php-general Digest 23 May 2010 08:22:21 -0000 Issue 6759

[php-general-digest-help]

php-general Digest 23 May 2010 08:22:21 -0000 Issue 6759

Topics (messages 305424 through 305446):

Re: Remove blank lines from a file
        305424 by: Al
        305427 by: Robert Cummings
        305429 by: Al
        305431 by: Robert Cummings

Re: Multiple Login in a single PC should not be possible
        305425 by: Karl DeSaulniers
        305428 by: Robert Cummings
        305430 by: Karl DeSaulniers
        305432 by: Karl DeSaulniers
        305433 by: Robert Cummings
        305434 by: Robert Cummings
        305435 by: Robert Cummings
        305436 by: Karl DeSaulniers
        305437 by: Robert Cummings
        305439 by: Karl DeSaulniers
        305440 by: Robert Cummings
        305441 by: Robert Cummings
        305442 by: Karl DeSaulniers

Re: localize string (date)
        305426 by: Robert Cummings

Front End Dev seeking guidance
        305438 by: Jerome Covington

securing a custom app
        305443 by: David Mehler
        305444 by: Robert Cummings
        305445 by: Nilesh Govindarajan
        305446 by: Adam Richardson

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

On 5/22/2010 1:02 PM, Robert Cummings wrote:

tedd wrote:

At 4:27 PM +0200 5/21/10, Anton Heuschen wrote:

So in the file it would look like (from the original file the user
uploads
that is)

1
2

3
4


5

6


but when the file is saved to the server it must look like


1
2
3
4
5
6

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);

Sorry tedd, this is broken. It doesn't solve problems with runs of
greater than 2 newlines which is even in the example :) I would use the
following instead which is also line break agnostic with final output in
the style for your system:

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.

Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead [\r\n]{2,} So 2 or more becomes only 1.

In general, problem is trickier when the following are considered. # means any number. 0, 1.....

some textEOL
#spacesEOL
more text

some text#spacesEOL
#spacesEOL
.... any number of these
#spacesEOL
more text

some textEOL
EOL
...any number of these
EOL
some text

The white space before the EOLs can also be tabs

Look at the solution I posted earlier. The trim() removes all the white spaces

--- End Message ---

--- Begin Message ---

Al wrote:

On 5/22/2010 1:02 PM, Robert Cummings wrote:

tedd wrote:

At 4:27 PM +0200 5/21/10, Anton Heuschen wrote:

So in the file it would look like (from the original file the user
uploads
that is)

1
2

3
4


5

6


but when the file is saved to the server it must look like


1
2
3
4
5
6

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);

Sorry tedd, this is broken. It doesn't solve problems with runs of
greater than 2 newlines which is even in the example :) I would use the
following instead which is also line break agnostic with final output in
the style for your system:

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.

Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead [\r\n]{2,} So 2 or more becomes only 1.

In general, problem is trickier when the following are considered. # means any number. 0, 1.....

some textEOL
#spacesEOL
more text

some text#spacesEOL
#spacesEOL
.... any number of these
#spacesEOL
more text

some textEOL
EOL
...any number of these
EOL
some text

The white space before the EOLs can also be tabs

Look at the solution I posted earlier. The trim() removes all the white spaces

My solution worked well where spaces were not an issue. Your solution breaks my more general solution. Although I did realize I should have trimmed the final output since any empty lead lines will not be removed. Please review and see why you're comment to use [\r\n]{2,} does not work properly. Correcting for lead blank lines and handling spaces in a blank line is also quite simple without having to use the heavy solution of foreach:

<?php

   $data = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
   $data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
   $data = trim( $input );

?>

Without benchmarking, I'm willing to bet this is faster and less memory intensive than your foreach solution :)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

On 5/22/2010 4:34 PM, Robert Cummings wrote:

Al wrote:

On 5/22/2010 1:02 PM, Robert Cummings wrote:

tedd wrote:

At 4:27 PM +0200 5/21/10, Anton Heuschen wrote:

So in the file it would look like (from the original file the user
uploads
that is)

1
2

3
4


5

6


but when the file is saved to the server it must look like


1
2
3
4
5
6

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);

Sorry tedd, this is broken. It doesn't solve problems with runs of
greater than 2 newlines which is even in the example :) I would use the
following instead which is also line break agnostic with final output in
the style for your system:

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.

Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead
[\r\n]{2,} So 2 or more becomes only 1.

In general, problem is trickier when the following are considered. #
means any number. 0, 1.....

some textEOL
#spacesEOL
more text

some text#spacesEOL
#spacesEOL
.... any number of these
#spacesEOL
more text

some textEOL
EOL
...any number of these
EOL
some text

The white space before the EOLs can also be tabs

Look at the solution I posted earlier. The trim() removes all the
white spaces

My solution worked well where spaces were not an issue. Your solution
breaks my more general solution. Although I did realize I should have
trimmed the final output since any empty lead lines will not be removed.
Please review and see why you're comment to use [\r\n]{2,} does not work
properly. Correcting for lead blank lines and handling spaces in a blank
line is also quite simple without having to use the heavy solution of
foreach:

<?php

$data = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$data = trim( $input );

?>

Without benchmarking, I'm willing to bet this is faster and less memory
intensive than your foreach solution :)

Cheers,
Rob.

Ignoring the space and tabs, you're right, the + does it. One or more always reduces to one only.

--- End Message ---

--- Begin Message ---

Al wrote:

On 5/22/2010 4:34 PM, Robert Cummings wrote:

Al wrote:

On 5/22/2010 1:02 PM, Robert Cummings wrote:

tedd wrote:

At 4:27 PM +0200 5/21/10, Anton Heuschen wrote:

So in the file it would look like (from the original file the user
uploads
that is)

1
2

3
4


5

6


but when the file is saved to the server it must look like


1
2
3
4
5
6

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);

Sorry tedd, this is broken. It doesn't solve problems with runs of
greater than 2 newlines which is even in the example :) I would use the
following instead which is also line break agnostic with final output in
the style for your system:

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.

Rob: Your solution doesn't remove the blank lines [\r\n]+ use instead
[\r\n]{2,} So 2 or more becomes only 1.

In general, problem is trickier when the following are considered. #
means any number. 0, 1.....

some textEOL
#spacesEOL
more text

some text#spacesEOL
#spacesEOL
.... any number of these
#spacesEOL
more text

some textEOL
EOL
...any number of these
EOL
some text

The white space before the EOLs can also be tabs

Look at the solution I posted earlier. The trim() removes all the
white spaces

My solution worked well where spaces were not an issue. Your solution
breaks my more general solution. Although I did realize I should have
trimmed the final output since any empty lead lines will not be removed.
Please review and see why you're comment to use [\r\n]{2,} does not work
properly. Correcting for lead blank lines and handling spaces in a blank
line is also quite simple without having to use the heavy solution of
foreach:

<?php

$data = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$data = trim( $input );

?>

Without benchmarking, I'm willing to bet this is faster and less memory
intensive than your foreach solution :)

Cheers,
Rob.

Ignoring the space and tabs, you're right, the + does it. One or more always reduces to one only.

But the second solution I provided above addresses all issues (in case you missed that it was another solution :)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message --- Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login

Easy peasey

Karl

Sent from losPhone

On May 22, 2010, at 12:34 AM, Gautam Bhatia <mail2gautambha...@gmail.com> wrote:

On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:

Hi All!

I am looking for a solution, I want a user to do a single Login only on a PC

.

E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with

same loginid or another.

Can I trace MAC address of a single machine to solve this issue?

Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will

work for all browsers in a single machine..

I hope You will help me out


Regards

Jagdeep Singh
+91 9988009272

hi Jagdeep,
                I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in
change it to true , so even if the person is using other browser, you

can check the value from dbase, if user is already logged in or not. If

that makes sense to you , good luck.

regards,
Gautam Bhatia

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---

--- Begin Message --- This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed).

Cheers,
Rob.


