php-general Digest 30 Nov 2011 05:36:55 -0000 Issue 7591
Topics (messages 315872 through 315888):
Re: Auto CRUD Generator
315872 by: Daniel Brown
Class instance pointers
315873 by: Tim Streater
315874 by: cimodev
315875 by: Jim Lucas
315876 by: Tim Streater
Re: Common way to store db-password of open session?
315877 by: Jim Lucas
315887 by: Tamara Temple
Re: Retrieve subjectAltName from client certificate
315878 by: Nelson Teixeira
Re: Apache's .htaccess issue with absolute addressing
315879 by: Tamara Temple
Re: Auto CRUD Generator Xataface
315880 by: Daevid Vincent
315881 by: Matijn Woudt
315882 by: Daevid Vincent
315883 by: Matijn Woudt
315884 by: Jim Lucas
315886 by: Bastien Koert
Re: PHP run from console - automatic password input
315885 by: Peter
315888 by: Mihamina Rakotomandimby
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Sat, Nov 26, 2011 at 15:15, Muhammad Hassan Samee
<hassansa...@gmail.com> wrote:
> is there any class/script that can automatically create a CRUD
> [Create,Read,Update,Delete] grid table for any database table .?
Search Google for Xataface. It's a full frontend which
dynamically changes with database structure changes.
--
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/
--- End Message ---
--- Begin Message ---
Is there any benefit to setting a pointer to a class instance to null before
returning from a function? As in:
function myfunc ()
{
$p = new myclass ();
// do stuff
$p = null;
}
Thanks.
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
Am 29.11.2011 16:56, schrieb Tim Streater:
> Is there any benefit to setting a pointer to a class instance to null before
> returning from a function? As in:
>
> function myfunc ()
> {
> $p = new myclass ();
> // do stuff
> $p = null;
> }
>
> Thanks.
>
>
No!
In this case the GC will do that for you :)
regards, cimodev
--- End Message ---
--- Begin Message ---
On 11/29/2011 7:56 AM, Tim Streater wrote:
> Is there any benefit to setting a pointer to a class instance to null before
> returning from a function? As in:
>
> function myfunc ()
> {
> $p = new myclass ();
> // do stuff
> $p = null;
> }
>
> Thanks.
>
> --
> Cheers -- Tim
>
>
Nope, AFAIK everything inside the function will disappear when the function
exits. Unless you run into one of the memory release issues talked about in the
past, in that case you might be SOL.
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
http://www.bendsource.com/
C - (541) 408-5189
O - (541) 323-9113
H - (541) 323-4219
--- End Message ---
--- Begin Message ---
On 29 Nov 2011 at 17:01, cimodev <cimo...@googlemail.com> wrote:
> Am 29.11.2011 16:56, schrieb Tim Streater:
>> Is there any benefit to setting a pointer to a class instance to null before
>> returning from a function? As in:
>>
>> function myfunc ()
>> {
>> $p = new myclass ();
>> // do stuff
>> $p = null;
>> }
> No!
> In this case the GC will do that for you :)
Thanks, I expected that to be the case, but it's not been crucial up to now.
Rather than having a script that runs for a while and quits, I'm hoping to run
a small server written in PHP and wanted to be 100% sure that I didn't need to.
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
On 11/29/2011 6:28 AM, Al wrote:
>
>
> On 11/29/2011 7:40 AM, Nilesh Govindarajan wrote:
>> On Tue 29 Nov 2011 01:34:08 PM IST, Andreas wrote:
>>> Hi,
>>>
>>> is there a most advisable way to store db-passwords of an open
>>> user-session?
>>> As far as I get it, a common login strategy is to let the user login
>>> by name&password, check it, store a login=TRUE as php-session variable
>>> and later use a common dbuser+pw to query data provided "login" is TRUE.
>>>
>>> This way one wouldn't have to store the users pw or actually the user
>>> wouldn't have a real db-account but rather an application account.
>>>
>>> Is this really better or equal than using real db-accounts?
>>>
>>> Should I rather store the db-credentials in a session or cookies?
