	Nov (67)	Dec (75)
2003	Jan (264)	Feb (244)	Mar (171)	Apr (119)	May (54)	Jun (93)	Jul (51)	Aug (48)	Sep (14)	Oct (49)	Nov (47)	Dec (15)
2004	Jan (13)	Feb (27)	Mar (18)	Apr (44)	May (35)	Jun (24)	Jul (39)	Aug (142)	Sep (35)	Oct (34)	Nov (49)	Dec (24)
2005	Jan (60)	Feb (71)	Mar (19)	Apr (27)	May (68)	Jun (4)	Jul (30)	Aug (10)	Sep (23)	Oct (24)	Nov (13)	Dec (6)
2006	Jan (4)	Feb (46)	Mar (64)	Apr (18)	May (16)	Jun (37)	Jul (7)	Aug (19)	Sep (9)	Oct (8)	Nov (3)	Dec (23)
2007	Jan (25)	Feb (21)	Mar (32)	Apr (36)	May (12)	Jun (1)	Jul (7)	Aug (15)	Sep (13)	Oct (1)	Nov	Dec
2008	Jan (3)	Feb (5)	Mar (1)	Apr (2)	May	Jun (1)	Jul (2)	Aug (7)	Sep	Oct (5)	Nov (1)	Dec
2009	Jan (7)	Feb (1)	Mar	Apr	May (1)	Jun (2)	Jul	Aug	Sep	Oct	Nov	Dec (3)
2011	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct (1)	Nov	Dec

phpwebsite-developers Mailing List for phpWebSite Content Management System (Page 22)

phpwebsite-developers — For our development team.