php-general Digest 30 May 2010 19:17:56 -0000 Issue 6773
Topics (messages 305645 through 305658):
Re: get classname without namespace
305645 by: Adam Richardson
305646 by: Tanel Tammik
date_default_timezone_get() differs from ini_get('date.timezone');
305647 by: php
Re: Credit Card encryption
305648 by: Peter Lind
305650 by: tedd
305658 by: Miles Thompson
Re: Convert UTF-8 to PHP defines
305649 by: tedd
Re: Select Values Didn't Get Passed in From Two Different Forms
305651 by: tedd
NetBeans Question
305652 by: tedd
305653 by: php
305654 by: Jason Pruim
305655 by: Ashley Sheridan
305656 by: Ashley Sheridan
305657 by: tedd
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On Sat, May 29, 2010 at 4:20 PM, Tanel Tammik <[email protected]> wrote:
> Hi,
>
> is there a way to get the called classname without the namespace?
>
> <?php
> //PHP 5.3.x
> namespace some\where;
>
> abstract class ParentClass {
> public static function name() {
> return strtolower(get_called_class());
> }
>
> public static function get_name() {
> echo 'name: ' . static::name();
> }
> }
>
> class ChildClass extends ParentClass {
> }
>
> ChildClass::get_name();
> ?>
>
> the result i need: childclass
> the result i get: some\where\childclass
>
> also is it possible to get the name() into the static variable if only
> static method is called?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
$childclass = end(explode('\', $class_name_with_ns));
also is it possible to get the name() into the static variable if only
static method is called?
Not sure I understand this part.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
"Adam Richardson" <[email protected]> wrote in message
news:[email protected]...
> On Sat, May 29, 2010 at 4:20 PM, Tanel Tammik <[email protected]> wrote:
>
>> Hi,
>>
>> is there a way to get the called classname without the namespace?
>>
>> <?php
>> //PHP 5.3.x
>> namespace some\where;
>>
>> abstract class ParentClass {
>> public static function name() {
>> return strtolower(get_called_class());
>> }
>>
>> public static function get_name() {
>> echo 'name: ' . static::name();
>> }
>> }
>>
>> class ChildClass extends ParentClass {
>> }
>>
>> ChildClass::get_name();
>> ?>
>>
>> the result i need: childclass
>> the result i get: some\where\childclass
>>
>> also is it possible to get the name() into the static variable if only
>> static method is called?
>>
>> Br
>> Tanel
>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> $childclass = end(explode('\', $class_name_with_ns));
>
> also is it possible to get the name() into the static variable if only
>
> static method is called?
>
>
> Not sure I understand this part.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
>
yes, the static method is called and it's not possible...
basicalli i'm making dynamic class for database manipulation where the
child classname == tablename
i just thought it would be not good to each time call name() as a method
when tablename is need for sql query!
Br
Tanel
--- End Message ---
--- Begin Message ---
Hi there
i think i did not understand the timezone-settings right.
In php.ini, i wrote
date.timezone="Europe/Berlin".
echo ini_get('date.timezone');
returns "Europe/Berlin".
But the Class "DateTime" is using another timezone (Europe/London).
When i do 'echo date_default_timezone_get()', it returns "Europe/London"
and not the same as described in php.ini.
In phpinfo() the date.timezone-setting will also be empty.
I am sure to work with the right php.ini, due two facts:
1. phpinfo() displays the same ini and all settings from the file (but
not timezone)
2. ini_get() returns the right setting as well (but it will not be used).
Can somebody explain to me, what happens here?
Thanks a lot and kind regards, Paul
--- End Message ---
--- Begin Message ---
On 30 May 2010 07:49, Paul M Foster <[email protected]> wrote:
> This question is for people who take and store credit card information
> for customers.
>
> Credit card companies, in an attempt to lessen fraud, are tightening the
> screws on merchants who take credit cards. One aspect of this is a
> requirement to store credit card information from customers encrypted.
>
> So let's say you have a customer whose credit card you keep on file,
> because they'll be charging other items with you. The credit card
> companies would like you to store this information with strong
> encryption, which in their mind is one-way encryption.
>
> Now let's say that the credit card number is part of the customer
> record. When looking at the customer record, you see just the last four
> digits of the card. But when editing the record or when printing out
> reports of things which must be charged, you will see the whole number.
> Assume the users of the system have logins and passwords.
>
> Now if you one-way encrypt the credit card numbers in the customer
> records, then it seems to me that any time that field has to be accessed
> (to edit the record or charge something to the card), you'd have to have
> the user enter a specific "password" to unlock the encryption. This
> would be quite in addition to their username and password. Moreover for
> this to be as secure as the credit card companies would like it,
> whatever "password" is used would need to be changed frequently,
> particularly at any change of personnel. This means you'd have to
> re-encrypt all the credit card numbers using the new "password" every
> few months or when you fire someone who had access to the data.