>>>
>>> Session is vulnerable as any host-user could look into /tmp.
>>> This would generally be a trusted few though.
>>>
>>> On the other hand cookies could be manipulated by the user or at least
>>> be spied upon on the way between user and web-host every time the
>>> credentials are needed for a query.
>>>
>>
>> What exactly do you mean by db-account?
>> I didn't understand your question, but this is what I do in my
>> applications- When the user submits the login form, validate POST data
>> (for mischievous stuff) and check if username& password query works
>> out successfully. If it does, store a session variable login=true and
>> let the user work on the private parts of the site.
>> The cookie essentially, contains just the session id. I never use
>> cookies to store data, only sessions.
>> I also add ip and user-agent filtering to my auth systems.
>>
>
> Sounds like $_SESSION buffer is what you need. I use the buffer extensively in
> most of my designs.
>
>
>
It seems to me that the OP isn't asking where to store it, s/he is asking what
to store.
I would suggest storing only the SESSION ID in the cookies. In most setups,
this is done automatically.
Then in the sessions file place only the information that will allow you to
identify the individual in question.
In some cases, I have seen were the first step is followed above, but then
rather the just the identifiable information in the session, one would grab all
the account details and place this information in the session instead. The only
benefit I see here is the within future page requests, you don't have to hit the
DB for the account details, they are in a session file that you already had to
load into memory. The drawback to this approach is that all the account details
are in a file on the file system that could (in some situations) be read by
other system user accounts.
YMMV
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
http://www.bendsource.com/
C - (541) 408-5189
O - (541) 323-9113
H - (541) 323-4219
--- End Message ---
--- Begin Message ---
Jim Lucas <li...@cmsws.com> wrote:
> On 11/29/2011 6:28 AM, Al wrote:
> > On 11/29/2011 7:40 AM, Nilesh Govindarajan wrote:
> >> On Tue 29 Nov 2011 01:34:08 PM IST, Andreas wrote:
> >>> Hi,
> >>>
> >>> is there a most advisable way to store db-passwords of an open
> >>> user-session?
> >>> As far as I get it, a common login strategy is to let the user login
> >>> by name&password, check it, store a login=TRUE as php-session variable
> >>> and later use a common dbuser+pw to query data provided "login" is TRUE.
> >>>
> >>> This way one wouldn't have to store the users pw or actually the user
> >>> wouldn't have a real db-account but rather an application account.
> >>>
> >>> Is this really better or equal than using real db-accounts?
> >>>
> >>> Should I rather store the db-credentials in a session or cookies?
> >>>
> >>> Session is vulnerable as any host-user could look into /tmp.
> >>> This would generally be a trusted few though.
> >>>
> >>> On the other hand cookies could be manipulated by the user or at least
> >>> be spied upon on the way between user and web-host every time the
> >>> credentials are needed for a query.
> >>>
> >>
> >> What exactly do you mean by db-account?
> >> I didn't understand your question, but this is what I do in my
> >> applications- When the user submits the login form, validate POST data
> >> (for mischievous stuff) and check if username& password query works
> >> out successfully. If it does, store a session variable login=true and
> >> let the user work on the private parts of the site.
> >> The cookie essentially, contains just the session id. I never use
> >> cookies to store data, only sessions.
> >> I also add ip and user-agent filtering to my auth systems.
> >>
> >
> > Sounds like $_SESSION buffer is what you need. I use the buffer extensively
> > in
> > most of my designs.
> >
> >
> >
>
> It seems to me that the OP isn't asking where to store it, s/he is asking what
> to store.
>
> I would suggest storing only the SESSION ID in the cookies. In most setups,
> this is done automatically.
>
> Then in the sessions file place only the information that will allow you to
> identify the individual in question.
>
> In some cases, I have seen were the first step is followed above, but then
> rather the just the identifiable information in the session, one would grab
> all
> the account details and place this information in the session instead. The
> only
> benefit I see here is the within future page requests, you don't have to hit
> the
> DB for the account details, they are in a session file that you already had to
> load into memory. The drawback to this approach is that all the account
> details
> are in a file on the file system that could (in some situations) be read by
> other system user accounts.
