php-general Digest 30 Aug 2009 12:49:05 -0000 Issue 6313
Topics (messages 297473 through 297493):
Re: Best way to test for form submission?
297473 by: tedd
297474 by: tedd
297476 by: Robert Cummings
297477 by: Tom Worster
Re: Date Comparison
297475 by: tedd
Re: Login should not allow users to login if the application is logged in with
the same login credentials
297478 by: John Pillion
starting session with AJAX
297479 by: John Pillion
297482 by: John Pillion
297483 by: John Pillion
Re: user permissions
297480 by: John Pillion
297481 by: John Pillion
Re: PHP Crash in file_get_contents
297484 by: Ralph Deffke
Re: Converting URL's to hyperlinks.
297485 by: Nisse Engström
297487 by: LinuxManMikeC
297489 by: Nisse Engström
297490 by: LinuxManMikeC
297491 by: Nisse Engström
What is the best way to process live data?
297486 by: Paul Halliday
297488 by: LinuxManMikeC
OpenCart
297492 by: HallMarc Websites
Re: After browser quit
297493 by: O. Lavell
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
At 5:51 PM +0100 8/28/09, Ashley Sheridan wrote:
I usually just
tend to use the $_REQUEST array instead of $_POST or $_GET. You get the
benefit of being able to work with both arrays (as well as $_SESSION and
$_COOKIE) without any drawbacks.
Thanks,
Ash
Ash:
Drawbacks are funny things.
Not knowing where my data originated ($_GET, $_POST, or $_COOKIE) and
having the possibility of what I was expecting overridden in a
$_REQUEST is what I would call a drawback.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 1:18 AM -0700 8/29/09, Warren Vail wrote:
To test a form I usually send the form contents to a php file that contains
the following;
foreach($_POST as $nm => $val) echo "_POST[".$nm."] [".$val."]<br>";
foreach($_GET as $nm => $val) echo "_GET[".$nm."] [".$val."]<br>";
Checkboxes and radio buttons only send their value if the control is
"checked".
That's correct, here's the way I solve both types:
http://php1.net/b/form-radio
http://php1.net/b/form-radio1
http://php1.net/b/form-checkbox/
http://php1.net/b/form-checkbox1/
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Warren Vail wrote:
To test a form I usually send the form contents to a php file that contains
the following;
foreach($_POST as $nm => $val) echo "_POST[".$nm."] [".$val."]<br>";
foreach($_GET as $nm => $val) echo "_GET[".$nm."] [".$val."]<br>";
Checkboxes and radio buttons only send their value if the control is
"checked".
You can have multiple submit buttons (type="submit") on a form, but you
should assign them different name parameters to recognize which one is
clicked (any one of them will cause the form to be submitted, but the only
one that will establish a $_POST entry named "submit" is the submit control
that is named "submit" (name="submit").
I would suggest NOT naming any field submit. There will come a time when
you will want to do form.submit() in JavaScript and you will find it
broken in one of the browsers. I'm not sure which, but one of them
breaks if you have named a field "submit". As a result I always use
"continue" instead :)
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On 8/29/09 9:29 AM, "tedd" <[email protected]> wrote:
> At 1:18 AM -0700 8/29/09, Warren Vail wrote:
>> To test a form I usually send the form contents to a php file that contains
>> the following;
>>
>> foreach($_POST as $nm => $val) echo "_POST[".$nm."] [".$val."]<br>";
>> foreach($_GET as $nm => $val) echo "_GET[".$nm."] [".$val."]<br>";
>>
>> Checkboxes and radio buttons only send their value if the control is
>> "checked".
>>
>
> That's correct, here's the way I solve both types:
>
> http://php1.net/b/form-radio
> http://php1.net/b/form-radio1
> http://php1.net/b/form-checkbox/
> http://php1.net/b/form-checkbox1/
warren's test script above doesn't work so well with tedd's scheme for
naming radios & checkboxs. tedd uses name="option[]" in the markup so in
warren's script, when $nm is 'option', $val will be an array so it won't
convert to a string in ".$val.".
--- End Message ---
--- Begin Message ---
At 1:01 PM -0400 8/28/09, David Stoltz wrote:
Hey Stuart -
RTFM yourself....I did read it, and obviously misunderstood...
I'm really sorry to bother you. I thought that was what a listserv
like this was for - to ask questions...
