php-general Digest 24 Jun 2010 21:41:57 -0000 Issue 6814
Topics (messages 306393 through 306408):
Re: Problem with ssh2_connect - finished
306393 by: Radek Krejèa
Quick session question
306394 by: Danny
306395 by: Ashley Sheridan
306396 by: Jim Lucas
306397 by: Danny
306398 by: Mari Masuda
306403 by: Gaurav Kumar
306407 by: Jim Lucas
Making a Password Confirmation in PHP
306399 by: Michael Calkins
306400 by: Ashley Sheridan
306401 by: Floyd Resler
306402 by: Ashley Sheridan
306404 by: David Èesal
306405 by: Ashley Sheridan
306406 by: Adam Richardson
Unexpected behaviour from define()
306408 by: James Long
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hi, so I have (hope) finished. There is problem with rsa keys in function
ssh2_connect (probably bug, I dont see any problem on my side), so I created
two pairs - rsa and dsa. rsa method isnt working, but dsa method without
problems.
Its little complication, because I have everwhere rsa keys, but I change it to
dsa, If nobody doesnt have any idea, where could be a problem with rsa.
Radek
--- End Message ---
--- Begin Message ---
Hi guys,
I always start new projects with the following session code-snippet:
(In other words this is how I initialize my sessions in the index.php file.)
### START CODE SNIPPET ########################################################
<?php
session_start();
setcookie(session_name(),"",0,"/");
unset($_COOKIE[session_name()]);
$_SESSION = array();
session_unset();
session_destroy();
session_start();
/// Define some $_SESSION variables
$_SESSION['sessionid'] = session_id() ;
$_SESSION['server'] = "http://localhost/~user/new_project"; ;
$_SESSION['sql_dflts'] = $_SESSION['server']."/sql/sql_dflts.inc" ;
$_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ;
$_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ;
/// Include Files
include ( $_SESSION['sql_dflts'] ) ;
include ( $_SESSION['server']."/fnc/fnc_include_dir.inc" ) ;
$var_include_dir = include_dir ( "fnc" ) ;
?>
### END CODE SNIPPET #########################################################
All of the projects I have done so far were for business intranet purposes and
it worked fine. But last week I uploaded another project to the internet and my
sessions did not work.
I have been using it this way since v4.0 (I think, anyway since a LONG time
ago), but now I think it is a bit outdated and needs some kind of revision. Is
this still sufficient or can you guys give some tips on a more "updated" way of
starting my sessions?
My php.ini file is stock-standard. I am running version 5.2.6-1 with apache
2.2.9 on a Debian 5.04 machine.
Thank You
Danny
--- End Message ---
--- Begin Message ---
On Thu, 2010-06-24 at 16:24 +0200, Danny wrote:
> Hi guys,
>
> I always start new projects with the following session code-snippet:
> (In other words this is how I initialize my sessions in the index.php file.)
>
> ### START CODE SNIPPET
> ########################################################
> <?php
> session_start();
> setcookie(session_name(),"",0,"/");
> unset($_COOKIE[session_name()]);
> $_SESSION = array();
> session_unset();
> session_destroy();
>
> session_start();
>
>
> /// Define some $_SESSION variables
> $_SESSION['sessionid'] = session_id() ;
> $_SESSION['server'] = "http://localhost/~user/new_project"; ;
> $_SESSION['sql_dflts'] = $_SESSION['server']."/sql/sql_dflts.inc" ;
> $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ;
> $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ;
>
> /// Include Files
> include ( $_SESSION['sql_dflts'] ) ;
> include ( $_SESSION['server']."/fnc/fnc_include_dir.inc" ) ;
> $var_include_dir = include_dir ( "fnc" ) ;
>
> ?>
> ### END CODE SNIPPET #########################################################
>
> All of the projects I have done so far were for business intranet purposes and
> it worked fine. But last week I uploaded another project to the internet and
> my
> sessions did not work.
>
> I have been using it this way since v4.0 (I think, anyway since a LONG time
> ago), but now I think it is a bit outdated and needs some kind of revision. Is
> this still sufficient or can you guys give some tips on a more "updated" way
> of
> starting my sessions?
