php-general Digest 13 Oct 2011 09:05:25 -0000 Issue 7517
Topics (messages 315253 through 315266):
Re: Variable variable using constant
315253 by: Robert Williams
315254 by: Marc Guay
Local variable protection
315255 by: Benjamin Coddington
315256 by: Ken Robinson
315263 by: Benjamin Coddington
315265 by: Tommy Pham
315266 by: Stuart Dallas
creating php_bcompiler.dll
315257 by: Peter Roth
php_bcompiler.dll dependencies?
315258 by: Peter Roth
Building PHP on Windows 7 using Visual Studio 10
315259 by: Peter Roth
Re: [PECL-DEV] php_bcompiler.dll dependencies?
315260 by: Ángel González
315261 by: Pierre Joye
315262 by: Ferenc Kovacs
Seâd - Contract Developer Contracts Available in Auckland and Hamilton - New
Zealand
315264 by: Paul Jenkins
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 10/12/11 11:51, "Marc Guay" <marc.g...@gmail.com> wrote:
>Let's say that I have 2 constants
>
>DEFINE('DESKTOP_URL_en', "http://www.website.com/index.php?page=home";);
>DEFINE('DESKTOP_URL_fr',
>"http://www.website.com/index.php?page=accueil";);
>
>and I would like to populate the value of an href with them depending
>on the user's language. $_SESSION['lang'] is either 'en' or 'fr'.
>How would I go about referring to this variable?
Try:
$var = constant('DESKTOP_URL_' . $_SESSION['lang']);
Regards,
Bob
--
Robert E. Williams, Jr.
Associate Vice President of Software Development
Newtek Businesss Services, Inc. -- The Small Business Authority
https://www.newtekreferrals.com/rewjr
http://www.thesba.com/
Notice: This communication, including attachments, may contain information that
is confidential. It constitutes non-public information intended to be conveyed
only to the designated recipient(s). If the reader or recipient of this
communication is not the intended recipient, an employee or agent of the
intended recipient who is responsible for delivering it to the intended
recipient, or if you believe that you have received this communication in
error, please notify the sender immediately by return e-mail and promptly
delete this e-mail, including attachments without reading or saving them in any
manner. The unauthorized use, dissemination, distribution, or reproduction of
this e-mail, including attachments, is prohibited and may be unlawful. If you
have received this email in error, please notify us immediately by e-mail or
telephone and delete the e-mail and the attachments (if any).
--- End Message ---
--- Begin Message ---
> $var = constant('DESKTOP_URL_' . $_SESSION['lang']);
Very nice, thank you.
Marc
--- End Message ---
--- Begin Message ---
Are there any assurances that function local variables are protected from code
calling the function?
For example, I would like to provide some cryptographic functions such as
function org_secure_string($string) {
$org_key = "a very random key";
return hash($string, $key);
}
function org_reveal_string($hash) {
$org_key = "a very random key";
return unhash($hash, $key);
}
I'd like to protect $org_key from any code following or using these functions.
I've not yet found a way that it can be revealed, but I wonder if anyone here
can give me a definitive answer whether or not it is possible.
Ben
--- End Message ---
--- Begin Message ---
Quoting Benjamin Coddington <bcodd...@uvm.edu>:
Are there any assurances that function local variables are protected
from code calling the function?
For example, I would like to provide some cryptographic functions such as
function org_secure_string($string) {
$org_key = "a very random key";
return hash($string, $key);
}
function org_reveal_string($hash) {
$org_key = "a very random key";
return unhash($hash, $key);
}
I'd like to protect $org_key from any code following or using these
functions. I've not yet found a way that it can be revealed, but I
wonder if anyone here can give me a definitive answer whether or not
it is possible.
It's called the scope of the variable. See
http://us3.php.net/manual/en/language.variables.scope.php
Variables defined in a function are only available to the function
where they are defined.
Ken
--- End Message ---
--- Begin Message ---
On Oct 12, 2011, at 4:24 PM, Ken Robinson wrote:
> Quoting Benjamin Coddington <bcodd...@uvm.edu>:
>
>> Are there any assurances that function local variables are protected from
>> code calling the function?
