Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 115/1734 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

  • PHP Zend Hash Vulnerability Exploitation Vector [closed]

    - by Resurrected Laplacian
    Possible Duplicate: CVE-2007-5416 PHP Zend Hash Vulnerability Exploitation Vector (Drupal) According to exploit-db, http://www.exploit-db.com/exploits/4510/, it says the following: Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/ What are "[callbacks]","[1]" and all these stuffs? What should I put in to these stuffs? Can anyone present a real possible example? I wasn't asking for a real website; I was asking for a possible example! So, how would address be like - what should I put in to these stuffs, as the question says..

    Read the article

  • PHP and MySQL related Problem

    - by Tareq
    Hi friends, I have a local LAN to my office. Recently I designed a New Software system using PHP, MySQL for my office. My boss wants to see the reports from online. My problem is, my network connection is often failed to my office. But I have to input all time. So, now I want to use two instances of my software. One will be using the LAN and one will be uploaded to my server. My question is, how can I easily keep the both databases up-to-date always? Please help me with this issue. If you want more info please feel free to ask me.

    Read the article

  • IIS 7 with PHP in Domain with Windows Authentication

    - by Michal Saiyan Hajdony
    I have Windows Server 2008 R2 x64b installed with IIS 7, PHP 5.5. This server is added to domain exampledomain , so I have win authentication enabled and all others disabled. I left the two default providers NTLM and negotiate, I granted IIS_IUSRS read access to wwwroot. So far it has worked for me only as I am added to the Administrators group which has read/write access to wwwroot folder. Yet, when someone else is trying to connect, he gets a credentials window and when he puts the domain name and password he cannot get access to the page. The issue is solved when I add read permission to "Domain users" - then all works fine. BUT. My issue is that if one opens windows explorer and types \\servername\wwwroot one can see the files and read them. I have never configured IIS before so I know I miss some really important thing. How can I solve the file visibility problem?

    Read the article

  • Why Netbeans 6.8 remote project (php) uploads all files by default

    - by xaguilars
    Hi I wanted to know if there's some option for disabling Netbeans to upload all files of a recently imported remote (php) project. I always check "Upload files on run", in the project configuration. But when I click on run Netbeans selects all files by default (I modified only some). The file checkboxes cannot be disabled at once and you have to do this one by one (imagine you have 5000 files...). That's annoying. Do you know any solution? thank you

    Read the article

  • Apache has many PHP session files

    - by PiTheNumber
    # ls /var/lib/php5 | wc -l 7488 # ls -la -rw------- 1 wwwrun www 0 Nov 9 15:30 sess_vtuh671rlafdidfjmgjfu6065p4tfieg -rw------- 1 wwwrun www 0 Nov 12 02:30 sess_vu9pn476oiqbsd20q4s2brt60b9vg90d -rw------- 1 wwwrun www 0 Nov 9 15:07 sess_vuonfs2cqsdiq8ja51ornh6lp5j9mf93 -rw------- 1 wwwrun www 0 Nov 9 16:02 sess_vuutcad8as55il34db3uqhqrsltd4q6o -rw------- 1 wwwrun www 0 Nov 9 23:26 sess_vv2mrv5dnlnts6das4g5jlfldael4l0e -rw------- 1 wwwrun www 44 Nov 9 20:35 sess_vvc0cfjuvk3lqb5m97fv6gsmv6bjhsdk -rw------- 1 wwwrun www 0 Nov 9 10:33 sess_vvq82fhj9lg29gaejemlb2lrk25mqv7d -rw------- 1 wwwrun www 0 Nov 9 20:36 sess_vvtd4ka8rfmcroa34unl06916ubj8sb9 Most of them are empty. There are not so many users on the server so I wonder where those files came from. Is this a problem or how does apache handle those file? Do they get delete automaticly? Could this be caused by a bad PHP file?

    Read the article

  • Allow PHP to write file without 777

    - by camerongray
    I am setting up a simple website on webspace provided by my university. I do not have database access so I am storing all the data in a flat file. The issue I am experiencing is related to file permissions. I need PHP to be able to read and write the data file but I don't really want to set the file to 777 as anybody else on the system could modify it, they already have read access to everyone's web directories. Does anyone have any ideas on how to accomplish this? Thanks in advance

    Read the article

  • Apache server, PHP

    - by user65649
    I am running a php site on my apache server (Mac). I am having trouble displaying images on the site when I access it externally or from another computer on the same server. If I try to access the image directly. website.com/image.jpg I get a broken link icon and can't display the image. Any ideas what could cause this? My images are embedded using a style.css file. background-image:url(image.jpg);

    Read the article

  • installing php gd on ubuntu on a vps server

    - by user235196
    I was working on localhost with resizing images and everything was great. Than I uploaded to my server and things got interesting. After searching around, looks like I have to enable php-gd on my server. I tried running the line sudo apt-get install php5-gd using putty, and it didn't work. Any ideas why? Also, after the install, I assume I will need to run the function sudo reboot right? clearly I'm not an expert in this area :p

    Read the article

  • Are there any differences between SQL Server and MySQL when it comes to preventing SQL injection?

