php-general Digest 9 Feb 2010 05:42:27 -0000 Issue 6581
Topics (messages 301888 through 301896):
simple WSDL client
301888 by: Robert R
Simple code obfuscation
301889 by: Brian Dunning
301891 by: Richard Quadling
301892 by: Ashley Sheridan
301893 by: Phpster
301895 by: Manuel Lemos
Re: php selecting multiple stylesheets
301890 by: Stephan Ebelt
301894 by: David Mehler
Re: howto do informative error handling without the fatalities
301896 by: Rene Veerman
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi,
I am writing a simple WSDL client in php as follow:
<?php
$wsdl = "
http://staff.um.edu.mt/cabe2/supervising/undergraduate/owlseditFYP/TemperatureService.wsdl
";
$client = new SoapClient("
http://staff.um.edu.mt/cabe2/supervising/undergraduate/owlseditFYP/TemperatureService.wsdl
");
echo("\nReturning value of getTemp() call: ". $client->getTemp("12345"));
?>
when running the script I am getting the following error:
Fatal error: Uncaught SoapFault exception: [HTTP] Could not connect to host
in /var/www/phpsoap/client5.php:4
Stack trace:
#0 [internal function]: SoapClient->__doRequest('<?xml version="...',
'http://services...', '', 1, 0)
#1 [internal function]: SoapClient->__call('getTemp', Array)
#2 /var/www/phpsoap/client5.php(4): SoapClient->getTemp('12345')
#3 {main}
thrown in /var/www/phpsoap/client5.php on line 4
Am I missing anything?
Thanks,
R
--- End Message ---
--- Begin Message ---
Hey all -
I'm selling a custom PHP solution to FileMaker users. It uses FileMaker's PHP
API, so everyone who has FileMaker Server is already set up to use it, but very
few of them have any knowledge of how to set up a server or do anything PHP
related. But I do want to add some level of code obfuscation to prevent them
from making simple changes to my code that allow them to exceed the privileges
they've purchased.
I've looked at custom code encryption services like Ioncube and phpCipher, but
in my estimation, deploying the needed server-side code for these is going to
be beyond the capabilities of a large segment of my customers. I would rather
have a few customers cheat me than offer a product that most customers are
unable to figure out how to run.
So I was thinking of doing something like base64_encoding the crucial chunk of
my code (maybe 20 lines worth) and using eval(base64_decode($that_content)) to
run it. I figure that will scare away most of the customers who might be able
to edit my code. Can anyone suggest something that goes one better?
- Brian
--- End Message ---
--- Begin Message ---
On 8 February 2010 19:32, Brian Dunning <br...@briandunning.com> wrote:
> Hey all -
>
> I'm selling a custom PHP solution to FileMaker users. It uses FileMaker's PHP
> API, so everyone who has FileMaker Server is already set up to use it, but
> very few of them have any knowledge of how to set up a server or do anything
> PHP related. But I do want to add some level of code obfuscation to prevent
> them from making simple changes to my code that allow them to exceed the
> privileges they've purchased.
>
> I've looked at custom code encryption services like Ioncube and phpCipher,
> but in my estimation, deploying the needed server-side code for these is
> going to be beyond the capabilities of a large segment of my customers. I
> would rather have a few customers cheat me than offer a product that most
> customers are unable to figure out how to run.
>
> So I was thinking of doing something like base64_encoding the crucial chunk
> of my code (maybe 20 lines worth) and using
> eval(base64_decode($that_content)) to run it. I figure that will scare away
> most of the customers who might be able to edit my code. Can anyone suggest
> something that goes one better?
>
> - Brian
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
For simple obfuscation, then maybe making a PHAR app may be of use here.
http://docs.php.net/phar
--
-----
Richard Quadling
"Standing on the shoulders of some very clever giants!"
EE : http://www.experts-exchange.com/M_248814.html
EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling
--- End Message ---
--- Begin Message ---
On Mon, 2010-02-08 at 23:13 +0000, Richard Quadling wrote:
> On 8 February 2010 19:32, Brian Dunning <br...@briandunning.com> wrote:
> > Hey all -
> >
> > I'm selling a custom PHP solution to FileMaker users. It uses FileMaker's
> > PHP API, so everyone who has FileMaker Server is already set up to use it,
> > but very few of them have any knowledge of how to set up a server or do
> > anything PHP related. But I do want to add some level of code obfuscation
> > to prevent them from making simple changes to my code that allow them to
> > exceed the privileges they've purchased.
