[PHP] failure notice (fwd)

[Miguel Cruz]

Is this for real? Rackspace hosts an awful lot of good-hearted people
(including myself). Is there a specific reason why the entire ISP's
customer base has been blocked from posting to php-general? I guess I have
to give up participating on the PHP list...

miguel

-- Forwarded message --
Date: 27 Jul 2002 19:21:15 -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: failure notice

Hi. This is the qmail-send program at stoic.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
216.92.131.4 does not like recipient.
Remote host said: 553 209.61.128.0/18 blocked by rackspace.blackholes.us
Giving up on 216.92.131.4.

--- Below this line is a copy of the message.

Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 22694 invoked by uid 508); 27 Jul 2002 19:21:11 -
Received: from localhost ([EMAIL PROTECTED])
  by localhost with SMTP; 27 Jul 2002 19:21:11 -
Date: Sat, 27 Jul 2002 14:21:11 -0500 (CDT)
From: Miguel Cruz <[EMAIL PROTECTED]>
To: Tony Harrison <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: Date() Problem
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Sat, 27 Jul 2002, Tony Harrison wrote:
> I tried using UNIX stamps but it dont work, and why the hell does it default
> to that date anyway? I thought it was supposed to default to the current
> time?

Be very happy it works the way it does. Since it defaults to an
easily-recognizable date and time, you can quickly tell when you've messed
up your code.

If you don't provide a second argument to date() at all, then it'll
default to the current date and time.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Reg exp to remove line feeds before lines starting withwhite space

[Miguel Cruz]

On Thu, 25 Jul 2002, Nicklas af Ekenstam wrote:
> I'm trying to do some parsing of mail headers and since not all
> headers follow the pattern:
> 
> X-Header-A: A string
> X-Header-B: Another string that is longer
> X-Header-C: And this string is very very long compared
> 
> But may very well look like this:
> 
> X-Header-A: A string
> X-Header-B: Another string that is 
>  longer
> X-Header-C: And this string is very very long 
>   compared

I imagine you want something like (untested):

$str = preg_replace('/\n[ \t]+/s', ' ', $str);

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] preg_match() occurence position

[Miguel Cruz]

On Thu, 25 Jul 2002, lallous wrote:
> Yes, I'm aware of the strpos() or any other non-regexp string functions...
> 
> but it is either I use regexp to match a certain pattern or I'll have to
> write a char-by-char parser to emulate regexp searching and yet get the
> position of the occurence!

Once you have found the matching string with preg_match, you can use
strpos() to see where it was. 

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] pdf to html

[Miguel Cruz]

On Thu, 25 Jul 2002, David Buerer wrote:
> I can think of many reasons why displaying the pdf in the browser is a last
> resort and not a first resort.  Especially in situations where the reader is
> not installed.  
> 
> Like Tyler, I would be quite interested to see if anyone has any ideas on
> how to convert from pdf to html.  

It's exceptionally difficult if you want to preserve the graphics.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: can there be a fax gateway?

[Miguel Cruz]

On Wed, 24 Jul 2002, Briggsy wrote:
> Altn-N have a product called relayfax which is used with e-mail. You could
> use forms to send an email and have realyfax fax it
> 
> www.altn.com They have awesome support for their mailserver MDaemon so I
> would say realyfax would be equally as good

Also, there's a free volunteer network of fax servers you can read about 
at:

   http://www.tpc.int/

Coverage is not universal, and you might get ads on the cover sheet, but
I've used it plenty of times over the years (this has been around for a
decade or so) and it's served me well.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] control structure question

[Miguel Cruz]

On Tue, 23 Jul 2002, Javier Montserat wrote:
> So refering back, i re-wrote the original example using the switch syntax...
> 
> switch (true) {
> case doStep1():
> case doStep2():
> case doStep3():
>   error();
>   break;
> default:
>   valid();
> }
> 
> Each case expressions is evaluated, until one of them evaluates to a value 
> equal (==) to the switch expression (in this case a boolean error flag).
> 
> The error() code will only be called if one of the doStep() evaluates to 
> false.
> 
> And the valid() code will only be evaluated if the switch reached the 
> default, which means that none of the above check returned false
> 
> I think for this example the switch syntax is more elegant than using a 
> series of if() statements.

That's pretty clever!

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Accessing upper directory of public_html directory

[Miguel Cruz]

On Wed, 24 Jul 2002, Justin French wrote:
> If your ISP doesn't allow you to use .htaccess files in this way, AND can't
> provide you with a directory outside the document root for placing sensitive
> files, then I'd recommend switching hosts, because they clearly don't have
> an understanding of what you need.

