From dave at 58ghz.net Thu Apr 2 09:30:04 2009 From: dave at 58ghz.net (Dave J. Hala Jr.) Date: Thu, 02 Apr 2009 09:30:04 -0500 Subject: [ciapug] header problem Message-ID: <1238682604.6077.212.camel@rhel5> I've got a php 5.x script that creates a report. It works like this: 1) query the database based on user input 2) format the resultset as html 3) use the html to create a pdf file on hard drive 4) use the php header("location: report.pdf") function to open the pdf in the users browser. It worked well for a long time. It just stopped working. The interesting thing is it runs fine on the secure intranet, but not on the outside secure site. I double checked and there aren't any log errors and the the file is actually being created on the harddrive. It isn't a firewall issue. It would appear that the process breaks at header function. The same functions work properly on the both the inside and outside for a number of other reports that take less time. Its almost like there is timeout happening somewhere, but I'm not seeing any, nor can I find any error messages. To the end user, it just appears to hang. Has anyone seen anything like this before? :) Dave -- ___ Dave J. Hala Jr. President OSIS, Inc. www.osis.us From dave at dchamp.net Thu Apr 2 09:45:37 2009 From: dave at dchamp.net (David Champion) Date: Thu, 02 Apr 2009 09:45:37 -0500 Subject: [ciapug] header problem In-Reply-To: <1238682604.6077.212.camel@rhel5> References: <1238682604.6077.212.camel@rhel5> Message-ID: <49D4CF91.3070203@dchamp.net> Does this happen in all browsers, or just IE? For downloading PDF and other docs, you can do something like this: $file = fopen("report.pdf",rb); header("Content-Type: application/pdf"); header(... readfile($fh); There are some other headers that you should also send (Pragma, Expires, Cache-Control...). Do some googlin' and you should find lots of examples. -dc Dave J. Hala Jr. wrote: > I've got a php 5.x script that creates a report. It works like this: > 1) query the database based on user input > 2) format the resultset as html > 3) use the html to create a pdf file on hard drive > 4) use the php header("location: report.pdf") function to open the pdf > in the users browser. > > It worked well for a long time. It just stopped working. The interesting > thing is it runs fine on the secure intranet, but not on the outside > secure site. I double checked and there aren't any log errors and the > the file is actually being created on the harddrive. It isn't a firewall > issue. It would appear that the process breaks at header function. > > The same functions work properly on the both the inside and outside for > a number of other reports that take less time. Its almost like there is > timeout happening somewhere, but I'm not seeing any, nor can I find any > error messages. To the end user, it just appears to hang. > > Has anyone seen anything like this before? > > > :) Dave > > > From dave at 58ghz.net Thu Apr 2 09:52:41 2009 From: dave at 58ghz.net (Dave J. Hala Jr.) Date: Thu, 02 Apr 2009 09:52:41 -0500 Subject: [ciapug] header problem In-Reply-To: <49D4CF91.3070203@dchamp.net> References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> Message-ID: <1238683961.6077.219.camel@rhel5> Are you saying that readfile might be a better choice than header("Location: http://www.example.com/");? I see examples of both in my google results and php.net It works locally in both FF and IE, and is broken externally in both FF and IE. On Thu, 2009-04-02 at 09:45 -0500, David Champion wrote: > Does this happen in all browsers, or just IE? > > For downloading PDF and other docs, you can do something like this: > > $file = fopen("report.pdf",rb); > header("Content-Type: application/pdf"); > header(... > readfile($fh); > > There are some other headers that you should also send (Pragma, Expires, > Cache-Control...). Do some googlin' and you should find lots of examples. > > -dc > > Dave J. Hala Jr. wrote: > > I've got a php 5.x script that creates a report. It works like this: > > 1) query the database based on user input > > 2) format the resultset as html > > 3) use the html to create a pdf file on hard drive > > 4) use the php header("location: report.pdf") function to open the pdf > > in the users browser. > > > > It worked well for a long time. It just stopped working. The interesting > > thing is it runs fine on the secure intranet, but not on the outside > > secure site. I double checked and there aren't any log errors and the > > the file is actually being created on the harddrive. It isn't a firewall > > issue. It would appear that the process breaks at header function. > > > > The same functions work properly on the both the inside and outside for > > a number of other reports that take less time. Its almost like there is > > timeout happening somewhere, but I'm not