logs archiveIRC Archive / Freenode / #php / 2006 / June / 7 / 28
Jorsha
after i read it..
piff
Wolf: No, that didn't work
Vlet
Jorsha: Because you have register_globals=On in your php.ini
Wolfpaws
lol! base_64 is encryption
CakerLatvia
encryption are two way, hash is one way - that's the main difference?
Jorsha
encode
CakerLatvia
Wolfpaws yeah, i was doubt about that
Jorsha
base_64 is encode
ZbouhhhTaff
base_64_decode IS decode
         

Wolfpaws
(Action) shakes head
piff
That didn't work. What should I try next?
CakerLatvia
is there encryption functions in php?
piff
SHirley the syntax is valid
Jorsha
piff it should work..
Wolfpaws
Encryptions and decriptions have a key. base_64 doesn''t have that
Vlet
piff, $_GET['myname'] didn't work?
piff
My mistake
Forgot to change myname to the proper variable name
Thank you very much all.
CakerLatvia
Wolfpaws what a key?
Wolfpaws are there encrypters in php?
i will google it out
piff
Guys: Is there a way of setting a variable in memory which can be access later from any page?
arpad
CakerLatvia: php.net/mcrypt
piff: php.net/apc
CakerLatvia
mcrypt
ok
thanx
cocomp
piff: session handling
Wolfpaws
CakerLatvia: php.net/mcrypt
Vlet
piff: you should maybe read up on this: http://us2.php.net/session
piff
Thanks guys :)
arpad
sessions are per-user, if you want it from any page from any user then you want something like apc
cythrawll
piff there's also shared memory, but don't use that unless you really know what your doing, it's a mess
piff
I think using sessions is the answer
Dont want to resort to cookies
cythrawll
sessions use cookies
         

alystair
\o/ finished
Now I get to sleep at 10:34am
Solid
so anyone can help he how to enable mysql support with php5?
cythrawll
sessions use only one cookies tho, rather than using 5 cookies to store 5 variables
piff
oh
Have to think about the best approach
cythrawll
it just has one cookie with a sessionid
xst_
Has anyone any experience in using apache multiviews with php? I try to hide my php extensions with 1) A mod_rewrite rule that returns a 404 for each *.php request, 2) using multiviews so that "foo" is recognized as "foo.php". But for some reason the multiviews rewrites "foo" to "foo.php" which results in a 404 because of 1). Any ideas?
cythrawll
and the vars are stored on the server
piff
ya
cythrawll
sessions would be the best
don't be shy to use a cookie
piff
I just don't like them
cythrawll
why?
i hate sites that over do cookie usage
piff
Because so many sites use them maliciously or when they're not necessary
cythrawll
but one cookie being set doesn't bother me
piff
precisely
I've disabled cookies myself
I only allow them from 5 sites
I dont want to bother the user to allow cookies
Anyway, can I delete a cookie?
cythrawll
yeah
piff
cool
cythrawll
session cookies are deleted when the browser is closed
by default
piff
ok
Thanks all.
ttyl
Wolfpaws
16:35:27 < cythrawll> sessions use cookies >-- That's not true at all...
cythrawll
well, you could use GET
but i wouldn't recommend that, even under torture
Smaxor
doesn't anyone know why I might be getting "Warning: fopen(acura.txt): failed to open stream: Success in /home/infoblog/public_html/links-list/text-links.php on line 25" I've set all the permissions to 777 for the directory. The file doesn't exist but fopen should create it if it isn't there right?
cythrawll
and to answer your question about $_REQUEST, it goes against HTTP specification, and poses similar threats as register_globals
Wolfpaws
Yes, but "sessions use cookies" is a false statement. They rely on client-provided session ID.
buzzy
hello how can i include an html page into another ?(they are on two different servers)??
Smaxor
nevermind syntax error +w rather then w+
Mer`Zikain
when you change umask to 0777 what would cause an exec to fail?
cythrawll
i wouldn't say false statement, just inaccurate
Wolfpaws
cythrawll: That statement is wrong as well... $_REQUEST is a merge of POST, GET and COOKIE variables... And that is okay, if you can filter those properly. And for the security behind register_globals: What's wrong with it?
inaccurate = false
cythrawll
still against http specifications
Wolfpaws
cythrawll: meaning...?
buzzy
hello how can i include an html page into another ?(they are on two different servers)??
Wolfpaws
buzzy: readfile() or file_get_contents()
Mer`Zikain
that's usually a bad idea unless you have permission
Wolfpaws
including HTML pages is okay...
cythrawll
it goes against RFC2616
im looking for the exact source right now...
