php-general Digest 9 Apr 2007 12:32:19 -0000 Issue 4724

Mon, 09 Apr 2007 05:35:08 -0700 

php-general Digest 9 Apr 2007 12:32:19 -0000 Issue 4724

Topics (messages 252277 through 252298):

session in forum
        252277 by: uni uni
        252280 by: itoctopus

Re: foreach question
        252278 by: chris.aquanuke.com
        252279 by: Sebe
        252284 by: siavash1979.telus.net
        252286 by: Lori Lay
        252287 by: chris.aquanuke.com
        252288 by: Lori Lay
        252289 by: siavash1979.telus.net

Re: MD5 & bot Question
        252281 by: tedd
        252282 by: tedd
        252283 by: tedd
        252294 by: Tijnema !
        252295 by: Micky Hulse

Re: keeping credit card info in session
        252285 by: siavash1979.telus.net
        252290 by: Lester Caine
        252291 by: Jochem Maas
        252298 by: Davi

Re: Design Dilemma - Database Data Abstraction
        252292 by: Lester Caine

DOM and XSLTProcessor
        252293 by: Buesching, Logan J
        252296 by: Tijnema !
        252297 by: Buesching, Logan J

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-general@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
im trying to make a forum for my school assignment, its done and work well, but 
i want to make session where it is readonly for un-registered user, and the 
registered user can automaticly post new  topics or comment the other topics 
without filling up name and email form cuz their name and email will be taken 
from the database as they have logged in.

anyone can help me please? 

 
---------------------------------
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.

--- End Message ---
--- Begin Message --- 
http://www.sitepoint.com/article/users-php-sessions-mysql

--
itoctopus - http://www.itoctopus.com
"uni uni" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> im trying to make a forum for my school assignment, its done and work
well, but i want to make session where it is readonly for un-registered
user, and the registered user can automaticly post new  topics or comment
the other topics without filling up name and email form cuz their name and
email will be taken from the database as they have logged in.
>
> anyone can help me please?
>
>
> ---------------------------------
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.

--- End Message ---
--- Begin Message --- 
"both examples do the same thing.."

no, ex1 only has 1 <br />

so outputs like..
item1item2item3item4item5<br />

Where as I want this..

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

ie a line break after every item.
----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]> 
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {    echo "$key<br />";
}

and that gives me

item1
item2
item3
item4
item5<br />

how do I write it to give me

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 <br />

so outputs like..
item1item2item3item4item5<br />

Where as I want this..

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

ie a line break after every item.
hmm, if you're getting 5 results from the loop each should already have a <br /> so i dont understand what is wrong but the code it's set to put out a line break after each item. maybe i'm blind but the code is fine (with the exception that i don't use double quotes). 

----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {    echo "$key<br />";
}

and that gives me

item1
item2
item3
item4
item5<br />

how do I write it to give me

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Your code is fine and it should work.

but in any case, try:

foreach ($_POST as $key){
    echo $key . '<br />';
}

Also, what php version, and what browser are you using?

good luck,
Siavash



> [EMAIL PROTECTED] wrote:
> > "both examples do the same thing.."
> >
> > no, ex1 only has 1 <br />
> >
> > so outputs like..
> > item1item2item3item4item5<br />
> >
> > Where as I want this..
> >
> > item1<br />
> > item2<br />
> > item3<br />
> > item4<br />
> > item5<br />
> >
> > ie a line break after every item.
> >
> 
> hmm, if you're getting 5 results from the loop each should already have 
> a <br />
> so i dont understand what is wrong but the code it's set to put out a 
> line break after each item. maybe i'm blind but the code is fine (with 
> the exception that i don't use double quotes).
> >
> > ----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <php-general@lists.php.net>
> > Sent: Monday, April 09, 2007 1:22 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> I have ..
> >>>
> >>> foreach( $_POST as $key ) {    echo "$key<br />";
> >>> }
> >>>
> >>> and that gives me
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5<br />
> >>>
> >>> how do I write it to give me
> >>>
> >>> item1<br />
> >>> item2<br />
> >>> item3<br />
> >>> item4<br />
> >>> item5<br />
> >>>
> >>> Thanks
> >>>
> >> both examples do the same thing..
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

--- End Message ---
--- Begin Message --- 
[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 <br />

so outputs like..
item1item2item3item4item5<br />

Where as I want this..