    - by Derek Adair
    I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/SQL Server? What steps do I need to take in order to protect against SQL injection with SQL Server? What are the differences between SQL Server and MySQL pertaining to SQL injection prevention? also - is this post accurate? is the escape string character for SQL Server a single quote?

    Read the article

  • Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?

    - by Derek Adair
    I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?

    Read the article

  • RewriteRule help

    - by Camran
    I have successfully setup htaccess to do this: domain.com/ad.php?ad_id=bmw_m3_2498224 INTO: domain.com/ads/bmw_m3_2498224 However, I have a link on the page which makes the page submit to itself... The link saves the ad inside a cookie: domain.com/ad.php?ad_id=bmw_m3_2498224&save=1 // Note the 'save' variable I need to make this work on the rewritten rule also, so this link: domain.com/ads/bmw_m3_2498224/save will save the cookie... I have this so far which DOES NOT work for the save part: RewriteRule ^annons/([a-zA-Z0-9_]+)$ ad.php?ad_id=$1 [NC,L] How can I include another rule to accomplish what I want? Thanks

    Read the article

  • [GEEK SCHOOL] Network Security 2: Preventing Disaster with User Account Control

    - by Ciprian Rusen
    In this second lesson in our How-To Geek School about securing the Windows devices in your network, we will talk about User Account Control (UAC). Users encounter this feature each time they need to install desktop applications in Windows, when some applications need administrator permissions in order to work and when they have to change different system settings and files. UAC was introduced in Windows Vista as part of Microsoft’s “Trustworthy Computing” initiative. Basically, UAC is meant to act as a wedge between you and installing applications or making system changes. When you attempt to do either of these actions, UAC will pop up and interrupt you. You may either have to confirm you know what you’re doing, or even enter an administrator password if you don’t have those rights. Some users find UAC annoying and choose to disable it but this very important security feature of Windows (and we strongly caution against doing that). That’s why in this lesson, we will carefully explain what UAC is and everything it does. As you will see, this feature has an important role in keeping Windows safe from all kinds of security problems. In this lesson you will learn which activities may trigger a UAC prompt asking for permissions and how UAC can be set so that it strikes the best balance between usability and security. You will also learn what kind of information you can find in each UAC prompt. Last but not least, you will learn why you should never turn off this feature of Windows. By the time we’re done today, we think you will have a newly found appreciation for UAC, and will be able to find a happy medium between turning it off completely and letting it annoy you to distraction. What is UAC and How Does it Work? UAC or User Account Control is a security feature that helps prevent unauthorized system changes to your Windows computer or device. These changes can be made by users, applications, and sadly, malware (which is the biggest reason why UAC exists in the first place). When an important system change is initiated, Windows displays a UAC prompt asking for your permission to make the change. If you don’t give your approval, the change is not made. In Windows, you will encounter UAC prompts mostly when working with desktop applications that require administrative permissions. For example, in order to install an application, the installer (generally a setup.exe file) asks Windows for administrative permissions. UAC initiates an elevation prompt like the one shown earlier asking you whether it is okay to elevate permissions or not. If you say “Yes”, the installer starts as administrator and it is able to make the necessary system changes in order to install the application correctly. When the installer is closed, its administrator privileges are gone. If you run it again, the UAC prompt is shown again because your previous approval is not remembered. If you say “No”, the installer is not allowed to run and no system changes are made. If a system change is initiated from a user account that is not an administrator, e.g. the Guest account, the UAC prompt will also ask for the administrator password in order to give the necessary permissions. Without this password, the change won’t be made. Which Activities Trigger a UAC Prompt? There are many types of activities that may trigger a UAC prompt: Running a desktop application as an administrator Making changes to settings and files in the Windows and Program Files folders Installing or removing drivers and desktop applications Installing ActiveX controls Changing settings to Windows features like the Windows Firewall, UAC, Windows Update, Windows Defender, and others Adding, modifying, or removing user accounts Configuring Parental Controls in Windows 7 or Family Safety in Windows 8.x Running the Task Scheduler Restoring backed-up system files Viewing or changing the folders and files of another user account Changing the system date and time You will encounter UAC prompts during some or all of these activities, depending on how UAC is set on your Windows device. If this security feature is turned off, any user account or desktop application can make any of these changes without a prompt asking for permissions. In this scenario, the different forms of malware existing