PHP - Protecting Php From Hung Cli Calls

I have had a customer want to run my application (PHP/APACHE/MYSQL) on their server rather than a commercial hosting offering (JUSTHOST/GODADDY)   I am reluctant, as it means giving them access to my PHP code which could possibly be copied or distributed.    Can I protect against this?    

Hi, I'm putting together a database that once logged in, a user is able to insert, update and delete records via html forms.

The login is secured using mysql_real_escape_string, but I'm wondering should I do the same for all form elements that pass data to the db? There are a wide range of inputs, from numeric, alphanumeric, dates and more.

I'd appreciate your feedback.

Regards,

James

Hi all,

I'm working on this site which I'll soon ask the guys in the testing forum to have a peek at.  It's essentially an online community that was a uni project that has spiraled and grown exponetially.

I've spent many many hours in front of books and tutorals etc to put it together and as far as scripting goes, it seems to be fine.  The problem i'm having...The tut's that I read / watched were using eregi_replace to protect text fields and this is now unsuported.

I want my site to be as secure as it can be, within reason.

I've tried using preg_replace instead and have searched for the syntax but i keep getting strang results.
I'm working on the "bio" field at the moment and then when that works I can move on and a-ply the same idea to the other fields.

This si what I have and what I've changed.
if ($_POST['parse_var'] == "bio"){
   
    $bio_body = $_POST['bio_body'];
    //$bio_body = str_replace("'", "'", $bio_body);  (WAS TESTING THIS BUT NO JOY)
    //$bio_body = str_replace("`", "'", $bio_body);
         $bio_body = mysql_real_escape_string($bio_body);
         $bio_body = nl2br(htmlspecialchars($bio_body));

        $bio = $_POST['bio'];
   $bio = eregi_replace("'", "'", $bio);           (This works but is not as secure)
   $bio = eregi_replace("`", "'", $bio);
        $bio = mysql_real_escape_string($bio);
        $bio = nl2br(htmlspecialchars($_POST['bio']));

        $sqlUpdate = mysql_query("UPDATE members SET bio='$bio' WHERE id='$id'");
       and so on....}


When I change it to str_replace if I type in don't the whole word is deleted.  when I type in preg I get an error.
Can someone please give me the correct code / syntax for getting the result I want.

I just want to make sure that every single field that has a user input is protected against any malicious attacks.
Thanks.

Is there a good way to batch API calls?
I'm building a service that requires  n^2 api calls for each city I add.  Naturally, this is getting a bit clunky (6 cities is 36 separate calls).  I lieu of finding a better webservice that can consolidate this into one API call, is there a good way to batch these so I don't get fatal errors when one of these fails?

Ideally, I'd be able to loop the calls until results are returned for each.

Thanks

Hi,
Is it possible to return information on a cURL call. for example i want to kind of make my own API for my website cn i make a cURL call to my server and return data back to the client or is cURL just to send data.

if cURL is just to send data what is another method to send a request and receive data back on the call?

Thanks
Mike

Apparently, this is bad.  Wish someone would have told me.

Sadly, it is too simple.

I had
Code: [Select]
<?
$company=mysql_query("select this and that")
while($company=mysql_fetch_array($company)) {
   a bit of output;
   $properties=mysql_query("Select this and that from properties where company_id=$company['id']")
   while(properties=mysql_fetch_array()) {
        what I want to output
    }
}
I seem to be missing some understanding of what the heck to do now.

Please, please any suggestions.  I suck at object orientation, and arrays of arrays of arrays confuse the crap out of me.  Am I missing something simple.

Am I over-reacting?  I have 15 companies, and about 100 properties total.

Hello   I am looking for a way to log all incoming requests to a nusoap web service to a file.. any suggestions?   Thanks

This is my first time messing with SOAP.

