php-general Digest 19 Feb 2007 15:39:06 -0000 Issue 4634
Topics (messages 249005 through 249021):
Re: What is $this->
249005 by: André Medeiros
249014 by: Leonard Burton
249015 by: Sancar Saran
249016 by: M.Sokolewicz
249017 by: Dick Richard
Re: needed Yahoo like window for db query.
249006 by: John Comerford
Re: Unable to compile php 5.2.1 on Intel Macbook
249007 by: Chris
Re: easynav breaks my page
249008 by: Chris
Re: Securing user table with sha function
249009 by: Haydar Tuna
249018 by: Tim
Re: Catch STDERR
249010 by: Frank Arensmeier
249013 by: M.Sokolewicz
Re: Multi lingual pages
249011 by: Otto Wyss
249012 by: Otto Wyss
serialize() and special ANSI characters
249019 by: Youri LACAN-BARTLEY
css in mail()
249020 by: Danial Rahmanzadeh
249021 by: Jochem Maas
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Actually, $this->$message would be wrong, but the concept is right.
On 2/19/07, Leonard Burton <[EMAIL PROTECTED]> wrote:
HI,
> $this->SetFont('Arial','B',15);
what you include is a snippet from a class. Here is a brief into to
how a class works, sort of like a function. The $this refers to the
class from inside of the class.
<?php
class write{
var $message;
function set($message){
$this->$message = $message;
}
function display(){
print "$this->message\n";
}
}// class write
//actually use the class
$class = new write();
$class->set("This is a test message");
$class->display();
?>
I hope this helps.
Leonard
--
Leonard Burton, N9URK
http://www.jiffyslides.com
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"The prolonged evacuation would have dramatically affected the
survivability of the occupants."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
oops, typo.
Should have been $this->message.
Leonard
On 2/18/07, André Medeiros <[EMAIL PROTECTED]> wrote:
Actually, $this->$message would be wrong, but the concept is right.
On 2/19/07, Leonard Burton <[EMAIL PROTECTED]> wrote:
> HI,
>
> > $this->SetFont('Arial','B',15);
>
> what you include is a snippet from a class. Here is a brief into to
> how a class works, sort of like a function. The $this refers to the
> class from inside of the class.
>
> <?php
>
> class write{
>
> var $message;
>
> function set($message){
>
> $this->$message = $message;
> }
>
> function display(){
>
> print "$this->message\n";
> }
>
> }// class write
>
> //actually use the class
> $class = new write();
> $class->set("This is a test message");
> $class->display();
>
> ?>
>
> I hope this helps.
>
> Leonard
>
>
> --
> Leonard Burton, N9URK
> http://www.jiffyslides.com
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> "The prolonged evacuation would have dramatically affected the
> survivability of the occupants."
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Leonard Burton, N9URK
http://www.jiffyslides.com
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"The prolonged evacuation would have dramatically affected the
survivability of the occupants."
--- End Message ---
--- Begin Message ---
Hi,
I believe there are more offical answes available at around the web.
This is what I understand $this->
This is a base OO programming thing.
IN oo world you have to create new object to do someting.
like
$db = new adodb;
so after the generate object you will modify this object via functions.
$db->execSql($sql);
when you send this command, your class have to do someting with the object...
and program have to know which object?, because you can create unlimited
amount of object from same code. So. $this points current object.
when you do someting with any object, inside of his class code his name was
always $this.
Hope helps.
Sancar
On Monday 19 February 2007 02:52, Dick Richard wrote:
> Can someone explain what $this-> does and means. For example what does this
> bit ot php code mean?
>
> $this->SetFont('Arial','B',15);
>
> Thanks
>
> [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Ok, I'm pretty sure you have a point there, but I can't really see it to
be honest.
First of all, let's start out with the usual: RTFM! This page:
http://www.php.net/oop should explain basic class/object/method/member
terminology required to understand what's going on here.
In short you could say:
a 'class' is a collection of functions (known as 'methods') and
variables (known as 'members'). A class is a static structure. Each
class can spawn so-called 'objects' which are instances of that class,
more-or-less something like a copy (better explained in the manual,
linked).
In an object (note, not the class, but the object) the variable $this
references that object (it references itself basically). -> is an
operator stating 'perform the right-hand action on the left-hand object
(referenced by that variable). So $object->help() will call the function
help() on the object referenced as $object.