>>
>> For example, I would like to provide some cryptographic functions such as
>>
>> function org_secure_string($string) {
>> $org_key = "a very random key";
>> return hash($string, $key);
>> }
>>
>> function org_reveal_string($hash) {
>> $org_key = "a very random key";
>> return unhash($hash, $key);
>> }
>>
>> I'd like to protect $org_key from any code following or using these
>> functions. I've not yet found a way that it can be revealed, but I wonder
>> if anyone here can give me a definitive answer whether or not it is possible.
>
> It's called the scope of the variable. See
> http://us3.php.net/manual/en/language.variables.scope.php
>
> Variables defined in a function are only available to the function where they
> are defined.
Yes, but scope does not necessarily protect a value. Within a function globals
are out of scope, but their values can still be accessed through $GLOBALS.
Many languages have little-documented reflection features. I am concerned
about a determined person being capable of discovering the value of a variable
within a function that has already been defined. Is there a way to this? Is
there a way to examine the input buffer, or anything that has been read into
the interpreter so far? Certainly those values exist within the memory of the
process, which can be accessed through other methods.
I'd be very happy if anyone is able to say it is not possible to do this, and
explain why.
Ben
--- End Message ---
--- Begin Message ---
On Wed, Oct 12, 2011 at 4:51 PM, Benjamin Coddington <bcodd...@uvm.edu>wrote:
> On Oct 12, 2011, at 4:24 PM, Ken Robinson wrote:
>
> > Quoting Benjamin Coddington <bcodd...@uvm.edu>:
> >
> >> Are there any assurances that function local variables are protected
> from code calling the function?
> >>
> >> For example, I would like to provide some cryptographic functions such
> as
> >>
> >> function org_secure_string($string) {
> >> $org_key = "a very random key";
> >> return hash($string, $key);
> >> }
> >>
> >> function org_reveal_string($hash) {
> >> $org_key = "a very random key";
> >> return unhash($hash, $key);
> >> }
> >>
> >> I'd like to protect $org_key from any code following or using these
> functions. I've not yet found a way that it can be revealed, but I wonder
> if anyone here can give me a definitive answer whether or not it is
> possible.
> >
> > It's called the scope of the variable. See
> http://us3.php.net/manual/en/language.variables.scope.php
> >
> > Variables defined in a function are only available to the function where
> they are defined.
>
> Yes, but scope does not necessarily protect a value. Within a function
> globals are out of scope, but their values can still be accessed through
> $GLOBALS.
>
Maybe you should read that [1] again and thoroughly analyze the given
example. Any variable and its value within the function is only accessible
within _that_ function, unless you make a reference to a global variable.
Thus, the value is protected within the local scope inside that function,
which you're free to do as you wish within that same function. As Ken
mentioned, you should revisit that section Ken provided in the official
manual. BTW, your examples will generate errors as $key is not defined nor
did you reference it to a global variable within the functions.
If you still have any doubts, run the following code with all errors and
warnings enabled in the php.ini:
function org_secure_string($string) {
$key = "a very random key";
return hash($string, $key);
}
echo '<pre>';
var_dump($GLOBALS);
The use of var_dump is one of the best ways to confirm that what actually
happens is the _exactly_the_same_ as what you think should happen within
your code/application.
Many languages have little-documented reflection features. I am concerned
> about a determined person being capable of discovering the value of a
> variable within a function that has already been defined. Is there a way to
> this? Is there a way to examine the input buffer, or anything that has been
> read into the interpreter so far? Certainly those values exist within the
> memory of the process, which can be accessed through other methods.
>
> I'd be very happy if anyone is able to say it is not possible to do this,
> and explain why.
>
> Ben
>
>
Regards,
Tommy
[1] php.net/reserved.variables.globals
--- End Message ---
--- Begin Message ---
On 12 Oct 2011, at 21:06, Benjamin Coddington wrote:
> Are there any assurances that function local variables are protected from
> code calling the function?