As I read it, the OP may be confusing application user logins and the
credentials used by the application to access the data base. Individual
application users should *NOT* have access directly to the data base by
having their individual credentials in the db access list. The
application should have a unique set of credentials for accessing the
database, and the only way users can gain access to the database should
be through the application. Do NOT store data base credentials anywhere
in the session or in cookies, either, as that can give people access to
your database as well.
--- End Message ---
--- Begin Message ---
I found a solution. It's a clumsy one, but it works.
Well I considered that a certificate is encoded in base64. So I remove de
the 1st and last lines, and decode it. Now we got a lot of binary
information, but at least the info is there and readable, so we can search
for it.
I opened this data in a hexeditor, and look for my data. When I found it I
realized that a couple of bytes before it there were a part of my custom
OID number. I mean my OID number is 2.16.76.1.3.1, and I found the bytes
"4C 01 03 01" (0x4C=76) just 8 bytes before the data. So I made PHP search
the decoded document for this bytes and extract the information I need
positionaly. I know it's clumsy, but it's the best I got until now.
Here is the PHP code I used:
$cert = $_SERVER['SSL_CLIENT_CERT'];
// remove first and last lines (i.e. BEGIN/END CERTIFICATE)
$cert = preg_replace("/\n.*$/", "", preg_replace("/^.*\n/", "", $cert));
$cert_dec = base64_decode($cert);
//find OID position
$pos = strpos($cert_dec, pack("H*", "4C010301")) + 8;
/extract custom data
$birthdate = substr($cert_dec, $pos, 8);
$docnumber = substr($cert_dec, $pos + 8, 11);
echo $birthdate;
echo "<br>";
echo $docnumber;
If anyone has any solution better than this one I would be glad to know.
-Nelson
2011/11/24 Nelson Teixeira
> Hello,
>
> I'm trying to read subjectAltName field from a client certificate with
>
> $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
> $subjectAltName = $x509['extensions']['subjectAltName'];
>
> but the field contains " othername:, othername:, othername:," where the
> real data should be. There's valid data there because I can see it in
> firefox's certificate view. I already have SSLOptions +StdEnvVars
> +ExportCertData configured in apache. I can read correctly serveral other
> fields.
>
> How can I receive correctly from apache and extract the real data ?
>
> -Nelson
>
--- End Message ---
--- Begin Message ---
Grega Leskovšek <legr...@gmail.com> wrote:
> That is problem on my skavt.net server, but also an issue of knowledge.
> I need to access my css/js/pic files with absolute addressing(starting
> with /) I can do this on my home server if I start from /var/www and
> not from /var/www/peace-refuge/, but when I upload to skavt.net server
> in the www/ (my root dir) the thing doesn't work any more.
> What do I need to write in .htaccess file in base dir
> to mark for example /www/ is base dir and when accessing a file with /my.css
> will look in /www/my.css address and not in somewhere else I do not
> where and I do not know how to figure that out?
>
> I tried this
> RewriteBase /www/
> writing in the file /www/.htaccess
>
> but it doesn’t work. Please help me! Thanks in advance, Grega from Slovenia
If /var/www is your DocumentRoot in your httpd.conf file, the above
won't work. If your application is rooted at /var/www, then you don't
need any rewrite rules to get /my.css to work if it is already in the
DocumentRoot for the site.
--- End Message ---
--- Begin Message ---
-----Original Message-----
> Search Google for Xataface. It's a full frontend which
> dynamically changes with database structure changes.
http://xataface.com/videos is broken and therefore we can't view the demo,
and nothing pisses me off more than a site that doesn't have a simple
"contact" email link!
UGH!
--- End Message ---
--- Begin Message ---
On Tue, Nov 29, 2011 at 9:44 PM, Daevid Vincent <dae...@daevid.com> wrote:
> -----Original Message-----
>> Search Google for Xataface. It's a full frontend which
>> dynamically changes with database structure changes.