> >
> > I've looked at custom code encryption services like Ioncube and phpCipher,
> > but in my estimation, deploying the needed server-side code for these is
> > going to be beyond the capabilities of a large segment of my customers. I
> > would rather have a few customers cheat me than offer a product that most
> > customers are unable to figure out how to run.
> >
> > So I was thinking of doing something like base64_encoding the crucial chunk
> > of my code (maybe 20 lines worth) and using
> > eval(base64_decode($that_content)) to run it. I figure that will scare away
> > most of the customers who might be able to edit my code. Can anyone suggest
> > something that goes one better?
> >
> > - Brian
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> For simple obfuscation, then maybe making a PHAR app may be of use here.
>
> http://docs.php.net/phar
>
>
> --
> -----
> Richard Quadling
> "Standing on the shoulders of some very clever giants!"
> EE : http://www.experts-exchange.com/M_248814.html
> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
> ZOPA : http://uk.zopa.com/member/RQuadling
>
You could move some of the code to a binary package compiled from your
PHP script. This would limit who could use your system, for example, if
you compiled it for Windows then non-Windows users couldn't use it
unless you also compiled some binaries for them too. Of course,
requiring FileMaker does limit your audience too I believe, but that's
another topic.
I've seen this practice of binaries used before, and it seems to work
well. There are countless pieces of software out there that can create
installable programs, which will aid you immensely. You just have to put
one of those together and people can easily install your software with
just a few clicks.
The other route is to use remote scripts. So they would install a base
system on their own servers, but scripts crucial to the system are
accessed remotely. Doing this will mean you have to make sure your
script is watertight from a security point of view though, and ensure
you encrypt traffic going between any servers.
Lastly, you could offer some sort of hosted solution. This may not be
suitable I guess from what you've described of your system, but if it
is, you can then deem exactly what goes on.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Feb 8, 2010, at 2:32 PM, Brian Dunning <br...@briandunning.com>
wrote:
Hey all -
I'm selling a custom PHP solution to FileMaker users. It uses
FileMaker's PHP API, so everyone who has FileMaker Server is already
set up to use it, but very few of them have any knowledge of how to
set up a server or do anything PHP related. But I do want to add
some level of code obfuscation to prevent them from making simple
changes to my code that allow them to exceed the privileges they've
purchased.
I've looked at custom code encryption services like Ioncube and
phpCipher, but in my estimation, deploying the needed server-side
code for these is going to be beyond the capabilities of a large
segment of my customers. I would rather have a few customers cheat
me than offer a product that most customers are unable to figure out
how to run.
So I was thinking of doing something like base64_encoding the
crucial chunk of my code (maybe 20 lines worth) and using eval
(base64_decode($that_content)) to run it. I figure that will scare
away most of the customers who might be able to edit my code. Can
anyone suggest something that goes one better?
- Brian
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
What about an md5 license hash check for certain modules/ functions?
It could be kept in a client specific config file and read in during
the appropriate script execution.
Bastien
Sent from my iPod
--- End Message ---
--- Begin Message ---
Hello,
on 02/08/2010 05:32 PM Brian Dunning said the following:
> Hey all -
>
> I'm selling a custom PHP solution to FileMaker users. It uses
> FileMaker's PHP API, so everyone who has FileMaker Server is already
> set up to use it, but very few of them have any knowledge of how to
> set up a server or do anything PHP related. But I do want to add some
> level of code obfuscation to prevent them from making simple changes
> to my code that allow them to exceed the privileges they've
> purchased.
>
> I've looked at custom code encryption services like Ioncube and
> phpCipher, but in my estimation, deploying the needed server-side
> code for these is going to be beyond the capabilities of a large
> segment of my customers. I would rather have a few customers cheat me
> than offer a product that most customers are unable to figure out how
> to run.
>
> So I was thinking of doing something like base64_encoding the crucial
> chunk of my code (maybe 20 lines worth) and using
> eval(base64_decode($that_content)) to run it. I figure that will
> scare away most of the customers who might be able to edit my code.
> Can anyone suggest something that goes one better?