$params = array(
'user' => 'username@gmail.com',
'password' => 'password',
'keyStr' => $keyStr,
'subId' => $subId);

$return_string = $client->call('getKey','getTodaySubIDStats','getYesterdaySubIDStats','getMonthToDateSubIDStats','getLastMonthSubIDStats', $params);

The

$return_string = $client->call('getKey','getTodaySubIDStats','getYesterdaySubIDStats','getMonthToDateSubIDStats','getLastMonthSubIDStats', $params);

spits out

Fatal error: Uncaught SoapFault exception: [Client] Function ("call") is not a valid method for this service in /home/site82/public_html/stats.php:20 Stack trace: #0 /home/site82/public_html/stats.php(20): SoapClient->__call('call', Array) #1 /home/site82/public_html/stats.php(20): SoapClient->call('getKey', 'getTodaySubIDSt...', 'getYesterdaySub...', 'getMonthToDateS...', 'getLastMonthSub...', Array) #2 {main} thrown in /home/site82/public_html/stats.php on line 20

So I E-Mailed support and got this

Quote

There are two different ways to make SOAP API calls, depending on which PHP library you use.

The example in the document has a client which wants calls like this:

$client->call('funcname', parm1, parm2)

The other type of call, which I think your client is using, is like this:

$client->funcname(parm1, parm2)

Switch over your coding and that should eliminate the problem you are getting.


so I tried...

$return_string = $client->getTodaySubIDStats(user,password,keyStr,subId);

and it then spits out

Fatal error: Uncaught SoapFault exception: [HTTP] Internal Server Error in /home/site82/public_html/stats.php:17 Stack trace: #0 [internal function]: SoapClient->__doRequest('<?xml version="...', 'http://www.maxb...', '', 1, 0) #1 /home/site82/public_html/stats.php(17): SoapClient->__call('getTodaySubIDSt...', Array) #2 /home/site82/public_html/stats.php(17): SoapClient->getTodaySubIDStats('user', 'password', 'keyStr', 'subId') #3 {main} thrown in /home/site82/public_html/stats.php on line 17

How do I call it the correct way??

http://pastebin.com/DbHQSYd7

Been stumbling my way through OOP and seem to be understanding it for the most part (I think..) But I've got a couple questions / kinks that I can't seem to work out.

a) How do I return a variable from a class so that a different class has access to it (meta_data)
b) I'm getting a "$this" cannot be redefined error (which I know why, but I don't know how to fix))
c) How do I call a function from within one class, where the function resides in another class, AND pass it variables?

Any help would be greatly appreciated

I've tried to Google warrior A and I think I can figure that one out, but B and C are proving to be the real stumbling blocks.

Hi,
I am trying to output my data call rows, alongside each other till two, then break and start a new row. and so on and so on.
this is not really a example question, i think its more a request information question and example question.

How would i go about $outputting the rows alongside each other?

i have tried:

$output_rows['MYDATA']='then in here i have had a complete table with all the css and styling and information entered'; //but i couldn't get it alongside each other on the html page?

then i tried outputting the information and had the tables and css setup on the .html page, but that gave me duplicate entries alongside each other, as no i was entering data from the {MYDATA}.. Twice..

I am really stuck!
if any one can assist Great.   

I have this code that has
Code: [Select]
$this->BeginTransaction();all over it. These are in classes where no such function is defined, and they don't have parents either. It's driving my crazy trying to figure out why they are there, why there's not so much as a warning being given and what, if anything, is being called.
Now I do have a
Code: [Select]
set_error_handler("amfErrorHandler");and in amfErrorHandler I have
Code: [Select]
if( error_reporting() != 0 && ($amfphpErrorLevel | $level) == $amfphpErrorLevel ) {
throw new VerboseException($string, $level, $file, $line);
}
I don't remember what $amfphpErrorLevel is, except that it should only be ignoring things like E_STRICT. Also, no exception is being thrown. So what do I do w/this code?

but never on the first call.  Okay, I posted this on StackOverflow but no one there seems to have an answer either.  I have this simple function:

