Patelkiranat1983’s Weblog

Just another WordPress.com weblog

Photolisting Logic In PHP

<table width=”89%” border=”0″ cellspacing=”0″ cellpadding=”0″>
<tr>
<td width=”25%” valign=”top” class=”Body_Text”>

 <table width=”100%” border=”0″ cellspacing=”0″ cellpadding=”0″>
 <?
 $cntr = 1;
 $qry = “select * from products”;
 $indexbody=”;
 $rs_qry = mysql_query($qry);
 $num=mysql_num_rows($rs_qry);
 while($fetch = mysql_fetch_array($rs_qry))
 {
  $pid = $fetch[‘product_id’];
  $image = “../gallery/”.$fetch[‘image’];
  $title = $fetch[‘title’];

  if($cntr%4 == 1)
  $indexbody.='<tr>’;
  $indexbody.='<td align=”center” valign=”top” class=”Body_Text”><br><table width=”100%” border=”0″ cellspacing=”0″ cellpadding=”0″><tr>’;
  $indexbody.='<td><img src=”‘.$image.'” mce_src=”‘.$image.'” width=”110″ height=”147″ class=”Border_Img” alt=”‘.ucwords($title).'”>’;
  $indexbody.='</td></tr><tr><td height=”30″ align=”center” valign=”top” class=”Text_ProductsBold”><br>’.ucwords($title).'</td></tr><tr>’;
  $indexbody.='<td align=”center” valign=”top”><input name=”submit” type=”submit” value=”Update” class=”but” style=”width:50px;” onclick=”setAction(\’edit\’);”>  <input name=”submit” type=”submit” value=”Delete” class=”but” style=”width:50px;”/><br /></td></tr></table>’;
 
  if($cntr == ($num-1))
  {
   if($cntr%4 == 0)
    $indexbody.='<td width=”25%” valign=”top” class=”Body_Text”></td><td width=”25%” valign=”top” class=”Body_Text”></td><td width=”25%” valign=”top” class=”Body_Text”></td>’;
   if($cntr%4 == 1)
    $indexbody.='<td width=”25%” valign=”top” class=”Body_Text”></td><td width=”25%” valign=”top” class=”Body_Text”></td>’; 
   if($cntr%4 == 2)
    $indexbody.='<td width=”25%” valign=”top” class=”Body_Text”></td>’; 
  }
  if($cntr%4 == 0)
   $indexbody.='</tr>’;
  $cntr++;
 }
echo $indexbody.”</table></td></tr></table><br>”;

Advertisements

December 24, 2007 Posted by | Uncategorized | Leave a comment

IMP Javascripts Functions

* Description:
* check on key down whether the value is numeric or not.
*
function numbersonly(evt) {

evt = (evt) ? evt: window.event;
// Detect issuing element.
var srcElt = (evt.target) ? evt.target : evt.srcElement;

var unicode = evt.charCode? evt.charCode : evt.keyCode;

if (unicode != 8) { //if the key isn’t the backspace key (which we should allow)
if (unicode < 48 || unicode > 57) { //if not a number
srcElt.value = ”;
return false //disable key press
}
}

return true;
}// End function: numbersonly.
  /*
* Name:
* limitlength
*/
function limitlength(obj, length) {

var maxlength = length;

if (obj.value.length > maxlength) {
obj.value = obj.value.substring(0, maxlength);
}
}//End of function limitlength
  /*
* Description:
* Get the javascript object. useful when some times explore not support document.getElementById()
* It is not used in this file yet. but if required then we can used this function to create the javascript object.
*/
function getElement(obj, d) {
var i,x;

if(!d) d=document;

if(!(x=d[obj])&&d.all)
x=d.all[obj];

for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][obj];

for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=GetElement(obj,d.layers[i].document);

if(!x && document.getElementById)
x=document.getElementById(obj);

return x;
}// End function: getElement.
  /*
* Description:
* Convert a first character of string as capital letter.
*
*/
function ucFirst(strArg) {
var charFirst = strArg.charAt(0);

if (parseInt(strArg.length)==1){
return charFirst.toUpperCase();
}
else
{
return charFirst.toUpperCase() + strArg.slice(1).toLowerCase();
}
}// End function: ucFirst.
  /*
* Description:
* This return the whole string ## seperator with the set of property on passed control.
* It is used for debugging purpose so, we can see which property is set to the particular object.
* but for style property it is working fine in mozill but display null value in internet explorer
*/
function getAttributes(countrolObj) {
var propartyValues = ”;

//it reads the tag one by one elements and create the corosponding hidden varaible in array……
for(var i=0;i<countrolObj.attributes.length;i++) {
if(countrolObj.attributes[i].specified) {
propartyValues += countrolObj.attributes[i].nodeName + “=” + countrolObj.attributes[i].nodeValue + ‘##’;
}
}

if(propartyValues) {
alert(‘All property with ## seperator ==> ‘);
alert(propartyValues);
}

return propartyValues;
} // End function: getAttributes.
12:44 PM /*
* Description:
* For checking the variable is object type or not.
*
*/
function isObject(a) {
return (a && typeof a == ‘object’) || isFunction(a);
} // End function: isObject.
function isFunction(a) {
return typeof a == ‘function’;
} // End function: isFunction.
  /*
* Description:
* Return the given text with the following HTML entities escaped:
* ampersand, single-quote, double-quote, angled brackets.
*/
function htmlEntitizeText(text) {
// Make sure ampersands are replaced FIRST, otherwise the ampersands of
// the escaped entities will themselves be escaped.
text = text.replace(/\&/g, ‘&’);
text = text.replace(/\”/g, ‘”‘);
// The standard “&apos;” is broken for some versions
// of IE. Use numeric entity replacement instead.
text = text.replace(/\’/g, ”’);
text = text.replace(/\</g, ‘<‘);
text = text.replace(/\>/g, ‘>’);

return text;
} // End function: htmlEntitizeText.