Mer`Zikain
well in any case i'm having trouble getting convert to execute on the server
Wolfpaws
cythrawll: And what the hell does that mean? Just answer my question. It works on PHP-level.
Mer`Zikain
i upload an image, change the umask to 0777, move the image, chmod it to 0777, then attempt to exec convert (imagemagick) and it doesn't convert
cythrawll
WolfPaws, "it works" doesn't mean it's best practice
i mean if you don't know where your variables are coming from, that scares me
jrots
is it ok to use virtual() for including html files
cythrawll
I've been told a hundred times, in a hundred different places not to use it
!tell Wolfpaws about go
Wolfpaws
cythrawll: You shouldn't code if you don't know what you are doing... IF you make the $_REQUEST unsafe to use, then don't use it.
cythrawll
how many people that come in here no what their doing?
s/no/know
Wolfpaws
too many.
||cw
Mer`Zikain: are you using full paths on everything?
jrots
"if you don't know here your variables come from" ? html files <> variables .. parsing not getting that..
cythrawll
lol
Mer`Zikain
||cw: for the images, no i'm using relative paths to the file being executed
cythrawll
jrots?
||cw
Mer`Zikain: try full paths
Wolfpaws
cythrawll: My point is: If you can't make user input safe, then don't use it... register_globals isn't "safe" or "unsafe". IF you can't make it safe, then don't use it. I had never, *ever* problems with it.
cythrawll
would you recommend it though? to alot of the people that are learning php and don't know how to initialize and validate everything?
Nathe
Wolfpaws: Register globals can be made safe, but isn't it better to be safer by default (in case someone somewhere lacks caffine and forgets to init a varible before calling on it?
cythrawll
everything can be used properly, Wolfpaws but it's not "best practices"
Wolfpaws
cythrawll: If I'd recommend it? That depends on situation and experience.
Nathe
besides, that lets them set random garbage varibles in your script, which I don't see as good regardless of how good your coding practices are
Wolfpaws
Nathe: That is granted.
cythrawll
you can have a entire network somewhat safe, if you know what your doing, without a central firewall
Mer`Zikain
full path isn't working either
cythrawll
but is that best practice? hell no
Mer`Zikain
exec returns 1 and 127 (result and return var)
||cw
cythrawll: the main reason that is it not recomended is that it is not enabled by defualt and so is not portable. same thing with short open tags and calltime pass by refernce. as well as all 3 of these are likely to be depreciated and removed in the future php's
cythrawll
||cw, all im saying is it's not recommended, and i disrecommended it
i don't see what i did wrong...
||cw
cythrawll: other than wake up this morning? :D
(Action) has the same problem
cythrawll
yeah, everyone is out of the office this morning so i had to get up and man the castle
Mer`Zikain
(Action) stabs exec
cythrawll
and get my daily flaming from wolfpaws
novata_peleona
hi...
cythrawll
hi...
mm2000
hi. Is PHP 5.0.4 "stable"?
Mer`Zikain
||cw: any other ideas on what could be causing the exec to fail?
i was hoping the umask change to 0777 would help but apparently not
dewaard
mm2000: as stable as you can get
Nathe
anyone that can do a quick review of coding practices for me?
(I know it's a stupid question, but I want to see if I'm making any stupid n00b mistakes)
jpeg
heh. fresh meat!
cythrawll
rule #1: get it to work, and if it's publicly used, make sure it's secure
thats all you need to know
strav
small question here: is there any way to parse php code only upon the execution of a javascript function? (for as I've seen now, it get parsed anyways, either if the function loads or not)
Mer`Zikain
if i'm understanding you right, then the answer is no
Noriega
strav then you'd have to reload the .php page
Mer`Zikain
php=serverside, javascript=clientside
Noriega
yup
TheNinthCut
Ok after I do imagecreatefromjpeg( ) and then resample that. I want to save the image not display the image. Would anyone be able to tell me exactly where that resampled image goes, location wise so I could save it.
Mer`Zikain
it doesn't go anywhere but in the memory until you write it out
or destroy it
cythrawll
strav, you can do something with ajax, but that may seem a long way off in learning if you confuse server and client side.
Mer`Zikain
imagejpeg(resource id,file name,quality)
TheNinthCut
Mer`Zikain, and that will actually write the image?
cythrawll
TheNinthCut, yes
Mer`Zikain
yeah, sorry, phone call
cythrawll
don't worry Mer, I gots ya back
php
(Action) throws up the php gang sign
Mer`Zikain
heh
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 next »