on the Internet will also have a higher chance of infecting and taking control of your system. In Windows 8.x operating systems you will never see a UAC prompt when working with apps from the Windows Store. That’s because these apps, by design, are not allowed to modify any system settings or files. You will encounter UAC prompts only when working with desktop programs. What You Can Learn from a UAC Prompt? When you see a UAC prompt on the screen, take time to read the information displayed so that you get a better understanding of what is going on. Each prompt first tells you the name of the program that wants to make system changes to your device, then you can see the verified publisher of that program. Dodgy software tends not to display this information and instead of a real company name, you will see an entry that says “Unknown”. If you have downloaded that program from a less than trustworthy source, then it might be better to select “No” in the UAC prompt. The prompt also shares the origin of the file that’s trying to make these changes. In most cases the file origin is “Hard drive on this computer”. You can learn more by pressing “Show details”. You will see an additional entry named “Program location” where you can see the physical location on your hard drive, for the file that’s trying to perform system changes. Make your choice based on the trust you have in the program you are trying to run and its publisher. If a less-known file from a suspicious location is requesting a UAC prompt, then you should seriously consider pressing “No”. What’s Different About Each UAC Level? Windows 7 and Windows 8.x have four UAC levels: Always notify – when this level is used, you are notified before desktop applications make changes that require administrator permissions or before you or another user account changes Windows settings like the ones mentioned earlier. When the UAC prompt is shown, the desktop is dimmed and you must choose “Yes” or “No” before you can do anything else. This is the most secure and also the most annoying way to set UAC because it triggers the most UAC prompts. Notify me only when programs/apps try to make changes to my computer (default) – Windows uses this as the default for UAC. When this level is used, you are notified before desktop applications make changes that require administrator permissions. If you are making system changes, UAC doesn’t show any prompts and it automatically gives you the necessary permissions for making the changes you desire. When a UAC prompt is shown, the desktop is dimmed and you must choose “Yes” or “No” before you can do anything else. This level is slightly less secure than the previous one because malicious programs can be created for simulating the keystrokes or mouse moves of a user and change system settings for you. If you have a good security solution in place, this scenario should never occur. Notify me only when programs/apps try to make changes to my computer (do not dim my desktop) – this level is different from the previous in in the fact that, when the UAC prompt is shown, the desktop is not dimmed. This decreases the security of your system because different kinds of desktop applications (including malware) might be able to interfere with the UAC prompt and approve changes that you might not want to be performed. Never notify – this level is the equivalent of turning off UAC. When using it, you have no protection against unauthorized system changes. Any desktop application and any user account can make system changes without your permission. How to Configure UAC If you would like to change the UAC level used by Windows, open the Control Panel, then go to “System and Security” and select “Action Center”. On the column on the left you will see an entry that says “Change User Account Control settings”. The “User Account Control Settings” window is now opened. Change the position of the UAC slider to the level you want applied then press “OK”. Depending on how UAC was initially set, you may receive a UAC prompt requiring you to confirm this change. Why You Should Never Turn Off UAC If you want to keep the security of your system at decent levels, you should never turn off UAC. When you disable it, everything and everyone can make system changes without your consent. This makes it easier for all kinds of malware to infect and take control of your system. It doesn’t matter whether you have a security suite or antivirus installed or third-party antivirus, basic common-sense measures like having UAC turned on make a big difference in keeping your devices safe from harm. We have noticed that some users disable UAC prior to setting up their Windows devices and installing third-party software on them. They keep it disabled while installing all the software they will use and enable it when done installing everything, so that they don’t have to deal with so many UAC prompts. Unfortunately this causes problems with some desktop applications. They may fail to work after you enable UAC. This happens because, when UAC is disabled, the virtualization techniques UAC uses for your applications are inactive. This means that certain user settings and files are installed in a different place and when you turn on UAC, applications stop working because they should be placed elsewhere. Therefore, whatever you do, do not turn off UAC completely! Coming up next … In the next lesson you will learn about Windows Defender, what this tool can do in Windows 7 and Windows 8.x, what’s different about it in these operating systems and how it can be used to increase the security of your system.