>
> My php.ini file is stock-standard. I am running version 5.2.6-1 with apache
> 2.2.9 on a Debian 5.04 machine.
>
> Thank You
>
> Danny
>
>From the looks of it, any values that you add to the session are
forgotten again the next time this code is called because of your use of
session_unset() and session_destory(). Generally these functions are
only used if you are closing the session.
When you say 'sessions did not work' what do you mean? Sessions aren't
being created? You can't access session variables? You need to be a bit
more specific about the issue.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Danny wrote:
> Hi guys,
>
> I always start new projects with the following session code-snippet:
> (In other words this is how I initialize my sessions in the index.php file.)
>
> ### START CODE SNIPPET
> ########################################################
> <?php
> session_start();
> setcookie(session_name(),"",0,"/");
> unset($_COOKIE[session_name()]);
> $_SESSION = array();
> session_unset();
> session_destroy();
>
> session_start();
>
>
> /// Define some $_SESSION variables
> $_SESSION['sessionid'] = session_id() ;
> $_SESSION['server'] = "http://localhost/~user/new_project"; ;
> $_SESSION['sql_dflts'] = $_SESSION['server']."/sql/sql_dflts.inc" ;
> $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ;
> $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] ) ;
>
> /// Include Files
> include ( $_SESSION['sql_dflts'] ) ;
> include ( $_SESSION['server']."/fnc/fnc_include_dir.inc" ) ;
> $var_include_dir = include_dir ( "fnc" ) ;
>
> ?>
> ### END CODE SNIPPET #########################################################
>
> All of the projects I have done so far were for business intranet purposes and
> it worked fine. But last week I uploaded another project to the internet and
> my
> sessions did not work.
>
> I have been using it this way since v4.0 (I think, anyway since a LONG time
> ago), but now I think it is a bit outdated and needs some kind of revision. Is
> this still sufficient or can you guys give some tips on a more "updated" way
> of
> starting my sessions?
>
> My php.ini file is stock-standard. I am running version 5.2.6-1 with apache
> 2.2.9 on a Debian 5.04 machine.
Nothing looks to be wrong with the session initiation code. The problem is more
the likely the calls to include a remote file. Basically, to expand your
variables out, you would be doing this:
include ( 'http://localhost/~user/new_project/sql/sql_dflts.inc' ) ;
include ( 'http://localhost/~user/new_project/fnc/fnc_include_dir.inc' ) ;
If your php.ini settings are stock, then the problem is with the
allow_url_include directive. It is set to "0" by default.
See here: http://us3.php.net/manual/en/filesystem.configuration.php
Change that setting to '1' and restart your web server, then you should be good
to go.
>
> Thank You
>
> Danny
>
--
Jim Lucas
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--- End Message ---
--- Begin Message ---
Thanks Ashley and Jim,
> When you say 'sessions did not work' what do you mean? Sessions aren't being
> created? You can't access session variables? You need to be a bit more
> specific
> about the issue.
Sorry, here is an explanation:
The project I uploaded for a customer is a "stock ordering" web-app that they
used
on their local intranet for a year or so, but now they want this same web-app to
be available globally.
I thought that it would work "out-the-box" on the internet but it doesn't. On
their local-lan I am able to do some (advanced) login checks with sessions with
no
problem, like I said, it has been workng for a year or so now. Also, the same
login sequence I use here I also use in my other intranet web-apps.
However, when I uploaded this project and I log on, I just get a blank screen
after the login checks are done and it is supposed to take me to the logged-in
start page.
That is why I say that somehow my sessions are not "carried over" or "caught"
by php.
Thanks for the comments on my session initialization, if there is not really
anything that should be changed, then I will leave it like it is.
Just one more thing, should I always expand the URL's to an absolute path
instead of using a session variable like I do?
Thnks again guys
Danny
--- End Message ---
--- Begin Message ---
On Jun 24, 2010, at 9:09 AM, Danny wrote:
> Thanks Ashley and Jim,
>
>> When you say 'sessions did not work' what do you mean? Sessions aren't being
>> created? You can't access session variables? You need to be a bit more
>> specific
>> about the issue.