function textToHtmlEntities(text) {
// Make sure ampersands are replaced FIRST, otherwise the ampersands of
// the escaped entities will themselves be escaped.
text = text.replace(/\&/g, ‘&’);
text = text.replace(/\”/g, ‘”‘);
// The standard “&apos;” is broken for some versions
// of IE. Use numeric entity replacement instead.
text = text.replace(/\’/g, “‘”);
text = text.replace(/\</g, ‘<‘);
text = text.replace(/\>/g, ‘>’);

return text;
} // End function: htmlEntitizeText.
  *************

August 31, 2007 Posted by | Uncategorized | Leave a comment

PHP And CURL

<?
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_URL,”http://www.hiddenbrains.com&#8221;);
curl_setopt($cURL, CURLOPT_POST, 1);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cURL, CURLOPT_POSTFIELDS, “foo=1&bar=2”);
$strPage = curl_exec($cURL);
curl_close($cURL);

// Output page
die($strPage);
//echo $strPage;
?>

August 9, 2007 Posted by | Uncategorized | Leave a comment

Javascripts : get mouse position

function posicion_mouse(e) {
var posx = 0;
var posy = 0;
if(!e){ var e = window.event }

posx = (e.pageX) ? e.pageX : window.event.clientX + document.body.scrollLeft + document.documentElement.scrollLeft;
posy = (e.pageY) ? e.pageY : window.event.clientY + document.body.scrollTop + document.documentElement.scrollTop;

return {y: posy, x:posx}
}

August 9, 2007 Posted by | Uncategorized | Leave a comment

List Of good Site Name

//////// For good Coding ////////////

http://www.bytemycode.com/

http://www.the-art-of-web.com/

////////////////////////////////////////////////////////////////////////
////////////////////////// Start IMP LINKS /////////////////////////////
////////////////////////////////////////////////////////////////////////
Hi kiran,

Below are the links that you want.
////////////////////////////////////////////////////////////////////////
http://www.w3schools.com/tags/tag_dl.asp [for html, javascript, and all other]
http://www.htmlcodetutorial.com/ [for html, javascript, and all other]
///////////////////////FREE_E_BOOK
http://safari.oreilly.com/067232542X/ch03lev1sec7
http://portal.aauj.edu/portal_resources/downloads/web/asp_dot_net.pdf

////////////////Reg Expression
http://weblogtoolscollection.com/regex/regex.php

/////////////////////////// AJAX //////////////////////////////////
http://www.dhtmlgoodies.com/index.html
http://chronotron.wordpress.com/2006/04/11/ajax-get-started-resources-tutorials/
http://www.google.co.in/search?hl=en&q=css+%2B+div+%2B+scrollbar+%2B+FF&meta=
http://www.hotscripts.com/PHP/Scripts_and_Programs/Chat_Scripts/index.html
http://www.walterzorn.com/dragdrop/dragdrop_e.htm
http://www.javascriptkit.com/domref/
http://www.howtocreate.co.uk/tutorials/javascript/domstructure
http://www.e-magine.ro/web-dev-and-design/36/moodalbox/?adadasd=&sfdsf=#
http://ajaxpatterns.org/PHP_Ajax_Frameworks#PHPLiveX
http://www.php-sites.com/scripts,php,linki,36
http://www.php-sites.com/scripts,php,linki,47
http://www.opensourcecms.com/index.php?option=content&task=view&id=547

&Itemid=159
https://sourceforge.net/project/showfiles.php?group_id=19371

///////////////////////////////////// CURL //////////////////////////////////////////////////////////
http://curl.phptrack.com/forum/viewtopic.php?p=685&sid=c9ebc3b2fcdeecf6

d0af5af4b86b0788
http://curl.phptrack.com/

///////////////////////////////////// GMAIL Driver Class /////////////////////////////////////////////
http://sourceforge.net/project/screenshots.php?group_id=125071
http://sourceforge.net/project/showfiles.php?group_id=125071&package_id=136821

//////////////////////////////////// .htaccess //////////////////////////////////////////////////////////
http://corz.org/serv/tricks/htaccess.php
http://www.javascriptkit.com/howto/htaccess14.shtml
http://support.tagnet.org/password.php
http://www.webhostgear.com/63,2.html
http://cooletips.de/htaccess/
http://www.promotiondata.com/sections.php?op=viewarticle&artid=30
http://www.thejackol.com/htaccess-cheatsheet/