Now, I suggest you read trough the entire oop section of the manual to
find out more in detail and better wording.
- tul
Sancar Saran wrote:
Hi,
I believe there are more offical answes available at around the web.
This is what I understand $this->
This is a base OO programming thing.
IN oo world you have to create new object to do someting.
like
$db = new adodb;
so after the generate object you will modify this object via functions.
$db->execSql($sql);
when you send this command, your class have to do someting with the object...
and program have to know which object?, because you can create unlimited
amount of object from same code. So. $this points current object.
when you do someting with any object, inside of his class code his name was
always $this.
Hope helps.
Sancar
On Monday 19 February 2007 02:52, Dick Richard wrote:
Can someone explain what $this-> does and means. For example what does this
bit ot php code mean?
$this->SetFont('Arial','B',15);
Thanks
[EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
Thanks for the responses. Searching the web for "$this-> provided no help at
all. Your explainations got me on track and now I can find the right manual
to read!
Dick
""Dick Richard"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Can someone explain what $this-> does and means. For example what does
this
> bit ot php code mean?
>
> $this->SetFont('Arial','B',15);
>
> Thanks
>
> [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
You can use their JS Scripts, Check out:
http://developer.yahoo.com/yui/
http://developer.yahoo.com/yui/container/
Chris Carter wrote:
Need some help on getting some database result in a css popup like yahoo. The
requirement is to open a div or a window similar to yahoo one. As you can
see from the link below.
http://news.yahoo.com/s/ap/20070218/ap_on_go_co/us_iraq
On this if you click on the Images next to the links "Iraq", "President
Bush", "Hillary Rodham Clinton", "Pentagon", etc. This opens a div within
the page with the search result. They are using some JavaScript to achieve
this.
Is there anyone with idea of where to find a code for a similar kind of
window. I need to present data from database in a similar kind or window.
Any link, text to search in google or code would do :-|
Thanks in advance,
Chris
--
1^st Floor, 184 -186 Glenferrie Road, Malvern VIC 3144
PH: *(03) 9500 1466*
FX : *(03) 9500 1469*
Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Web: www.styleman.com.au <http://www.styleman.com.au>
The information in this e-mail is confidential and is intended solely
for the addressee. Any views or opinions presented are solely those of
the author and do not necessarily represent those of Option Systems Pty
Ltd. If you are not the intended recipient, please delete this message
and contact the sender.
--- End Message ---
--- Begin Message ---
Tim Visher wrote:
Hello all,
I can't compile php 5.2.1. I don't exactly know where the error starts or
begins so I'm just going to post the whole thing:
Looks like something to do with ssl.
What's your configure command?
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Ross wrote:
I am using the easynav class. I include it like this
What's that?
Maybe ask whoever makes easynav?
--
Postgresql & php tutorials
http://www.designmagick.com/
--- End Message ---
--- Begin Message ---
Hello,
1) If you protect your site from SQL Injection, you must replace all quote
and blank character in your form data. (with string functions)
2) After this step, you can compare your password (with SHA1) and database
password field (with SHA1).
3) if comparing passwords are true, then you must use session variables for
username
4) if user forget his or her password, you can send email to the user when
the user answer password protected question.
--
Haydar TUNA
Republic Of Turkey - Ministry of National Education
Education Technology Department Ankara / TURKEY
Web: http://www.haydartuna.net
""Tim"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
> Now moving on into other aspects of security :P I was thinking of a way to
> secure my login inputs the best way possible.
> Seeing how many different types of injection attacks their is and while
> observing different authentication systems I often notice the sha()
> function
> being used for passwords, which of course is the minimum requirements to
> saving passwords but.. Why manipulate this information in clear text
> wether
> it be email or username or pass fields, such as when you use
> sessions/cookies, or any other method of passing authentication
> information
> from page to page (an sha hash is x times less "geussable" then any other
> human term)... AND how to secure for injection attacks?
>
> Now this is where i thought hey, on every login page there is a user and
> pass input field and thus this is the only place one could "peak" into my
> user table, and I don't want someone injecting through their as the user
> table (three fields seperate from profile, username, email, pass) is the
> key
> to entry to the site.. SO, why not just encrypt all three fields? And
> store
> "copies" of email and username (not pass :P) in another database
> unecrypted
> or with a salt for further recovery..