>
> Sorry, here is an explanation:
>
> The project I uploaded for a customer is a "stock ordering" web-app that they
> used
> on their local intranet for a year or so, but now they want this same web-app
> to
> be available globally.
>
> I thought that it would work "out-the-box" on the internet but it doesn't. On
> their local-lan I am able to do some (advanced) login checks with sessions
> with no
> problem, like I said, it has been workng for a year or so now. Also, the same
> login sequence I use here I also use in my other intranet web-apps.
>
> However, when I uploaded this project and I log on, I just get a blank screen
> after the login checks are done and it is supposed to take me to the logged-in
> start page.
>
> That is why I say that somehow my sessions are not "carried over" or "caught"
> by php.
>
> Thanks for the comments on my session initialization, if there is not really
> anything that should be changed, then I will leave it like it is.
>
> Just one more thing, should I always expand the URL's to an absolute path
> instead of using a session variable like I do?
>
> Thnks again guys
>
> Danny
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Maybe you need to change
$_SESSION['server'] = "http://localhost/~user/new_project"; ;
to be not localhost.
--- End Message ---
--- Begin Message ---
Danny,
I just read the email trail regarding your problem.
The very first thing-
1. Session are stored as a file on the server in a folder. Check that the
folder has read/*write* permission. (/tmp/ folder)
2. Check on the server that are the sessions really getting saved on the
server?
3. Now in case you do not have access to a sessions folder on the server
then set the session folder name/path to the folder (a new one) you can have
access to (may be root of your ftp) using
session_save_path('/httpdocs/'your-domain-folder/new-session-folder)
(provide read/write permission) before session_start() in index.php or
common header include file. This session_save_path() should be declared on
every file on the top.
Try the above and let me know if it works.
Thanks,
Gaurav Kumar
http://blog.OsWebStudio.Com
On Thu, Jun 24, 2010 at 7:54 PM, Danny <[email protected]> wrote:
> Hi guys,
>
> I always start new projects with the following session code-snippet:
> (In other words this is how I initialize my sessions in the index.php
> file.)
>
> ### START CODE SNIPPET
> ########################################################
> <?php
> session_start();
> setcookie(session_name(),"",0,"/");
> unset($_COOKIE[session_name()]);
> $_SESSION = array();
> session_unset();
> session_destroy();
>
> session_start();
>
>
> /// Define some $_SESSION variables
> $_SESSION['sessionid'] = session_id() ;
> $_SESSION['server'] =
> "http://localhost/~user/new_project<http://localhost/%7Euser/new_project>"
> ;
> $_SESSION['sql_dflts'] = $_SESSION['server']."/sql/sql_dflts.inc" ;
> $_SESSION['remoteaddr'] = $_SERVER['REMOTE_ADDR'] ;
> $_SESSION['remotehost'] = gethostbyaddr ( $_SERVER['REMOTE_ADDR'] )
> ;
>
> /// Include Files
> include ( $_SESSION['sql_dflts'] ) ;
> include ( $_SESSION['server']."/fnc/fnc_include_dir.inc" ) ;
> $var_include_dir = include_dir ( "fnc" ) ;
>
> ?>
> ### END CODE SNIPPET
> #########################################################
>
> All of the projects I have done so far were for business intranet purposes
> and
> it worked fine. But last week I uploaded another project to the internet
> and my
> sessions did not work.
>
> I have been using it this way since v4.0 (I think, anyway since a LONG time
> ago), but now I think it is a bit outdated and needs some kind of revision.
> Is
> this still sufficient or can you guys give some tips on a more "updated"
> way of
> starting my sessions?
>
> My php.ini file is stock-standard. I am running version 5.2.6-1 with apache
> 2.2.9 on a Debian 5.04 machine.
>
> Thank You
>
> Danny
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Danny wrote:
> Thanks Ashley and Jim,
>
>> When you say 'sessions did not work' what do you mean? Sessions aren't being
>> created? You can't access session variables? You need to be a bit more
>> specific
>> about the issue.