    Read the article

  • New Big Data Appliance Security Features

    - by mgubar
    The Oracle Big Data Appliance (BDA) is an engineered system for big data processing.  It greatly simplifies the deployment of an optimized Hadoop Cluster – whether that cluster is used for batch or real-time processing.  The vast majority of BDA customers are integrating the appliance with their Oracle Databases and they have certain expectations – especially around security.  Oracle Database customers have benefited from a rich set of security features:  encryption, redaction, data masking, database firewall, label based access control – and much, much more.  They want similar capabilities with their Hadoop cluster.    Unfortunately, Hadoop wasn’t developed with security in mind.  By default, a Hadoop cluster is insecure – the antithesis of an Oracle Database.  Some critical security features have been implemented – but even those capabilities are arduous to setup and configure.  Oracle believes that a key element of an optimized appliance is that its data should be secure.  Therefore, by default the BDA delivers the “AAA of security”: authentication, authorization and auditing. Security Starts at Authentication A successful security strategy is predicated on strong authentication – for both users and software services.  Consider the default configuration for a newly installed Oracle Database; it’s been a long time since you had a legitimate chance at accessing the database using the credentials “system/manager” or “scott/tiger”.  The default Oracle Database policy is to lock accounts thereby restricting access; administrators must consciously grant access to users. Default Authentication in Hadoop By default, a Hadoop cluster fails the authentication test. For example, it is easy for a malicious user to masquerade as any other user on the system.  Consider the following scenario that illustrates how a user can access any data on a Hadoop cluster by masquerading as a more privileged user.  In our scenario, the Hadoop cluster contains sensitive salary information in the file /user/hrdata/salaries.txt.  When logged in as the hr user, you can see the following files.  Notice, we’re using the Hadoop command line utilities for accessing the data: $ hadoop fs -ls /user/hrdataFound 1 items-rw-r--r--   1 oracle supergroup         70 2013-10-31 10:38 /user/hrdata/salaries.txt$ hadoop fs -cat /user/hrdata/salaries.txtTom Brady,11000000Tom Hanks,5000000Bob Smith,250000Oprah,300000000 User DrEvil has access to the cluster – and can see that there is an interesting folder called “hrdata”.  $ hadoop fs -ls /user Found 1 items drwx------   - hr supergroup          0 2013-10-31 10:38 /user/hrdata However, DrEvil cannot view the contents of the folder due to lack of access privileges: $ hadoop fs -ls /user/hrdata ls: Permission denied: user=drevil, access=READ_EXECUTE, inode="/user/hrdata":oracle:supergroup:drwx------ Accessing this data will not be a problem for DrEvil. He knows that the hr user owns the data by looking at the folder’s ACLs. To overcome this challenge, he will simply masquerade as the hr user. On his local machine, he adds the hr user, assigns that user a password, and then accesses the data on the Hadoop cluster: $ sudo useradd hr $ sudo passwd $ su hr $ hadoop fs -cat /user/hrdata/salaries.txt Tom Brady,11000000 Tom Hanks,5000000 Bob Smith,250000 Oprah,300000000 Hadoop has not authenticated the user; it trusts that the identity that has been presented is indeed the hr user. Therefore, sensitive data has been easily compromised. Clearly, the default security policy is inappropriate and dangerous to many organizations storing critical data in HDFS. Big Data Appliance Provides Secure Authentication The BDA provides secure authentication to the Hadoop cluster by default – preventing the type of masquerading described above. It accomplishes this thru Kerberos integration. Figure 1: Kerberos Integration The Key Distribution Center (KDC) is a server that has two components: an authentication server and a ticket granting service. The authentication server validates the identity of the user and service. Once authenticated, a client must request a ticket from the ticket granting service – allowing it to access the BDA’s NameNode, JobTracker, etc. At installation, you simply point the BDA to an external KDC or automatically install a highly available KDC on the BDA itself. Kerberos will then provide strong authentication for not just the end user – but also for important Hadoop services running on the appliance. You can now guarantee that users are who they claim to be – and rogue services (like fake data nodes) are not added to the system. It is common for organizations to want to leverage existing LDAP servers for common user and group management. Kerberos integrates with LDAP servers – allowing the principals and encryption keys to be stored in the common repository. This simplifies the deployment and administration of the secure environment. Authorize Access to Sensitive Data Kerberos-based authentication ensures secure access to the system and the establishment of a trusted identity – a prerequisite for any authorization scheme. Once this identity is established, you need to authorize access to the data. HDFS will authorize access to files using ACLs with the authorization specification applied using classic Linux-style commands like chmod and chown (e.g. hadoop fs -chown oracle:oracle /user/hrdata changes the ownership of the /user/hrdata folder to oracle). Authorization is applied at the user or group level – utilizing group membership found in the Linux environment (i.e. /etc/group) or in the LDAP server. For SQL-based data stores – like Hive and Impala – finer grained access control is required. Access to databases, tables, columns, etc. must be controlled. And, you want to leverage roles to facilitate administration. Apache Sentry is a new project that delivers fine grained access control; both Cloudera and Oracle are the project’s founding members. Sentry satisfies the following three authorization requirements: Secure Authorization:  the ability to control access to data and/or privileges on data for authenticated users. Fine-Grained Authorization:  the ability to give users access to a subset of the data (e.g. column) in a database Role-Based Authorization:  the ability to create/apply template-based privileges based on functional roles. With Sentry, “all”, “select” or “insert” privileges are granted to an object. The descendants of that object automatically inherit that privilege. A collection of privileges across many objects may be aggregated into a role – and users/groups are then assigned that role. This leads to simplified administration of security across the system. Figure 2: Object Hierarchy – granting a privilege on the database object will be inherited by its tables and views. Sentry is currently used by both Hive and Impala – but it is a framework that other data sources can leverage when offering fine-grained authorization. For example, one can expect Sentry to deliver authorization capabilities to Cloudera Search in the near future. Audit Hadoop Cluster Activity Auditing is a critical component to a secure system and is oftentimes required for SOX, PCI and other regulations. The BDA integrates with Oracle Audit Vault and Database Firewall – tracking different types of activity taking place on the cluster: Figure 3: Monitored Hadoop services. At the lowest level, every operation that accesses data in HDFS is captured. The HDFS audit log identifies the user who accessed the file, the time that file was accessed, the type of access (read, write, delete, list, etc.) and whether or not that file access was successful. The other auditing features include: MapReduce:  correlate the MapReduce job that accessed the file Oozie:  describes who ran what as part of a workflow Hive:  captures changes were made to the Hive metadata The audit data is captured in the Audit Vault Server – which integrates audit activity from a variety of sources, adding databases (Oracle, DB2, SQL Server) and operating systems to activity from the BDA. Figure 4: Consolidated audit data across the enterprise.  Once the data is in the Audit Vault server, you can leverage a rich set of prebuilt and custom reports to monitor all the activity in the enterprise. In addition, alerts may be defined to trigger violations of audit policies. Conclusion Security cannot be considered an afterthought in big data deployments. Across most organizations, Hadoop is managing sensitive data that must be protected; it is not simply crunching publicly available information used for search applications. The BDA provides a strong security foundation – ensuring users are only allowed to view authorized data and that data access is audited in a consolidated framework.