>
> This would ensure that ANY information entered into the user and passowrd
> will be run through sha() thus creating a 40 char length hash and covering
> any (?) injection possiblity through a forged input in one of those fields
> via my "select" routine..
>
> Just wondering what other security conscious people think of this "plan"
> even though it may slow down logins a tad but the tight security in my
> opinion justifies this..
>
> Does anyone see an ugly flaw in this scheme?
> Does it look viable?
>
> Thanks for any input,
>
> Regards,
>
> Tim
--- End Message ---
--- Begin Message ---
> -----Message d'origine-----
> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 19 février 2007 08:12
> À : [email protected]
> Objet : [PHP] Re: Securing user table with sha function
>
> Hello,
>
> 1) If you protect your site from SQL Injection, you must
> replace all quote and blank character in your form data.
> (with string functions)
> 2) After this step, you can compare your password (with
> SHA1) and database password field (with SHA1).
> 3) if comparing passwords are true, then you must use session
> variables for username
> 4) if user forget his or her password, you can send email to
> the user when the user answer password protected question.
Yes i have read many tutorials with this "classic" method of authentication
system.
My "vision" is to tighten it even more by using only sha1() strings in my
SELECT statements for both username and password field.
Upon conversion to SHA regardless of the input you get a 40char string so no
need for classic form input filtering using my method of storing username
and pass as SHA hash's...
Ie:
$query = 'SELECT * FROM users WHERE username=\'' . Sha1($_POST['username'])
. '\' and pass=\'' . Sha1($_POST['pass']) . '\'';
Well was just an idea, i'll try it, doesn't seem to interest many people,
that's ok keep using the classic method ;P
Regards,
Tim
> --
> Haydar TUNA
> Republic Of Turkey - Ministry of National Education Education
> Technology Department Ankara / TURKEY
> Web: http://www.haydartuna.net
>
> ""Tim"" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Hello,
> >
> > Now moving on into other aspects of security :P I was thinking of a
> > way to secure my login inputs the best way possible.
> > Seeing how many different types of injection attacks their is and
> > while observing different authentication systems I often notice the
> > sha() function being used for passwords, which of course is the
> > minimum requirements to saving passwords but.. Why manipulate this
> > information in clear text wether it be email or username or pass
> > fields, such as when you use sessions/cookies, or any other
> method of
> > passing authentication information from page to page (an
> sha hash is x
> > times less "geussable" then any other human term)... AND
> how to secure
> > for injection attacks?
> >
> > Now this is where i thought hey, on every login page there
> is a user
> > and pass input field and thus this is the only place one
> could "peak"
> > into my user table, and I don't want someone injecting
> through their
> > as the user table (three fields seperate from profile, username,
> > email, pass) is the key to entry to the site.. SO, why not just
> > encrypt all three fields? And store "copies" of email and username
> > (not pass :P) in another database unecrypted or with a salt for
> > further recovery..
> >
> > This would ensure that ANY information entered into the user and
> > passowrd will be run through sha() thus creating a 40 char
> length hash
> > and covering any (?) injection possiblity through a forged input in
> > one of those fields via my "select" routine..
> >
> > Just wondering what other security conscious people think
> of this "plan"
> > even though it may slow down logins a tad but the tight
> security in my
> > opinion justifies this..
> >
> > Does anyone see an ugly flaw in this scheme?
> > Does it look viable?
> >
> > Thanks for any input,
> >
> > Regards,
> >
> > Tim
>
> --
> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Spontaneously, my suggestion would to pipe the STDERR output from
your command to a file. I have to admit that this doesn't feel like
the most efficient solution since you would involve some reading /
writing to your filesystem.
Regards.
//frank
17 feb 2007 kl. 21.49 skrev Peter Lauri:
Hi,
I am executing exec('some cool command', $stdout, $exitcode);
That is fine. I get what I in the beginning wanted. However, now I
need to
catch the STDERR that the command is generating as well. Some of
you might
tell me to redirect STDERR to STDOUT, but that is not possible as I
need to
use the STDOUT as is to automate a process.
I know I can do fwrite(STDERR, 'Output some error\n');
So could I fread(STDERR, SOMESIZE)?