>
> http://xataface.com/videos is broken and therefore we can't view the demo,
> and nothing pisses me off more than a site that doesn't have a simple
> "contact" email link!
>
> UGH!
>
>
I think your PC is broken.. I can watch the videos just fine ;)
Matijn
--- End Message ---
--- Begin Message ---
-----Original Message-----
From: Matijn Woudt [mailto:tijn...@gmail.com]
Sent: Tuesday, November 29, 2011 12:48 PM
To: Daevid Vincent
Cc: php-general-h...@lists.php.net; php-gene...@lists.php.net
Subject: Re: [PHP] Auto CRUD Generator Xataface
On Tue, Nov 29, 2011 at 9:44 PM, Daevid Vincent <dae...@daevid.com> wrote:
> -----Original Message-----
>> Search Google for Xataface. It's a full frontend which
>> dynamically changes with database structure changes.
>
> http://xataface.com/videos is broken and therefore we can't view the demo,
> and nothing pisses me off more than a site that doesn't have a simple
> "contact" email link!
>
> UGH!
>
>
> I think your PC is broken.. I can watch the videos just fine ;)
I tried it in FF 3.6.24 as well as Chrome 15.0.874.121 m (is that really
necessary Google?!) and lastly IE 8.0.7601.17514 (is that really necessary
Micro$oft?!). All on Win7 64-bit burley-ass Dell PC.
I code in PHP all day long and have no troubles with other websites. Not even
other pages on THAT web site. That particular "tab" / "page" however only shows
the logo top left, search top right, and then these in the tabs:
Home Forum Documentation Videos <a href="http://
And the rest of the page is white.
Garbage.
--- End Message ---
--- Begin Message ---
On Tue, Nov 29, 2011 at 9:54 PM, Daevid Vincent <dae...@daevid.com> wrote:
>> I think your PC is broken.. I can watch the videos just fine ;)
>
> I tried it in FF 3.6.24 as well as Chrome 15.0.874.121 m (is that really
> necessary Google?!) and lastly IE 8.0.7601.17514 (is that really necessary
> Micro$oft?!). All on Win7 64-bit burley-ass Dell PC.
>
> I code in PHP all day long and have no troubles with other websites. Not even
> other pages on THAT web site. That particular "tab" / "page" however only
> shows the logo top left, search top right, and then these in the tabs:
>
> Home Forum Documentation Videos <a href="http://
>
> And the rest of the page is white.
>
> Garbage.
Still, your PC is broken, not the site. It's working fine here with
Chrome 15.0.874.121 m.
Matijn
--- End Message ---
--- Begin Message ---
On 11/29/2011 12:54 PM, Daevid Vincent wrote:
>
>
> -----Original Message-----
> From: Matijn Woudt [mailto:tijn...@gmail.com]
> Sent: Tuesday, November 29, 2011 12:48 PM
> To: Daevid Vincent
> Cc: php-general-h...@lists.php.net; php-gene...@lists.php.net
> Subject: Re: [PHP] Auto CRUD Generator Xataface
>
> On Tue, Nov 29, 2011 at 9:44 PM, Daevid Vincent <dae...@daevid.com> wrote:
>> -----Original Message-----
>>> Search Google for Xataface. It's a full frontend which
>>> dynamically changes with database structure changes.
>>
>> http://xataface.com/videos is broken and therefore we can't view the demo,
>> and nothing pisses me off more than a site that doesn't have a simple
>> "contact" email link!
>>
>> UGH!
>>
>>
>> I think your PC is broken.. I can watch the videos just fine ;)
>
> I tried it in FF 3.6.24 as well as Chrome 15.0.874.121 m (is that really
> necessary Google?!) and lastly IE 8.0.7601.17514 (is that really necessary
> Micro$oft?!). All on Win7 64-bit burley-ass Dell PC.
>
> I code in PHP all day long and have no troubles with other websites. Not even
> other pages on THAT web site. That particular "tab" / "page" however only
> shows the logo top left, search top right, and then these in the tabs:
>
> Home Forum Documentation Videos <a href="http://
>
> And the rest of the page is white.