Karl DeSaulniers wrote:

Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login

Easy peasey

Karl

Sent from losPhone

On May 22, 2010, at 12:34 AM, Gautam Bhatia <mail2gautambha...@gmail.com> wrote:

On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:

Hi All!

I am looking for a solution, I want a user to do a single Login only on a PC

.

E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with

same loginid or another.

Can I trace MAC address of a single machine to solve this issue?

Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will

work for all browsers in a single machine..

I hope You will help me out


Regards

Jagdeep Singh
+91 9988009272

hi Jagdeep,
                I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in
change it to true , so even if the person is using other browser, you

can check the value from dbase, if user is already logged in or not. If

that makes sense to you , good luck.

regards,
Gautam Bhatia

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

On May 22, 2010, at 3:37 PM, Robert Cummings wrote:

This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed).

Cheers,
Rob.


Karl DeSaulniers wrote:

Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login

Easy peasey
Karl
Sent from losPhone

On May 22, 2010, at 12:34 AM, Gautam Bhatia <mail2gautambha...@gmail.com> wrote:

On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:

Hi All!

I am looking for a solution, I want a user to do a single Login only on a PC

.

E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with

same loginid or another.

Can I trace MAC address of a single machine to solve this issue?

Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will

work for all browsers in a single machine..

I hope You will help me out


Regards

Jagdeep Singh
+91 9988009272

hi Jagdeep,
                I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in

change it to true , so even if the person is using other browser, you can check the value from dbase, if user is already logged in or not. If

that makes sense to you , good luck.

regards,
Gautam Bhatia

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

Sorry for the top posting.

Ah, I see. Don't mean to beat a dead horse.
I still stand by my suggestion though.
If you record the username and ip in an active user table,

then set a cookie on the computer that is cross referenced with the ip and username,

you will have a little better check system.

Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in.

Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site.

But like having an expensive painting in your house,

if the thief is going to put that much work in to get it, chances are they will.

Just make sure its insured. :)


Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---

--- Begin Message ---

On May 22, 2010, at 7:43 PM, Brandon Rampersad wrote:

These third world internet providers are screwing up the IP address system with their shared IPs which defeats the entire purpose of an IP address.

On Sat, May 22, 2010 at 6:19 PM, Karl DeSaulniers <k...@designdrumm.com> wrote:

On May 22, 2010, at 3:37 PM, Robert Cummings wrote:

This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed).

Cheers,
Rob.


Karl DeSaulniers wrote:

Yeah. Don't be concerned about which browser. Just set up an active users table in your database that gets checked at login. Then it doesn't matter which machine or browser. Unless you know that the computers are giving the true ip, there is no way to keep a user from logging in with two account on the same computer. Otherwise add the active users ip to the active users table and check it as well on login

Easy peasey
Karl
Sent from losPhone

On May 22, 2010, at 12:34 AM, Gautam Bhatia <mail2gautambha...@gmail.com> wrote:

On Friday 14 May 2010 12:48 PM, Jagdeep Singh wrote:
Hi All!

I am looking for a solution, I want a user to do a single Login only on a PC

.

E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with

same loginid or another.

Can I trace MAC address of a single machine to solve this issue?

Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will

work for all browsers in a single machine..

I hope You will help me out


Regards

Jagdeep Singh
+91 9988009272


hi Jagdeep,
               I am not really sure , i got your question right but
there is something you can try if this helps, in the mysql dbase add
field like "loggedIn" , which can be true/false, when person logs in
change it to true , so even if the person is using other browser, you

can check the value from dbase, if user is already logged in or not. If

that makes sense to you , good luck.

regards,
Gautam Bhatia

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.


Sorry for the top posting.

Ah, I see. Don't mean to beat a dead horse.
I still stand by my suggestion though.
If you record the username and ip in an active user table,

then set a cookie on the computer that is cross referenced with the ip and username,

you will have a little better check system.

Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in.

Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site.

But like having an expensive painting in your house,

if the thief is going to put that much work in to get it, chances are they will.