It's possible they put each of their customer in a chroot jail, in which
case - barring gross mistakes on the part of the customer - keeping the
password in a .php file in the docroot is quite secure.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions4.2.0and 4.2.1

[Miguel Cruz]

On Tue, 23 Jul 2002, Richard Lynch wrote:
> This is excluding support contracts for software you paid for -- Once you
> pay Oracle enough money for Support Contracts, they have pretty good
> support, from what I hear... :-)

They're attentive and responsive and about as knowledgeable as you could 
hope for (definitely not your typical tech support script readers), but 
the product is so hopelessly complex that it's still easy to stump them.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP Security Advisory: Vulnerability in PHP versions4.2.0

[Miguel Cruz]

On Wed, 24 Jul 2002, Scott Fletcher wrote:
> It work very nicely  The whole process take 30 to 45 minutes for just
> one server.  I wonder how does someone did 12 computers  in 10 minutes.
> Cool!

  cd /usr/src/local
  tar -zxf php-4.2.2.tar.gz
  cd php-4.2.2
  ../php-4.2.1/config.nice
  make install
  for i in server1 server2 server3 server4 server5 serverN
  scp ../apache_1.3.26/src/httpd ${i}:/usr/local/apache/bin/

Most of the time was watching 'make install'.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: How do I validate input using php?

[Miguel Cruz]

On Wed, 24 Jul 2002, Mike Mannakee wrote:
> Here's the code I use to validate emails:
> 
> function check_email($email)
>  {
>   global $email;
>   $regex="^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,4}$";
>   return eregi($regex, $email, $trash);
>  }

Please search the archives on this topic; it's been covered exhaustively,
and each time it comes up we get 25 bad functions and eventually one good
one. The above function will bark at valid domains (.museum, etc.) and
will allow patently invalid domains (anything containing _).

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] best way to log bad email address'

[Miguel Cruz]

On Thu, 25 Jul 2002, Justin French wrote:
> what's the best way to log the bad email address' from a mail() loop?
> 
> >From the manual:
> "mail() returns TRUE if the mail was successfully accepted for delivery,
> FALSE otherwise."
> 
> Is the definition of "accepted for delivery" dependent on each server, or is
> there are general definition of what it means?

In almost every case, mail() will return true, regardless of how bogus the 
destination email address is. 

mail() just dumps it into the mail queue. There's a lot that goes on 
between there and delivery, and mail() doesn't wait around.

You'll need to catch bounces as they come in. To make life easier, assign 
your own unique Message-IDs and remember them, so you can easily 
invalidate addresses.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] The page before for newman.

[Miguel Cruz]

On Thu, 25 Jul 2002, Philip J. Newman wrote:
> I'm looking for the global veriable that lists the page before the page
> that i just came from.  Anyone know what i'm talking about?

$_SERVER['HTTP_REFERER']

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: HTML E-mails

[Miguel Cruz]

On Tue, 23 Jul 2002, Manuel Lemos wrote:
> On 07/23/2002 02:40 AM, Miguel Cruz wrote:
>> On Sun, 21 Jul 2002, Richard Lynch wrote:
>>> Actually, though, when my clients insist on HTML email, I just
>>> tell them: "No.  If you want that feature, you'll have to hire
>>> somebody else to do it.  I've already explained why." I don't think
>>> I've lost a single client that way -- Every one of
>>> them has re-considered my advice, and outright
>>> refusal, and decided maybe I *do* know what the hell I'm talking about.
>>> YMMV.
>> 
>> I agree with everything you say. Furthermore, I think that
>> when I'm being paid for my expertise, I have a specific responsibility
>> to stop people from doing stupid things, even if they do happen to
>> really want them.  There is no honor - and in the long term, no
>> future - in casting aside my better judgment because I once read that
>> "the customer is always right."
> 
> It is good when you can discourage your customers to use a certain wide 
> spread technology for good reasons and still get paid for that.
> 
> Anyway, would you object to develop a system for a customer where it is 
> needed to send messages to clients that do not oppose to receive 
> messages in HTML? If so, why?

I have never had a customer say "We have three people, and I personally
installed their email client, and I want to develop a web-based system for
sending mail to them."

What I have heard quite a lot is "We have a growing list of clients and I
would like to send mail to all of them." This customer is not served by
having a system that sends confusing scrambled-looking messages to their
clients.  Better everyone has a slightly blander experience than 10% of
the users be permanently alienated.

If they have a way to definitively determine that users are consistently 
using HTML-capable MUAs, that's excellent, and I would not discourage them 
from sending HTML-formatted messages to those users.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Script executing Telnet Shell Command...

[Miguel Cruz]

On Mon, 22 Jul 2002, Kondwani Spike Mkandawire wrote:
> I am trying to execute a Script running a telnet command
> testing through a range of IP connections...
> Here goes:
> 
>  $str = "123.456.789.";
> $count = 0;
> 
> while ($count < 999){
> $runTheScriptCommand...
> }
> ?>
> 
> What I want to stick into the while loop is if connection
> was successful, break...  Is there a way I can check whether
> telnet connection was successful on each step through the
> loop or do I have to restructure my program and try
> connecting to a port via fsockopen...  By the way
> does anyone know what port number telnet connects to...