>
> Garbage.
>
>
System: Windows XP 32-bit
I run FF 5.0.1 w/NoScript and I had allow both xataface.com and weblite.ca then
the video popped up.
IE 6.0 on the same system works fine too.
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
http://www.bendsource.com/
C - (541) 408-5189
O - (541) 323-9113
H - (541) 323-4219
--- End Message ---
--- Begin Message ---
On Tue, Nov 29, 2011 at 4:13 PM, Jim Lucas <li...@cmsws.com> wrote:
> On 11/29/2011 12:54 PM, Daevid Vincent wrote:
>>
>>
>> -----Original Message-----
>> From: Matijn Woudt [mailto:tijn...@gmail.com]
>> Sent: Tuesday, November 29, 2011 12:48 PM
>> To: Daevid Vincent
>> Cc: php-general-h...@lists.php.net; php-gene...@lists.php.net
>> Subject: Re: [PHP] Auto CRUD Generator Xataface
>>
>> On Tue, Nov 29, 2011 at 9:44 PM, Daevid Vincent <dae...@daevid.com> wrote:
>>> -----Original Message-----
>>>> Search Google for Xataface. It's a full frontend which
>>>> dynamically changes with database structure changes.
>>>
>>> http://xataface.com/videos is broken and therefore we can't view the demo,
>>> and nothing pisses me off more than a site that doesn't have a simple
>>> "contact" email link!
>>>
>>> UGH!
>>>
>>>
>>> I think your PC is broken.. I can watch the videos just fine ;)
>>
>> I tried it in FF 3.6.24 as well as Chrome 15.0.874.121 m (is that really
>> necessary Google?!) and lastly IE 8.0.7601.17514 (is that really necessary
>> Micro$oft?!). All on Win7 64-bit burley-ass Dell PC.
>>
>> I code in PHP all day long and have no troubles with other websites. Not
>> even other pages on THAT web site. That particular "tab" / "page" however
>> only shows the logo top left, search top right, and then these in the tabs:
>>
>> Home Forum Documentation Videos <a href="http://
>>
>> And the rest of the page is white.
>>
>> Garbage.
>>
>>
>
> System: Windows XP 32-bit
>
> I run FF 5.0.1 w/NoScript and I had allow both xataface.com and weblite.ca
> then
> the video popped up.
>
> IE 6.0 on the same system works fine too.
>
> --
> Jim Lucas
>
> http://www.cmsws.com/
> http://www.cmsws.com/examples/
> http://www.bendsource.com/
>
> C - (541) 408-5189
> O - (541) 323-9113
> H - (541) 323-4219
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Works for me as well in Chrome
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
passin and passout are not userd during "-revoke"
They are used to give parameters to create the certificate and give it the
above parameters.
But,
I think i managed to bypass the problem. I wrote a shell script using
expect, after 30 minutes of fighting, script does what I want it to. It
takes a users cert ID as a parameter and uses it to invoke 'openssl ca
-revoke' command. Thanks to this, i can refer to it prom my php script.
Maybe not the most elegant solution, but it works. And took me about 10
lines of code instead of 60 (non-working lines :) )
Thanks anyway all :)
Cheers
2011/11/29 Peter <jazdatest...@gmail.com>
> passin and passout are not userd during "-revoke"
> They are used to give parameters to create the certificate and give it
> the above parameters.
>
> 2011/11/29 shiplu <shiplu....@gmail.com>
>
>> Did you try -passin, -passout options of openssl command?
>>
>> See the man page here http://linux.die.net/man/1/openssl
>> Specially the "Pass phrase arguments" section.
>>
>> --
>> Shiplu.Mokadd.im
>> ImgSign.com | A dynamic signature machine
>>
>> Innovation distinguishes between follower and leader
>>
>>
>
--- End Message ---
--- Begin Message ---
On 11/30/2011 01:11 AM, Peter wrote:
I wrote a shell script
Please would you show it?
AFAIK, if Bash can do it, PHP should also...
Thanks.
--
RMA.
--- End Message ---
