php-windows Digest 22 Feb 2007 11:28:48 -0000 Issue 3145
Topics (messages 27502 through 27504):
Scheduling
27502 by: Armando
Re: A measre of security
27503 by: Gustav Wiberg
FAO Dmitry - proc_open() update
27504 by: David Felton
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I've been trying to wrap my head around this for the last day or two but
just can't seem to figure it out.. anyone who's up to the challenge
please pipe up! Here's the situation:
I'm creating a tool to manage employee shifts. There are 3 shifts per
day which are always at the same times. I have a javascript calendar in
which the user selects their "start date". This passes year, month and
day values through the URL to a page. I do a checkdate() to ensure the
date is valid on the Gregorian calendar (in case the user was messing
around and manually entering values in the URL). If checkdate is true,
proceed, else pop an error. Simple so far, but here's where I'm hitting
a wall.
Problem 1) I need to display the three shifts for that day as well as
the next 6 days in a row (basically, a week's worth). Each shift on each
day needs to display a drop-down with all the available users as well as
an entry for "open shift". This form once submitted will update all
those values, in case any of them changed.
Problem 2) How to store and manage the data in the database. I want it
to be self sustaining, but I'm drawing a blank on how I can manage this
without hammering out queries to check if the record of a certain shift
exists and create one if it doesn't.
To note, each employee has a unique user id (int value entered when the
employee is initially created) which is likely what I would store in the
"schedule" table (shift_userid) to keep the database size down, and just
in case a user changes their actual first or last name (say they get
married?). The drop-down lists will need to display the employee names.
I'm thinking along the lines of using arrays to store all the data
before spitting it out, but I'm really not that great with arrays yet.
Plus updating the form with 21 different fields on it... how to identify
them and make sure they update the right fields in the database?
Any tips or suggestions would be welcome. Cheers!
Armando
--- End Message ---
--- Begin Message ---
Hi there!
It seems to be a tought problem (in the means of time to solve it anyway)
Here's anyway a function that might help you on the long road...
function weekRange() {
$week = 7//Set week
$year = 2007 //Set year
$first_monday = (8 - date("w", mktime(1,0,0,12,31,$year -1))) %
7;
if ($first_monday == 0) $first_monday = 7;
$fm_ts = mktime(1,0,0,1,$first_monday,$year);
$monday = strtotime('+'.($week - 1).' week', $fm_ts);
$sunday = strtotime('+6 days', $monday);
$start = date("Y-m-d", $monday);
$end = date("Y-m-d", $sunday);
return array($start, $end);
}
Best regards
/Gustav Wiberg
-----Original Message-----
From: bedul [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 3:26 AM
To: Gustav Wiberg; [email protected]
Cc: [email protected]
Subject: Re: [PHP-WIN] A measre of security
----- Original Message -----
From: "Gustav Wiberg" <[EMAIL PROTECTED]>
To: "'bedul'" <[EMAIL PROTECTED]>; <[email protected]>
Cc: <[email protected]>
Sent: Monday, February 19, 2007 2:28 PM
Subject: RE: [PHP-WIN] A measre of security
-----Original Message-----
From: bedul [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 17, 2007 10:26 AM
To: Gustav Wiberg; [email protected]
Cc: [email protected]
Subject: Re: [PHP-WIN] A measre of security
Importance: High
cmiiw
----- Original Message -----
From: "Gustav Wiberg" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, February 14, 2007 6:39 PM
Subject: [PHP-WIN] A measre of security
Hi!
This is a kind of security-question....
I'm starting up a system, where several customers should be able to login
with there own information.
Each company I give unique identity with "hard-coding" and each company has
its own folder...
Harding-coding, something like:
$company -> setIDCompany(1);
$company -> setIDCompany(2);
$company -> setIDCompany(3);
[bedul]
you should not try hardcoding by your self.. is suffer your health.. hehehe
why don't you use an id.. if you enter this using db.. every new record or
company will given a new id..
like you enter new comp anda the new will have 4 and soon
but if this not what you wanted.. just created a random var like this
i enter new comp.. where the var given = a4s43.. this comp will have id
a4s43 and have folder named a4s43
=====================================================
Diffrent folders:
customers/company1
customers/company2
customers/company3
and so on...
This isn't complicated, but when I add a new company.... ...I must be
200% sure that the IDCompany is set correct (There is a chance of setting
the wrong ID for a new company or forgetting to change it)
[bedul]
to search what your id entered .. try use
int mysql_insert_id ( [resource link_identifier] )
Retrieves the ID generated for an AUTO_INCREMENT column by the previous
INSERT query.
=======================================
The companys ARE NOT ALLOWED to see each others information.
[bedul]
try above suggestion.. use random var for folder.. how to get em??
$idFromTable=mysql_insert_id ($handle);
$rndNum=rand(2100);
$randomID="a".$idFromTable."s".$rndNum;
========================================
Is there any good way of solving this with some sort of
comparision-mechanism or something like that? Any thoughts?
[bedul]
interesting. can u explain more about 'sort of comparision-mechanism'??
Hi there!
Thanx for your suggestion! What I meant with comparisaion-mechanism was that
I
Want to have som kind of fucntion that is "almost" impossible to set ID 1 -
Company 2, impossible to set ID2 for company 1. The function should check
Somehow that the right ID is set.. Like ID 1 = Company1, ID 2 = Company and
so on...
Best Regards
/Gustav Wiberg
[bedul]
i believe u talk about random id?? cmiiw
why not using random by combine ip regis & date regis?
read the 4 line.. i think, u might ask about cookie or session?? i believe
this is more close what u describe above. if this like webhosting.. u might
use share folder but if this not hosting.. i more simple. (yet less simple
actualy from hard coding /omg)
what u say before.. actualy i don't get it? why you have to make share
folder? why not the file put on 1 folder. use database to describe the file
then u probably able to share the file and make folder (it not real folder
actualy.. it is just a database).
fyi search for sharing data aplication. try this link
http://sourceforge.net/projects/simpledirectory
http://sourceforge.net/projects/phpexplorer
http://sourceforge.net/projects/phpshell
http://savannah.nongnu.org/projects/phpexplore/
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Not sure if this mailing list is the best place to ask you a question
Dmitry?
I noticed in the latest version of PHP 5 (5.2.1) you have fixed an issue
that has been causing us real problems:
"Improved proc_open(). Now on Windows it can run external commands not
through CMD.EXE. (Dmitry)"
We have not been able to run certain executables we have wanted to on
our windows web servers because of the issue of opening a security hole
by altering permissions on cmd.exe, and it looks like you have fixed the
problem.
Unfortunately we use PHP 4, and I was sad to see in the latest version
of PHP 4 (4.4.5), released 6 days after the above the fix has not been
applied.
Can you tell me if this fix is ever going to happen for PHP 4?
Thanks.
**********************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
**********************************************************************************
--- End Message ---