Is there anyone with experience of best way of doing this? Should I
maybe
use proc_open or something similar and then write it to a file, and
then
read that file? Hrm, doesn’t make any sense to do that.
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
you could instead use the proc_* functions to do this. However, seen as
those are pretty complicated and were not available in most php versions
ran by most hosts, a lot of people had to come up with other ways
around it. The most used way is indeed what you described. A simple:
$t = tempnam();
exec('/bin/SomeCommand 2>'.$t);
$stderror = file_get_contents($t);
is what most scripts seem to use currently
- tul
Frank Arensmeier wrote:
Spontaneously, my suggestion would to pipe the STDERR output from your
command to a file. I have to admit that this doesn't feel like the most
efficient solution since you would involve some reading / writing to
your filesystem.
Regards.
//frank
17 feb 2007 kl. 21.49 skrev Peter Lauri:
Hi,
I am executing exec('some cool command', $stdout, $exitcode);
That is fine. I get what I in the beginning wanted. However, now I
need to
catch the STDERR that the command is generating as well. Some of you
might
tell me to redirect STDERR to STDOUT, but that is not possible as I
need to
use the STDOUT as is to automate a process.
I know I can do fwrite(STDERR, 'Output some error\n');
So could I fread(STDERR, SOMESIZE)?
Is there anyone with experience of best way of doing this? Should I maybe
use proc_open or something similar and then write it to a file, and then
read that file? Hrm, doesn’t make any sense to do that.
Best regards,
Peter Lauri
www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Paul Novitski wrote:
Unless your site is insanely popular or huge, does the method really
Sure I hope to once have an insanely popular or huge site, albeit that
probably won't happen.
O. Wyss
--- End Message ---
--- Begin Message ---
Jochem Maas wrote:
don't go down the define('LANG_KEY', 'lang string value'); route - defines
are comparatively SLOW to create. IF you go down the road of loading in text
from 'per lang' files I would suggest using an array as the storage mechanism:
$Lang = array(
'LANG_KEY' => 'lang string value',
// .. etc
);
assoc array are much less heavy to create.
Thanks, I'll try the assoc array.
also consider that there are, imho, 2 kinds of language specific data:
1. 'static' values - button texts, [error] messages - these are specified
during site/application
design.
Yes these are the static texts I'm talking about. They don't depend on
data, only on layout and design.
2. 'dynamic' values - document titles, headers, content - these are specified
by the owner/user during
the lifetime of the site/application
Sure, I've these values too and store them in the database.
for the rest I'll just say 'ditto' to most of what the other list members
replied :-)
Thanks a lot.
O. Wyss
--- End Message ---
--- Begin Message ---
Hi all,
I'm just curious to find out if I'm the only person to have bumped into
this kind of issue with serialize/unserialize.
When I try and serialize an array containing a string value with the "±"
character (alt+241 ASCII) such as :
"120GB 2X512MB 15.4IN DVD±RW VHP FR"
The resulting serialized array is truncated.
ie. I would obtain :
"a:17:{i:0;s:1:"A";i:1;s:7:"TOSHIBA";i:2;s:4:"3740";i:3;s:7:"404D862";i:4;s:31:"SATELLITE
A100-044 CD/T2060-1.6";i:5;s:35:"120GB 2X512MB 15.4IN DVD"
As you can see serialization seems to stall as soon as the "±" character
shows up.
Do any of you have the same issue? And what could be a work around for
this sort of problem.
This has occurred on a Windows XP box running PHP 5.2.0. The string is
obtained from a CSV file using ANSI encoding.
Thanks,
Youri
--- End Message ---
--- Begin Message ---
how can i use css with mail()?
thank u
--- End Message ---
--- Begin Message ---
Danial Rahmanzadeh wrote:
> how can i use css with mail()?
this kind of question is really annoying [today] - it shows that you are
a f***ing lazy b'std who can't even be bothered to formulate a question
properly let alone type something like 'CSS mail php' into the nearest
search engine.
we are not here to do your job for you.**
please STFW and go find yourself a tutorial/clue/code-snippet
related to sending HTML email [using php].
**suppressing the desire to rant along the lines of "my job went to India
and now I'm relegated to spoon feeding the answers to the moron, who has been
programming for all of 3 days but *is* getting paid for the work I'm still
doing,
for free"
> thank u
>
--- End Message ---
