headers
Rafnews | 25 May 2013 13:38
Picon

.htaccess and user file/folder access outside public_html

Hi,

i'm facing a problem and i don't know where to start and in fact, how to 
do it.

Situation:
Users of my website should be able to save their resume files + cover 
letters on my webserver.

problem:
how to make their file SECURED from any hack ? I mean only file owner 
and web administrator (so in this case... myself) should have access to 
those files.
never user B should be able to access, read or download files of user A.

my guess:
i was thinking to store files outside public_html folder, in the 
following way:

/resumes/user A/resume A
/resumes/user A/cover letter A

/resumes/user B/resume B - US
/resumes/user B/resume B - ES
/resumes/user B/cover letter B

Questions:
1. how can i allow user to have access to folder/files outside public_html ?
2. how can i secure that user A has access to his own files ONLY ?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ken Robinson | 25 May 2013 04:51
Gravatar

Re: iterate javascript verification

I took your code and modified it to use HTML5 validation (and few 
other changes). You can see the results at

<http://my-testbed.com/test1/form_validation.php>http://my-testbed.com/test1/form_validation.php 

My code follows:

   <?php
   $fields = 
array('first_name','last_name','department','title','email','phone');
   $num_forms = 1;
   $tmp = array();
   $errors = array();

    if (isset($_POST['submit'])) {
     $requestor_email = $_POST['requestor_email'];
     $num_forms  = $_POST['num_forms'];
     for ($i = 1;$i <= $num_forms; ++$i) {
         foreach ($fields as $fld) {
                 if ($_POST[$fld][$i] == '') {
                         $errors[] = ucwords(str_replace('_',' 
',$fld)) . " for account $i can not be blank";
                 }
         }
     }
   }
                 if (!empty($errors)) {
                         $tmp[] = "The following fields are in error:<br>";
                         $tmp[] = implode("<br>\n",$errors);
                         $tmp[] = "<br>";
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ken Robinson | 25 May 2013 03:35
Gravatar

Re: iterate javascript verification

You do realize that you shouldn't rely on Javascript to validate 
values returned in a form?  Also, if you use HTML5, you can use the 
required attribute in the <input> tag and the browser won't let a 
user submit a form with a required field not filled. Of course, you 
should still validate within your PHP script, in case a user is using 
a browser that doesn't understand HTML5.

At 08:07 PM 5/24/2013, Tim Dunphy wrote:
>Hello list,
>
>  I have a php script that creates a variable number of forms based on a
>$_POST variable from a preceding page. It then takes the data input into
>the form and neatly packages the result into an email sent to an email
>address (eventually to be a ticketing system).
>
>
>Almost everything on the page works great. The only thing I can't seem to
>get working is how to verify that the fields in the form are not left empty
>using javascript. The syntax I'm using seems like it should work, however
>when I leave one or more of the fields empty, the email gets sent anyway
>with the missing data.
>
>Here's the app I was hoping someone might be able to suggest a successful
>approach:
>
><html>
><head>
><title>LDAP Form</title>
><body>
>   <?php
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tim Dunphy | 25 May 2013 02:07
Picon
Gravatar

iterate javascript verification

Hello list,

 I have a php script that creates a variable number of forms based on a
$_POST variable from a preceding page. It then takes the data input into
the form and neatly packages the result into an email sent to an email
address (eventually to be a ticketing system).

Almost everything on the page works great. The only thing I can't seem to
get working is how to verify that the fields in the form are not left empty
using javascript. The syntax I'm using seems like it should work, however
when I leave one or more of the fields empty, the email gets sent anyway
with the missing data.

Here's the app I was hoping someone might be able to suggest a successful
approach:

<html>
<head>
<title>LDAP Form</title>
<body>
  <?php

   if (isset($_POST['submit'])) {
    $requestor_email = $_POST['requestor_email'];
    $num_forms  = $_POST['num_forms'];
    }

    echo "<center>You will be creating $num_forms accounts
today.</center><br />";
    for($counter = 1;$counter<=$num_forms;$counter++) {
(Continue reading)

Permalink | Reply | 1 comment |
headers
Radek Krejča | 24 May 2013 09:06
Picon

json_decode mistery

Hello, I am usin json regulary, but in one script I have mistery:

echo($decrypted_data)."\n\n";
var_dump(json_decode($decrypted_data, true));
echo "\n";
var_dump(json_decode('{"result_ok":true,"result_message":null,"client_name":"Radek
Krej\u010da"}', true));

I got:

{"result_ok":true,"result_message":null,"client_name":"Radek Krej\u010da"}

NULL

array(3) {
  ["result_ok"]=>
  bool(true)
  ["result_message"]=>
  NULL
  ["client_name"]=>      a"
} string(13) "Radek KrejÄ

You can see, that in $decrypted_data, is stored valid (by my opinion) json data. If I use this variable in
json_decode, I got "null". And if I manualy use data displayed on screen, I got valid array.