I'll try not to ask questions I should know the answer to next time.
Whoa dude!
You just received advice from a brilliant man and you are bitching about it?!?
Look child, you are being told what you should do by a professional
who is donating his time freely to help you. Just how did you not
understand that?
So, just do what he advised and say "Thank you sir, may I have another?"
I've posted some dumb-ass questions before, but only after I took the
time to research the question myself. And when someone took the time
to straighten me out and help, I appreciated it.
Hopefully next time you'll read the manual and take the time to
understand what you read -- it would cut down on post that
demonstrate just how ignorant and thankless you are at this.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
"Balasubramanyam A" <[email protected]> wrote in message
news:<[email protected]>...
> Hello,
>
> I've written a simple application, where users need to login to access the
> features of the application. I want to develop login system such that, if
> user is already logged in, the application should not allow the users to
> login with the same login credentials. How do I accomplish this?
>
> Regards,
> Balu
>
Personally, I have a table for sessions - each time a user logs in, their
session is stored in the table, along with the session_id generated by
session_start(), the userID, the time the session was last active, and an
"active" flag. I use these fields to keep track of the users activity. If
at any point the "active" flag is changed to inactive, the user's session is
destroyed, and they are required to log in again.
What you would do in your case, to only allow the user to be logged in at
one location at any given time would be to automatically change the flag to
'inactive' on all the sessions in the table, associated with that users ID.
Thus, if there is an active session elsewhere, when a new session is
started, all other sessions associated with that ID will be "kicked out".
--- End Message ---
--- Begin Message ---
Ok, so I've got an authentication/login form that is "powered by" ajax. The
user logs in, is authenticated, and the last step is to start a session and
save the necessary information in the $_SESSION vars.
For some reason, it appears (and almost of makes sense) that the session
that is started via the AJAX is lost once the ajax is complete.
AJAX calls the php, passing username and password
Php executes all the necessary authentication, etc etc
If, login is valid, it calls mySessionStart() (see below)
Checks to make sure the session has been started using isLoggedIn() (below),
which returns true
AJAX closes, receiving a "successfully logged in" message.
AJAX turns around and makes a second call, calling isLoggedIn() again, and
the session is gone
What I'm *guessing* is that because the PHP is not running on the active
page, but "in the background" the session is not being set for the active
page. Is there a way to pass the session back to the browser?
- John
Debugging code has been removed for readability:
**********************************
function mySessionStart($persist, $sessionID, $sessionKey, $debug=0){
session_start();
$_SESSION['sessDBID'] = $ sessionID;
$_SESSION['sessKey'] = $ sessionKey;
$_SESSION['persist'] = $persist;
// if persist, set cookie
if ($persist){
return myCreateCookie($persist, $ sessionID, $ sessionKey,
$debug);
}else{
return true;
}
}
********************************
function isLoggedIn($debug = 0){
global $COOKIE_NAME;
// if there is an active session.
if (isset($_SESSION) && $_SESSION['sessDBID'] != '' &&
$_SESSION['sessKey'] != ""){
//. check the contents
return authenticate($_SESSION['sessDBID'],
$_SESSION['sessKey']);
// or, check for (persistent) cookie.
}elseif (isset($_COOKIE[$COOKIE_NAME]) && $_COOKIE[$COOKIE_NAME] !=
""){
$sessInfo = split('-', $_COOKIE[$COOKIE_NAME]);
// . and check the contents
if(authenticate($sessInfo[1], $sessInfo[0], $debug)){
// reset the cookie
mySessionStart(true, $sessInfo[1], $sessInfo[0],
$debug);
}else{
// cookie authentication failed
return false;
}
}else{
// there is no session or cookie
return false;
}
}
--- End Message ---
--- Begin Message ---
I found two small errors in the isLoggedIn(), which are corrected below.
They don't have any effect on the issue at hand though.
**************************
function isLoggedIn($debug = 0){
global $COOKIE_NAME;
// if there is an active session.
if (isset($_SESSION) && $_SESSION['sessDBID'] != '' && $_SESSION['sessKey']
!= ""){
//. check the contents
return authenticate($_SESSION['sessDBID'], $_SESSION['sessKey']);
// or, check for (persistent) cookie.