>
> This seems like an excessively cumbersome solution. Is this seriously
> the way it's done? Does anyone have a better solution?
>
I'm sorry if the following sounds a bit harsh, but in matters like
these I prefer blunt directness.
A few notes. 1) one-way encryption means "no decrypting" - that's what
one-way is (like a one-way street, there's no driving the other
direction). You're looking for encryption that can be decrypted, not
one-way encryption which is otherwise known as hashing. 2) do not
store credit card information. Just don't. It's downright stupid to do
so, because it's a huge risk for very little gain. 3) farm out risks
like these to companies that specialize in dealing with them - you
will with 100% certainty not be able to do as good a job as these.
The question to ask is not: how to store credit card information
securely? The question to ask is: do I really want to be the next
person in the internet spotlight because my setup turned out to have a
security hole I overlooked?
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
At 12:43 PM +0200 5/30/10, Peter Lind wrote:
On 30 May 2010 07:49, Paul M Foster <[email protected]> wrote:
-snip-
Does anyone have a better solution?
I'm sorry if the following sounds a bit harsh, but in matters like
these I prefer blunt directness.
A few notes. 1) one-way encryption means "no decrypting" - that's what
one-way is (like a one-way street, there's no driving the other
direction). You're looking for encryption that can be decrypted, not
one-way encryption which is otherwise known as hashing. 2) do not
store credit card information. Just don't. It's downright stupid to do
so, because it's a huge risk for very little gain. 3) farm out risks
like these to companies that specialize in dealing with them - you
will with 100% certainty not be able to do as good a job as these.
The question to ask is not: how to store credit card information
securely? The question to ask is: do I really want to be the next
person in the internet spotlight because my setup turned out to have a
security hole I overlooked?
Paul:
Let me be equally blunt. Petter is absolutely right!
Do NOT have your client store customer credit card information on a
server -- period! That's the stuff people go to jail over. Instead,
use a credit card clearing house to do the heavy work, that's what
they get paid for.
Besides, most credit card processing agencies even require that you
use the customer's data (cc number, expiry date and CCS) to make the
sale and then immediately dispose of it afterwards, usually within 24
hours under a signed agreement. Holding that information for more
than 24 hours can be a criminal offense regardless of what type of
hashing you use.
While many of my customers have made the argument that they keep
hard-copy records of their customer's credit-card information
in-house and they don't understand why they can't do the same online
-- I reply that hard-copy kept in a safe behind "brick and mortar" in
far more secure that digital data behind any "security" code open to
the world. There isn't a security system out there that can't be
hacked. If the client insists on keeping this information online,
then find another client because at some time, someone is going to
jail and it's not going to be me.
So, let the people who can keep up with technology (a continued
effort and expense) worry about hackers -- just use their services
and sleep at night.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Sun, May 30, 2010 at 11:50 AM, tedd <[email protected]> wrote:
> At 12:43 PM +0200 5/30/10, Peter Lind wrote:
>
>> On 30 May 2010 07:49, Paul M Foster <[email protected]> wrote:
>>> -snip-
>>>
>>>
>>> Does anyone have a better solution?
>>>
>>
>> I'm sorry if the following sounds a bit harsh, but in matters like
>> these I prefer blunt directness.
>>
>> A few notes. 1) one-way encryption means "no decrypting" - that's what
>> one-way is (like a one-way street, there's no driving the other
>> direction). You're looking for encryption that can be decrypted, not
>> one-way encryption which is otherwise known as hashing. 2) do not
>> store credit card information. Just don't. It's downright stupid to do
>> so, because it's a huge risk for very little gain. 3) farm out risks
>> like these to companies that specialize in dealing with them - you
>> will with 100% certainty not be able to do as good a job as these.
>>
>> The question to ask is not: how to store credit card information
>> securely? The question to ask is: do I really want to be the next
>> person in the internet spotlight because my setup turned out to have a
>> security hole I overlooked?
>>
>
> Paul:
>
> Let me be equally blunt. Petter is absolutely right!
>
> Do NOT have your client store customer credit card information on a server
> -- period! That's the stuff people go to jail over. Instead, use a credit
> card clearing house to do the heavy work, that's what they get paid for.
>
> Besides, most credit card processing agencies even require that you use the
> customer's data (cc number, expiry date and CCS) to make the sale and then
> immediately dispose of it afterwards, usually within 24 hours under a signed
> agreement. Holding that information for more than 24 hours can be a criminal
> offense regardless of what type of hashing you use.