>
> For example, I would like to provide some cryptographic functions such as
>
> function org_secure_string($string) {
> $org_key = "a very random key";
> return hash($string, $key);
> }
>
> function org_reveal_string($hash) {
> $org_key = "a very random key";
> return unhash($hash, $key);
> }
>
> I'd like to protect $org_key from any code following or using these
> functions. I've not yet found a way that it can be revealed, but I wonder if
> anyone here can give me a definitive answer whether or not it is possible.
Maybe I'm missing something, but whatever protection might exist within a
running PHP process, they'll simply be able to open your PHP file and see it
there. Even if you're using something like Zend Guard, the string literal will
not be difficult to extract.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--- End Message ---
--- Begin Message ---
Hello,
I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I
can compile it OK, but it will not link. Below is the output of the build
process. Does anybody have any idea on how to get past these link errors so
that I can build the dll?
php_bcompiler.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005:
'PHP_COMPILER_ID' : macro redefinition
command-line arguments : see previous definition of 'PHP_COMPILER_ID'
php_bcompiler.c(702): warning C4996: 'sscanf': This function or variable may be
unsafe. Consider using sscanf_s instead. To disable deprecation, use
_CRT_SECURE_NO_WARNINGS. See online help for details.
c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\include\stdio.h(325) : see declaration of 'sscanf'
bcompiler.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005:
'PHP_COMPILER_ID' : macro redefinition
command-line arguments : see previous definition of 'PHP_COMPILER_ID'
bcompiler.c(60): warning C4996: 'strcat': This function or variable may be
unsafe. Consider using strcat_s instead. To disable deprecation, use
_CRT_SECURE_NO_WARNINGS. See online help for details.
bcompiler.c(61): warning C4996: 'strcat': This function or variable may be
unsafe. Consider using strcat_s instead. To disable deprecation, use
_CRT_SECURE_NO_WARNINGS. See online help for details.
bcompiler.c(76): warning C4996: 'strnicmp': The POSIX name for this item is
deprecated. Instead, use the ISO C++ conformant name: _strnicmp. See online
help for details.
c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\include\string.h(248) : see declaration of 'strnicmp'
bcompiler.c(637): warning C4996: 'sscanf': This function or variable may be
unsafe. Consider using sscanf_s instead. To disable deprecation, use
_CRT_SECURE_NO_WARNINGS. See online help for details.
c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\include\stdio.h(325) : see declaration of 'sscanf'
bcompiler_zend.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005:
'PHP_COMPILER_ID' : macro redefinition
command-line arguments : see previous definition of 'PHP_COMPILER_ID'
bcompiler_zend.c(738): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(759): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(959): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1216): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1549): warning C4018: '<' : signed/unsigned mismatch
bcompiler_zend.c(1698): warning C4018: '<' : signed/unsigned mismatch
bcompiler_debug.c
C:\Users\Peter\Documents\Data\Development\Ponderosa Innovative
Solutions\Code\php-5.3.8\main\../main/config.w32.h(189): warning C4005:
'PHP_COMPILER_ID' : macro redefinition
command-line arguments : see previous definition of 'PHP_COMPILER_ID'
Generating Code...
Creating library Release\php_bcompiler.lib and object
Release\php_bcompiler.exp
php_bcompiler.obj : error LNK2001: unresolved external symbol
__imp__executor_globals_id
bcompiler.obj : error LNK2001: unresolved external symbol
__imp__executor_globals_id
bcompiler_zend.obj : error LNK2019: unresolved external symbol
__imp__executor_globals_id referenced in function _apc_deserialize_zvalue_value
php_bcompiler.obj : error LNK2019: unresolved external symbol
__imp__ts_allocate_id referenced in function _zm_startup_bcompiler
php_bcompiler.obj : error LNK2001: unresolved external symbol
__imp__compiler_globals_id
bcompiler.obj : error LNK2001: unresolved external symbol
__imp__compiler_globals_id
Release\php_bcompiler.dll : fatal error LNK1120: 3 unresolved externals
--- End Message ---
--- Begin Message ---
I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I
can compile it OK, but it will not link. I have posted the build output error
messages in a previous post. I am wondering if building PHP from source code
would produce some files that would help me get past the link errors.