///////////////////////////////////// JAVASCRIPT ///////////////////////////////////////////////////////////
http://www.howtocreate.co.uk/jslibs/htmlhigh/capsDetect.html
http://www.visualbuilder.com/showCode.php?id=79643&scd_id=2575
http://www.codeproject.com/useritems/Detect_Caps_Lock.asp?print=true
http://webscripts.softpedia.com/cat/Forms-and-Controls-C-C-list-154-7-0-0.html
http://4wordsystems.com/javascript-email-validator.php
http://www.javascriptkit.com/script/cutindex24.shtml
http://javascript.internet.com/forms/check-cap-locks.html
http://www.jdstiles.com/java/checkforcaps.html
http://snippets.dzone.com/posts/show/142

///////////////////////////////////// META ///////////////////////////////////////////////////////////
http://www.webmates.ch/en/meta_tag_builder.html
http://www.webdevelopersnotes.com/tips/html/internet_explorer_tra

nsition_effects_for_web_pages.php3

///////////////////////////////////// MYSQL ///////////////////////////////////////////////////////////
http://www.issociate.de/board/post/301414/Access_denied_for_user_’ODBC

‘@’localhost’_(using_password:_NO).html
http://www.mikebernat.com/index/a/article/id/Making%20your%20MySQL%2

0Tables%20More%20Effeciant%20by%20Using%20Correct%20Fieldtypes?PHPS

ESSID=228c6f0ae3269cda36c7dc528e9c2a4d
http://www.vclcomponents.com/PHP/Web_Fetching_Scripts/Contact_Importe

r__Adress_Book_Grabber__for_hotmail__yahoo__gmail__aol__msn-info.html
http://marvinsweb.net/support/?View=entry&EntryID=45
http://dev.mysql.com/doc/refman/5.0/en/connecting-disconnecting.html
http://www.peachpit.com/articles/article.asp?p=30885&seqNum=1&rl=1
http://www.xnote.com/howto/mysql_field_types.html
http://www.browardphp.com/mysql_manual_en/manual_Client-Side_Scripts.html
http://www.developer.com/db/article.php/2235521
http://www.devshed.com/c/a/MySQL/Storage-Engine-Table-Types/
http://www.google.co.in/search?hl=en&q=table+types+%2B+mysql&meta=

/////////////////////////////////// thought //////////////////////////////////////////////////////////////////
http://www.dailygood.org/
http://www.interluderetreat.com/thought.htm
http://cihar.com/gammu/
http://www.parkerandhobbes.co.uk/sendsmstextmessage.php
http://www.sephiroth.it/tutorials/flashPHP/sms/
http://montreal.craigslist.org/eng/314114018.html
http://buddycheck.nuotex.qarchive.org/
http://hotscripts.topdownloads.net/detail/34160/yahoo-messenger-invisible-status.html
http://yahoo-messenger-invisible.ikitek.com/
//////////////////////////////////// GOOGLE SERACH LINKS ///////////////////////////////////////////////////////
http://www.google.com/custom?hl=en&client=pub-8993703457585266&cof=FOR

ID:1%3BAH:left%3BS:http://www.blackle.com/%3BCX:Blackle%3BL:http://ww

w.heapmedia.com/blackle/logo.jpg%3BLH:100%3BLP:1%3BBGC:%23000000%3BT:

%23999999%3BLC:%23cccccc%3BVLC:%23999999%3BGALT:%23666666%3BGFNT:

%23666666%3BGIMP:%23666666%3B&cx=!013269018370076798483:gg7jrrhpsy4

&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=random+password+%2B+php&spell=1

//////////////////start .htaccess related links////////////////////////////
http://www.shawngo.com/htaccess-tutorial.php
http://www.shaw.ca/en-ca/CustomerCare/InternetSupport/Business/WebSpace/

UsingWebSpace/htaccess.htm
——————————————————————————-
http://www.freewebmasterhelp.com/tutorials/htaccess/
http://www.buildwebsite4u.com/advanced/htaccess-file.shtml
http://www.outfront.net/tutorials_02/adv_tech/htaccess_magic2.htm
——————————————————————————-
http://httpd.apache.org/docs/1.3/howto/htaccess.html
http://httpd.apache.org/docs/2.0/howto/htaccess.html
http://www.javascriptkit.com/howto/htaccess.shtml
//////////////////end .htaccess related links////////////////////////////

http://www.xul.fr/en-xml-rss.html#why —————————Imp
http://www.faganfinder.com/search/rss.php
http://sports.espn.go.com/espn/news/story?page=rssinfo
http://www.feedvalidator.org/

http://www.unauthorizedentry.com/funny/main.php?banner=y# –Referece site
http://www.co.loudoun.va.us/rss/index.htm –Reference site

//////////////////////////USPS.com//////////////////////////
http://www.allthescripts.com/page-459312.htm (it’s good for USPS.com)
http://www.zend.com/code/codex.php?id=202&single=1

//////////////convert any unit to other related unit////////////////////
http://www.asknumbers.com/
////////////////////////////////////////////////////////////////////////
////////////////////////// End IMP LINKS /////////////////////////////
////////////////////////////////////////////////////////////////////////