}elseif (isset($_COOKIE[$COOKIE_NAME]) && $_COOKIE[$COOKIE_NAME] != ""){
$sessInfo = split('-', $_COOKIE[$COOKIE_NAME]);
// . and check the contents
if(authenticate($sessInfo[0], $sessInfo[1], $debug)){
// reset the cookie
return (mySessionStart(true, $sessInfo[0], $sessInfo[1], $debug));
}else{
// cookie authentication failed
return false;
}
}else{
// there is no session or cookie
return false;
}
}
--- End Message ---
--- Begin Message ---
Nevermind. It was a simple mistake - I had "session_start()" on the page
the ajax was calling from, but not at the beginning of the php script it was
calling to.
--- End Message ---
--- Begin Message ---
>
> In this mechanism, does a "role" differ significantly from a "group"?
> I have to admin a CRM system that has both roles /and/ groups, and it
> always seems a bit excessive. But maybe there's some benefit to roles,
> as such, that I'm not seeing.
>
> Thanks, Ben
[JP]
As described, a "role" appears to act essentially the same as a "group" - a
predefined set of permissions that can be assigned to multiple users (as
opposed to a set of permissions unique to the user). Correct me if there's
a better way, but I think individual permissions can be set similarly -
except skip the role/group step and associate the binary permission string
directly with the user.
Thinking outloud:
In your case where you're dealing with both individual permissions as well
as groups, you could do both of the above, but have the individual
permissions override the group. You'd have to figure out a "third bit"
though, to act as a "no change" bit. Ie: 0 = deny, 1 = allow, 2 = NC. But,
that wouldn't allow you to convert and store the bit string in decimal.
So if group1 had a permission string of 1010, and user Joe was a member of
group1, but you wanted to take away the first bit's permission, and grant
the second bit, you could assign him the individual permission string of
0122 (deny, allow, NC, NC), resulting in his permissions being 0110.
You'd check it by checking the individual permissions first, and if the bit
(or digit in this case) were 2, then you would move on to checking the group
permissions.
--- End Message ---
--- Begin Message ---
> As described, a "role" appears to act essentially the same as a "group"
> - a predefined set of permissions that can be assigned to multiple
> users (as opposed to a set of permissions unique to the user).
[JP]
I should say, the logic of a role is essentially the same as the logic
behind a group. It just adds, as Phpster said, another layer of control
--- End Message ---
--- Begin Message ---
on a regulary base I read the docs even on functions I know, I just read
about the funstion u use and the doc says this:
Note: If you're opening a URI with special characters, such as spaces, you
need to encode the URI with urlencode().
did u try to avoid the problem by using urlencode ?
just a thought
[email protected]
"Seth Hill" <[email protected]> wrote in message
news:[email protected]...
> Hello all,
> I'm experiencing a curious error that I'm hoping someone can help with.
>
> I am using file_get_contents() with Google Maps Geocoding to retrieve
> information about an address. The URL that I'm requesting looks like:
> http://maps.google.com/maps/geo?q=[Search Subject]&key=[google maps
> key]&sensor=false&output=json&oe=utf8
>
> If I pass a space (0x20) in the search subject, I get a 400 error back (as
> it should be). However, the next request to the site crashes PHP.
>
> I can reproduce it as part of my whole site (which runs a custom
framework),
> but I've been unable to come up with a single PHP file that will duplicate
> the problem.
>
> I am running PHP under IIS6 on a Windows 2003 Web Edition server. I have
> seen this with PHP 5.1.1 and PHP 5.2.5 using the ISAPI dll. Thinking that
it
> was a known bug, I upgraded, but I still see it on PHP 5.2.10 with
> FastCGI. With ISAPI I get a "PHP Access Violation" message until I recycle
> the app pool, with FastCGI I get an equivalent message (except with
FastCGI
> I don't have to manually restart anything).