Telnet is port 23, and the protocol is more complicated than you might 
think. Perhaps you could look into using 'expect' (a unix utility) to 
control your telnet session. That might bring you less heartache in the 
long run.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirecting after login

[Miguel Cruz]

On Mon, 22 Jul 2002, Tim Thorburn wrote:
> A site I'm working on requires a login screen where various individuals 
> will log into the site and add information for their various 
> departments.  Rather than setup a different script for each department, I 
> was hoping to create one script that would either accept or deny a login 
> based on the username/password stored in a database, then based on the 
> username/password - redirect the individuals browser to a URL.
> 
> I've got the login part working perfectly, and I can turn the URL into a 
> link on the page, but I'd rather have the script just automatically forward 
> the person to the page they're login gives them access to.
> 
> I've tried using header(), but since the redirection takes place about 
> mid-script, it doesn't work.  I've also tried using  tag redirects, 
> but those don't seem to accept the PHP/MySQL combo.

Once they've been redirected, can they just bookmark the resulting page 
and never have to log in again?

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] number of files in a dir vs. performace

[Miguel Cruz]

On Mon, 22 Jul 2002, eat pasta type fasta wrote:
> currently I am holding all of the files in 1 directory since the DB can 
> keep track of them, however their number has grown to over 400 at this 
> point
> 
> my issue is whether it would be worth it (performance wise) to split them 
> into thumbs and works thus having 200+ files per directory as opposed to 
> so many, I am expecting the number of images to double in the future.

400 is not very many. Tens of thousands can start to become a problem.

Look at the distribution of your file names and come up with a hashing 
mechanism. For instance, if your filenames are numbers, create 
subdirectories 0/ 1/ 2/ 3/ 4/ etc., and place the files based on their 
final digit.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Inline Images ?

[Miguel Cruz]

On Sun, 21 Jul 2002, Roberto Ramírez wrote:
> Is there a way to display an image withouth sending the headers first?

You have to send the header - that's how the browser knows what sort of 
image it is.

> I'm trying to display an inline image... but when I try it just only
> send the raw image data...
>
> I've thinking that I need to save an image first to disk and then
> display the image later... 

That's not necessary. 

Hi there. Here is an image:
";

?>

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: HTML E-mails

[Miguel Cruz]

On Sun, 21 Jul 2002, Richard Lynch wrote:
> Actually, though, when my clients insist on HTML email, I just tell
> them:  "No.  If you want that feature, you'll have to hire somebody else
> to do it.  I've already explained why."  I don't think I've lost a
> single client that way -- Every one of them has re-considered my advice,
> and outright refusal, and decided maybe I *do* know what the hell I'm
> talking about.  YMMV.

I agree with everything you say. Furthermore, I think that when I'm being 
paid for my expertise, I have a specific responsibility to stop people 
from doing stupid things, even if they do happen to really want them. 
There is no honor - and in the long term, no future - in casting aside my 
better judgment because I once read that "the customer is always right."

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Doing an HTML POST using header()

[Miguel Cruz]

On Mon, 22 Jul 2002, Francis wrote:
> I'm trying to redirect to another website but doing a post to that website
> at the same time. (ie POST rather than a GET (eg: header("Location:
> www.anothersite.com/index.php?page=22");   )
> 
> How do you do an HTML post using the header() whats the syntax? I just cant
> find it anywhere.

You can't.

If you want to do a post, either construct the request yourself, use one 
of the many free classes created to do so, or use the cURL library.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Comma question

[Miguel Cruz]

On Mon, 22 Jul 2002, B i g D o g wrote:
> I figured that the comma was to concatenate but is was wondering if the
> parser handled it different.

The comma isn't actually for concatenation. The net effect is the same in 
this case, but a very different thing is happening.

  echo "hello " , "there";

Here 'echo' is printing two separate arguments. First it is printing 
"hello " and then it is printing "there".

  echo "hello " . "there";

Here the strings are concatenated to form a single string ("hello there") 
and then this is processed by echo which prints it out.

The effects are the same, as I said, but it's important to realize why 
they're very different ways of getting that effect.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Passing Special Characters In url

[Miguel Cruz]

On Tue, 23 Jul 2002, Ricky wrote:
> I am having problems passing variables in a url specifically when there is
> an & sign. Any suggestions?

There is a special function just for you.

   http://php.net/urlencode

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Pine config

[Miguel Cruz]

On Fri, 19 Jul 2002, Michael Hall wrote:
> This is sort of off topic, but can anyone tell me why my Pine email client 
> displays "To: Somebody Or Other" rather than my name "Michael Hall" 
> whenever I send an email to this list?
> 
> I have attempted to fix this many times but cannot for the life of me 
> figure out why it is happening.

It's doing this as a favor to you. If it displayed the "From" you'd know 
less about the message than you know this way.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Security Advisory: Vulnerability in PHP versions 4.2.0and 4.2.1

[Miguel Cruz]

On Mon, 22 Jul 2002, Greg Donald wrote:
> Not only did I get to re-write all my apps the past few months because of 
> the new register_globals default that was imposed by `the php group`...

You didn't have to. The choice was given to you, for your own good. If you 
have very disciplined programmers and a solid auditing process, you can 
still do just fine with register_globals on.