>
> Sorry, here is an explanation:
>
> The project I uploaded for a customer is a "stock ordering" web-app that they
> used
> on their local intranet for a year or so, but now they want this same web-app
> to
> be available globally.
>
> I thought that it would work "out-the-box" on the internet but it doesn't. On
> their local-lan I am able to do some (advanced) login checks with sessions
> with no
> problem, like I said, it has been workng for a year or so now. Also, the same
> login sequence I use here I also use in my other intranet web-apps.
>
> However, when I uploaded this project and I log on, I just get a blank screen
> after the login checks are done and it is supposed to take me to the logged-in
> start page.
Regarding the blank page, in your php.ini file turn on display_errors and
error_reporting
error_reporting = E_ALL
display_errors = On
This will make sure that PHP tells you all the errors that are possibly being
generated.
>
> That is why I say that somehow my sessions are not "carried over" or "caught"
> by php.
>
> Thanks for the comments on my session initialization, if there is not really
> anything that should be changed, then I will leave it like it is.
>
> Just one more thing, should I always expand the URL's to an absolute path
> instead of using a session variable like I do?
>
> Thnks again guys
>
> Danny
>
--
Jim Lucas
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
--- End Message ---
--- Begin Message ---
This is very straight forward, if password a and b are not equal to each other,
how can I let the user know that with out losing all of the entered information
on the registration form?
I was trying this:
---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
$p2 = "<input type=\"password\" name=\"usr_p2\" />";
// if they didn't match return
$p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 . "\"/>";---
I was trying to change the value of the variable which shows the input field to
have the password already in it.
and either one would just be echo'd depending on the result.
Any ideas please?
From,Michael [email protected]
elementFontfont-familyfont-sizefont-stylefont-variantfont-weightletter-spacingline-heighttext-decorationtext-aligntext-indenttext-transformwhite-spaceword-spacingcolorBackgroundbg-attachmentbg-colorbg-imagebg-positionbg-repeatBoxwidthheightborder-topborder-rightborder-bottomborder-leftmarginpaddingmax-heightmin-heightmax-widthmin-widthoutline-coloroutline-styleoutline-widthPositioningpositiontopbottomrightleftfloatdisplayclearz-indexListlist-style-imagelist-style-typelist-style-positionTablevertical-alignborder-collapseborder-spacingcaption-sideempty-cellstable-layoutEffectstext-shadow-webkit-box-shadowborder-radiusOtheroverflowcursorvisibility
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
--- End Message ---
--- Begin Message ---
On Thu, 2010-06-24 at 11:22 -0700, Michael Calkins wrote:
> This is very straight forward, if password a and b are not equal to each
> other, how can I let the user know that with out losing all of the entered
> information on the registration form?
> I was trying this:
> ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> $p2 = "<input type=\"password\" name=\"usr_p2\" />";
> // if they didn't match return
> $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 . "\"/>";---
> I was trying to change the value of the variable which shows the input field
> to have the password already in it.
> and either one would just be echo'd depending on the result.
> Any ideas please?
>
> From,Michael [email protected]
>
> elementFontfont-familyfont-sizefont-stylefont-variantfont-weightletter-spacingline-heighttext-decorationtext-aligntext-indenttext-transformwhite-spaceword-spacingcolorBackgroundbg-attachmentbg-colorbg-imagebg-positionbg-repeatBoxwidthheightborder-topborder-rightborder-bottomborder-leftmarginpaddingmax-heightmin-heightmax-widthmin-widthoutline-coloroutline-styleoutline-widthPositioningpositiontopbottomrightleftfloatdisplayclearz-indexListlist-style-imagelist-style-typelist-style-positionTablevertical-alignborder-collapseborder-spacingcaption-sideempty-cellstable-layoutEffectstext-shadow-webkit-box-shadowborder-radiusOtheroverflowcursorvisibility
>
> _________________________________________________________________
> Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
> http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
When you output the form again, output it with the values that were sent
to you (take care about deliberate injection though)
For things like select lists, I find I end up creating these from an
array in PHP anyway, so it's easy to loop through the array and set the
selected attribute if that's the value that was picked. Checkboxes and
radio buttons; if the value has been sent by the user, then mark them
checked when you output the html for them.