--- End Message ---
--- Begin Message ---
I am trying to build PHP from source code on Windows 7 using Visual Studio 10.
I have tried to follow the procedure at
https://wiki.php.net/internals/windows/stepbystepbuild
I did not get very far and suspect that this procedure may need to be updated
for people in my situation. In particular, steps 6, 7, and 12 and beyond just
don't work on my system.
Does anyone out there have an updated procedure that I could follow?
Also, is step #12 implying that I can build PHP without adding any other
libraries to the "deps" folder?
--- End Message ---
--- Begin Message ---
Peter Roth wrote:
I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I
can compile it OK, but it will not link. I have posted the build output error
messages in a previous post. I am wondering if building PHP from source code
would produce some files that would help me get past the link errors.
If the problems arise because you are using a different compiler,
recompiling php would certainly fix it.
Although if your problems appear before getting the dll, I'm not sure if
that's the case.
--- End Message ---
--- Begin Message ---
hi,
Which previous post? Also you have to use VC9 not VC10 to use your ext
against PHP releases. You can get it with the platform SDK 6.1
Cheers,
On Wed, Oct 12, 2011 at 10:51 PM, Peter Roth <peter.r...@opti-sys.com> wrote:
> I am trying to build php_bcompiler.dll on Windows 7 using Visual Studio 10. I
> can compile it OK, but it will not link. I have posted the build output error
> messages in a previous post. I am wondering if building PHP from source code
> would produce some files that would help me get past the link errors.
>
>
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--- End Message ---
--- Begin Message ---
> Which previous post?
http://news.php.net/php.pecl.dev/8616
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
--- End Message ---
--- Begin Message ---
Hi PHPr's
I have a client looking for Contract developers. Multiple requirements.
Work on enhancing the User Interface of a large and complex Web
Application product.
We are ideally looking for those with experience in developing and
deploying graphical user interfaces using Web based technologies.
Strong user interface design skills and excellent knowledge of HTML
and CSS.
Excellent web development skills in PHP and JavaScript, and ability to
master new development frameworks.
Having a background or experience in modern networking or
telecommunication technologies would be ideal.
Some additional skills include experience with the JQuery JavaScript
framework and CodeIgniter.
Any experience with C development, particularly in writing PHP
extensions would be highly sought after, but not a necessity.
Please send your details / current CV to me - p...@sead.co.nz and/or
call 09 3772047 / 027 7413905
Initial contract will be 3-6 months and should extend past this.
Rates are negotiable based on experience. Starting ASAP.
Paul Jenkins
Account Manager
Seâd Ltd
www.sead.co.nz<http://www.google.com/url?sa=D&q=www.sead.co.nz&usg=AFQjCNFhdcBG7RRkeF_LbvEh2e1joJvRtQ>
027 741 3905
09 377 2047
Paul Jenkins
Account Manager
Seâd Ltd
www.sead.co.nz
+64 27 741 3905
+64 9 377 2047
Join me on LinkedIn http://www.linkedin.com/in/pjenkins Follow me on
Twitter http://www.twitter.com/ITJOBSNZ <http://twitter.com/ITJOBSNZ>
Become a fan of Seâd on
Facebook<http://www.facebook.com/pages/Auckland/Sead-Ltd/76190173187?ref=nf>
Check us out on
LinkedIn<http://www.linkedin.com/groups?mostPopular=&gid=2139186>
Check out Seâd’s latest
jobs<http://www.seek.co.nz/JobSearch?DateRange=31&Keywords=sead&SearchFrom=quickupper&SearchType=search+again>
[image: QR Code - Paul Jenkins.png]
[image:
cid:image001.jpg@01CBDE67.C12164A0]<http://www.gettingitright.co.nz/the-plan/supporters>
*Support us to drive positive change for NZ I.T.**
**www.gettingitright.co.nz*<http://www.gettingitright.co.nz/the-plan/supporters>
--- End Message ---