> Now I get to upgrade my PHP install once a month or so cause of new 
> security holes..  Yay!

Vastly preferable to the alternative: Brand X, where security holes go 
unpatched. The PHP group fixed the problem immediately.

> Wasn't this new register_globals setting supposed to enhance security?

Now there's a non-sequitur if ever I saw one. "What do you mean I have to
stop running across the freeway? I thought giving up smoking was supposed
to enhance my health."

> How would you like to be a sys admin with dozens of machines to upgrade 
> before you can proceed with anythign else?

I upgraded dozens of machines. It took about 10 minutes total.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Installing 4.0.6 to 4.1.1 patch

[Miguel Cruz]

On Wed, 17 Jul 2002, John Wulff wrote:
> I've downloaded the 4.0.6 to 4.1.1 patch but how do i install it?

Wouldn't you want to use a current version instead?

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how many requests can php serve?

[Miguel Cruz]

On Wed, 17 Jul 2002, Chris Hewitt wrote:
> Apache comes with ab for load testing. Maybe that will provide you with 
> a means of making meaningful comparisons. There will be a "php" aspect 
> to it, php opposed to say 3-tier java, but also things like is php a 
> cgi, apache module or actually compiled into apache.
> 
> When I hear of sites "going down" I perhaps incorrectly start saying 
> there is something wrong. They should get slower but with connection 
> throttling etc they should never actually crash. Or am I in WonderWorld?

Some resources are easily renewable and others aren't. If your log entries
take up all your drive space (and you share a partition with other more
valuable things), or you have a resource leak (memory, database
connections, etc.), you can quickly grind your server to a halt.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] how many requests can php serve?

[Miguel Cruz]

On Wed, 17 Jul 2002, Andy wrote:
> I am wondering how many requests at one time php can serve before the site
> brakes down. Someone told me that my site has been down yesterday for a
> while after I did anounce it through a university email list going to 2500
> users.

It depends on:

- Your network connection

- Your hard drive

- Your RAM

- Your CPU

- Your database

- The design of your site

- What the users are doing

- Your caching strategy

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Opening and Editing Quark Binaries

[Miguel Cruz]

On Wed, 17 Jul 2002, Justin French wrote:
> I've attached a file I received with Quark 3.32, which has sample text
> complete with Quark Xpress tags.

XPress Tags is a great format, and easy to work with for auto-generated 
content.

However, all you can do with it is prepare text for a single running 
block - not lay out an entire document (unless you're extremely creative 
with rules and positioning, I guess).

> Just to throw a complete spanner in the works, Adobe InDesign2.0 has a lot
> of XML capabilities, and much more integrated PDF capabilities than Quark...
> perhaps either an XML based solution, or a PDFLib based solution can be
> achieved?
> 
> Considering InDesign is about 1/3rd the price of Quark, *maybe* you might
> want to consider other options aside from Quark.

Good luck convincing seasoned Quark operators to change, though!

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php Similar to C in Pointer Memory Accessing or not?

[Miguel Cruz]

On Wed, 17 Jul 2002, Kondwani Spike Mkandawire wrote:
> Just for interest sake, for those of you who have messed
> with C know about Pointers hence probably know that
> one can access stuff from Memory Locations in very wierd
> ways via pointers and Arrays:
> 
> int * ptr;
> ptr = array[0];
> ptr=ptr-1;
> 
> The last statement does not generate an error but lets you
> access that location...

It may generate an error. Depends on where ptr-1 happens to be. In any
case it's not a bright thing to do as the effects are undefined and
unknowable.

> Firstly I want to know if PHP has pointers (I know it uses
> dereferencing values via &) and if it does use pointers
> does it let you do stuff like this (or does its nature not
> let you interact with the lower level hardware components?

PHP doesn't have pointers as such. It has references but you can't do math 
on them to create other references.

Pointers don't have anything to do with lower level hardware components. 
They're just one way of dealing with memory.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Of Jobs and Certs

[Miguel Cruz]

On Wed, 17 Jul 2002, Martin Clifford wrote:
> I'd like to get everyone's input on Jobs and Certs.  I know there are a
> couple Certifications for web developers out there, such as the CIW and
> CWP certifications.

I don't know if this is what you want to hear, but I can tell you that as 
a rule, I don't hire people who advertise certifications on their resume.

I've found that they correlate pretty strongly with incompetence, to the
point where nothing saves me more time when filtering through resumes than
first throwing away the ones covered with acroyms starting with C or MC.

People who have the skills, demonstrate it through their work experience,
walking through their sample code with me, and their ability to explain
how they would perform a task. People who trumpet certifications
overwhelmingly seem to be people who were unable to advance their careers
based on the strength of their skills, and so chose to resort to a paper
method instead. I'm not saying anything about you here, just suggesting
that you consider alternate means of impressing employers.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] CRON JOB

[Miguel Cruz]

On Wed, 17 Jul 2002, Jay Blanchard wrote:
> Look at the archives for the past couple of days, it has been covered in
> some detail. Make sure to compile PHP without apsx, and for practical
> purposes move the PHP executable to the /usr/local/bin directory. Then put
> this as the first line of the PHP file you want to run from a CRON;
> 
> #!/usr/local/bin/php
> 
> Then set up your CRON.