August 9, 2007 Posted by | Uncategorized | Leave a comment

Multi Select Box to MySql DB Table

<?
//Create multi select box, pulling data from db
$sql = “SELECT id,name FROM table ORDER BY name ASC”;
$result = mysql_query($sql);

if($result && mysql_num_rows($result)>0)
{
?>
<select name=“id[]” size=5 multiple><option value=0 selected>Select Name…</option>
<?
for($i=0;$i<mysql_num_rows($result);$i++)
{
$arr=mysql_fetch_array($result);
echo “<option value=” . $arr[‘id’] . “>”.$arr[‘name’];
}
echo “</select>”;
}else
echo “No Names in DB”;
?>

<?
//when multi select is submitted from form, this part processes it

$id = $_POST[‘id’];

foreach ($_POST[‘id’] as $id)

$result_system = mysql_query(“INSERT INTO diff_table (diff_id,id) VALUES (’$diff_id’,’” . $id . “‘)”)or die(“Insert Error: “.mysql_error());

?>

August 9, 2007 Posted by | Uncategorized | Leave a comment

php ini settings

Hello Friends,

A article which describe what is the use of particular variable in php.ini files and how to do settings in this file. How to set each variable in php.ini file and what is the purpose of each is explain in this article. Please go through and will definetely get the solution.

Php.ini setting for each variable:

1 > allow_call_time_pass_reference Boolean

Whether to enable the ability to force arguments to be passed by reference at function call time. This method is deprecated and is likely to be unsupported in future versions of PHP/Zend. The encouraged method of specifying which arguments should be passed by reference is in the function declaration. You’re encouraged to try and turn this option Off and make sure your scripts work properly with it in order to ensure they will work with future versions of the language (you will receive a warning each time you use this feature, and the argument will be passed by value instead of by reference).

Passing arguments by reference at function call time was deprecated for code cleanliness reason. Function can modify its argument in undocumented way if it didn’t declare that the argument is passed by reference. To prevent side effects it’s better to specify which arguments are passed by reference in function declaration only.

====================================================

2 > allow_url_fopen

This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers.

This setting can only be set in php.ini due to security reasons.

This option was introduced immediately after the release of version 4.0.3. For versions up to and including 4.0.3 you can only disable this feature at compile time by using the configuration switch –disable-url-fopen-wrapper.

====================================================

3 > always_populate_raw_post_data Boolean

Always populate the $HTTP_RAW_POST_DATA variable.

4 > arg_separator.input

List of separator(s) used by PHP to parse input URLs into variables

5 > arg_separator.output

The separator used in PHP generated URLs to separate arguments

6 > asp_tags

Enables the use of ASP-like <% %> tags in addition to the usual <?php ?> tags. This includes the variable-value printing shorthand of <%= $value %>.

7 > auto_globals_jit Boolean

When enabled, the SERVER and ENV variables are created when they’re first used (Just In Time) instead of when the script starts. If these variables are not used within a script, having this directive on will result in a performance gain

The PHP directives register_globals, register_long_arrays, and register_argc_argv must be disabled for this directive to have any affect.

8 > display_error and display_startup_errors

These two settings control whether PHP should display errors in the browser or be silent. It is recommended that you turn these two settings Off during production so that you don’t accidentally display sensitive information about your Web site. This is especially true for dynamic Web sites that send usernames and password to access a database. In your php.ini file, this configuration will look like:

display_errors = off

display_startup_errors = off

9 > log_erros and error_log

There two settings control how PHP logs errors for later review. It is helpful to use these two settings if you have turned Off display_errors and display_startup_errors. In your php.ini file, this configuration will look like

Log_errors = On

Error_log = /hwxx/daxx/uwnetid/phperrors.log

Replace /hwxx/daxx/uwnetid/ with the path to your Web directory. Make sure that you have a file called phperrors.log in the root of your Web directory (typically public_html) and make sure it is read and writable by you

10 > session.save_path

This setting controls the location of server-side session cookies when your script uses PHP’s session management functions. The server default php.ini file has this variable set to /use/a/folder/in/your/web/root, disabling the user of sessions. In order to use PHP sessions, you will need to create a temp folder in your web directory and change this option to point to it:

There are a number of reasons for requiring this configuration:

(1) To make sure that another user doesn’t tamper with these cookies. (2)To keep the /tmp folder from filling up, causing other programs to fail. (3) Due to the clustered nature of the UW webservers, session info should be stored in a place that is available on all machines in the cluster

session.save_path = /hwxx/daxx/uwnetid/tmp

Replace /hwxx/daxx/uwnetid/ with the path to your Web directory. Again, make sure that you have a directory called tmp in the root of your Web directory (typically public_html) and make sure it is read and writable by you only

11 > upload_temp_dir

This setting controls the temporary location of files uploaded with an HTML form. If you don’t specify a path for this setting, uploaded files will be temporarily stored in a world-readable location on the server. To protect ease of manipulation and the confidentiality of such files, you should create a directory in your account and specify the new path in your php.ini file

upload_tmp_dir = /hwxx/daxx/uwnetid/tmp

Replace /hwxx/daxx/uwnetid/ with the path to your Web directory. Make sure that you have a directory called tmp in the root of your Web directory (typically public_html) and make sure it is read and writable by you only.

13 > enable_dl

This directive is really only useful in the Apache module version of PHP. You can turn dynamic loading of PHP extensions with dl() on and off per virtual server or per directory.