>
> While many of my customers have made the argument that they keep hard-copy
> records of their customer's credit-card information in-house and they don't
> understand why they can't do the same online -- I reply that hard-copy kept
> in a safe behind "brick and mortar" in far more secure that digital data
> behind any "security" code open to the world. There isn't a security system
> out there that can't be hacked. If the client insists on keeping this
> information online, then find another client because at some time, someone
> is going to jail and it's not going to be me.
>
> So, let the people who can keep up with technology (a continued effort and
> expense) worry about hackers -- just use their services and sleep at night.
>
>
> Cheers,
>
> tedd
>
>
>
To add my two cents - if you plan to store card information, in the eyes of
the Payment Card Industry you will have to be Tier One compliant.
How high are the standards? Visit hackerguardian.com and take the free
test. We *thought* it might be cool to store the CC info for a new
enterprise, provide convenient "one-click" shopping, etc, so we ran through
the questionnaire at that level. It would take more time to design,
implement and test the security and audit systems than to write the app.
Furthermore, since we were doing the new project in the cloud we could not
meet the requirements for physical security.
So we settled for Tier4 - we take the information as part of the
transaction, https to CC processor, get an "OK" or "Not OK" back, and no
cardholder info stored on our server at all, apart from the transaction
number.
Cheers - Miles Thompson
~~~~~~~~~~~~~~~~~~~~~~~~~~
"The piano keys are black and white,
But they sound like a million colours in your mind"
Spider's Web - Katie Melua
--- End Message ---
--- Begin Message ---
At 10:20 PM +0200 5/29/10, Nisse =?utf-8?Q?Engstr=C3=B6m?= wrote:
On Sat, 29 May 2010 10:16:39 -0400, tedd wrote:
At 7:15 AM +0200 5/29/10, Nisse =?utf-8?Q?Engstr=C3=B6m?= wrote:
No. There are no glyphs in Unicode. This is spelled out for
you in chapter 2, figure 2-2. "Characters versus Glyphs".
Code points are simply unique numbers assigned to specific characters
in an approved char set. To better understand which character is
represented a representative Glyph is used -- what else would we use,
Right. I should have phrased that differently.
a chicken?
U+9e21 ? U+540D ?
LOL
I forgot that the word chicken appears in several other languages as
a single character. Interesting to note that in the Chinese
Dictionary, the character "U+9e21" Chicken (ji) is interchangeable
with prostitution.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 12:08 PM -0400 5/29/10, Alice Wei wrote:
At the time of writing this, I got all the functionality I wanted,
only that it takes 3 submits, which is 4 pages in total, which
includes two dependent select menus based on user input by clicking
on the radio button and some other static drop downs and text inputs.
I am not sure if it is possible to cut it down two only two submits,
I just went online and found this,
http://www.w3schools.com/dhtml/tryit.asp?filename=trydhtml_event_onchange.
If I could change this function to using the radio button, and
process the other searching for the dependent drop downs using case
statements with PHP , do you think this is a good idea?
Anyway, I found this method is kind of ugly for the time being, but
less daunting with what I was doing before. Thanks.
Alice
Alice:
The example you provided above is very basic and I think what you
want is far more complex.
I realize that it's hard to convey what it is that you actually want
because you don't know all that can be done -- and the number of
possibilities of how to organize controls is far too vast for me to
guess.
For example, here's another example of what can be done:
http://www.webbytedd.com/a/ajax-select/index.php
But I know this doesn't fully solve your problem but it comes closer
than the example you provided above.
Sometimes it's best to "story-board" what you want so that both you
and to whom you're asking questions can have a better idea of the
problem.
For example, let's say you want to gather data from a user -- in
option A, the user is asked Y/N. If the user answers N, then the user
is sent to option B. If the user answers Y, then the user is sent to
option C. In option B the user is presented with... and Option C the
user is presented with... and so on. -- I'm sure you get the idea.
So, if you want to continue with this, please prepare a "story-board"
and present your problem again.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Hi gang:
Do any of you use NetBeans for your IDE?
It looks like a great IDE, but I have some questions.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On 05/30/2010 05:57 PM, tedd wrote:
Hi gang:
Do any of you use NetBeans for your IDE?
Yes, i do. Since 2 Years (Netbeans 6.5 then), now with 6.8
I work very well with netbeans on Mac OS-X and Ubuntu, using SVN as
version-backend, XDEBUG for debugging, Code-Coverage etc...
It looks like a great IDE, but I have some questions.
Tell me, maybe i can answer
Paul
--- End Message ---
--- Begin Message ---
On May 30, 2010, at 12:32 PM, php wrote:
On 05/30/2010 05:57 PM, tedd wrote:
Hi gang:
Do any of you use NetBeans for your IDE?
Yes, i do. Since 2 Years (Netbeans 6.5 then), now with 6.8
I work very well with netbeans on Mac OS-X and Ubuntu, using SVN as
version-backend, XDEBUG for debugging, Code-Coverage etc...