You may want to try some of these code obfuscation classes:
http://www.phpclasses.org/searchtag/obfuscator/by/package/tag/obfuscator/
--
Regards,
Manuel Lemos
Find and post PHP jobs
http://www.phpclasses.org/jobs/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
On Mon, Feb 08, 2010 at 10:22:07AM +0000, Ashley Sheridan wrote:
[...]
> > in CSS there is also the concept of 'alternate stylesheets' build in. A
> > page can basically specify as many stylesheets as it wants where one is
> > default and all others are 'alternate'. The browser will then offer menu
> > entries for the user to choose from. Ie in firefox you can choose the style
> > from the menu at: View -> Page Style -> ...
> >
> > Here's how it works in detail:
> > http://www.w3.org/Style/Examples/007/alternatives (note that this site also
> > has alternate styles available)
> >
> > PHP could be used to define the default style sheet on a per
> > user/application setting basis...
> >
> > stephan
> >
> >
> >
>
>
> The only problem relying only on this method is that not all browsers
> are compatible with it, and of those that are, none remember the choice
> a user makes from page to page, so they'd have to reselect it upon each
> page visit
yes, it can't be relied on it.
I made the primary method for configuring the theme an user setting in the
application. This setting is very easy to implement as it just defines the
theme that is shown first and without 'alternate' attribute in each page header
(unaware browsers will take this too as its the standard syntax). All other
themes are then added in a row with the 'alternate' attribute set. So that all
themes available in the program are always advertized to the browser.
The goody is that users can quickly change the theme if they feel a need to do
so right in the heat of the moment. It wont permanently modify their setting.
Its perfect to just try themes at any place in the application or to do
something specific with a different theme... the page doesn't reload (in
firefox), so one can even change the theme in the middle of filling a form...
very flexible.
As far as I've seen unaware browsers just ignore the 'alternate' lines, so
there's no harm.
stephan
--- End Message ---
--- Begin Message ---
Hello Everyone,
Thank you for the various positions and suggestions.
I'm going for either cookies or sessions, your examples have given me
much to check. For this situation I should probably have mentioned I
need to keep this as simple as possible, so features like a user login
system and cms i'd prefer to avoid for these circumstances.
I am going to implement browser detection as my user's will use both
firefox and IE probably ie6 through 8.
For firefox you can use view, page style to switch stylesheets, but in
ie if there's no drop down box or links on the page for switching
styles it can't do it, is that correct?
Thank you all, i'm going to look at the many links sent and keep at
this until i get it.
Dave.
--- End Message ---
--- Begin Message ---
Hi,
I'm looking for a strategy to do informative error handling at all
levels of my code, yet keep these errors non-fatal as often as
possible.
Adhering to a proper code-standard with regards to error handling
would speed up development of any code (it would shorten the bug-hunt
time a lot), but it becomes especially usefull for code that processes
items in large diverse datasets; exceptions should be logged (in
different ways) but should not kill off the processing of other items.
I have some experience with set_error_handler() and trigger_error(),
but haven't perfected my use of them yet.
Take for instance the following function;
function chase ($arr, $indexes) {
$r = $arr;
foreach ($indexes as $idx) {
if (is_array($r)) {
$r = $r[$idx];
} else {
trigger_error (htmlDumpReturn (
array (
'arr' => $arr,
'indexes' => $indexes
), 'chase() could not walk the full tree.'
), E_USER_WARNING);
return false;
}
}
return $r;
}
This is a low-level function used by me to traverse to a value several
arbitrary levels into an array.
As you can see, things will be fine for any value that is not
(boolean)false, but if i'm ever to fetch a "false" value, things will
break.
The solution i can think of is to have all my functions return not
their results directly, but 1 of these arrays instead:
//good result:
return array (
'result' => $valueFound
);
//no result / bad result:
return array (
'error' => 'same error details as passed to trigger_error()'
);
While this would allow the calling code to fudge, redirect or omit the
failed-item, i have a small fear that this approach leads to
"complicated" code whenever a function is called, but I suppose that
with a few extra short-named functions ( like is_error() ) the calling
code can be kept short and simple too.
(local) log-levels and (also local) redirection-of-error-messages i
can solve with global variables and some functions to manipulate
those.
My question to you all is; do you know a simpler way of achieving what
i'm aiming for?
--- End Message ---