Where I do mistake? If I remove client_name (so no utf8 is in json data), situation is the same.

Radek

--

--
(Continue reading)

Permalink | Reply | 5 comments |
headers
Last Hacker Always onpoint | 23 May 2013 22:51
Picon

Random

Hey I need code for random number 1-30 for my site.

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 11 comments |
headers
Last Hacker Always onpoint | 23 May 2013 22:21
Picon

Script

Hi please the script am using is an auto generated script: simple
machine function, and its having problems.
So please I'l like to ask if anyone can give me a cool music site
script like music212.com

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 2 comments |
headers
Johannes Schlüter | 23 May 2013 17:03
Picon
Gravatar

[PHP-DEV] PHP 5.3.26RC1 and 5.4.16RC1 Released for Testing!

Hi!

We've released PHP 5.3.26RC1 and 5.4.16RC1 which can be found here:

   5.3.26RC1:
   http://downloads.php.net/johannes/php-5.3.26RC1.tar.bz2
   http://downloads.php.net/johannes/php-5.3.26RC1.tar.gz

   5.4.16RC1:
   http://downloads.php.net/stas/php-5.4.16RC1.tar.bz2
   http://downloads.php.net/stas/php-5.4.16RC1.tar.gz

Windows binaries for both, as always, are at:
    http://windows.php.net/qa/

These are regular bugfix releases, the full list of issues fixed can be
found in the NEWS files. Please test and report if anything is broken.

If no critical issues is found in this RC, the final version will be
released in two weeks.

Regards,
    Stas Malyshev, Johannes Schlüter

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 0 comments |
headers
Richard Quadling | 23 May 2013 16:54
Picon
Gravatar

Simple objective which always seems to make me think I'm doing it wrong.

Hi.

I'm building an XML file.

It is within an OOP structure and is pretty simple.

The method is ...

    /**
     * Turn an error from the W2GlobalData service into normal document as
this will make it easier to integrate downstream.
     *
     *  <at> param \SimpleXMLElement $o_XML
     *  <at> return \SimpleXMLElement
     *  <at> todo Build document to be a correct request header with the
embedded error message.
     */
    public function normaliseError($o_XML)
    {
        $s_XML = <<< END_XML
<?xml version="1.0" encoding="UTF-8"?>
<doc>
    <service>UK Verification (Edited)</service>
    <searchtext>
        <forename>{$this->a_RequestData['forename']}</forename>
        <middlename>{$this->a_RequestData['middlename']}</middlename>
        <surname>{$this->a_RequestData['surname']}</surname>
        <address1>{$this->a_RequestData['address1']}</address1>
        <address2>{$this->a_RequestData['address2']}</address2>
        <postcode>{$this->a_RequestData['postcode']}</postcode>
(Continue reading)

Permalink | Reply | 3 comments |
headers
chris | 23 May 2013 08:16
Favicon

Source code of original PHP release.

I'm currently writing a paper on the evolution of PHP and web 
development/security as a whole.
One of the things I want to incorporate is snippets of source code to 
show how things have grown and advanced since the 90's

If anyone could help me out I would be much appreciated. All my 
attempts of trying to find it have turned up nothing :(

Cheers,
Christopher Tombleson
---------------------------
Github: https://github.com/chtombleson
Blog: http://blog.cribznetwork.com
Website: http://cribznetwork.com
Ohloh: https://www.ohloh.net/accounts/chtombleson/

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 3 comments |
headers
Lester Caine | 21 May 2013 21:08
Picon
Favicon
Gravatar

Doing something wrong?

I've got a new machine set up with SUSE12.3 but while it has PHP5.4, Apache is 
still stuck at 2.2, so I've downloaded and built 2.4.4 and PHP5.4.15 along with 
the modules I need but I'm having trouble actually getting it to load the 
'Additional' .ini files.
phpinfo is showing the change of location of the php.ini file, but nothing for 
the 'Scan this dir for additional .ini files' while the Configure shows 
'--with-config-file-scan-dir=/opt/apache2/conf/php5.d'
What am I missing?
It's working on the other machines and loading all the extra modules happily.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 2 comments |

Gmane