It looks like a great IDE, but I have some questions.
Tell me, maybe i can answer
Hey tedd,
I actually just started using it a little bit ago as I wanted
something more robust then just a text editor with some syntax
highlighting :)
So feel free to ask away and I'll see what I can answer :)
--- End Message ---
--- Begin Message ---
On Sun, 2010-05-30 at 12:58 -0400, Jason Pruim wrote:
> On May 30, 2010, at 12:32 PM, php wrote:
>
> > On 05/30/2010 05:57 PM, tedd wrote:
> >> Hi gang:
> >>
> >> Do any of you use NetBeans for your IDE?
> >>
> > Yes, i do. Since 2 Years (Netbeans 6.5 then), now with 6.8
> >
> > I work very well with netbeans on Mac OS-X and Ubuntu, using SVN as
> > version-backend, XDEBUG for debugging, Code-Coverage etc...
> >
> >> It looks like a great IDE, but I have some questions.
> >>
> >
> > Tell me, maybe i can answer
> >
>
> Hey tedd,
>
> I actually just started using it a little bit ago as I wanted
> something more robust then just a text editor with some syntax
> highlighting :)
>
> So feel free to ask away and I'll see what I can answer :)
>
>
>
This thread has made me want to have a look at the IDE. Will the base
IDE package be enough, or is there something specific it needs for PHP
development, like a netbeans-php package? I'm using Linux (Fedora 11)
btw ;)
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Sun, 2010-05-30 at 13:48 -0400, Brandon Rampersad wrote:
> i use dreamweaver and it's better
>
>
> On Sun, May 30, 2010 at 1:01 PM, Ashley Sheridan
> <[email protected]> wrote:
>
> On Sun, 2010-05-30 at 12:58 -0400, Jason Pruim wrote:
>
> > On May 30, 2010, at 12:32 PM, php wrote:
> >
> > > On 05/30/2010 05:57 PM, tedd wrote:
> > >> Hi gang:
> > >>
> > >> Do any of you use NetBeans for your IDE?
> > >>
> > > Yes, i do. Since 2 Years (Netbeans 6.5 then), now with 6.8
> > >
> > > I work very well with netbeans on Mac OS-X and Ubuntu,
> using SVN as
> > > version-backend, XDEBUG for debugging, Code-Coverage
> etc...
> > >
> > >> It looks like a great IDE, but I have some questions.
> > >>
> > >
> > > Tell me, maybe i can answer
> > >
> >
> > Hey tedd,
> >
> > I actually just started using it a little bit ago as I
> wanted
> > something more robust then just a text editor with some
> syntax
> > highlighting :)
> >
> > So feel free to ask away and I'll see what I can answer :)
> >
> >
> >
>
>
>
>
> This thread has made me want to have a look at the IDE. Will
> the base
> IDE package be enough, or is there something specific it needs
> for PHP
> development, like a netbeans-php package? I'm using Linux
> (Fedora 11)
> btw ;)
>
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
>
>
>
> --
> A Brandon_R Production
I don't know about that. I prefer a standard text editor to Dreamweaver.
Dw is full of bloat, really screws up include files and isn't available
on Linux anyway. As an editor for people more visually orientated it's
not bad, but for someone coming from a programming background, it
hinders in many places.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
At 6:01 PM +0100 5/30/10, Ashley Sheridan wrote:
This thread has made me want to have a look at the IDE. Will the base
IDE package be enough, or is there something specific it needs for PHP
development, like a netbeans-php package? I'm using Linux (Fedora 11)
btw ;)
Thanks,
Ash
Ash:
I'm really new at NetBeans and am having some minor questions I was
keeping off-list -- however -- can go on list if there is interest.
As for specific needs that NetBeans requires being an IDE for php,
they make a special one just for php, see here:
http://netbeans.org/downloads/index.html
Find the one that fits your needs, like the one that covers only php
and download it -- that's what I did.
It's very easy to install and its learning curve is pretty easy.
There are just some minor things that are not obvious, such as
downloading a remote file to your local directory.
You see, I use two different computers and have two accesses to the
same server. Occasionally, I may change a file remotely and my second
computer needs to be updated. I know this could be solved via some
version scheme, but I don't want to make a big production out of it
-- all I need to do is download a remote file, but I didn't see an
easy way to do that.
So, I searched for a couple of hours until I found someone said
"Simply, right-click on the file locally and choose 'download' and
you'll overwrite the file" -- that was simple enough. But I had to
find out how to do it. These are the types of questions I have.
I wanted to ask my questions on the NetBeans forums, but I am having
trouble logging in. They seem to have a problem with my given ID,
password, and email address and I haven't the time to straighten it
all out -- I just want answers -- so I turned to this list.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