Might want to add the -q flag to the php bangpath invocation.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Opening and Editing Quark Binaries

[Miguel Cruz]

On Sun, 14 Jul 2002, Simon Troup wrote:
> ... quark reports things like unexpected EOF (even though when I open
> the file in a text editor they have same number of lines and "look"
> identical), I've also tried a few things with the Mac resource forks to
> no avail.
> 
> Has anyone tried something like this before? Does the fread() fwrite()
> change line endings from mac to unix or something?

I am guessing the problem is that you're changing string lenghts and the 
data structure used by QuarkXPress contains string length indicators. Once 
you make a change to the length of a string without changing the length 
indicator, it gets hopelessly confused.

Frankly, I do not think this will be an easy project. The QuarkXPress data 
file is a pretty complex beast.

What are you actually trying to achieve? Perhaps there is another way.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP codes and variables

[Miguel Cruz]

On Fri, 12 Jul 2002, J. Alden Gillespy wrote:
> Anyone know how to do have a variable equal the contents of a file?  I tried
> the include function, but it just prints the file out on the screen rather
> than including the contents in the variable itself.  I need help with this
> ASAP.  Thanks.

$variable = join('', file('path/to/file'));

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP and ORACLE

[Miguel Cruz]

On Fri, 12 Jul 2002, Alberto Serra wrote:
> Ricardo Fitzgerald wrote:
>> I started with PHP and MYSQL a while ago and now I've been involved in
>> a huge database project with ORACLE. 
> 
> Have the Oracle box do most of it. Make sure that:
> 1) there is  a well defined API for external application (including your 
> PHP client) to access data. This *must* written an paper and documented. 
> No code writing prior to this.
> 2) all about referential integrity is done within Oracle
> 3) use triggers and SPs to enforce data consistency (handle with care, 
> they load the db server if used unproperly)
> 4) find a good DBA to maintain the system (Oracle can degrade quite 
> dramatically if not properly maintained)
> 5) interact very little with the DB, to avoid loading its server. (That 
> is, call an SP, get the result set from a tmp table)
> 6) avoid locking as much as you can
> 7) Prey the current Oracle bugs are not too evil.
> 8) get ready to say good bye to your vacations.
> 9) ask for a paycheck raise

This is all very good advice (especially 4 and 8).

Oracle can do amazing things but if you just pretend it's MySQL you'll 
have a pretty miserable time. Learn about triggers and stored procedures 
and views and you will be amazed at how quickly and scalably you can do 
very complicated things.

Don't learn about indexing and table optimization and you will be amazed 
at how slow your application is.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP and geographic maps

[Miguel Cruz]

On Thu, 11 Jul 2002, Richard Lynch wrote:
> NOTE:  End-user GPS units are "off" by like 30 meters (?) on purpose so Joe
> Blow can't tell the "enemy" how to find the White House and blow it up. 
> Sigh.  You're never gonna beat that error margin without a *LOT* of repeated
> readings over a long period of time and statistical analysis...

This is completely off-topic, but the Selective Availability system that
you describe has been discontinued by the Department of Defense a few
years ago - after it began to be undermined by the proliferation of
differential GPS beacons (these are transcievers at stationary points that
listen to the GPS signal, calculate the difference between the delivered
signal and their known location, and broadcast a corrective signal). Even 
the Coast Guard was running them.

So for the past few years consumer GPS is very accurate. This helps
explain the recent rapid spread of consumer GPS devices.

DoD says they reserve the right to turn it on if they want to, but I doubt 
they would - especially now that the EU is planning its own competing 
system.

> But keeping all that junk in the database as 2-D mapping would only be
> needed if you're going to be providing driving directions and keeping all
> the highways and all that crap that MapQuest keeps (I assume).  You almost
> for sure don't need all that.

It seems to me like they still need street addresses, unless they have a 
database of the shapes of every private property parcel in the country.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linux Newsgroup... ('continue');

[Miguel Cruz]

On Fri, 12 Jul 2002, Scott Fletcher wrote:
> Miguel Cruz <[EMAIL PROTECTED]> wrote in:
>> On Thu, 11 Jul 2002, Scott Fletcher wrote:
>>> Are you sure these newsgroup work?  I tried subscribing to it and got a
>>> response saying newsgroup server could not be found.  I didn't have that
>>> problem with PHP Newsgroup or mozilla.org Newsgroup.
>>>
>>> comp.os.linux.admin
>>> comp.os.linux.misc
>>> ...
>>
>> Yes, they all definitely work. Remember that different news servers carry
>> different newsgroups. Your ISP should be running a news server that
>> carries all of the above-listed groups, though, as they're in the main
>> hierarchy. Just ask your ISP for the name of its news server.
>>
>> Alternatively, you can read them all in groups.google.com, though they're
>> about 12 hours behind.
>
> I don't have ISP, I use T1, the local network I'm on is direct to the
> internet.  I can type in www.cnn.com and it can go where it go quickly
> without a problem.  The same goes for news.php.net Newsgroup.
 