    Read the article

  • Apache / PHP Begins to Deny SQL Requests after about 2000

    - by Daniel Stern
    We have a web page on our server that we use to run administrative scripts. For example, we might run the script "unenrolStudents()" which runs 5,000 SQL SET commands one after another and sets 5000 student entries in an SQL database to unenrolled. However, we are finding that after running a few thousand queries (it is not totally consistent) we will be "locked out" by our server. SYMPTOMS OF LOCKING OUT: - unable to connect to server with winSCP - opening putty with that connection shows a blank screen (no login / pass) - clearing cookies / cache in chrome does NOT fix locking out - other computers in the office ALSO become locked out - locking out can be triggered with a high frequency of requests (10000 in 1 second) or by less over time (10000 in 500 seconds - this will still cause a lockout even though the frequency is much less) We believe this is a security feature of our own Apache. I know we are using Suhosin but I didn't configure it so I don't know. How can I disable this locking effect so that I can confidently run all my SQL requests and they will go through? Has anyone else dealt with this and found workarounds? Thanks DS

    Read the article

  • Connection to Google, Yahoo, Bing, Ask, etc. compromised via all devices on my home network - How?

    - by jt0dd
    I'm a very computer savvy guy (although not very networking savvy), and I may still be wrong about this, but I think my home network may be compromised somehow. I'd like to know if it's possible for someone to have hijacked my network's connection to Google.com and other popular websites. Update: The issue seems to take effect with all popular websites. I can connect to small (non-popular) websites without issue, but Facebook, Google, Yahoo, and Bing cannot be accessed by any device on my home network. On all devices using my home network, I'm being shown http://www.google.com WARNING! Internet Explorer is currently out of date. Please update to continue. when I attempt to connect to google.com. I wouldn't be surprised by this at all if it were just the laptop. It's the fact that this is happening on all devices on my network that confuses me. Here's the screenshot from my iPhone, for reference. Can my home network be compromised? Is that even possible? How can something like this happen across all platforms on all devices in the same way? I wouldn't imagine every device / platform on the network would get the same virus. Should I assume that my network's security is totally compromised? Update: All mobile devices and laptops on my home network are experiencing the same alert when attempting to connect to google.com.

    Read the article

  • What steps should I take to secure Tomcat 6.x?