The main reason for turning dynamic loading off is security. With dynamic loading, it’s possible to ignore all open_basedir restrictions. The default is to allow dynamic loading, except when using safe mode. In safe mode, it’s always impossible to use dl().

14 > extension_dir string

In what directory PHP should look for dynamically loadable extensions

15 > file_uploads

Whether or not to allow HTTP file uploads. See also the upload_max_filesize, upload_tmp_dir, and post_max_size directives

16 > gpc_order

Set the order of GET/POST/COOKIE variable parsing. The default setting of this directive is “GPC”. Setting this to “GP”, for example, will cause PHP to completely ignore cookies and to overwrite any GET method variables with POST-method variables of the same name

This option is not available in PHP 4. Use variables_order instead

17 > include_path

Specifies a list of directories where the require(), include() and fopen_with_path() functions look for files. The format is like the system’s PATH environment variable: a list of directories separated with a colon in Unix or semicolon in Windows

Unix include_path

include_path=”.:/php/includes”

Window include_path

include_path=”.;c:\php\includes”

Using a . in the include path allows for relative includes as it means the current directory

18 > magic_quotes_gpc

Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ‘ (single-quote), ” (double quote), \ (backslash) and NUL’s are escaped with a backslash automatically.

19 > magic_quotes_runtime

If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.

20 > magic_quotes_sybase

If the magic_quotes_sybase directive is also ON it will completely override magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ”. Double quotes, backslashes and NUL’s will remain untouched and unescaped

21 > max_execution_time

This sets the maximum time in seconds a script is allowed to run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30.

The maximum execution time is not affected by system calls, stream operations etc. Please see the set_time_limit() function for more details.

You can not change this setting with ini_set() when running in safe mode. The only workaround is to turn off safe mode or by changing the time limit in the php.ini.

Your webserver can have other timeouts. E.g. Apache has Timeout directive, IIS has CGI timeout function, both default to 300 seconds. See the webserver documentation for meaning of it.

22 > max_input_time

This sets the maximum time in seconds a script is allowed to receive input data, like POST, GET and file uploads

23 > open_basedir

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it’s not possible to avoid this restriction with a symlink.

The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with “php_admin_value open_basedir none”.

Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.

The restriction specified with open_basedir is actually a prefix, not a directory name. This means that “open_basedir = /dir/incl” also allows access to “/dir/include” and “/dir/incls” if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: “open_basedir = /dir/incl/”

Note: Support for multiple directories was added in 3.0.7.

The default is to allow all files to be opened.

24 > output_buffering

Normally, session, cookie or HTTP header data in a PHP script must be sent before any output is generated by the script. If this is not possible in your application, you can enable what PHP calls output buffering, with the output_buffering variable.

With output buffering on, PHP stores the output of your script in a special memory buffer and sends it only when explicitly told to do so. This allows you to send special HTTP headers and cookie data even in the middle or at the end of your script; however, it can degrade performance marginally.

output_buffering = Off

You can also pass the output_buffering variable a number indicating the size of the buffer, for example:

output_buffering = 2048

25 > output_handler

You can redirect all of the output of your scripts to a function. For example, if you set output_handler to mb_output_handler(), character encoding will be transparently converted to the specified encoding. Setting any output handler automatically turns on output buffering.

Note: You cannot use both mb_output_handler() with ob_iconv_handler() and you cannot use both ob_gzhandler() and zlib.output_compression.

Note: Only built-in functions can be used with this directive. For user defined functions, use ob_start().

26 > post_max_size

Also related to form submission is the post_max_size variable, which controls the maximum amount of data that PHP will accept in a single form submission with the POST method. It’s unlikely you’ll ever need to increase this from the default value of 8 MB; instead, you should probably reduce it to a more realistic figure. However, if you’re planning on using the file upload features of PHP, keep this value greater than the value of upload_max_filesize.

post_max_size = 8M

27 > precision

The number of significant digits displayed in floating point numbers.

28 > register_argc_argv

Tells PHP whether to declare the argv & argc variables (that would contain the GET information).

29 > register_globals

New to PHP 4.1.0, the register_globals setting controls how you access form, server, and environment variables. By default this variable is set to Off, requiring you to use special arrays to access these variables. Those familiar with older versions of PHP will be used to an environment in which the register_globals variable is effectively On; with this setting, you can access form, server and environment variables simply by name

Note: This change occurred in PHP 4.1.0 because when register_globals is set to On, PHP scripts are more vulnerable to attacks. Some older PHP applications will require this setting to be on, but it is safer to write new scripts with the assumption that register_globals will be set to Off

To retrieve the value of <input name=”formVariable”> from a form submitted with the POST method, use the following syntax

PHP code when register_globals = On

$myNewVariable = $formVariable

PHP code when register_globals = Off

$myNewVariable = $_POST[’formVariable’];

30 > report_memleaks

report_memleaks is one of the few directives in the php.ini file that I’ve never had reason to change. Setting this to “Off” will prevent memory leak errors being displayed. However, memory leaks are only displayed when you compile PHP with “–enable-debug” (which allows you to perform some advanced tasks (eg backtraces). This would never affect a production environment, and rarely a development one.
Values: On (default), Off

31 > safe_mode

The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren’t very realistic, many people, especially ISP’s, use safe mode for now

Whether to enable PHP’s safe mode. Read the Security chapter for more information.