You still have an ISP. You can't peer using something as tiny as a T1.
Just traceroute somewhere and you'll see what your ISP is. Then go
to their web site, look for the customer support page, and they should
list their NNTP server somewhere.

Alternatively, there is a free server in Germany you can use if your ISP
doesn't provide decent news service. Go to http://news.cis.dfn.de/ for
more information.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Mail() function

[Miguel Cruz]

On Thu, 11 Jul 2002, Richard Lynch wrote:
> I honestly have no idea how to forge an email routing path, just know it can
> be done, and is not rocket-science.  But you're going to have to dig into
> the guts of sendmail or equivalent at a minimum, or search out "send spam to
> 1,000,000 people!!!" software to do it...
> 
> I don't *think* you can even do it with just PHP's fsockopen to the
> much-hated Open Relays of the world...  Or, at least, they'd be tracked back
> to that Open Relay anyway... That might be sufficient for your purposes,
> whatever they are.  I suggest, however, that you re-examine your purpose,
> and decide if it's really worthy of your time and talent.

For what it's worth, the only way to create a convincing fake routing
history in a message's headers is to find an open relay that doesn't
properly stamp mail it receives.

There are a very few SMTP servers which will receive and forward a piece 
of mail without adding a "Received:" line that says where they got it 
from. Thankfully these machines are almost all gone since they have been 
brutally punished by spammers pumping messages through them.

They're also listed on blacklists, so many people (myself included) 
wouldn't see messages that came through them.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linux Newsgroup... ('continue');

[Miguel Cruz]

On Thu, 11 Jul 2002, Scott Fletcher wrote:
> Are you sure these newsgroup work?  I tried subscribing to it and got a
> response saying newsgroup server could not be found.  I didn't have that
> problem with PHP Newsgroup or mozilla.org Newsgroup.
> 
> --clip--
> comp.os.linux.admin
> comp.os.linux.misc
> comp.os.linux.advocacy
> comp.os.linux.network
> comp.os.linux.alpha
> comp.os.linux.networking
> comp.os.linux.announce
> comp.os.linux.portable
> comp.os.linux.answers
> comp.os.linux.powerpc
> comp.os.linux.development.apps
> comp.os.linux.development.system
> comp.os.linux.questions
> comp.os.linux.embedded
> comp.os.linux.redhat
> comp.os.linux.hardware
> comp.os.linux.security
> comp.os.linux.help
> comp.os.linux.setup
> comp.os.linux.m68k
> comp.os.linux.x

Yes, they all definitely work. Remember that different news servers carry 
different newsgroups. Your ISP should be running a news server that 
carries all of the above-listed groups, though, as they're in the main 
hierarchy. Just ask your ISP for the name of its news server.

Alternatively, you can read them all in groups.google.com, though they're 
about 12 hours behind.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] getdate

[Miguel Cruz]

The 'date' command-line utility reads the time zone from environment
variable 'TZ'. It then adjusts the system time before displaying it.

So your server is probably set to GMT, and your login environment
specifies EDT, which is 4 hours earlier. PHP is defaulting to GMT. Look
into putenv().

miguel

On Wed, 10 Jul 2002, Brian V Bonini wrote:
> Hmmm, wierd!! The server is physically in PDT I am in EDT but I have the
> servers time zone set to EDT and as I said "date" verifies the correct time
> but yet the script returns a time that is 4 hours ahead. Wierd :(
> 
> > -Original Message-
> > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 10, 2002 6:24 PM
> > To: Brian V Bonini
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [PHP] getdate
> >
> >
> > Works fine here.  Are you actually in EDT?
> >
> > On Wed, 10 Jul 2002, Brian V Bonini wrote:
> >
> > > Any idea why this is off by 4 hours?
> > >
> > > Server time zone is set correctly,
> > > %date
> > > Wed Jul 10 14:26:18 EDT 2002
> > > but the script below returns the time as being 4 hours later then that.
> > >
> > >
> > >  > > $date = getdate();
> > > $minutes = $date['minutes'];
> > > $hours = $date['hours'];
> > > $tz="EDT";
> > > $today = getdate();
> > > $month = $today['month'];
> > > $mday = $today['mday'];
> > > $year = $today['year'];
> > > $ampm="AM";
> > > if ($hours > 12) {
> > > $hours=$hours-12;
> > > $ampm="PM";
> > > } elseif ($hours == 12) {
> > > $ampm="PM";
> > > }
> > > if ( $minutes < 10) {
> > > $minutes="0$minutes";
> > > }
> > > print "$hours:$minutes $ampm $tz $month $mday, $year";
> > > ?>
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> >
> >
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generate a file

[Miguel Cruz]

