[thelist] Zip files on server (PHP / Linux)
Eric Cestari
eric at ohmforce.com
Thu Jan 25 13:59:52 CST 2001
Use the exec() func (check my previous post) or the backtick (`)
<tip="PHP" author="Eric Cestari">
To get info about a function in PHP, just type in your browser
http://www.php.net/name_of_function and it gets you right to the manual
page.
<tip>
<tip type="PHP" author="Eric Cestari">
If you want to be sure you are using a session variable, say $session,
use :
if (!session_is_registered("session"))
{
$session = "unlogged";
}
and you are sure there is no session variable 'spoofing' via GET or POST
<tip>
Eric Cestari
----- Original Message -----
From: "Richard Livsey" <R.Livsey at cache-22.co.uk>
To: <thelist at lists.evolt.org>
Sent: Thursday, January 25, 2001 7:22 PM
Subject: [thelist] Zip files on server (PHP / Linux)
> I am trying to zip up a directory of files server side using PHP on a
Linux
> platform.
>
> How would I go about doing this?
>
> Thanks.
>
> I've been hanging round here for a little over 6 months and haven't posted
> anything until now.
> Here's a tip to say thanks for such a great resource!
>
> <tip type="PHP" author="Richard Livsey">
> When using variables in your code to do anything for security, make sure
you
> check where the values came from.
> As PHP parses the POST and GET automatically anyone can supply variables
to
> the program without your knowledge.
> For example - if you have a check to make sure the user is logged in :
>
> if ($isLoggedIn)
> {
> # stuff
> }
>
> this is insecure as anyone can simply do :
> http://domain/page.php?isLoggedIn=true
> If the value was meant to come from a session object or something, make
sure
> that you check that it actually came from there. Also never do the above
> (just checking if a var is true) - set it to some value that you can test
> for, such as the MD5 sting of the current date.
> </tip>
>
> R.Livsey
> Freelance web developer
> Vibus.net Director
> Lead programmer for Tickle.co.uk
> m. +44 (0) 7714 757250
> e. R.Livsey at Cache-22.co.uk
>
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
>
More information about the thelist
mailing list