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

ie a line break after every item.
Silly question, perhaps, but are you sure $_POST is an array (with 5 elements)? What you have written should produce a break after each item if POST is a 5 element array. However if POST is a single element with the five items concatenated together, then they would be printed the way you have it listed above... 

It might be better to post the full script to the list.

Lori


----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {    echo "$key<br />";
}

and that gives me

item1
item2
item3
item4
item5<br />

how do I write it to give me

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Sorry this is the full script...

whois.php

<html>
<body><span style="font-size:13;font-family:Arial,Verdana;">
<form method='POST' action='whois.php'>

<p><b>Enter Domain Names (one per line)</b></p>
<textarea name='domain' cols="50" rows="8" style="font-size:13;font-family:Arial,Verdana;"></textarea><p> 

<input type='submit' value="Submit Domain Query">
</form>
<p><b><u>Whois Results:</u></b></p>

<?php

foreach( $_POST as $key ) {
   echo "$key<br>";
}
?>

</body>
</html>
----- Original Message ----- From: "Lori Lay" <[EMAIL PROTECTED]> 
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 5:20 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 <br />

so outputs like..
item1item2item3item4item5<br />

Where as I want this..

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

ie a line break after every item.
Silly question, perhaps, but are you sure $_POST is an array (with 5 elements)? What you have written should produce a break after each item if POST is a 5 element array. However if POST is a single element with the five items concatenated together, then they would be printed the way you have it listed above... 

It might be better to post the full script to the list.

Lori


----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {    echo "$key<br />";
}

and that gives me

item1
item2
item3
item4
item5<br />

how do I write it to give me

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
[EMAIL PROTECTED] wrote:

Sorry this is the full script...

whois.php

<html>
<body><span style="font-size:13;font-family:Arial,Verdana;">
<form method='POST' action='whois.php'>

<p><b>Enter Domain Names (one per line)</b></p>
<textarea name='domain' cols="50" rows="8" style="font-size:13;font-family:Arial,Verdana;"></textarea><p>
Gotcha! A textarea does not produce an array. Even though the user should be separating the lines with a line break, this turns into one long string with line breaks in it, not separate array elements. You will have to do this manually. Actually, you could probably use nl2br to insert BR's before the line breaks (it doesn't replace them, but that's usually good enough). 

Lori


<input type='submit' value="Submit Domain Query">
</form>
<p><b><u>Whois Results:</u></b></p>

<?php

foreach( $_POST as $key ) {
   echo "$key<br>";
}
?>

</body>
</html>

----- Original Message ----- From: "Lori Lay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 5:20 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 <br />

so outputs like..
item1item2item3item4item5<br />

Where as I want this..

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

ie a line break after every item.
Silly question, perhaps, but are you sure $_POST is an array (with 5 elements)? What you have written should produce a break after each item if POST is a 5 element array. However if POST is a single element with the five items concatenated together, then they would be printed the way you have it listed above... 

It might be better to post the full script to the list.

Lori


----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <php-general@lists.php.net>
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {    echo "$key<br />";
}

and that gives me

item1
item2
item3
item4
item5<br />

how do I write it to give me

item1<br />
item2<br />
item3<br />
item4<br />
item5<br />

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- 
Quoting Lori Lay <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> > Sorry this is the full script...
> >
> > whois.php
> >
> > <html>
> > <body><span style="font-size:13;font-family:Arial,Verdana;">
> > <form method='POST' action='whois.php'>
> >
> > <p><b>Enter Domain Names (one per line)</b></p>
> > <textarea name='domain' cols="50" rows="8" 
> > style="font-size:13;font-family:Arial,Verdana;"></textarea><p>
> 
> Gotcha!  A textarea does not produce an array.  Even though the user 
> should be separating the lines with a line break, this turns into one 
> long string with line breaks in it, not separate array elements.  You 
> will have to do this manually.  Actually, you could probably use nl2br 
> to insert BR's before the line breaks (it doesn't replace them, but 
> that's usually good enough).
> 
> Lori


much better, it all makes sense now. This is what I would do:

<?php
$array = split("\n", $_POST['domain']);
foreach( $array as $key ) {
    echo "$key<br>";
}
?>


Siavash


> >
> > <input type='submit' value="Submit Domain Query">
> > </form>
> > <p><b><u>Whois Results:</u></b></p>
> >
> > <?php
> >
> > foreach( $_POST as $key ) {
> >    echo "$key<br>";
> > }
> > ?>
> >
> > </body>
> > </html>
> >
> > ----- Original Message ----- From: "Lori Lay" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <php-general@lists.php.net>
> > Sent: Monday, April 09, 2007 5:20 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> "both examples do the same thing.."
> >>>
> >>> no, ex1 only has 1 <br />
> >>>
> >>> so outputs like..
> >>> item1item2item3item4item5<br />
> >>>
> >>> Where as I want this..
> >>>
> >>> item1<br />
> >>> item2<br />
> >>> item3<br />
> >>> item4<br />
> >>> item5<br />
> >>>
> >>> ie a line break after every item.
> >>>
> >> Silly question, perhaps, but are you sure $_POST is an array (with 5 
> >> elements)?  What you have written should produce a break after each 
> >> item if POST is a 5 element array.  However if POST is a single 
> >> element with the five items concatenated together, then they would be 
> >> printed the way you have it listed above...
> >>
> >> It might be better to post the full script to the list.
> >>
> >> Lori
> >>>
> >>> ----- Original Message ----- From: "Sebe" <[EMAIL PROTECTED]>
> >>> To: <[EMAIL PROTECTED]>
> >>> Cc: <php-general@lists.php.net>
> >>> Sent: Monday, April 09, 2007 1:22 AM
> >>> Subject: Re: [PHP] foreach question
> >>>
> >>>
> >>>> [EMAIL PROTECTED] wrote:
> >>>>> I have ..
> >>>>>
> >>>>> foreach( $_POST as $key ) {    echo "$key<br />";
> >>>>> }
> >>>>>
> >>>>> and that gives me
> >>>>>
> >>>>> item1
> >>>>> item2
> >>>>> item3
> >>>>> item4
> >>>>> item5<br />
> >>>>>
> >>>>> how do I write it to give me
> >>>>>
> >>>>> item1<br />
> >>>>> item2<br />
> >>>>> item3<br />
> >>>>> item4<br />
> >>>>> item5<br />
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>> both examples do the same thing..
> >>>>
> >>>> -- 
> >>>> PHP General Mailing List (http://www.php.net/)
> >>>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>

--- End Message ---
--- Begin Message --- 
At 6:33 PM +0200 4/8/07, Tijnema ! wrote:

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:

Remember, I could also use a jpeg file and have millions of colors to
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
computer resources, could break that.

Am I wrong?


Maybe... What about OCR programs? they can read letters from images,
if you could transfrom that to an program that could read arrows
instead of characters. then you probably could crack it, also if you
store random pixels in it. And that doesn't use massive computer
resources :)


Yes, I was excluding that -- I was dealing only with MD5 solutions.
Of course, OCR-like programs can decipher and interpret an arrow. It would not be too hard to find the center of the square and then determine in which one of eight zones the majority of contrasting pixels were. I did similar stuff many years ago detecting movement by comparing frames to see what was areas in a frame were changing and then direct stepping motors to control the camera. Neat stuff. 