Code: [Select]
public function delete($messageID) {
$type = $this->findType($messageID);
if ($type == 'in') {
foreach ($this->inArr as $key => $value) {
if ($this->inArr[$key]->messageID != $messageID)
$implodeData[$key] = $this->inArr[$key]->messageID;
}
if (!isset($implodeData))
$imploded = '0';
else
$imploded = implode(',', $implodeData);
$result = $this->_database->updatePMUser('inArr', $imploded, 'UID', $this->UID);
$result2 = $this->_database->deletePM('messageID', $messageID);
return;
}
else {
foreach ($this->sentArr as $key => $value) {
if ($this->sentArr[$key]->messageID != $messageID)
$implodeData[$key] = $this->sentArr[$key]->messageID;
}
if (!isset($implodeData))
$imploded = '0';
else
$imploded = implode(',', $implodeData);
$result = $this->_database->updatePMUser('sentArr', $imploded, 'UID', $this->UID);
$result2 = $this->_database->deletePM('messageID', $messageID);
return;
}
}
It is a delete function for a private messaging program for a forum script I'm writing.  Anyway, here's the issue - it works!  But only sometimes.  It is called in 3 different places, always from a form processing class I have, once in the view message section to delete a message you're viewing, in a foreach from the sentbox options section and then a foreach in the inbox options section.  The inbox and sentbox option sections do that whole "delete the checked messages" for the mass removal functionality.  The delete function above works in all ways shapes and forms when I use it in single calls - like when I'm deleting a message while viewing it or when I only check one message from the inbox, etc - but when I call it multiple times (as in I have checked multiple messages) - it fully deletes one (both the message and the reference to the message in the user's db row) and then only deletes the actual message on the others (deleting the message is the call to deletePM - deleting the reference is the call to updatePMUser).

Okay, if you need further information - the function above checks the type the message is (in the inbox or in the sentbox) and then uses that to foreach through that array (inArr or sentArr) of the user.  It logs in all the messageIDs of the those that DON'T match the one we're deleting and then at the end it implodes those caught IDs into a string that is then updated in the user's row as a comma separated string of values each representing a message in the DB - you get the picture.  I realize I have some trimming to do (for one I can cut the above function down by about half by using variable variables) but I'll get to that after I get the thing working.  I can't figure out why it's doing what it's doing.  If you need the function that calls this in the foreach, I have it below.  Oh, and the thing that really boggles me is that this function is called fully for each checked message in the foreach - it fully returns and then loops - if it works once, I don't see how it wouldn't work on a second call from a loop - the variables it uses should be trashed when it leaves the function, they aren't global or object properties or anything.  Color me confused.

Thanks for any help, oh, here's one of the functions that calls it to delete checked messages (this one is for the sentbox, there is another for the inbox):

Code: [Select]
private function _processSelectedSent() {
$pmObj = unserialize(base64_decode($_POST['pmObj']));
$i=1;
foreach ($_POST as $key => $value) {
if ($value == 'marked') {
$checkedArray[$i] = $key;
$i++;
}
}
if ($_POST['submitter'] == 'Delete Selected') {
if (is_array($checkedArray)) {
foreach ($checkedArray as $key => $value)
$pmObj->delete($value);
}
else
$pmObj->delete($checkedArray[1]);
header("Location: ".HOME_PAGE.PM_PAGE."?view=sentbox&nocache=".time());
}
}

I need to debug a php program.  I've tried to use something like:

 $debuginfo = var_dump(debug_backtrace());

and then write $debuginfo  to a text file for later review.

The problem I have is that this approach uses the output stream and my program also wants to write to the output stream.  Unfortunately, other programs are using the output stream and dumping dignostic data to the outputstream mesess with the state of the program.

Is there a way to get a snapshot of variables and calls without interfering with the output stream?

Thanks

Mike

I everyone, I'm developing a small MVC framework for my personal work, now, in order to have access from all the classes to certain variables I've created a registry class, for this to work I have 2 options:
1.- passing every time the registry object to the constructor class(controllers, models, etc)
or
2.- create in the registry static set and get so I can reach the variables by Registry::set(name, value) and Registry::get(name)

My question is, which one of this two options takes less resources(is faster)?

I hope anyone can help me with this, thanks in advance