Don't fill password boxes, as that confuses the user. If they mistyped,
how do they know what value it holds anyway?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote:
>
> This is very straight forward, if password a and b are not equal to each
> other, how can I let the user know that with out losing all of the entered
> information on the registration form?
> I was trying this:
> ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> $p2 = "<input type=\"password\" name=\"usr_p2\" />";
> // if they didn't match return
> $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 . "\"/>";---
> I was trying to change the value of the variable which shows the input field
> to have the password already in it.
> and either one would just be echo'd depending on the result.
> Any ideas please?
>
> From,Michael [email protected]
>
>
If you aren't opposed to using JavaScript, I'd do it there. If you don't want
to use JavaScript then you can load the form data from the $_POST (or $_GET)
array that was passed back to your script.
Take care,
Floyd
--- End Message ---
--- Begin Message ---
On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote:
> On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote:
>
> >
> > This is very straight forward, if password a and b are not equal to each
> > other, how can I let the user know that with out losing all of the entered
> > information on the registration form?
> > I was trying this:
> > ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> > $p2 = "<input type=\"password\" name=\"usr_p2\" />";
> > // if they didn't match return
> > $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 .
> > "\"/>";---
> > I was trying to change the value of the variable which shows the input
> > field to have the password already in it.
> > and either one would just be echo'd depending on the result.
> > Any ideas please?
> >
> > From,Michael [email protected]
> >
> >
> If you aren't opposed to using JavaScript, I'd do it there. If you don't
> want to use JavaScript then you can load the form data from the $_POST (or
> $_GET) array that was passed back to your script.
>
> Take care,
> Floyd
>
>
>
Is Javascript allowed to read the value of password boxes? I was of the
understanding that it couldn't, so checking if a password field matches
another is pretty moot.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Yes, it is.
D
-----Original Message-----
From: Ashley Sheridan [mailto:[email protected]]
Sent: Thursday, June 24, 2010 8:32 PM
To: Floyd Resler
Cc: PHP
Subject: Re: [PHP] Making a Password Confirmation in PHP
On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote:
> On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote:
>
> >
> > This is very straight forward, if password a and b are not equal to each
other, how can I let the user know that with out losing all of the entered
information on the registration form?
> > I was trying this:
> > ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> > $p2 = "<input type=\"password\" name=\"usr_p2\" />"; // if they
> > didn't match return
> > $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 .
> > "\"/>";--- I was trying to change the value of the variable which shows
the input field to have the password already in it.
> > and either one would just be echo'd depending on the result.
> > Any ideas please?
> >
> > From,Michael [email protected]
> >
> >
> If you aren't opposed to using JavaScript, I'd do it there. If you don't
want to use JavaScript then you can load the form data from the $_POST (or
$_GET) array that was passed back to your script.
>
> Take care,
> Floyd
>
>
>
Is Javascript allowed to read the value of password boxes? I was of the
understanding that it couldn't, so checking if a password field matches
another is pretty moot.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, 2010-06-24 at 20:37 +0200, David Česal wrote:
> Yes, it is.
>
> D
>
> -----Original Message-----
> From: Ashley Sheridan [mailto:[email protected]]
> Sent: Thursday, June 24, 2010 8:32 PM
> To: Floyd Resler
> Cc: PHP
> Subject: Re: [PHP] Making a Password Confirmation in PHP
>
> On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote:
>
> > On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote:
> >
> > >
> > > This is very straight forward, if password a and b are not equal to each
> other, how can I let the user know that with out losing all of the entered
> information on the registration form?
> > > I was trying this:
> > > ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> > > $p2 = "<input type=\"password\" name=\"usr_p2\" />"; // if they
> > > didn't match return
> > > $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 .
> > > "\"/>";--- I was trying to change the value of the variable which shows
> the input field to have the password already in it.
> > > and either one would just be echo'd depending on the result.
> > > Any ideas please?
> > >
> > > From,Michael [email protected]
> > >
> > >
> > If you aren't opposed to using JavaScript, I'd do it there. If you don't
> want to use JavaScript then you can load the form data from the $_POST (or
> $_GET) array that was passed back to your script.