Just make sure its insured. :)



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
A Brandon_R Production

Duley noted, but the combo of tracking ips and cookies on computers should still work. If you are checking the ip against ALL users, if two users in the active database have the same ip, then whichever has the older timestamp stays and the new one gets booted. And if your periodically checking and reassigning cookies with the ip stored, it should work.

Maybe if you have a situation with multiple computers having the same ip, store the ips in a blob and then check their system info against eachother. If its the same system info, boot them. Something like using the browser's user agent identifier $_SERVER['HTTP_USER_AGENT'] with the aformentioned checks and balances. I could stand corrected, and have not had to implement such parameters, but for what they are doing, it should work.

Now if you created the interface in Flash, you could control this very easily. But that is another discussion for another forum.

Karl


Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---

--- Begin Message ---

Karl DeSaulniers wrote:

On May 22, 2010, at 3:37 PM, Robert Cummings wrote:

This was beaten to death last week. The solution is not possible because it's not about restricting a single user from logging over multiple machines, it about restricting a single computer to only one session (so running IE, Firefox, Opera, Safari on same computer with different users would not be allowed).

>

Sorry for the top posting.

Ah, I see. Don't mean to beat a dead horse.
I still stand by my suggestion though.
If you record the username and ip in an active user table,

then set a cookie on the computer that is cross referenced with the ip and username,

you will have a little better check system.

Also, if you set a fall back that say checks to see if the cookie is being reset or set for the first time or if the cookie has been deleted, you can kick them. Set the cookie to expire and be reset while in session to check to see if it changes while the user is logged in.

Basically, if you check for log-in status from the active user table and cross reference the ip, it will probably cover say 75% of the cases. Using the cookie and putting strict requirements for the cookie to have been pre-existing with the right ip or if it is being set for the first time, you will have a little more control. Plus you could create a blob of ips that is referenced with each username that can be cross referenced to see if a user has multiple ip sets or if two users have a similar ip. Thus a little more granular control on the computers accessing your site.

But like having an expensive painting in your house,

if the thief is going to put that much work in to get it, chances are they will.

Just make sure its insured. :)

It doesn't work that way though because the session cookie is only valid for the browser to which it is issued. A cookie issued to a Firefox connection is completely disjoint from a cookie issued to a Chrome session or an Opera session or (eeek) an IE session. Additionally, you can't record the IP address since many universities and other more populated points of connection use IP sharing. The problem goes further, imagine you could get a hold of the MAC Address... there's nothing stopping someone from spoofing it or running a virtual machine within the same machine to open another connection. I hope this helps crystalize the issue :)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

Karl DeSaulniers wrote:

Duley noted, but the combo of tracking ips and cookies on computers should still work. If you are checking the ip against ALL users, if two users in the active database have the same ip, then whichever has the older timestamp stays and the new one gets booted. And if your periodically checking and reassigning cookies with the ip stored, it should work.

You cannot use the IP, it is not unique to a single computer. Many companies, universities, and government departments have a small pool of public gateway IPs through which all users travel.

Maybe if you have a situation with multiple computers having the same ip, store the ips in a blob and then check their system info against eachother.

And the same computer using multiple browsers? Also, in government there's usually a standard configuration shared by thousands of users.

If its the same system info, boot them. Something like using the browser's user agent identifier $_SERVER['HTTP_USER_AGENT'] with the aformentioned checks and balances.

Again not possible, see above.

I could stand corrected, and have not had to implement such parameters, but for what they are doing, it should work.

They will not. Also, all of the above information is spoofable.

Now if you created the interface in Flash, you could control this very easily. But that is another discussion for another forum.

Yeah, but flash is proprietary and I for one hate hitting flash websites. I surf with flashblock and I'm amazed how many sites don't have an alternative homepage for non flash users.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

Karl DeSaulniers wrote:

On May 22, 2010, at 7:43 PM, Brandon Rampersad wrote:

These third world internet providers are screwing up the IP address system with their shared IPs which defeats the entire purpose of an IP address.