    - by PAS
    I am in the process of setting up an new Tomcat deployment, and want it to be as secure as possible. I have created a 'jakarta' user and have jsvc running Tomcat as a daemon. Any tips on directory permissions and such to limit access to Tomcat's files? I know I will need to remove the default webapps - docs, examples, etc... are there any best practices I should be using here? What about all the config XML files? Any tips there? Is it worth enabling the Security manager so that webapps run in a sandbox? Has anyone had experience setting this up? I have seen examples of people running two instances of Tomcat behind Apache. It seems this can be done using mod_jk or with mod_proxy... any pros/cons of either? Is it worth the trouble? In case it matters, the OS is Debian lenny. I am not using apt-get because lenny only offers tomcat 5.5 and we require 6.x. Thanks!

    Read the article

  • Security header is not valid - using curl php

    - by toni
    Hi all, Im implementing the Express Checkout, Paypal API using PHP. I have no problem with the first step:SetExpressCheckout. I a have awk=success. But in method GetExpressCheckout I get "Security header is not valid". I try to figure out the problem and i think found out maybe it was the curl not working well.. What i did i copy the whole URL: https://api-3t.sandbox.paypal.com/nvp?USER=sanbox_1276609583_biz_api1.gmail.com&PWD=1276609589&SIGNATURE=AYVosblmD7khKkvvb.bNxvFT0OQ2A8GopwByEuC.CfMHt65VaUmvAEy-&VERSION=62.0&token=EC-3YG18670X88588437&METHOD=GetExpressCheckoutDetails and paste it to the browser. This will result to: TOKEN=EC%2d3YG18670X88588437&CHECKOUTSTATUS=PaymentActionNotInitiated&TIMESTAMP=2010%2d06%2d16T07%3a40%3a12Z&CORRELATIONID=e1a1e469bf066&ACK=Success&VERSION=62%2e0&BUILD=1356926... But when that url executed in the function I made it will not work. Below is my function: function mycurl($url,$querystr){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $querystr); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $response = curl_exec($ch); curl_close ($ch); return $response; } I hope somebody can help on this. thanks so much. Note: - I Used the sandbox for this. I created a sandbox account, I have a Business account to represent a merchant, and a Personal account to represent a buyer. And I used this: endpoint url: api-3t.sandbox.paypal.com/nvp sandbox url: www.sandbox.paypal.com/cgi-bin/webscr This should not be the issue.

    Read the article

  • How does PHP5 fare with the earlier versions of the language

    - by Pankaj Upadhyay
    Many times, I like to learn PHP for web development but been drawn back due to comments like the following :- (Comments are just for reference and does not invite Flame-war) "PHP is good but generates spaghetti code" "PHP is nice but Python is marriage material" "PHP lags stuff that you get in other languages like C# or JAVA" But for PHP5 i have seen some promising comments. So, What my question is how does PHP5 fare with the earlier versions of the language and is it good enough now to learn for web development. NOTE:- No comparison of PHP with other languages is sorted here. Please comment just on PHP and it's comparison with itself

    Read the article

  • Apple pushnotification [closed]

    - by VIVEK
    I have a PHP script located in path like /var/www/vhosts/hostname/httpdocs/webservices, I have both PHP script and .pem files there, and I have called the .pem file in the script properly, but still when I run the script , I don't get push notification , instead i get warnings such as: Warning: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `ck_push_test.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/vhosts/ipartyapps.com/httpdocs/webservices/testPush.php on line 12 Warning: stream_socket_client() [function.stream-socket-client]: failed to create an SSL handle in /var/www/vhosts/ipartyapps.com/httpdocs/webservices/testPush.php on line 12 Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/ipartyapps.com/httpdocs/webservices/testPush.php on line 12 Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /var/www/vhosts/ipartyapps.com/httpdocs/webservices/testPush.php on line 12 Failed to connect 0 I double checked everything path, permissions and owner/group of both script and .pem files, still not getting push notification. Any suggestions please, as it's urgent.

    Read the article

  • Best way to trigger editing and dynamically show editing features? [on hold]

    - by Tim Marshall
    Page In Question: http://rafflebananza.com/admin/StatisticalData/expenses/expenses.html Hiya Everyone, On my page, I have an 'Actions' drop down to the top-right hand side of the page. This actions drop down I would like to have an action to 'Enable Editing'. Upon clicking to enable editing, I would like a PHP variable modified from 'EnableEditing = false' to 'EnableEditing = true'. Why I would like to use PHP maybe questionable, here is why I would like to use PHP under my understanding to clarify; Sections on my page will show to different administrators depending on their level. Upon enabling editing mode, certain contents will then dynamically. <?php if ($_SESSION['user_level_status'] < 2) { if ($editing = enabled) { show this } else { show this } } ?> Something similar to this, I'm new at PHP so this may look incorrect. The question really is, is PHP the correct language to use to trigger editing and how can I do this please? Best Regards, Tim