> >
> > Take care,
> > Floyd
> >
> >
> >
>
>
> Is Javascript allowed to read the value of password boxes? I was of the
> understanding that it couldn't, so checking if a password field matches
> another is pretty moot.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
Yes, so it does. That seems like a bit of a flaw in Javascript on
security grounds.
Anyway, you still need to perform the same check on the server:
* Javascript may be turned off
* Not every browser supports Javascript
* Someone may make a post request without using the form
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, Jun 24, 2010 at 2:46 PM, Ashley Sheridan
<[email protected]>wrote:
> On Thu, 2010-06-24 at 20:37 +0200, David Česal wrote:
>
> > Yes, it is.
> >
> > D
> >
> > -----Original Message-----
> > From: Ashley Sheridan [mailto:[email protected]]
> > Sent: Thursday, June 24, 2010 8:32 PM
> > To: Floyd Resler
> > Cc: PHP
> > Subject: Re: [PHP] Making a Password Confirmation in PHP
> >
> > On Thu, 2010-06-24 at 14:29 -0400, Floyd Resler wrote:
> >
> > > On Jun 24, 2010, at 2:22 PM, Michael Calkins wrote:
> > >
> > > >
> > > > This is very straight forward, if password a and b are not equal to
> each
> > other, how can I let the user know that with out losing all of the
> entered
> > information on the registration form?
> > > > I was trying this:
> > > > ---$p1 = "<input type=\"password\" name=\"usr_p1\" />";
> > > > $p2 = "<input type=\"password\" name=\"usr_p2\" />"; // if they
> > > > didn't match return
> > > > $p1 = "<input type=\"password\" name=\"usr_p1\" value=\"" . $p1 .
> > > > "\"/>";--- I was trying to change the value of the variable which
> shows
> > the input field to have the password already in it.
> > > > and either one would just be echo'd depending on the result.
> > > > Any ideas please?
> > > >
> > > > From,Michael [email protected]
> > > >
> > > >
> > > If you aren't opposed to using JavaScript, I'd do it there. If you
> don't
> > want to use JavaScript then you can load the form data from the $_POST
> (or
> > $_GET) array that was passed back to your script.
> > >
> > > Take care,
> > > Floyd
> > >
> > >
> > >
> >
> >
> > Is Javascript allowed to read the value of password boxes? I was of the
> > understanding that it couldn't, so checking if a password field matches
> > another is pretty moot.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> >
>
>
> Yes, so it does. That seems like a bit of a flaw in Javascript on
> security grounds.
>
> Anyway, you still need to perform the same check on the server:
>
> * Javascript may be turned off
> * Not every browser supports Javascript
> * Someone may make a post request without using the form
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
Yes, the checks should be performed server-side, too.
In terms of security, the password field was meant merely to protect against
nearby people peering over the shoulder of the user typing in their password
(aka, shoulder surfing.) So in terms of security, nothing is flawed, and
there has been some debate on the need and implementation of password
fields, especially given interfaces like the iphone which let you view the
last character entered for a brief amount of time:
http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html
http://www.useit.com/alertbox/passwords.html
I'd recommend progressively enhancing the page with a plugin such as those
listed below (I prefer jQuery, but there are other options for other
frameworks):
http://plugins.jquery.com/project/showPasswordCheckbox
http://plugins.jquery.com/project/fvalidate
http://plugins.jquery.com/project/iphone-password
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
Perhaps I am missing something basic here.
Why does the LOG_WARNING constant take on a value of 4, when
it is defined with a value of 1?
Thank you!
Jim
$ cat bug.php
<?
define( 'LOG_NORMAL', 0 );
define( 'LOG_WARNING', 1 );
define( 'LOG_ERROR', 2 );
echo 'LOG_NORMAL ' . LOG_NORMAL . "\n";
echo 'LOG_WARNING ' . LOG_WARNING . "\n";
echo 'LOG_ERROR ' . LOG_ERROR . "\n";
?>
$ php bug.php
LOG_NORMAL 0
LOG_WARNING 4
LOG_ERROR 2
$
--- End Message ---