On Wed, 10 Jul 2002, Phillip S. Baker wrote:
> Okay here is what I want to do.
> 
> Select the field of a database that I want.
> Hit submit.
> Execute a query of a database based on the said form.
> Gather all the data and rows and plug them into an excel generated file.
> Display a dialogue box asking the user the save the file.
> The saved file being an excel file with data generated from a database.
> 
> Make sense?
> 
> Would the header calls be something like this?
> header("Content-type: application/xls");
> header("Content-Disposition: attachment; filename=downloaded.xls");
> 
> Now if that is cool, how would I get the data into the downloaded.xls file 
> to have this work?

echo "Cell A1\tCellB1\tCellC1\n";
echo "Cell A2\tCellB2\tCellC2\n";

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php loopholes

[Miguel Cruz]

On Tue, 9 Jul 2002, Chris Taylor wrote:
> Hi every1, i am currently undertaking some research into PHP security
> and its flaws / loopholes etc. What i am looking for is information on
> any aspects of PHP that can be hacked or cracked and how developers have
> got around these problems.

If there were any holes in PHP itself, they'd get fixed quickly and a
security updated would be released, rendering your research obsolete. This
isn't Microsoft we're talking about.

If you mean common programming errors that PHP developers tend to make, 
well, I'd say search the web - there are many, many sites about this 
topic.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Mail() function

[Miguel Cruz]

On Tue, 9 Jul 2002, César Aracena wrote:
> I wonder if there’s a way to *HIDE* some parts from the Heading of the
> emails sent with PHP. I’m trying to create an anonymous mail sender but
> in the header of the message appears:
>  
> Received: (from httpd@localhost)
> by www.whateverdomain.com (8.10.2/8.10.2) id g69MEA527130;
> Tue, 9 Jul 2002 18:14:10 -0400
> Date: Tue, 9 Jul 2002 18:14:10 -0400
> Message-Id: 200207092214.g69MEA527130@www.
> 
> whateverdomain.com
>  
> I want to hide the *whateverdomain.com* (because is my hosting provider)

The relevant line is added by the server that RECEVIES the message, not by
your server. So you don't have any control.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Odd Request: Image 2 HEX

[Miguel Cruz]

On Tue, 9 Jul 2002, JSheble wrote:
> I'm using a Zebra label printer in an application I have and in order to
> display an image on the label, according to the ZPL II printer language,
> any image must be converted to HEX code. Does anyone hvae a code snippet
> or know of a free utility that will take a graphic image (BMP, GIF, JPG,
> etc...) and convert it to HEX values?

"Hex" isn't enough detail.

In order to do this you'll need to figure out the specific format that ZPL
II wants.

How many bits per pixel? Any prologue? Interlacing? Row-first or 
column-first? etc. etc.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Took the job into my own hands

[Miguel Cruz]

On Tue, 9 Jul 2002, Liam Gibbs wrote:
> Mr. Hegreberg will be getting an unsubscription notice
> shortly, telling him how to complete his request.

I tried that about half an hour ago; I don't think he's smart enough to 
follow the instructions.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] ????????????????????????????????????????????

[Miguel Cruz]

On Tue, 9 Jul 2002, Ben Ramsey wrote:
> I've just joined this mailing list this afternoon.  Does this kind of thing
> happen often?  If so, I'm going to leave the list.

This is the first time I've seen it anything like this. I've been here off
and on for over 3 years.

Usually people just say "Help I can't get off the list!!" and then some 
other people write back to them "you idiot, read the bottom of every 
single message" and then that's the end of it.

miguel



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Trying to locate an image file name from another site

[Miguel Cruz]

On Tue, 9 Jul 2002, Merritt, Dave wrote:
> I have a page on our intranet site that is pulling an image from our
> corporate web server.  The corporate server & the image I am accessing is
> beyond my control.  The image is generated daily and appears to be named
> with a timestamp in the file name so therefore the image name changes daily.

Can you ask the corporate web site people to insert a distinctive HTML
comment just before the image? It would just take them a second, have no
impact on their users, and make your job much easier.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Postal / Zip Code Proximity Search

[Miguel Cruz]

On Tue, 9 Jul 2002, Peter J. Schoenster wrote:
>> From: "Brandon Pearcy" <[EMAIL PROTECTED]>
>>> Not only does it need to find the establishments, it needs to
>>> calculate the distances (straight line, of course).
> 
> I don't know what you mean by straight line. AFAIK all of this will be
> as "the crow flies".

I assume by straight line he means disregarding the curvature of the 
earth, which at such small distances would be insignificant but add a lot 
of calculation.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Editing Word Documents

[Miguel Cruz]

On Mon, 8 Jul 2002, David Russell wrote:
> I have just had a request about editing Word Documents...
> 
> I have an intranet, which provides access to, amongst others, Word 
> Documents about policies, etc. What the guys are looking for is a way to 
> do the following:
> 
> 1. Show a list of files available for editing
> 2. If a file is clicked, then it is locked for other users (no access)
> 3. The file opens on the client's machine
> 4. The client edits it
> 5. The client then closes the file, it "auto-saves" and he goes about 
> his business.
> 
> Points 1 through 3 are relatively trivial. Point 4 and 5 (especially 5) 
> have me lost.
> 
> How do you get a file to be edited, and then automatically returned to 
> the server by M$ Word in it's changed format. Is this possible?
> 
> How would this change in a database-backended system (including the 
> files as BLOBs)?