    Read the article

  • cookieless sessions with ajax

    - by thezver
    ok, i know you get sick from this subject. me too :( I've been developing a quite "big application" with PHP & kohana framework past 2 years, somewhat-successfully using my framework's authentication mechanism. but within this time, and as the app grown, many concerning state-preservation issues arisen. main problems are that cookie-driven sessions: can't be used for web-service access ( at least it's really not nice to do so.. ) in many cases problematic with mobile access don't allow multiple simultaneous apps on same browser ( can be resolved by hard trickery, but still.. ) requires many configurations and mess to work 100% right, and that's without the --browser issues ( disabled cookies, old browsers bugs & vulnerabilities etc ) many other session flaws stated in this old thread : http://lists.nyphp.org/pipermail/talk/2006-December/020358.html After a really long research, and without any good library/on-hand-solution to feet my needs, i came up with a custom solution to majority of those problems . Basically, i'ts about emulating sessions with ajax calls, with additional security/performance measures: state preserved by interchanging SID(+hash) with client on ajax calls. state data saved in memcache(or equivalent), indexed by SID security achieved by: appending unpredictible hash to SID egenerating hash on each request & validating it validating fingerprint of client on each request ( referrer,os,browser etc) (*)condition: ajax calls are not simultaneous, to prevent race-condition with session token. (hopefully Ext-Direct solves that for me) From the first glance that supposed to be not-less-secure than equivalent cookie-driven implementation, and at the same time it's simple, maintainable, and resolves all the cookies flaws.. But i'm really concerned because i often hear the rule "don't try to implement custom security solutions". I will really appreciate any serious feedback about my method, and any alternatives. also, any tip about how to preserve state on page-refresh without cookies would be great :) but thats small technical prob. Sorry if i overlooked some similar post.. there are billions of them about sessions . Big thanks in advance ( and for reading until here ! ).

    Read the article

  • OWSM custom security policy for JAX-WS, GenericFault

    - by sachin
    Hi, I tried creating custom security and policy as given here: http://download.oracle.com/docs/cd/E15523_01/relnotes.1111/e10132/owsm.htm#CIADFGGC when I run the service client custom assertion is executed, returning successfully. public IResult execute(IContext context) throws WSMException { try { System.out.println("public execute"); IAssertionBindings bindings = ((SimpleAssertion)(this.assertion)).getBindings(); IConfig config = bindings.getConfigs().get(0); IPropertySet propertyset = config.getPropertySets().get(0); String valid_ips = propertyset.getPropertyByName("valid_ips").getValue(); String ipAddr = ((IMessageContext)context).getRemoteAddr(); IResult result = new Result(); System.out.println("valid_ips "+valid_ips); if (valid_ips != null && valid_ips.trim().length() > 0) { String[] valid_ips_array = valid_ips.split(","); boolean isPresent = false; for (String valid_ip : valid_ips_array) { if (ipAddr.equals(valid_ip.trim())) { isPresent = true; } } System.out.println("isPresent "+isPresent); if (isPresent) { result.setStatus(IResult.SUCCEEDED); } else { result.setStatus(IResult.FAILED); result.setFault(new WSMException(WSMException.FAULT_FAILED_CHECK)); } } else { result.setStatus(IResult.SUCCEEDED); } System.out.println("result "+result); System.out.println("public execute complete"); return result; } catch (Exception e) { System.out.println("Exception e"); e.printStackTrace(); throw new WSMException(WSMException.FAULT_FAILED_CHECK, e); } } Console output is: public execute valid_ips 127.0.0.1,192.168.1.1 isPresent true result Succeeded public execute complete but, webservice throws GenericFault . Arguments: [void] Fault: GenericFault : generic error I have no clue what could be wrong, any ideas? here is the full stack trace: Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: GenericFault : generic error at com.sun.xml.internal.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:210) at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:119) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78) at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107) at $Proxy30.sayHello(Unknown Source) at creditproxy.CreditRatingSoap12HttpPortClient.main(CreditRatingSoap12HttpPortClient.java:21) Caused by: javax.xml.ws.soap.SOAPFaultException: GenericFault : generic error at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:203) at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:99) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:275) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140) at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:319) at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:232) at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:310) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:87) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Process exited with exit code 1.