seeing any, nor can I find any > > error messages. To the end user, it just appears to hang. > > > > Has anyone seen anything like this before? > > > > > > :) Dave > > > > > > > > > _______________________________________________ > ciapug mailing list > ciapug at cialug.org > http://cialug.org/mailman/listinfo/ciapug -- ___ Dave J. Hala Jr. President OSIS, Inc. www.osis.us From dave at dchamp.net Thu Apr 2 10:03:40 2009 From: dave at dchamp.net (David Champion) Date: Thu, 02 Apr 2009 10:03:40 -0500 Subject: [ciapug] header problem In-Reply-To: <1238683961.6077.219.camel@rhel5> References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> Message-ID: <49D4D3CC.1010809@dchamp.net> It has other advantages... for instance you can use readfile() to access documents that are stored outside of the web files, if you want to control access to files. Could it be an issue with header() not sending the correct URL for the .pdf when you access the extranet? Can you use wget and see what the output is? If you have something checking for login creds, you may have to make a simple test page... -dc Dave J. Hala Jr. wrote: > Are you saying that readfile might be a better choice than > header("Location: http://www.example.com/");? I see examples of both > in my google results and php.net > > It works locally in both FF and IE, and is broken externally in both FF > and IE. > > On Thu, 2009-04-02 at 09:45 -0500, David Champion wrote: > >> Does this happen in all browsers, or just IE? >> >> For downloading PDF and other docs, you can do something like this: >> >> $file = fopen("report.pdf",rb); >> header("Content-Type: application/pdf"); >> header(... >> readfile($fh); >> >> There are some other headers that you should also send (Pragma, Expires, >> Cache-Control...). Do some googlin' and you should find lots of examples. >> >> -dc >> >> Dave J. Hala Jr. wrote: >> >>> I've got a php 5.x script that creates a report. It works like this: >>> 1) query the database based on user input >>> 2) format the resultset as html >>> 3) use the html to create a pdf file on hard drive >>> 4) use the php header("location: report.pdf") function to open the pdf >>> in the users browser. >>> >>> It worked well for a long time. It just stopped working. The interesting >>> thing is it runs fine on the secure intranet, but not on the outside >>> secure site. I double checked and there aren't any log errors and the >>> the file is actually being created on the harddrive. It isn't a firewall >>> issue. It would appear that the process breaks at header function. >>> >>> The same functions work properly on the both the inside and outside for >>> a number of other reports that take less time. Its almost like there is >>> timeout happening somewhere, but I'm not seeing any, nor can I find any >>> error messages. To the end user, it just appears to hang. >>> >>> Has anyone seen anything like this before? >>> >>> >>> :) Dave >>> >>> >>> >>> >> _______________________________________________ >> ciapug mailing list >> ciapug at cialug.org >> http://cialug.org/mailman/listinfo/ciapug >> From newz at bearfruit.org Thu Apr 2 10:24:42 2009 From: newz at bearfruit.org (Matthew Nuzum) Date: Thu, 2 Apr 2009 10:24:42 -0500 Subject: [ciapug] header problem In-Reply-To: <49D4D3CC.1010809@dchamp.net> References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> <49D4D3CC.1010809@dchamp.net> Message-ID: On Thu, Apr 2, 2009 at 10:03 AM, David Champion wrote: > It has other advantages... for instance you can use readfile() to access > documents that are stored outside of the web files, if you want to > control access to files. > > Could it be an issue with header() not sending the correct URL for the > .pdf when you access the extranet? Can you use wget and see what the > output is? If you have something checking for login creds, you may have > to make a simple test page... > There's a firefox extension called "Live HTTP Headers" which can be a big help in these situations. You just open the window and it lets you inspect the http headers (in both directions). I too use the readfile method in these situations. I'd try it without the header() statement once. Naturally you're going to get a bunch of garbage to the window but if there's a PHP error at least you'll see what it is. Here is the PHP I use to generate the necessary http headers. There may be a better way now, I wrote this code years ago: header("Content-Type: application/octet-stream"); header("Content-Length: $size"); header("Content-Disposition: attachment; filename=\"$name\""); header("Content-Transfer-Encoding: binary"); The benefit of your technique using the redirect is it lets the server deal with the headers. I don't think your way is wrong or bad. It should work. Maybe your filesystem is getting full or for some reason your script can't write the output file. Turning off the header will probably expose this. -- Matthew Nuzum newz2000 on freenode, skype, linkedin, identi.ca and twitter From dave at 58ghz.net Thu Apr 2 11:11:34 2009 From: dave at 58ghz.net (Dave J. Hala Jr.) Date: Thu, 02 Apr 2009 11:11:34 -0500 Subject: [ciapug] header problem In-Reply-To: References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> <49D4D3CC.1010809@dchamp.net> Message-ID: <1238688694.6077.227.camel@rhel5> The Live headers is a nice tool. I just used it to confirm that there isn't anthing wrong with the headers. (as far as I know) I'm going to ahead and give the readfile thing a try. On Thu, 2009-04-02 at 10:24 -0500, Matthew Nuzum wrote: > On Thu, Apr 2, 2009 at 10:03 AM, David Champion wrote: > > It has other advantages... for instance you can use readfile() to access > > documents that are stored outside of the web files, if you want to > > control access to files. > > > > Could it be an issue with header() not sending the correct URL for the > > .pdf when you access the extranet? Can you use wget and see what the > > output is? If you have something checking for login creds, you may have > > to make a simple test page... > > > > There's a firefox extension called "Live HTTP Headers" which can be a > big help in these situations. You just open the window and it lets you > inspect the http headers (in both directions). > > I too use the readfile method in these situations. I'd try it without > the header() statement once. Naturally you're going to get a bunch of > garbage to the window but if there's a PHP error at least you'll see > what it is. > > Here is the PHP I use to generate the necessary http headers. There > may be a better way now, I wrote this code years ago: > > header("Content-Type: application/octet-stream"); > header("Content-Length: $size"); > header("Content-Disposition: attachment; filename=\"$name\""); > header("Content-Transfer-Encoding: binary"); > > The benefit of your technique using the redirect is it lets the server > deal with the headers. I don't think your way is wrong or bad. It > should work. > > Maybe your filesystem is getting full or for some reason your script > can't write the output file. Turning off the header will probably > expose this. > -- ___ Dave J. Hala Jr. President OSIS, Inc. www.osis.us From dave at 58ghz.net Fri Apr 3 09:15:17 2009 From: dave at 58ghz.net (Dave J. Hala Jr.) Date: Fri, 03 Apr 2009 09:15:17 -0500 Subject: [ciapug] header problem In-Reply-To: <1238688694.6077.227.camel@rhel5> References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> <49D4D3CC.1010809@dchamp.net> <1238688694.6077.227.camel@rhel5> Message-ID: <1238768117.8211.12.camel@rhel5> I gave the readfile thing a try, same issue. However, I did manage to get an error message. I got a "couldn't find or couldn't open" error message that listed the script name. (was tough to tell the exact error as an end user was trying to read it to me) When I narrowed the date range so that the report ran faster, it worked fine. It seemed to be problematic when the execution time was above 2 minutes. I'm going look for an ssl timeout, a session timeout or maybe in the php.ini for script execution time. On Thu, 2009-04-02 at 11:11 -0500, Dave J. Hala Jr. wrote: > The Live headers is a nice tool. I just used it to confirm that there > isn't anthing wrong with the headers. (as far as I know) > > I'm going to ahead and give the readfile thing a try. > > > > On Thu, 2009-04-02 at 10:24 -0500, Matthew Nuzum wrote: > > On Thu, Apr 2, 2009 at 10:03 AM, David Champion wrote: > > > It has other advantages... for instance you can use readfile() to access > > > documents that are stored outside of the web files, if you want to > > > control access to files. > > > > > > Could it be an issue with header() not sending the correct URL for the > > > .pdf when you access the extranet? Can you use wget and see what the > > > output is? If you have something checking for login creds, you may have > > > to make a simple test page... > > > > > > > There's a firefox extension called "Live HTTP Headers" which can be a > > big help in these situations. You just open the window and it lets you > > inspect the http headers (in both directions). > > > > I too use the readfile method in these situations. I'd try it without > > the header() statement once. Naturally you're going to get a bunch of > > garbage to the window but if there's a PHP error at least you'll see > > what it is. > > > > Here is the PHP I use to generate the necessary http headers. There > > may be a better way now, I wrote this code years ago: > > > > header("Content-Type: application/octet-stream"); > > header("Content-Length: $size"); > > header("Content-Disposition: attachment; filename=\"$name\""); > > header("Content-Transfer-Encoding: binary"); > > > > The benefit of your technique using the redirect is it lets the server > > deal with the headers. I don't think your way is wrong or bad. It > > should work. > > > > Maybe your filesystem is getting full or for some reason your script > > can't write the output file. Turning off the header will probably > > expose this. > > -- ___ Dave J. Hala Jr. President OSIS, Inc. www.osis.us From newz at bearfruit.org Fri Apr 3 09:56:05 2009 From: newz at bearfruit.org (Matthew Nuzum) Date: Fri, 3 Apr 2009 09:56:05 -0500 Subject: [ciapug] header problem In-Reply-To: <1238768117.8211.12.camel@rhel5> References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> <49D4D3CC.1010809@dchamp.net> <1238688694.6077.227.camel@rhel5> <1238768117.8211.12.camel@rhel5> Message-ID: On Fri, Apr 3, 2009 at 9:15 AM, Dave J. Hala Jr. wrote: > I gave the readfile thing a try, same issue. However, I did manage to > get an error message. I got a "couldn't find or couldn't open" error > message that listed the script name. (was tough to tell the exact error > as an end user was trying to read it to me) > > When I narrowed the date range so that the report ran faster, it worked > fine. ?It seemed to be problematic when the execution time was above 2 > minutes. I'm going look for an ssl timeout, a session timeout or maybe > in the php.ini for script execution time. > What you can do is to fork the external process as a background task and then let the page refresh periodically checking if the output file exists. You can actually do this via ajax. It seems like it would generate a lot of hits to the server but the hits are very lightweight because they just check if the file is there and then return instantly. Here's a good explanation: http://nsaunders.wordpress.com/2007/01/12/running-a-background-process-in-php/ -- Matthew Nuzum newz2000 on freenode, skype, linkedin, identi.ca and twitter From newz at bearfruit.org Sun Apr 5 22:29:53 2009 From: newz at bearfruit.org (Matthew Nuzum) Date: Sun, 5 Apr 2009 22:29:53 -0500 Subject: [ciapug] dsmwebgeeks meeting, web application security Message-ID: Hi, Monday evening local security expert Josh Moore will be giving a presentation at the DSM Web Geeks meeting. He'll be demonstrating the use of security analysis tools on live sites (get approval from your company and your site can be tested). Also some common web applications. After the meeting we'll enjoy some refreshments off site. The meeting is at 7:00 at Impromptu Studios. Directions are available at http://impromptustudio.com/location/ -- Matthew Nuzum newz2000 on freenode, skype, linkedin, identi.ca and twitter From dave at 58ghz.net Mon Apr 6 09:14:35 2009 From: dave at 58ghz.net (Dave J. Hala Jr.) Date: Mon, 06 Apr 2009 09:14:35 -0500 Subject: [ciapug] header problem In-Reply-To: References: <1238682604.6077.212.camel@rhel5> <49D4CF91.3070203@dchamp.net> <1238683961.6077.219.camel@rhel5> <49D4D3CC.1010809@dchamp.net> <1238688694.6077.227.camel@rhel5> <1238768117.8211.12.camel@rhel5> Message-ID: <1239027276.8211.92.camel@rhel5> I'm gonna try some forking today. I should be able to check for the file in the parent section and run the monster query in the child section. $pid = pcntl_fork(); if($pid == -1) { die('could not fork') } else if ($pid) { // positive value means we're in the parent. // do whatever parents do .... // wait for children to complete by calling // pcntl_wait() or a variant } else { // zero value means we're in the child. // do whatever children do // (e.g. download the files, then exit) } Here's a link with some discussion: http://immike.net/blog/2007/04/08/fork-php-and-speed-up-your-scripts/ On Fri, 2009-04-03 at 09:56 -0500, Matthew Nuzum wrote: > On Fri, Apr 3, 2009 at 9:15 AM, Dave J. Hala Jr. wrote: > > I gave the readfile thing a try, same issue. However, I did manage to > > get an error message. I got a "couldn't find or couldn't open" error > > message that listed the script name. (was tough to tell the exact error > > as an end user was trying to read it to me) > > > > When I narrowed the date range so that the report ran faster, it worked > > fine. It seemed to be problematic when the execution time was above 2 > > minutes. I'm going look for an ssl timeout, a session timeout or maybe > > in the php.ini for script execution time. > > > > What you can do is to fork the external process as a background task > and then let the page refresh periodically checking if the output file > exists. You can actually do this via ajax. It seems like it would > generate a lot of hits to the server but the hits are very lightweight > because they just check if the file is there and then return > instantly. > > Here's a good explanation: > http://nsaunders.wordpress.com/2007/01/12/running-a-background-process-in-php/ > -- ___ Dave J. Hala Jr. President OSIS, Inc. www.osis.us