I missed this bit... actually, this is less a third world issue as much as it is an organizational issue. NAT for large networks is meant to be driven through a small number of points. This is how it's supposed to work. Why should a company with 50000 users need to purchase 50,000 public IP addresses when they can have 1 and use 50000 internal private network addresses? We'd have run out of IP4 address space years ago if this were not possible.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

Well you could alway build it as an Adobe AIR app.
Then it would be its own application. Not viewed through a browser.


Karl


On May 22, 2010, at 8:46 PM, Robert Cummings wrote:

Yeah, but flash is proprietary and I for one hate hitting flash websites.

Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---

--- Begin Message --- But then I don't get to use worldwide accepted and open standards for development.

Karl DeSaulniers wrote:

Well you could alway build it as an Adobe AIR app.
Then it would be its own application. Not viewed through a browser.


Karl


On May 22, 2010, at 8:46 PM, Robert Cummings wrote:

Yeah, but flash is proprietary and I for one hate hitting flash websites.

Karl DeSaulniers
Design Drumm
http://designdrumm.com

--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message --- Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place.

Have you ever programed in flash?

Karl

Sent from losPhone

On May 22, 2010, at 9:11 PM, Robert Cummings <rob...@interjinn.com> wrote:

But then I don't get to use worldwide accepted and open standards for development.

Karl DeSaulniers wrote:

Well you could alway build it as an Adobe AIR app.
Then it would be its own application. Not viewed through a browser.
Karl
On May 22, 2010, at 8:46 PM, Robert Cummings wrote:

Yeah, but flash is proprietary and I for one hate hitting flash websites.

Karl DeSaulniers
Design Drumm
http://designdrumm.com

--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---

--- Begin Message ---

Karl DeSaulniers wrote:

Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place.

Have you ever programed in flash?

Yes. But I prefer open source all the way :)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

Robert Cummings wrote:

Karl DeSaulniers wrote:

Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place.

Have you ever programed in flash?

Yes. But I prefer open source all the way :)

BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

I am going to ask my flash guru buddies.
Let me see if I can find anything out.

Karl


On May 22, 2010, at 10:10 PM, Robert Cummings wrote:

Robert Cummings wrote:

Karl DeSaulniers wrote:

Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place.

Have you ever programed in flash?

Yes. But I prefer open source all the way :)

BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---

--- Begin Message ---

Phpster wrote:

On May 22, 2010, at 12:07 PM, tedd <tedd.sperl...@gmail.com> wrote:

At 8:00 PM +0100 5/21/10, Ashley Sheridan wrote:

What sort of format is that date, English or American?

For example: dd-mm-yyyy or mm-dd-yyyy?

Thanks,
Ash

Ash:

I don't think it's called "English" or "American" -- as Churchill once said "We are separated by a common language." Perhaps "British English" vs "American English", but I don't think that is correct either.

While America typically uses mm-dd-yyyy the *majority* of the rest of the world uses dd-mm-yyyy -- which I think is far more logical. However, there are regions who commonly use yyyy-mm-dd (i.e., China, Japan), which is also logical.

It seems that America is the only region who mixes the most- significant-digit order (big, little, and middle endians). I don't understand why it came about, perhaps it was one of those American Almanac articles like the one that claimed using double negatives was poor grammar which caused a significant changer in the language.

In any event, in all cases where it's my choice, I use the dd-mm- yyyy format.

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

I blame Microsoft!

Personally I prefer to use yyyy-mm-dd since that is the format for many DBs

Bastien

For user centric dates I prefer dd-mm-yyyy because as others have pointed out it makes more sense from an order of significance. Additionally, in English it's about as common to say "it's the 22nd of May, 2010" as it is to say "it's May 22nd, 2010". For filesystems and other orderable text-based formats, I prefer yyyy-mm-dd because it sorts properly :)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

I'm a Front End Dev seeking to add that crucial server-side/database
knowledge to my understanding of end to end web dev.

I'm particularly interested in learning how to set up server side responses
to my AJAX and JSON/JSONP requests.

Also, I'm thinking of a "simple" finances management app (though we'll see
how long it remains simple) to learn some basics and move on from there to
e-commerce, blogs and social apps. Then who knows?