>
> This is the stack trace:
>
> Function Arg 1 Arg 2 Arg 3 Source
> php5!_zend_mm_realloc_int+357 00223ea0 0274ab98 00000008
> php5!_erealloc+2e 0274ab98 00000008 00000000
> php5!php_stream_wrapper_log_error+49 1044b458 00000004
10333244
> php5!php_stream_url_wrap_http_ex+1f17 1044b458 027a2bb8
> 102a3780 php5!php_stream_url_wrap_http+27 1044b458 027a2bb8
> 102a3780 php5!_php_stream_open_wrapper_ex+aa 027a2bb8 102a3780
> 00000000 php5!zif_file_get_contents+e2 00000001 0274a9e8
> 00000000 php5!zend_do_fcall_common_helper_SPEC+6d7 00c0a45c
> 00c0a2e8 0000000c php5!ZEND_DO_FCALL_SPEC_CONST_HANDLER+df
> 00c0a45c 027492a4 0274912c php5!execute+12e 02749af8
> 00c0a518 00000028 php5!zend_do_fcall_common_helper_SPEC+796
> 00c0aa64 10018e9e 00c0aa64
> php5!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER+10 00c0aa64 027a2cbc
> 0274a9bc php5!execute+12e 0178e668 00c0ab40 00000030
> php5!ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER+332 0178e668 0178e3b4
> 0178e53c php5!execute+12e 0178b368 00c0cba8 00000000
> php5!ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER+2d1 0178b368 00c0cbac
> 00000000 php5!execute+12e 0178b100 00000000 00c0fee0
> php5!zend_execute_scripts+c8 00000008 00000000 00000003
> php5!php_execute_script+1c0 00c0fee0 00000000 00000000
> php_cgi!main+b2f 00000001 00223c90 00222928
> php_cgi!mainCRTStartup+e3 00000000 00000000 7ffd8000
> kernel32!BaseProcessStart+23 00405cd6 00000000 00000000
>
> I guess I'm asking for some pointers on how to narrow this down a bit, or
if
> anyone has seen this problem before. I didn't find anything on the PHP
bugs
> list.
>
>
>
> Regards,
>
> Seth Hill
>
--- End Message ---
--- Begin Message ---
On Fri, 28 Aug 2009 17:22:20 -0600, LinuxManMikeC wrote:
> <a href="<?php echo $url; ?>">click here</a>
*Groan*
Throw any random web site to an HTML validator
and you're likely to see this kind of slop all
over.
The correct solution is of course:
$u = htmlspecialchars ($url);
echo "<a href=\"$u\">$u</a>";
[A more elaborate way to flay this feline is
included below.]
/Nisse
/* Reworked from slightly different code.
Bugs may have been introduced. */
<?php
function url_to_links ($url)
{
if (preg_match ('@^([a-z]+://)(.*)@i', $url, $m)) {
$prfx = $m[1];
$path = $m[2];
} else {
return htmlspecialchars ($url);
}
$url_sofar = $prfx;
$links = htmlspecialchars ($prfx);
$segs = explode ('?', $path, 2);
if (isset ($segs[1]))
$query = $segs[1];
$segs = explode ('/', $segs[0]);
for ($segn = 0; $segn < count ($segs); $segn++) {
$url_sofar .= $segs[$segn];
if (isset ($segs[$segn+1]))
$url_sofar .= '/';
if ($segs[$segn] !== '') {
$links .= '<a href="' . htmlspecialchars ($url_sofar) . '">'
. htmlspecialchars ($segs[$segn]) . '</a>';
}
if (isset ($segs[$segn+1]))
$links .= '/';
}
if (isset ($query)) {
$url_sofar .= "?$query";
$links .= '?<a href="' . htmlspecialchars ($url_sofar)
. '">' . htmlspecialchars ($query) . '</a>';
}
return $links;
}
$u = 'https://ebagwa.example/abd/def/ghi?s=t&u=v&w=x&y=z';
$u_h = htmlspecialchars ($u);
$links = url_to_links ($u);
header ('Content-Type: text/html');
echo <<<_
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd";>
<title>url_to_links()</title>
<pre>
$u_h
↓
$links
</pre>
_;
--- End Message ---
--- Begin Message ---
2009/8/29 Nisse Engström <[email protected]>:
> On Fri, 28 Aug 2009 17:22:20 -0600, LinuxManMikeC wrote:
>
>> <a href="<?php echo $url; ?>">click here</a>
>
> *Groan*
>
> Throw any random web site to an HTML validator
> and you're likely to see this kind of slop all
> over.
>
> The correct solution is of course:
>
> $u = htmlspecialchars ($url);
> echo "<a href=\"$u\">$u</a>";
>
>
Right... you do realize that you validate the HTML output of the
executed PHP script, not the PHP script itself. All you really did
was just show another way to skin the same cat. Get over yourself.
As for your "more elaborate example", I'm sure that heredoc will
validate nicely. It also wouldn't hurt to read a book on algorithms
and rethink your code so you aren't processing the same data over and
over again. I "see this kind of slop all over."