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--- End Message ---
--- Begin Message --- 
At 6:46 PM +0200 4/8/07, Jochem Maas wrote:

just a few random thought on how to make it even more painful to
crack. random colored borders, random border width, slight changes in width/height, random pixel noise or varying colors, animated gifs (where does the arrow stop), 
animated gifs (where does the red/pink/blue/green arrow point to),
make the letters random with regard to character and position [and make the letters generated images them selves] 
that way know where the arrow is pointing is only half the solution.

or may rather take this technique and combine it with std captcha such that
you output an image with a stack of [freaky] letters in it and one of them
has an arrow pointing at it.

yadda yadda.
in theory it's all crackable - but somewhere along the line the problem becomes too hard to make it worth the effort to try (unless your securing Fort Knox or something)
My attempt here was only to show that a MD5 solution could become so vast that there would be no point in pursuing that avenue. 

As for other ways to crack this, of course there ARE other easier ways.

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--- End Message ---
--- Begin Message --- 
At 4:38 AM -0700 4/8/07, benifactor wrote:

hmm, why don't you md5 more then once..
I read somewhere that MD5'ing anything more than once, does not increase security. 

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--- End Message ---
--- Begin Message --- 
On 4/9/07, tedd <[EMAIL PROTECTED]> wrote:

At 4:38 AM -0700 4/8/07, benifactor wrote:
>hmm, why don't you md5 more then once..

I read somewhere that MD5'ing anything more than once, does not
increase security.

Cheers,

tedd


Not in this case, as it doesn't goes about decrypting the key here,
that's impossible with MD5, you can only bruteforce. But that's
totally not of interest, a cracker doesn't want to implement a MD5
bruteforcer in his bot that brute forces the MD5 key each time (which
can take up to several years to complete on regular PCs).

Tijnema

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--- End Message ---
--- Begin Message --- 
Tijnema ! wrote:

You can't stop me :)
http://86.86.80.41/dev/debug/tedd.php
It's cracked again :)
Maybe use flash for this... harder to crack? (Of course, Flash will open door to other problems.) 

Sorry, coming in on this late. Good work Tedd! Very interesting.

M

--
Wishlists: <http://snipurl.com/vrs9>
   Switch: <http://browsehappy.com/>
     BCC?: <http://snipurl.com/w6f8>
       My: <http://del.icio.us/mhulse>

--- End Message ---
--- Begin Message --- 
Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.

second, I did suggest using a paypal API or a paid site to take care of this, 
but my client said no. She has a credit card processing account and how she 
works with it right now, is that interested users email her, she calls them, 
gets their credit card info and charges their card manually without the card 
present.

so, this is not really my problem, it's what she's been doing before and wants 
to continue doing. All she asked me to do is that as part of the form that 
people send their requests through, now she wants their credit card info as 
well. So that she doesn't have to call them.

And the reason I'm keeping cc info in the session for a few steps, is to take 
them to confirmation page, and then the reciept page. and after wards, I want 
to keep it in there untill the client logs in to the admin page and sees new 
requests, charges them and then deletes them for ever.

So now I've got two different responses, some people say do it, but use 
encryption/decryption methods, and some people say don't do it. But if I don't 
do it, that means I tell my client that I can't do it and I lose the job.



Thanks again,
Siavash




Quoting Travis Doherty <[EMAIL PROTECTED]>:

> Jochem Maas wrote:
> 
> >unless you are a payment gateway or a bank don't touch credit card numbers.
> >there are plenty of threads in the archive of this list that give good
> reasons
> >not to e.g. being sued out of existence.
> >  
> >
> 100% agreed.  Never touch credit card numbers.  You can't just take
> credit card numbers and manually process them in 'card not present'
> transactions (or MOTO in more archaic terms.)  You need a merchant
> account that allows for this -- usually at a higher discount rate. 
> Check the merchant agreement.
> 
> Your client should get an account like this, or better yet, provide you
> with the instructions on how to integrate his site with the payment
> providers so that you never have to worry about credit cards.
> 
> As an additional note... Maybe your SSL cert secures the numbers from
> the client to the server, and just maybe your PHP scripts have no
> security flaws in them, but you must remember the server itself and
> everything else outside of PHP.  What if someone found a flaw in the FTP
> server for example, or the mail server even, and used that to get the CC
> info.   I would hate to be explaining to a list of 1000 clients that I
> was responsible for their card numbers being stolen.
> 
> Travis Doherty
>

--- End Message ---
--- Begin Message --- 
[EMAIL PROTECTED] wrote:

Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.
second, I did suggest using a paypal API or a paid site to take care of this, but my client said no. She has a credit card processing account and how she works with it right now, is that interested users email her, she calls them, gets their credit card info and charges their card manually without the card present.
so, this is not really my problem, it's what she's been doing before and wants to continue doing. All she asked me to do is that as part of the form that people send their requests through, now she wants their credit card info as well. So that she doesn't have to call them.
Then *SHE* has to obey the rules laid down by the provider of that service. She may well be breaking the rules if she does not take the card number over the phone. The second you ask for a credit card number electronically you need *ALL* of the security you can get. I have seen a number of cases of sites that did not follow the rules and within minutes of a transaction being completed the card number is being used on the other side of the world !!!! ( My next door neighbour got stung after using the British Airways site - one you would have expected to be secure )
And the reason I'm keeping cc info in the session for a few steps, is to take them to confirmation page, and then the reciept page. and after wards, I want to keep it in there untill the client logs in to the admin page and sees new requests, charges them and then deletes them for ever.
So now I've got two different responses, some people say do it, but use encryption/decryption methods, and some people say don't do it. But if I don't do it, that means I tell my client that I can't do it and I lose the job.
Some jobs you do walk away from. One has to know when it is worth all the time you are going to pump into solving a problem that you will not actually get paid for. If YOU are setting up the security for using Credit Cards *YOU* may well be held liable when it gets cracked. So it is safer to pass the risk to the card companies where possible and use an existing security system where someone else takes the blame.
Starting point - what does it say in the agreement that your client currently has with her credit card account? 

--
Lester Caine - G8HFL
-----------------------------
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--- End Message ---
--- Begin Message --- 
[EMAIL PROTECTED] wrote:
> Thanks a lot every one. These are great replies.
> 
> I guess I should have explained a bit more about what I'm doing.
> 
> first of all, this is not my site, it's for a client of mine.

probably irrelevant from a legal pooint of view.
> 
> second, I did suggest using a paypal API or a paid site to take care of this, 
> but my client said no. She has a credit card processing account and how she 
> works with it right now, is that interested users email her, she calls them, 
> gets their credit card info and charges their card manually without the card 
> present.
> 
> so, this is not really my problem, it's what she's been doing before and 
> wants 
> to continue doing. All she asked me to do is that as part of the form that 
> people send their requests through, now she wants their credit card info as 
> well. So that she doesn't have to call them.

tell her 'PAYMENT PROVIDER OR BUST'. :-)

> 
> And the reason I'm keeping cc info in the session for a few steps, is to take 
> them to confirmation page, and then the reciept page. and after wards, I want 
> to keep it in there untill the client logs in to the admin page and sees new 
> requests, charges them and then deletes them for ever.

you think you want this, but you don't.

> 
> So now I've got two different responses, some people say do it, but use 
> encryption/decryption methods, and some people say don't do it. 

does your client have a million dollar budget (including cash surplus to handle
lawsuits and fines from banks or CC companies) to design and administer
the security of the complete software stack that the CC will be handled by
and stored on?

no I didn't think so, ergo don't go down this route .... anyone tell you
its a good idea (regardless of encryption) needs their head examined.

> But if I don't 
> do it, that means I tell my client that I can't do it and I lose the job.
> 

good, dont take the job. some one else will take the blame when things go
seriously wrong (assuming she can find anyone to take the job.) and leaves
you to doa project that won't make you bankrupt.

> 
> 
> Thanks again,
> Siavash
> 
> 
> 
> 
> Quoting Travis Doherty <[EMAIL PROTECTED]>:
> 
>> Jochem Maas wrote:
>>
>>> unless you are a payment gateway or a bank don't touch credit card numbers.
>>> there are plenty of threads in the archive of this list that give good
>> reasons
>>> not to e.g. being sued out of existence.
>>>  
>>>
>> 100% agreed.  Never touch credit card numbers.  You can't just take
>> credit card numbers and manually process them in 'card not present'
>> transactions (or MOTO in more archaic terms.)  You need a merchant
>> account that allows for this -- usually at a higher discount rate. 
>> Check the merchant agreement.
>>
>> Your client should get an account like this, or better yet, provide you
>> with the instructions on how to integrate his site with the payment
>> providers so that you never have to worry about credit cards.
>>
>> As an additional note... Maybe your SSL cert secures the numbers from
>> the client to the server, and just maybe your PHP scripts have no
>> security flaws in them, but you must remember the server itself and
>> everything else outside of PHP.  What if someone found a flaw in the FTP
>> server for example, or the mail server even, and used that to get the CC
>> info.   I would hate to be explaining to a list of 1000 clients that I
>> was responsible for their card numbers being stolen.
>>
>> Travis Doherty
>>
>

--- End Message ---
--- Begin Message --- 
Em Segunda 09 Abril 2007 01:12, [EMAIL PROTECTED] escreveu:
> Thanks a lot every one. These are great replies.

You're welcome! ^^

>
> I guess I should have explained a bit more about what I'm doing.
>
> first of all, this is not my site, it's for a client of mine.

Things going to be better... =]

>
> second, I did suggest using a paypal API or a paid site to take care of
> this, but my client said no. She has a credit card processing account and
> how she works with it right now, is that interested users email her, she
> calls them, gets their credit card info and charges their card manually
> without the card present.

Ops... But... You can't solve death... All other you *can* do anything... =]

>
> so, this is not really my problem, it's what she's been doing before and
> wants to continue doing. All she asked me to do is that as part of the form
> that people send their requests through, now she wants their credit card
> info as well. So that she doesn't have to call them.
>
> And the reason I'm keeping cc info in the session for a few steps, is to
> take them to confirmation page, and then the reciept page. and after wards,
> I want to keep it in there untill the client logs in to the admin page and
> sees new requests, charges them and then deletes them for ever.
>
> So now I've got two different responses, some people say do it, but use
> encryption/decryption methods, and some people say don't do it. But if I
> don't do it, that means I tell my client that I can't do it and I lose the
> job.

Well... Last month I configured a mail server... Or I must say: a SPAM server?
"But it's illegal!!!"
Yes... I known... But it was my job... If I don't do it, I would lose money 
and... Another do that!!!

Simple: do a "license agreement" that isents you about *any* legal implication 
about the PHP solution... And use the max security you can and charge for 
security updates!! =P

It's what *I* would do, at least...

> Thanks again,
> Siavash
>

Well... Sorry my poor english and let me known if you don't understand 
*anything*...


-- 
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--

Agora com fortune:
"       During a visit to America, Winston Churchill was invited to a buffet
luncheon at which cold fried chicken was served.  Returning for a second
helping, he asked politely, "May I have some breast?"
        "Mr. Churchill," replied the hostess, "in this country we ask for
white meat or dark meat."  Churchill apologized profusely.
        The following morning, the lady received a magnificent orchid from
her guest of honor.  The accompanying card read: "I would be most obliged if
you would pin this on your white meat.""

--- End Message ---
--- Begin Message --- 
Martin Alterisio wrote:

I have a dilemma on a design where I humbly ask your help. I'm working on
the model part of a web application (not to be understood in the "web2.0"
way, but in a more general way, where anything mounted on HTTP is a web
application) done in PHP5 following the MVC design pattern. But the strong
point is that the result must be those-who-never-RTFM-proof. But that's not
my dilemma, I only mention this so that no RoR concept or similar is thrown
into the table, that is, NO ActiveRecord.

The solution I presented is to access, and act upon, a database as if they
were PHP arrays, meaning that a table is presented as an array of records.
Here comes my dilemma. But first let me explain a bit about the scenario so
far:


I snip there - too much detail without defining the problem ;)
Database Data Abstraction normally refers to using a common internal structure which can be loaded from a range of database engines. It sounds as if you have no requirement to 'Abstract' the database, only to come up with a persistent object layer under a single database engine?
You have indicated that you are looking for a multi-user system, and so the raw data must be in the database, but as you have seen, the flexibility afforded by any database engine is difficult to duplicate. The thing to remember is that you should ONLY be reading the data you need for the current user, and so your persistent objects do not need to be as complex as you seem to be looking for. It is always faster to ask the database for an answer than to copy everything to PHP in order to work with it. With any decent database you can provide views of the data in a suitable format for the arrays you need display on the user interface. 

I tried to find something suitable to point you at, but it's difficult
http://www.appelsiini.net/~tuupola/php/DB_DataContainer/
Is probably in line with your current outline?

--
Lester Caine - G8HFL
-----------------------------
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--- End Message ---
--- Begin Message --- 
Greetings,

 

I apologize if this is a little long, but I am trying to put as much
information as I have done in this first post.  I am running PHP 5 and
attempting to use DOM to create data to show on a webpage and using
XSLTProcessor with an XSLT sheet to output it into XHTML.  Everything is
pretty fine an dandy until I wish to print raw text, such as xdebug and
var_dump.

 

My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know
most basics, but not the more advanced things.  Whenever I try to add
data using createTextNode, it is always escaped, such that if I do
<strong>something</strong>, when shown to the screen, it shows
&lt;strong&gt; etc...  

 

Here is the general outline:

 

<?php

$doc=new DOMDocument("1.0");

$root=$doc->createElement("root");

$wantedCode=$doc->createTextNode("<strong>Something</strong>");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);

?>

 

SomeSheet is something like:

<xsl:template match="/">

            <xsl:value-of select="."/>

</xsl:template>

 

The expected output that I would like to get is:

<strong>Something</strong>

(This would just bold my text, not literally see the <strong> tags).

 

The actual output is:

&lt;strong&gt;Something&lt;/strong&gt;

(This outputs the <strong> tags to the end user, which is what I do not
want).

 

I checked the manual at:
http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php
.  A user comment suggested to use CDATA nodes, so I attempted to change
my code to the following:

 

<?php

$doc=new DOMDocument("1.0");

$root=$doc->createElement("root");

//note the change right here

$wantedCode=$doc->createCDATASection("<strong>Something</strong>");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);

 

?>

 

But this was of no success; it just had the same output.

 

Is there anyone that is able to help me out here?

 

Thanks,

Logan

--- End Message ---
--- Begin Message --- 
On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote:

Greetings,



I apologize if this is a little long, but I am trying to put as much
information as I have done in this first post.  I am running PHP 5 and
attempting to use DOM to create data to show on a webpage and using
XSLTProcessor with an XSLT sheet to output it into XHTML.  Everything is
pretty fine an dandy until I wish to print raw text, such as xdebug and
var_dump.



My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know
most basics, but not the more advanced things.  Whenever I try to add
data using createTextNode, it is always escaped, such that if I do
<strong>something</strong>, when shown to the screen, it shows
&lt;strong&gt; etc...



Here is the general outline:



<?php

$doc=new DOMDocument("1.0");

$root=$doc->createElement("root");

$wantedCode=$doc->createTextNode("<strong>Something</strong>");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);

?>



SomeSheet is something like:

<xsl:template match="/">

           <xsl:value-of select="."/>

</xsl:template>



The expected output that I would like to get is:

<strong>Something</strong>

(This would just bold my text, not literally see the <strong> tags).



The actual output is:

&lt;strong&gt;Something&lt;/strong&gt;

(This outputs the <strong> tags to the end user, which is what I do not
want).



I checked the manual at:
http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php
.  A user comment suggested to use CDATA nodes, so I attempted to change
my code to the following:



<?php

$doc=new DOMDocument("1.0");

$root=$doc->createElement("root");

//note the change right here

$wantedCode=$doc->createCDATASection("<strong>Something</strong>");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);



?>



But this was of no success; it just had the same output.



Is there anyone that is able to help me out here?



Thanks,

Logan



Try using htmlspecialchars_decode before outputting your data:
http://www.php.net/manual/en/function.htmlspecialchars-decode.php

Tijnema

--- End Message ---
--- Begin Message --- 
This could offer a possible workaround.  

Let me first state that I cannot simply do:

echo htmlspecialchars_decode($proc->transformToXML($doc));

If I were to do that, then it would assume that all of these encodings
need to be decoded; which definitely is not the case.  I only want to do
this for a few of the encodings, which I will know before the XSL
processing.  I guess I can do some processing after it went through the
XSL Processor to decode some of the encodings that I do not want, but
that just seems like it would add a lot of unnecessary overhead if it
can be avoided.

Thanks for the idea though.

-Logan 

-----Original Message-----
From: Tijnema ! [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 09, 2007 4:40 AM
To: Buesching, Logan J
Cc: php-general@lists.php.net
Subject: Re: [PHP] DOM and XSLTProcessor

On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote:
> Greetings,
>
>
>
> I apologize if this is a little long, but I am trying to put as much
> information as I have done in this first post.  I am running PHP 5 and
> attempting to use DOM to create data to show on a webpage and using
> XSLTProcessor with an XSLT sheet to output it into XHTML.  Everything
is
> pretty fine an dandy until I wish to print raw text, such as xdebug
and
> var_dump.
>
>
>
> My knowledge of DOM and XSLTProcessor is about a 5/10, such that I
know
> most basics, but not the more advanced things.  Whenever I try to add
> data using createTextNode, it is always escaped, such that if I do
> <strong>something</strong>, when shown to the screen, it shows
> &lt;strong&gt; etc...
>
>
>
> Here is the general outline:
>
>
>
> <?php
>
> $doc=new DOMDocument("1.0");
>
> $root=$doc->createElement("root");
>
> $wantedCode=$doc->createTextNode("<strong>Something</strong>");
>
> $root->appendChild($wantedCode);
>
> $doc->appendChild($root);
>
> $proc=new XSLTProcessor;
>
> $proc->importStylesheet(DOMDocument::load("test.xslt"));
>
> echo $proc->transformToXML($doc);
>
> ?>
>
>
>
> SomeSheet is something like:
>
> <xsl:template match="/">
>
>            <xsl:value-of select="."/>
>
> </xsl:template>
>
>
>
> The expected output that I would like to get is:
>
> <strong>Something</strong>
>
> (This would just bold my text, not literally see the <strong> tags).
>
>
>
> The actual output is:
>
> &lt;strong&gt;Something&lt;/strong&gt;
>
> (This outputs the <strong> tags to the end user, which is what I do
not
> want).
>
>
>
> I checked the manual at:
>
http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php
> .  A user comment suggested to use CDATA nodes, so I attempted to
change
> my code to the following:
>
>
>
> <?php
>
> $doc=new DOMDocument("1.0");
>
> $root=$doc->createElement("root");
>
> //note the change right here
>
> $wantedCode=$doc->createCDATASection("<strong>Something</strong>");
>
> $root->appendChild($wantedCode);
>
> $doc->appendChild($root);
>
> $proc=new XSLTProcessor;
>
> $proc->importStylesheet(DOMDocument::load("test.xslt"));
>
> echo $proc->transformToXML($doc);
>
>
>
> ?>
>
>
>
> But this was of no success; it just had the same output.
>
>
>
> Is there anyone that is able to help me out here?
>
>
>
> Thanks,
>
> Logan


Try using htmlspecialchars_decode before outputting your data:
http://www.php.net/manual/en/function.htmlspecialchars-decode.php

Tijnema
>
>

--- End Message ---

Reply via email to