32 > safe_mode_exec_dir

If PHP is used in safe mode, system() and the other functions executing system programs refuse to start programs that are not in this directory. You have to use / as directory separator on all environments including Windows.

One Safe Mode trouble maker is safe_mode_exec_dir. By default safe_mode_exec_dir is empty, so external programs like `convert’ cannot be started.

In my testing, on one (Debian) server I was able to use Image Magick’s `convert’ command (but not for converting gallery images) by using the following steps:

Create a link to `convert’ in /usr/local/bin/ with

  ln -s /usr/bin/convert /usr/local/bin/

Enable starting programs in that directory with a line in php.ini

  safe_mode_exec_dir = "/usr/local/bin"

Restart the web server.
Make Qdig aware of the new location with

  $convert_cmd = '/usr/bin/convert';@@

This also works:

Enable starting /usr/bin programs in php.ini with

  safe_mode_exec_dir = "/usr/local/bin"

Restart the web server.

so does this:

Create a directory for PHP-safe binaries

  mkdir /usr/local/php_safe_bin

Create a link to `convert’ in /usr/local/bin/ with

  ln -s /usr/bin/convert /usr/local/php_safe_bin/

Enable starting programs in that directory with a line in php.ini

  safe_mode_exec_dir = "/usr/local/php_safe_bin"

Restart the web server.
Make Qdig aware of the new location with

  $convert_cmd = '/usr/php_safe_bin/convert';@@

The reason for creating a link rather than copying the file is because otherwise system updates will not replace the copy you are using.

For review, the three pertinent settings in php.ini are

  safe_mode = On
  safe_mode_gid = On
  safe_mode_exec_dir = "/path/to/convert/executable"

where only the top two lines are necessary if you are using GD to convert images.

33 > safe_mode_gid

By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access

To avoid the server-can’t-access-files-it-has-written error, the server administrator can enable PHP’s safe_mode_gid by adding this line

  safe_mode_gid = On

to the the server’s PHP configuration file (php.ini) and restarting the web server daemon.

Your web hosting provider should be willing to enable safe_mode_gid (manual page) for you because the security benefit probably exceeds the security risk. This is because

· files written in ordinary (non-SetGID) directories still will be blocked, and

· leaving it disabled encourages users to use world-writable directories and files.

Enabling safe_mod_gid, combined with using (temporarily) “2777″ (versus “777″) permissions for the qdig-files/ directory during setup, will cause your Qdig installation to Just Work as long PHP’s GD extension is loaded and available for image conversion

34 > safe_mode_include_dir

UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including).

As of PHP 4.2.0, this directive can take a colon (semi-colon on Windows) separated path in a fashion similar to the include_path directive, rather than just a single directory.

The restriction specified is actually a prefix, not a directory name. This means that “safe_mode_include_dir = /dir/incl” also allows access to “/dir/include” and “/dir/incls” if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: “safe_mode_include_dir = /dir/incl/”

If the value of this directive is empty, no files with different UID/GID can be included in PHP 4.2.3 and as of PHP 4.3.3. In earlier versions, all files could be included.

35 > sendmail_from

In either case, you’ll want to set the sendmail_from option to your email address, or whichever address you’d like to appear as the default ‘from’ address for emails sent from PHP scripts.

Here’s how the section might look on a typical Windows server, or on a Linux server without sendmail:

[mail function]
; Setup for Windows systems
SMTP = smtp.my.isp.net
sendmail_from = me@myserver.com

And here’s how it might look on a Linux server with sendmail:

[mail function]
; Setup for Linux systems
sendmail_path = /usr/sbin/sendmail -t
sendmail_from = me@myserver.com

36 > sendmail_path

If you’re going to use PHP’s mail() function, there are three variables you may need to set. The SMTP and sendmail_from variables (on Windows) or the sendmail_path variable (on UNIX) are used when sending e-mail messages through PHP’s mail() function. On Windows, these variables set the SMTP server to be used and the From: address to display in e-mail messages; on UNIX, the sendmail_path variable sets the path of the MTA (mail transfer agent) for mail delivery:

                        SMTP = myserver.localnet.com
   sendmail_from = me@localhost.com
                        sendmail_path = /usr/sbin/sendmail

37 > short_open_tag

Tells whether the short form (<? ?>) of PHP’s open tag should be allowed. If you want to use PHP in combination with XML, you can disable this option in order to use <?xml ?> inline. Otherwise, you can print it with PHP, for example: <?php echo ‘<?xml version=”1.0″‘; ?>. Also if disabled, you must use the long form of the PHP open tag (<?php ?>).

Note: This directive also affects the shorthand <?=, which is identical to <? echo. Use of this shortcut requires short_open_tag to be on.

38 > SMTP

If you’re going to use PHP’s mail() function, there are three variables you may need to set. The SMTP and sendmail_from variables (on Windows) or the sendmail_path variable (on UNIX) are used when sending e-mail messages through PHP’s mail() function. On Windows, these variables set the SMTP server to be used and the From: address to display in e-mail messages; on UNIX, the sendmail_path variable sets the path of the MTA (mail transfer agent) for mail delivery:

SMTP = myserver.localnet.com

39 > smtp_port

Used under Windows only: Number of the port to connect to the server specified with the SMTP setting when sending mail with mail(); defaults to 25. Only available since PHP 4.3.0.