--- End Message ---
--- Begin Message ---
On Sat, 29 Aug 2009 16:19:05 -0600, LinuxManMikeC wrote:
> As for your "more elaborate example", I'm sure that heredoc will
> validate nicely.
It does.
> and rethink your code so you aren't processing the same data over and
> over again. I "see this kind of slop all over."
Touché!
Would you believe that's on my todo list?
Thanks for the reminder. :-)
/Nisse
--- End Message ---
--- Begin Message ---
2009/8/29 Nisse Engström <[email protected]>:
> On Sat, 29 Aug 2009 16:19:05 -0600, LinuxManMikeC wrote:
>
>> As for your "more elaborate example", I'm sure that heredoc will
>> validate nicely.
>
> It does.
>
Perhaps you haven't met a few good friends of mine. Their names are
html, head, and body. So what crawled up your backside while you were
reading my example?
--- End Message ---
--- Begin Message ---
On Sat, 29 Aug 2009 16:47:47 -0600, LinuxManMikeC wrote:
> 2009/8/29 Nisse Engström <[email protected]>:
>> On Sat, 29 Aug 2009 16:19:05 -0600, LinuxManMikeC wrote:
>>
>>> As for your "more elaborate example", I'm sure that heredoc will
>>> validate nicely.
>>
>> It does.
>>
>
> Perhaps you haven't met a few good friends of mine. Their names are
> html, head, and body.
The html, head and body elements are all there. They are
mandatory. The tags however, are optional.
/Nisse
--- End Message ---
--- Begin Message ---
For those of you that remember (not likely but anyway) I am working on
some code that splits CLF records and feeds them into a database.
What I need to do now is automate it.
So what I have is a program (urlsnarf) that redirects its output
(simple "cmd > file.txt") to a file. The script currently processes
this output line by line and does the SQL foo - i.e. script.php
/the/file.txt
Should I:
1) do away with redirecting the output from urlsnarf to a file and
have the script run the process and have some kind of handle on it;
foreach kinda thing?
2) keep outputting the info to a persistent file, reading any new
appends and periodically cull this file. Seems like a waste of I/O if
#1 is possible.
3) other options?
Any help/push in the right direction is appreciated.
Thanks.
--- End Message ---
--- Begin Message ---
On Sat, Aug 29, 2009 at 3:31 PM, Paul Halliday<[email protected]> wrote:
> For those of you that remember (not likely but anyway) I am working on
> some code that splits CLF records and feeds them into a database.
>
> What I need to do now is automate it.
>
> So what I have is a program (urlsnarf) that redirects its output
> (simple "cmd > file.txt") to a file. The script currently processes
> this output line by line and does the SQL foo - i.e. script.php
> /the/file.txt
>
> Should I:
>
> 1) do away with redirecting the output from urlsnarf to a file and
> have the script run the process and have some kind of handle on it;
> foreach kinda thing?
> 2) keep outputting the info to a persistent file, reading any new
> appends and periodically cull this file. Seems like a waste of I/O if
> #1 is possible.
> 3) other options?
>
> Any help/push in the right direction is appreciated.
>
> Thanks.
>
I'd do away with the text file and snarf to my DB to begin with.
--- End Message ---
--- Begin Message ---
I am wondering if anyone here can provide some hands-on feedback about this OS
cart such as can it handle large catalogues of products and high amount of
traffic? If you don't know about this cart or know of a better cart that is
more closely suited to fulfill an enterprise level ecommerce need.
Thank you,
Marc Hall
HallMarc Websites
610.446.3346
__________ Information from ESET Smart Security, version of virus signature
database 4380 (20090829) __________
The message was checked by ESET Smart Security.
http://www.eset.com
--- End Message ---
--- Begin Message ---
Wouter van Eekelen wrote:
> After a little search it seems to be possible to do that within php,
> see:
>
> http://nl.php.net/manual/en/function.register-shutdown-function.php
>
> This will call a function when the browser is stopped.
No, it will certainly not.
> Exactly what I needed! :) Thanks for your repsonse.
I don't understand what it is you are trying to achieve, could you
explain? If you really need something (anything) to happen when a user
closes the browser then a. your script is probably ill designed and b. it
can NOT be done with PHP. Martie is right, you will have to look into
Javascript. But only after you have asked yourself "why?" and came up
with a really good answer ;)
--- End Message ---