    Read the article

  • I am trying to link my php form and my sql but having difficulties

    - by user1912599
    I am not sure what I am doing wrong as far as my php goes but I can't get my form to link with my sql. Here are the codes for my form and php code for my link to sql <?php echo displayform(); function displayForm() { $r = ''; //build it $r .='<form action="database.php" method="post">'; //table $r .=displayNiceFormBegin(); $r .=displayRow('FirstName:', '<input type="text" name="fname" id="fname"/>'); $r .=displayRow('LastName:', '<input type="text" name="lname" id="lname"/>'); $r .=displayRow('Address:', '<input type="text" name="address" id ="address"/>'); $r .=displayRow('Phone:', '<input type="text" name="phone" id ="phone"/>'); $r .=displayRow('Deparment:', '<input type="text" name="department"id="department"/>'); $r .=displayRow('', '<input type="submit" value="Submit Registration" />'); $r .=displayNiceFormEnd(); $r .='</form>'; return $r; } function displayRow($left, $right) { $r .= ''; //build it $r .='<tr>'; $r .= '<td>' . $left . '</td>'; $r .= '<td>' . $right . '</td>'; $r .='</tr>'; return $r; } function displayNiceFormBegin(){ $r .=''; //build it $r .= '<table style="background-color: beige; border: 1px dashed #999"><tr><td>'; $r .='<table style="margin:10px">'; return $r; } function displayNiceFormENd() { $r .=''; //build it $r .='</table>'; $r .='</td></tr><table>'; return $r; } ?> <?php $host="localhost"; // Host name $username="695788_ogems"; // Mysql username $password="opd69715"; // Mysql password $db_name="ottawaglandorfems_zzl_ogems"; // Database name $tbl_name=".*"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $fname=$_POST['fname']; $lname=$_POST['lname']; $address=$_POST['address']; $phone=$_POST['phone']; $department=$_POST['deparment']; // Insert data into mysql $sql="INSERT INTO $tbl_name(FirstName,LastName,Address,Phone,Department)VALUES('$fname', '$lname', '$address','$phone','$deparment')"; $result=mysql_query($sql); // if successfully insert data into database, displays message "Successful". if($result){ echo "Successful"; echo "<BR>"; echo "<a href='ottawa-glandorfems.org/form3.php'>Back to main page</a>"; } else { echo "ERROR"; } ?> <?php // close connection mysql_close(); ?> I keep getting an error. Thank you!!!!

    Read the article

  • php variable scope in oop

    - by mr o
    Hi, I wonder if anyone can help out here, I'm trying to understand how use an objects properties across multiple non class pages,but I can't seem to be able to get my head around everything i have tried so far. For example a class called person; class person { static $name; } but i have a number of different regular pages that want to utilize $name across the board. I have trying things like this; pageone.php include "person.php"; $names = new Person(); echo person::$name; names::$name='bob'; pagetwo.php include "person.php"; echo person::$name; I can work with classes to the extent I'm OK as long as I am creating new instances every page, but how can make the properties of one object available to all, like a shared variable ? Thanks

    Read the article

  • PHP invalid image's and error handling

    - by Emdiesse
    Using PHP's Image and GD functions you can use the following method to finally output the php image imagepng($image); Sometimes, for whatever reason the image may not be displayed typically the error is not with the image but with the actual php functions not executing successfully. However this causes a blank image to be returned which doesn't help me. What I want to know is, is there a way to detect a blank or an invalid image and create a new image, write the errors to the new image using imagestring() and then display this new (debug) image instead. for example, a successfully displayed image with no errors: $image = imagecreate(256, 256); //create image imagecolortransparent($image, $BLUE); //set transparent imagefilledrectangle($image, 0, 0, 256, 256, $BLUE); //fill with 'transparent colour' //Draw a border round the image imageline($image, 0, 0, 0, 255, $Black); imageline($image, 0, 0, 255, 0, $Black); imageline($image, 255, 0, 255, 255, $Black); imageline($image, 0, 255, 255, 255, $Black); imagestring($image, 1, 10, 10, "I am an image!", $Black); imagepng($image); imagedestroy($image); but if I then introduce some errors in the php script that may or may not be to do with the actual image creation then the php script fails and the image will not be visible... $image = imagecreate(256, 256); //create image imagecolortransparent($image, $BLUE); //set transparent imagefilledrectangle($image, 0, 0, 256, 256, $BLUE); //fill with 'transparent colour' //Draw a border round the image imageline($image, 0, 0, 0, 255, $Black); imageline($image, 0, 0, 255, 0, $Black); imageline($image, 255, 0, 255, 255, $Black); imageline($image, 0, 255, 255, 255, $Black); imagestring($image, 1, 10, 10, "I am an image!", $Black); /* I am here to cause problems with the php script ** and cause the execution to fail, I am a function ** that does't exist... ** ** and I am missing a semi colon! ;)*/ non_existant_function() imagepng($image); imagedestroy($image); At this point I want to create a new image like above but in replacement of the I am an image! text I would put the actual error that has occured.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >