php-general Digest 24 May 2005 21:51:21 -0000 Issue 3473
Topics (messages 215787 through 215803):
Re: Free penetration test
215787 by: Burhan Khalid
Re: __get() not reentrant?]
215788 by: Jochem Maas
215789 by: Christophe Chisogne
215790 by: Marek Kilimajer
Re: __get() not reentrant?
215791 by: Jochem Maas
215798 by: Christopher J. Bottaro
215800 by: Richard Davey
Re: Learning PHP ... online courses?
215792 by: Brent Baisley
Why this doesn't work ?
215793 by: M�rio Gamito
215794 by: John Nichel
215795 by: Rahul S. Johari
215797 by: Jochem Maas
strtotime('yesterday')
215796 by: Rahul S. Johari
Recursive function and formatting string for javascript tree
215799 by: Charles Kline
Re: Regex nightmares
215801 by: Murray . PlanetThoughtful
Very long delay posting to php-general (might be OT)
215802 by: Andy Pieters
db aware text editor? (slightly OT?)
215803 by: Murray . PlanetThoughtful
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Chris Shiflett wrote:
Andy Pieters wrote:
I am looking at where I can get my system tested for penetration.
[ snip ]
You might want to check out the links Christophe mentioned, as these
provide free advice, which seems to be more along the lines of what you
want.
I recently stumbled onto Open Web Application Security Project [
www.owasp.org ]. Although not PHP-specific, they have some good stuff
wrt securing web applications. They also have some php functions for
sanitizing data, but the real good stuff is in their guides.
Might be worth a click.
Oh and Chris -- I loved your PHP Security writeup that you had posted on
your website a while back. Keep up the good work.
Regards,
Burhan
--- End Message ---
--- Begin Message ---
if someone with access to the webserver hosting jnsolutions.co.uk could
do a quick rm -rf /home/jnsoluti/.autorespond that would be great :-)
-------- Original Message --------
Return-Path: <[EMAIL PROTECTED]>
X-AntiAbuse: This header was added to track abuse, please include it with any
abuse report
X-AntiAbuse: Primary Hostname - earth.svr7-speedyservers.com
X-AntiAbuse: Original Domain - iamjochem.com
X-AntiAbuse: Originator/Caller UID/GID - [32298 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - earth.svr7-speedyservers.com
X-Source: /usr/local/cpanel/bin/autorespond
X-Source-Args: /usr/local/cpanel/bin/autorespond [EMAIL PROTECTED]
/home/jnsoluti/.autorespond
X-Source-Dir: /
We are currently away on holiday, until 16th June. I will respond with your
email on my return.
Thanks
James Nunnerley
--- End Message ---
--- Begin Message ---
Jochem Maas a �crit :
> if someone with access to the webserver hosting jnsolutions.co.uk could
> do a quick rm -rf /home/jnsoluti/.autorespond that would be great :-)
To that someone, here's the admin URL (cPanel 9) if you forgot it :)
http://jnsolutions.co.uk:2082/
Ch.
--- End Message ---
--- Begin Message ---
Christophe Chisogne wrote:
Jochem Maas a �crit :
if someone with access to the webserver hosting jnsolutions.co.uk could
do a quick rm -rf /home/jnsoluti/.autorespond that would be great :-)
To that someone, here's the admin URL (cPanel 9) if you forgot it :)
http://jnsolutions.co.uk:2082/
Ch.
I would prefer https://jnsolutions.co.uk:2083/
--- End Message ---
--- Begin Message ---
Christopher J. Bottaro wrote:
Richard Lynch wrote:
On Sun, May 22, 2005 3:24 pm, Christopher J. Bottaro said:
And what would make it any different from a normal recursive function?
The fact that *ANY* attempt to access a mis-typed property would kick in a
__get() call, and that's too frickin' easy to happen in code that's too
easy to fly by QA in large-scale applications springs to mind...
Not saying you're "wrong" or they're "right" just that it's not quite as
simple as a normal recursive function or loop iteration.
I completely disagree. I don't mean any offense to anyone here, but I find
it kind of ridiculous for a language to restrict itself that like in this
case. Its insulting to our intelligence as programmers.
and another thing, take this rather contrived/simple example of making
set (as opposed to non-existent) [non-public] properties available via
the property access syntax:
public function __get($varName)
{
return isset($this->$varName) ? $this->$varName: null;
}
which would be impossible to do as is if __get() was 'reentrant' (whatever that
means exactly,
we both/all at least know that we mean that you can call it recursively...)
actually if __get() worked in such a recursive way then it would be impossible
to actually
access any properties of the object.
also note that __get() only comes into play if the property requested is not
public or is not
set.....
the internals mailing list has stuff in the archives about __get() which
probably explains
it a whole load better (including the reasoning behind the decisions etc etc)
which may
be of interest to you.
these are not the droids your looking for, move along. :-)
-- C
--- End Message ---
--- Begin Message ---
<posted & mailed>
Jochem Maas wrote:
>>>On Sun, May 22, 2005 3:24 pm, Christopher J. Bottaro said:
>>>
>>>>And what would make it any different from a normal recursive function?
>>>
>>>The fact that *ANY* attempt to access a mis-typed property would kick in
>>>a __get() call, and that's too frickin' easy to happen in code that's too
>>>easy to fly by QA in large-scale applications springs to mind...
>
> don't forget the noob factor - a noob could spend days trying to figure
> out WTF is going on in such a situation..... we might even lose him to ASP
> in that time :-/
I didn't realize that PHP had such an emphasis on the "noob factor".
>>>Not saying you're "wrong" or they're "right" just that it's not quite as
>>>simple as a normal recursive function or loop iteration.
>>
>>
>> I completely disagree. I don't mean any offense to anyone here, but I
>> find it kind of ridiculous for a language to restrict itself that like in
>> this
>> case. Its insulting to our intelligence as programmers.
>>
>
> er whatever, interesting to see how easily you are insulted - I mean its a
> programming language with a certain kind of implementation, which may not
> be perfect, but I don't think they we're thinking of you when they wrote
> it.
I just don't like being talked down to, who does? You can be immature and
poke fun at my choice of words if you want. All I meant to say is that I
find it weird that PHP assumes that I don't understand how recursion works.
>>>>Every recursive function runs the risk of going into infinite loop if
>>>>the programmer doesn't understand the basic concept (or makes a silly
>>>>mistake).
>>>
>>>Just saying it's an easier silly mistake to mis-type: $whatever->fooo
>>>instead of $whatever->foo and have that escape QA somehow.
>>>
>>>
>>>>Loops run the risk of going on indefinitely as well. Maybe PHP should
>>>>disable all forms of loops/recursion to protect the programmers from
>>>>themselves.
>>>
>>>That does seem a bit excessive...
>>
>>
>> I was making a point. I don't see why recursion is allowed in every
>> other
>> function except for __get(). I think your argument is weak about
>> protecting people from typos. If PHP wanted to protect people from
>> typos, it should force you to declare your variables.
>>
>
> you think its a weak argument, maybe you are missing the point - ask
> yourself what the average level of php programmers is? part of the php
> philosophy is about making/keeping php accessible.
Again, I didn't realize was so geared towards "noobs".
> I think you will find that if you we're forced to declare you [class]
> variables that your __get() implementation would stop working they way it
> does now...
No, I use __get() to provide property like access to calculated values.
There is no corresponding class var for these values. If I wanted access
to class vars, I'd just declare them and then __get() wouldn't be used.
>>>Maybe __get() should allow recursion and let the developer worry about
>>>infinite recursion.
>
> Is that the 11th commandment?
I have no idea what you are talking about. I meant to say, "Maybe __get()'s
implicit invocation should work like normal functions."
>>>But, today, it doesn't, so deal with it and move on.
>
> ditto.
Do yall really think I have halted my work because of this? I just want to
discuss it.
>> I was bringing the to the table a discussion of the current behavior of
>> __get(). I proposed that I might be broken or maybe should be changed,
>> and
>
> maybe you are broken, hard to tell from here.
Way to make me look stupid because I made a typo.
>> you start insulting my abilities as a programmer and suggest that we
>> shouldn't consider "moving forward" and just deal with what we have?
>>
>
> I think Richard is a fairly intelligent person, if he had been insulting
> you I'm quite sure that he would have done a much better job ;-)
Thats great, I'm sure he's the reigning "cut down contest" champ on this
list. I don't care. Like I said, I don't like being talked down to. I
found it very unnecessarily presumptuous of him to say stuff like "without
knowing anything about you, I assume you have made bad design decisions,
painted yourself in a corner, etc". What the hell does any of that have to
do with the discussion?
>> Painted myself into this corner? Why? Because I think its easier to
>> write
>> $this->myvar than it is to write $this->attrs['myvar']? Its PHP's job to
>
> given the number of chars in the email you wrote you could have written
> the extra "attrs['']" (9 chars) god knows how many times,
Yeah, I've written more in these threads than the entire class that spawned
them. ?...?.......?
> besides if you
> admit you can solve all your issues by writing the 'long' form then your
> argument
> [below] that you need to call __get() from inside __get() in order to
> [retrieve
> 1 or more calculated values to calculate the originally requested
> attribute sounds bogus.
Err, not following ya. The point is that I don't want to use the long form.
__get() is recursive when using the long form. Its the implicit invocation
that isn't.
> php isn't perfect, neither are you - find a balance, get over it.
Sigh. PHP's motto: "Get over it, we oppose change." (According to you and
Richard).
>> make my life easier and more convenient.
>
> I didn't realise php had a job, I thought it was me who had the job and
> php was what I used to accomplish it....
Clever, I personified PHP and you pointed out that PHP isn't a person. (in
Stewie's voice) Clever girl you are! (I don't mean to say you are a girl,
I just thought of that family guy episode).
>>>Obviously, it's entirely possible that your Design is the most elegant
>>>beautiful disciplined bit of code since John von Nueman... But it's more
>>>likely, without knowing anything about you, that you've come up with this
>>>as a result of some bad Design decisions.
>>>
>>>Review your Design. :-)
> notice the fecking smiley [hint: Richard is trying to help you, trying to
> get into an argument with him is making you look bad.]
I already addressed this.
>> Wow, how pompous of you. Bad design, huh? Since when is it bad design
>> to
>> calculate attribute values on the fly? Many "cookbook" style books have
>
> and 'cooking' is the same as 'engineering'? (I think I'll try something
> new with the cement today....)
You're right, all those "cookbooks" are stupid.
>> Speaking of "good design", Python's __getattr__() behaves how I expect.
>
> use it then?
I would if I could, but I can't. Besides, PHP is pretty fun/easy to program
with, I'd say its my 2nd favorite language right now. Again, I don't see
whats wrong with trying to get fixed what I think is wrong.
OK, all the subtle stabs at each other (and yes, they are subtle) aside, you
brought up some good points about __get()'s behavior if it's implicit
invocation allowed for recursion. Thats all I really wanted, thanks for
that.
-- C
--- End Message ---
--- Begin Message ---
Hello Christopher,
Tuesday, May 24, 2005, 4:25:08 PM, you wrote:
CJB> Again, I don't see whats wrong with trying to get fixed what I
CJB> think is wrong.
PHP is full of things I'm sure lots of us would like to see work
differently (personally I'd love to see Java style overloading and to
do away with __get entirely, as it can encourage poor OO design
practises), but functionality isn't voted for via mailing list
arguments.
To begin a change request of this magnitude it needs to be addressed
to the right people in the right place, so it may be worthwhile taking
it through the correct channels.
Although it's a cop-out response, you do actually have the full source
to PHP - if this is such a major issue and an immediate resolve is
required, that's your only real option beyond "live with it" - sad but
true.
Best regards,
Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
"I do not fear computers. I fear the lack of them." - Isaac Asimov
--- End Message ---
--- Begin Message ---
A few months back I signed up for the O'Reilly Safari Bookshelf. For
about $20 a month you can check out up to 10 books to read online (put
them on your bookshelf). Too many times I've bought a book and found
only one or two chapters helpful. Or bought a book for a specific
chapter. Now I can just read the chapters I need online. If I find the
whole book helpful, I'll buy it. O'Reilly provides discounts on books
for bookshelf subscribers. Something to look into if you plan on
learning on a lot, especially on different subjects.
That said, I learned PHP by reading "PHP and MySQL Web Development"
from SAMS. I don't know if it's been updated for PHP5.
Someone else mentioned php architect magazine. I think that's and
excellent resource. You can just subscribe to the PDF version if you
want to save some money.
On May 23, 2005, at 3:45 PM, Bill McEachran wrote:
I'm just learning PHP. If anyone knows of any affordable quality
on-line based PHP courses
please pass on the details.
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--- End Message ---
--- Begin Message ---
Hi,
Hi have this bit of code:
-----------------------------------------------------
echo"
<script language=\"JavaScript\">
window.location=\"valid_cv_insert.php?email=$email\"
</script>";
-----------------------------------------------------
but when passing to file valid_cv_insert.php, $email value doesn't go along.
The page that has this code "knows" tha value of $email variable.
How can i turn this around ?
Thanking you in advance.
Warm regards,
M�rio Gamito
--- End Message ---
--- Begin Message ---
M�rio Gamito wrote:
Hi,
Hi have this bit of code:
-----------------------------------------------------
echo"
<script language=\"JavaScript\">
window.location=\"valid_cv_insert.php?email=$email\"
</script>";
-----------------------------------------------------
but when passing to file valid_cv_insert.php, $email value doesn't go along.
The page that has this code "knows" tha value of $email variable.
Echo out $email to see if what you think is there actually is.
--
John C. Nichel
�berGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Ave,
I tried:
<form><input type="text" name="email"><INPUT type="submit" value="SUbmit"
name="Submit"></form>
<?php
if($Submit) {
echo"
<script language=\"JavaScript\">
window.location=\"delete.php?email=$email\"
</script>";
}
?>
In a simple page. It worked absolutely fine... The value of $email was
passed along to delete.php
I don't think there's something wrong with your code below.. There might be
some other reason affecting the transfer of the $email variable value.
Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180
Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: [EMAIL PROTECTED]
http://www.informed-sources.com
On 5/24/05 8:24 AM, "M�rio Gamito" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Hi have this bit of code:
>
> -----------------------------------------------------
> echo"
> <script language=\"JavaScript\">
> window.location=\"valid_cv_insert.php?email=$email\"
> </script>";
> -----------------------------------------------------
>
> but when passing to file valid_cv_insert.php, $email value doesn't go along.
> The page that has this code "knows" tha value of $email variable.
>
> How can i turn this around ?
>
> Thanking you in advance.
>
> Warm regards,
> M�rio Gamito
--- End Message ---
--- Begin Message ---
M�rio Gamito wrote:
Hi,
hi,
the subject line of your post is not so good - make the subject relevant
to your question, asking 'why doesn't this work' is like asking 'why are we
here'.
its liable to get you either:
a, no answers.
b, answers like this one.
c, really useful answer like '42'
ok on with the show....
Hi have this bit of code:
-----------------------------------------------------
echo"
<script language=\"JavaScript\">
window.location=\"valid_cv_insert.php?email=$email\"
</script>";
-----------------------------------------------------
but when passing to file valid_cv_insert.php, $email value doesn't go along.
inside valid_cv_insert.php $email will only be set by the GET query
if the ini setting register_globals is on.
try doing this inside valid_cv_insert.php:
<? var_dump( $_GET, $GET['email'] ); ?>
(depending on your version of php $_GET may or not exist in any case
check this out (read it carefully!):
http://php.net/en/language.variables.predefined
as a sidenote, make sure you're doing some dumb like:
<? $email = 'xxxxx'; echo $emial; ?>
... its the kind fo thing I have wasted literally days on in the past.
The page that has this code "knows" tha value of $email variable.
how does it know it? possibly because you do something like?:
<? $email = "[EMAIL PROTECTED]"; ?>
How can i turn this around ?
you won't find much useful info on the back of your monitor ;-)
it wasn't too clear exactly what you were looking for but the gist seems
to be that you need to read up a bit on what register_globals is, the
fact that the default has gone from 'On' to 'Off' somewhere in the not so
distance
past and what the consequences are for your code.
still stuck? go read the manual a bit... then come back and ask some more. :-)
good luck.
Thanking you in advance.
Warm regards,
M�rio Gamito
--- End Message ---
--- Begin Message ---
Ave,
I�m trying to delete all files in a folder based on a string match with the
following code:
<?
$dir = '/Library/WebServer/Documents/something.com/subfolder/';
$dp = opendir($dir) or die ('Fatal Error: '.mysql_error());
while ($file = readdir($dp)) {
if ((eregi('.png',$file)) && (filemtime($dir.$file)) <
(strtotime('yesterday'))) {
unlink($dir.$file);
}
}
closedir($dp);
$yesterday = mktime( 0, 0, 0, date("m") , date("d")-1, date("Y") );
$date = date( "m-d-y, D", $yesterday );
echo "<B>Erase Successful!</B><br>All images up to $date, have been
permanently erased from the Server.";
?>
I need the code to delete all images created till yesterday, and leave
images created today. Somehow strtotime(�yesterday�) doesn�t work.
If I put strtotime(�-2 days�) or strtotime(�-7 days�) or even
strtotime(�8:00am�)... They all work accordingly. How come (�yesterday�)
isn�t working? It doesn�t delete anything.
Any tips?
Rahul S. Johari
Coordinator, Internet & Administration
Informed Marketing Services Inc.
251 River Street
Troy, NY 12180
Tel: (518) 266-0909 x154
Fax: (518) 266-0909
Email: [EMAIL PROTECTED]
http://www.informed-sources.com
--- End Message ---
--- Begin Message ---
Hi all.
I can't seem to figure this one out. I am trying to output a string
for a javascript that builds a DHTML tree. The sample string looks
like this:
[
['Executive Director', null, null,
['Executive Assistant ', null, null],
['Operations Director', null, null,
['Information Technology Director', null, null,
['Information Technology Analyst', null, null]
]
],
['Finance Director', null, null],
['Human Resources Director', null, null],
['Program Services Director', null, null]
]
]
My class contains these two functions to make this happen:
function generateOrg() {
$this->getDepts(0,1);
$str = "[". $this->str."]";
return ($str);
}
function getDepts ( $parent, $level ) {
$sql = 'SELECT BudgetedOrganization.* ';
$sql .= 'FROM BudgetedOrganization ';
$sql .= 'WHERE BudgetedOrganization.boSuperiorOrgID = ' .
$parent;
$rs = $this->retrieveData($sql);
$totalRows = mysql_num_rows($rs);
if ($totalRows > 0)
{
while($row = mysql_fetch_array($rs)){
$currRow = 0;
$this->str .= "['" . $row['boOrgName'] . "',null,null";
($totalRows == $currRow) ? $delim = "," : $delim =
"],";
$this->str .= $delim;
$this->getDepts($row['boOrgID'],$level+1);
$currRow++;
}
}
return($this->str);
}
Here is the output I am getting from my database, and the format is
not right. I have played with it for hours and still can't figure out
how to get the brackets and commas formatted properly to represent
the data tree properly.
['Organization XYZ',null,null],
['Operations',null,null],
['Finance',null,null],
['Information Technology',null,null],
['Program Services',null,null],
['Program Support',null,null],
['Provider Resources',null,null],
['MOST',null,null],
['Family Resources',null,null],
['Family Resources - Chatham Site',null,null],
['Team 13',null,null],
['Team 14',null,null],
['Enhanced Programs',null,null],
['Teen Parent Program',null,null],
['External Relations',null,null],
]
AND here is is when it is nested the way I want it (I did this by hand):
[
['Organization XYZ',null,null,
['Operations',null,null,
['Finance',null,null],
['Information Technology',null,null]
],
['Program Services',null,null,
['Program Support',null,null]
['Provider Resources',null,null,
['MOST',null,null]
],
['Family Resources',null,null,
['Family Resources - Chatham Site',null,null,
['Team 13',null,null],
['Team 14',null,null]
],
['Enhanced Programs',null,null,
['Teen Parent Program',null,null]
]
],
],
['External Relations',null,null]
]
]
Any help would be great. I am stuck.
Thanks,
Charles
--- End Message ---
--- Begin Message ---
> [Course, when you *DO* need RegEx it's *more* than a bit of a headache.
> More like a migraine :-)]
One of these days I will truly master regular expressions. After that,
enlightenment should be easy.
Regards,
Murray
--- End Message ---
--- Begin Message ---
Hi all
I was wondering if it is normal that when posting to the php-general list
there is always a very long delay before messages are shown.
It's not like with snail mail. Sending mail messages is instant so where is
the delay?
With kind regards
Andy
--
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:
http://www.vlaamse-kern.com/sas/
--
--
--- End Message ---
--- Begin Message ---
Hi All,
I'm wondering if anyone knows of a 'db aware' text editor? By 'db aware', I
mean one that can pull a recordset back from a local MySQL server and edit
the content of fields much like a standard text editor does with files.
I could probably build myself a simple one in Java, but before I undertake
that task I thought I'd ask if any of the better known editors are capable
of doing this, as I'd rather be able to use a feature-rich editor (ie one
that has features such as regex search and replace, macro recording etc)
than a hand-built alternative.
Much warmth,
Murray
--- End Message ---