My question is, are there any accepted "norms" for great books or how tos
that I can take as guidance towards mastering the fundamentals? I favor OOP
techniques in my JS and would like to make sure that I go for best-practices
when it comes to my PHP scripting as well. I am looking for exemplary
examples of code, not so much books or tutorials that explain things to
death.

An aside is when is it appropriate to start learning a framework such as
CodeIgniter? I rely on JS libraries and can imagine that the PHP is no
different (but I want to make sure I know what is going on "under the
hood").

I realize this post lacks focus, but as soon as I am able to get some
general guidance, any further requests will be more to the point. Thanks for
your understanding as I get my bearings.

Looking forward to becoming broader in my knowledge of creating web apps and
can't wait for suggestions from the community!

Regards,
Jerome

--- End Message ---

--- Begin Message ---

Hello,
I've got a custom app that interacts with a database. I want to use
something stronger than .htaccess to protect it and ssl is not
available as this is a shared host. There will be several user's
accessing this app and updating the database through it. What i was
thinking was giving each a unique username, password, and ID string,
which would be somehow used to compute a hash and if that would match
access could be granted. That's just a guess on my part, i'd
appreciate any suggestions.
Thanks.
Dave.

--- End Message ---

--- Begin Message ---

David Mehler wrote:

Hello,
I've got a custom app that interacts with a database. I want to use
something stronger than .htaccess to protect it and ssl is not
available as this is a shared host. There will be several user's
accessing this app and updating the database through it. What i was
thinking was giving each a unique username, password, and ID string,
which would be somehow used to compute a hash and if that would match
access could be granted. That's just a guess on my part, i'd
appreciate any suggestions.
Thanks.
Dave.

Since you're not going to go over SSL, then nothing you can do will be stronger since it all flies out in plaintext over the internet.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---

--- Begin Message ---

On 05/23/2010 10:51 AM, Robert Cummings wrote:

David Mehler wrote:

Hello,
I've got a custom app that interacts with a database. I want to use
something stronger than .htaccess to protect it and ssl is not
available as this is a shared host. There will be several user's
accessing this app and updating the database through it. What i was
thinking was giving each a unique username, password, and ID string,
which would be somehow used to compute a hash and if that would match
access could be granted. That's just a guess on my part, i'd
appreciate any suggestions.
Thanks.
Dave.

Since you're not going to go over SSL, then nothing you can do will be
stronger since it all flies out in plaintext over the internet.

Cheers,
Rob.

Yeah I also agree with it. If you really want the things to be secure then use SSL.

--
Nilesh Govindarajan (निलेश गोविंदराजन)
Twitter: nileshgr
Facebook: nilesh.gr
Website: www.itech7.com

--- End Message ---

--- Begin Message ---

On Sun, May 23, 2010 at 12:40 AM, David Mehler <dave.meh...@gmail.com>wrote:

> Hello,
> I've got a custom app that interacts with a database. I want to use
> something stronger than .htaccess to protect it and ssl is not
> available as this is a shared host. There will be several user's
> accessing this app and updating the database through it. What i was
> thinking was giving each a unique username, password, and ID string,
> which would be somehow used to compute a hash and if that would match
> access could be granted. That's just a guess on my part, i'd
> appreciate any suggestions.
> Thanks.
> Dave.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
If you really, really can't get to SSL, you could develop the client-side
code to use a java applet as a proxy, and the applet could handle the
encryption (I've only done that once and it wasn't worth the work in the
long-run, I should have just switched hosts OR clients.)  You could also
pull off the same effect with a FLEX application, too.

And, if you really, really wanted to, you could even develop an ajax
application that encrypted the traffic before sending and decrypted any
incoming traffic using a hash of a nonce provided by the server and the
password of the user (the server-side PHP would perform the complimentary
actions.)  However, this would be quite a bit of work, and I'm hoping that
you can talk someone into a hosting upgrade :)

For reference, here's a javascript implementation of AES I've used in the
past (there's a port of the corresponding PHP to use linked on the same
page):
http://www.movable-type.co.uk/scripts/aes.html

But, again, I hope you can just switch to a host with SSL.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

--- End Message ---