40 > track_errors

If enabled, the last error message will always be present in the global variable $php_errormsg

In addition, if you set the php.ini setting track_errors = On, the last error message encountered will be stored in $php_errormsg. This is true regardless of whether you have used the @ syntax for error suppression

41 > unserialize_callback_func

The unserialize_callback_func directive is one of the more advanced settings in the php.ini file, and the chances are very good that if you change this before you are familiar with serialization, you will cause massive problems on your own server. I’d leave this well alone!

42 > upload_max_filesize

The maximum size of an uploaded file. When an integer is used, the value is measured in bytes. You may also use shorthand notation as described in this FAQ.

43 > upload_tmp_dir

This setting controls the temporary location of files uploaded with an HTML form. If you don’t specify a path for this setting, uploaded files will be temporarily stored in a world-readable location on the server. To protect ease of manipulation and the confidentiality of such files, you should create a directory in your account and specify the new path in your php.ini file:

upload_tmp_dir = /hwxx/daxx/uwnetid/tmp

Replace /hwxx/daxx/uwnetid/ with the path to your Web directory. Make sure that you have a directory called tmp in the root of your Web directory (typically public_html) and make sure it is read and writable by you only.

44 > user_dir

The base name of the directory used on a user’s home directory for PHP files, for example public_html.

45 > variables_order

Set the order of the EGPCS (Environment, GET, POST, Cookie, Server) variable parsing. The default setting of this directive is “EGPCS”. Setting this to “GP”, for example, will cause PHP to completely ignore environment variables, cookies and server variables, and to overwrite any GET method variables with POST-method variables of the same name

46 > y2k_compliance

The y2k_compliance directive instructs PHP to use 4-digit years. This setting can apparently cause problems with some browsers (Navigator 3, and possibly others – any that can’t understand 4-digit years) when set to On. However, not having it On will possibly cause problems with modern browsers, which can have problems with 2-digit years. I leave this on.

Values: On (default), Off

47 > zend.ze1_compatibility_mode

Enable compatibility mode with Zend Engine 1 (PHP 4). It affects the cloning, casting, and comparing of objects

SESSION

48 > Session Support

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

A visitor accessing your web site is assigned an unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

The session support allows you to register arbitrary numbers of variables to be preserved across requests. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

49 > session.name string

session.name specifies the name of the session which is used as cookie name. It should only contain alphanumeric characters. Defaults to PHPSESSID. See also session_name().

50 > session.auto_start boolean

session.auto_start specifies whether the session module starts a session automatically on request startup. Defaults to 0 (disabled).

51 > session.serialize_handler string

session.serialize_handler defines the name of the handler which is used to serialize/deserialize data. Currently, a PHP internal format (name php) and WDDX is supported (name wddx). WDDX is only available, if PHP is compiled with WDDX support. Defaults to php.

52 > session.gc_probability integer

session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is started. Defaults to 1. See session.gc_divisor for details.

53 > session.gc_divisor integer

session.gc_divisor coupled with session.gc_probability defines the probability that the gc (garbage collection) process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request. session.gc_divisor defaults to 100.

54 > session.gc_maxlifetime integer

session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up.

Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other fs where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won’t have problems with filesystems where atime tracking is not available.

55 > session.referer_check string

session.referer_check contains the substring you want to check each HTTP Referer for. If the Referer was sent by the client and the substring was not found, the embedded session id will be marked as invalid. Defaults to the empty string.

56 > session.entropy_file string

session.entropy_file gives a path to an external resource (file) which will be used as an additional entropy source in the session id creation process. Examples are /dev/random or /dev/urandom which are available on many Unix systems.

57 > session.entropy_length integer

session.entropy_length specifies the number of bytes which will be read from the file specified above. Defaults to 0 (disabled).

58 > session.use_cookies boolean

session.use_cookies specifies whether the module will use cookies to store the session id on the client side. Defaults to 1 (enabled).

59 > session.use_only_cookies boolean

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

60 > session.cookie_lifetime integer

session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means “until the browser is closed.” Defaults to 0. See also session_get_cookie_params() and session_set_cookie_params().

61 > session.cookie_path string

session.cookie_path specifies path to set in session_cookie. Defaults to /. See also session_get_cookie_params() and session_set_cookie_params().

62 > session.cookie_domain string

session.cookie_domain specifies the domain to set in session_cookie. Default is none at all. See also session_get_cookie_params() and session_set_cookie_params().

63 > session.cookie_secure boolean

session.cookie_secure specifies whether cookies should only be sent over secure connections. Defaults to off. This setting was added in PHP 4.0.4. See also session_get_cookie_params() and session_set_cookie_params().

64 > session.cache_limiter string

session.cache_limiter specifies cache control method to use for session pages (none/nocache/private/private_no_expire/public). Defaults to nocache. See also session_cache_limiter().

65 > session.cache_expire integer

session.cache_expire specifies time-to-live for cached session pages in minutes, this has no effect for nocache limiter. Defaults to 180. See also session_cache_expire().

66 > session.use_trans_sid boolean

session.use_trans_sid whether transparent sid support is enabled or not. Defaults to 0 (disabled).

Note: For PHP 4.1.2 or less, it is enabled by compiling with –enable-trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.

URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

67 > session.bug_compat_42 boolean

PHP versions 4.2.3 and lower have an undocumented feature/bug that allows you to initialize a session variable in the global scope, albeit register_globals is disabled. PHP 4.3.0 and later will warn you, if this feature is used, and if session.bug_compat_warn is also enabled. This feature/bug can be disabled by disabling this directive.

68 > session.bug_compat_warn boolean

PHP versions 4.2.3 and lower have an undocumented feature/bug that allows you to initialize a session variable in the global scope, albeit register_globals is disabled. PHP 4.3.0 and later will warn you, if this feature is used by enabling both session.bug_compat_42 and session.bug_compat_warn.

69 > session.hash_function integer

session.hash_function allows you to specify the hash algorithm used to generate the session IDs. ‘0′ means MD5 (128 bits) and ‘1′ means SHA-1 (160 bits).

Note: This was introduced in PHP 5.

70 > session.hash_bits_per_character integer

session.hash_bits_per_character allows you to define how many bits are stored in each character when converting the binary hash data to something readable. The possible values are ‘4′ (0-9, a-f), ‘5′ (0-9, a-v), and ‘6′ (0-9, a-z, A-Z, “-”, “,”).

Note: This was introduced in PHP 5.

71 > url_rewriter.tags string

url_rewriter.tags specifies which HTML tags are rewritten to include session id if transparent sid support is enabled. Defaults to a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=

Note: If you want XHTML conformity, remove the form entry and use the <fieldset> tags around your form fields.

You can add your comments and suggesions regarding this article.

August 9, 2007 Posted by | Uncategorized | Leave a comment

PHP – Make URLs clickable (And short down)

<?php

$text = ‘Some text here with an URL here http://www.superlongurl.com/superlongfoldername/filename.ext and some more text here blah blah blah.’;

/*
Makes the URLs clickable and shorts them down to 35 chars max since it’s the default value and no other one was specified.
*/

echo parse_urls($text);

/*
Outputs: Some text here with an URL here http://www.superlongurl.c…ilename.ext and some more text here blah blah blah.
*/

echo parse_urls($text, 40);

/*
Makes the URLs clickable, but doesn’t short them down.
*/

echo parse_urls($text, false);

/*
Makes the URLs clickable, and sets the target attribute to _blank, so they will open in a new window. This can be left in blank. The default target is _self.
*/

echo parse_urls($text, false, ‘_blank’);

function parse_urls($text, $maxurl_len = 35, $target = ‘_self’)
{
if (preg_match_all(‘/((ht|f)tps?:\/\/([\w\.]+\.)?[\w-]+(\.[a-zA-Z]{2,4})?[^\s\r\n\(\)\’<>\,\!]+)/si’, $text, $urls))
{
$offset1 = ceil(0.65 * $maxurl_len)2;
$offset2 = ceil(0.30 * $maxurl_len)1;

foreach (array_unique($urls[1]) AS $url)
{
if ($maxurl_len AND strlen($url) > $maxurl_len)
{
$urltext = substr($url, 0, $offset1) . ‘…’ . substr($url, –$offset2);
}
else
{
$urltext = $url;
}

$text = str_replace($url, ‘<a href=”‘. $url .‘” target=”‘. $target .‘” title=”‘. $url .‘”>’. $urltext .‘</a>’, $text);
}
}

return $text;
}
?>

August 9, 2007 Posted by | Uncategorized | Leave a comment

List files in dir

<?php
echo ‘<h1>Index of /adult/</h1>’;
echo ‘<ul>’;
echo ‘<li><a href=”/”> Parent Directory</a></li>’;

$dir = scandir(‘.’);
$files = count( $dir );
for ( $i = 0; $i < $files; $i++ )
{
if ( is_file($dir[$i]) && strlen( $dir[$i] ) <= 36 && ( strstr( strtolower( $dir[$i] ), ‘.htm’ ) || strstr( strtolower( $dir[$i] ), ‘.html’ ) || strstr( strtolower( $dir[$i] ), ‘.php’ ) ) )
echo “<li><a href=\”$dir[$i]\”>$dir[$i]</a></li><br>”;

if ( is_dir($dir[$i]) && $dir[$i] != “.” && $dir[$i] != “..” && $dir[$i] != “adult” )
echo “<li>FOLDER – !!!! <a href=\”$dir[$i]\”/>$dir[$i]/</a></li><br>”;
}

echo ‘</ul>’;
?>

August 9, 2007 Posted by | Uncategorized | Leave a comment

Tiny PHP Uploader

<?if(isset($_FILES[‘x’])) {
if
($_FILES[‘x’][’size’]>1024*1024){die(‘too big’);
}

if(substr($_FILES[‘x’][‘type’],0,5)==‘image’) {

$p=$_FILES[‘x’][‘name’];

copy($_FILES[‘x’][‘tmp_name’],$p);

echo $p;

}else{

die(‘not image’);

}

}

?>

<form action=“” method=“post” enctype=“multipart/form-data”>
<input type=“file” name=“x”><input type=“submit”/>

<input type=“hidden” name=“MAX_FILE_SIZE” value=“1048576″>

</form>


August 9, 2007 Posted by | Uncategorized | Leave a comment