Assuming you're using Apache, you can use mod_dav (http://www.webdav.org/) 
to provide read/write access to files for clients with newer operating 
systems (WinXP, OSX, maybe a few earlier versions) over HTTP. Combine this 
with a simple locking mechanism in your database (i.e., update file set 
locked='1' and lockedat=now() and lockedby=$user where file_id=$file) and 
you're good to go.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Script Speed

[Miguel Cruz]

On Mon, 8 Jul 2002, Crane, Christopher wrote:
> I hope I am explaining this well enough to understand. Doing it the newer
> way for me with the global variables makes it easier to design the web page,
> but I am wondering if it is at the cost of a slower page loading. The reason
> I think this is whenever I would like to display a variable I have to put in
> a script tag like . I might have as many as 20 of
> these on a page. Every time doesn't PHP have to start again and parse out
> this information causing it to be really slow?

You would have to have hundreds of thousands of them on the page in order 
for the speed difference to be noticeable to a human.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Mon, 8 Jul 2002, Analysis & Solutions wrote:
> Allow me to emphasize Richard's point about not trusting certificate 
> authorities.  I have an SSL certificate.  It was fairly simple to get, 
> despite several discrepancies in my documentation.
> 
> While it made things easier for me, which I'm thankful for.  Fortunately,
> I'm a legitimate operator.  But, it certainly demonstrates that subverting
> the process for nefarious reasons is a piece of cake.

But you're both ignoring the actual significant point (which I already 
made at great length, and feel somewhat like a sap for repeating):

Having a certificate signed by a recognized certificate authority provides 
at least some guarantee that you are communicating with the named party 
using somewhat reliable encryption.

On the other hand, if you connect with a remote site that has a
self-signed certificate, it's little better than using cleartext to port
80; almost anyone who would realistically have been in a position to snoop
on your HTTP traffic is also in a position to intercept and decode your
HTTPS traffic by masquerading as the remote host. So what's the point?

Self-signed certificates only make sense if you able to securely
distribute your signer's public key to your users in advance of the web
transaction. This is fine for internal or staff use, but it is pretty
unwieldy when you're dealing with the general public.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] getting the IP address off a visitor

[Miguel Cruz]

On Mon, 8 Jul 2002, Justin French wrote:
> 1. in the case of most dial-up users with an ISP, the IP address is usually
> dynamically assigned, so next time they dial-up (or re-connect) they will
> more than likely have a different IP address.
> 
> 2. in the many cases of computers with a static IP (cable/ADSL/etc), the IP
> address does not necessarily represent a "user"... think about shared
> computers in families, in libraries, corporations, net cafe's, etc.
> 
> 3. Data storage -- eeek! If you get 1000 visitors with upto 15 bytes
> (nnn.nnn.nnn.nnn) each, that's 15k of IP address' you have to search through
> constantly, without any real way to make it quicker (eg indexing).  That may
> not sound so bad, but perhaps when you reach 3 visitors, it's now upto
> 450k. Yuk.

Well, an IP address is only 4 bytes, and they can be sorted and indexed, 
but otherwise I completely agree with your points. Using IP addresses to 
recognize people is doomed to failure.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linux Newsgroup???

[Miguel Cruz]

On Mon, 8 Jul 2002, Scott Fletcher wrote:
> Is there a Linux newsgroup?  A place where people can send emails or posting
> about Linux, like tech support, programming, installation, feedback,
> advices, work around, etc.  Just like hte same concept as the PHP newsgroup
> here.

comp.os.linux.admin
comp.os.linux.misc
comp.os.linux.advocacy
comp.os.linux.network
comp.os.linux.alpha
comp.os.linux.networking
comp.os.linux.announce
comp.os.linux.portable
comp.os.linux.answers
comp.os.linux.powerpc
comp.os.linux.development.apps
comp.os.linux.development.system
comp.os.linux.questions
comp.os.linux.embedded
comp.os.linux.redhat
comp.os.linux.hardware
comp.os.linux.security
comp.os.linux.help
comp.os.linux.setup
comp.os.linux.m68k
comp.os.linux.x

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Converting PCX to ...

[Miguel Cruz]

On Mon, 8 Jul 2002, BB wrote:
> I'm writing a reporting system and I have a problem.
> 
> I need to insert PCXs into a PDF (using PDFLib), but it doesn't support
> PCXs.
> 
> So, to get round the problem, I need to convert the PCXs to JPGs or GIFs
> 
> Does anyone know of a piece of PHP that can do this inline, (by that I mean,
> can be called and run in PHP script), because the images will have additions
> and modifications on a regular basis; and they come as PCXs.

You can do it with Imagemagick. As I recall, there used to be direct PHP 
functions for Imagemagick but they have disappeared many versions ago, so 
you'll have to run it via system() et al.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] HTTPS vs. HTTP ? - the weakest link

[Miguel Cruz]

On Mon, 8 Jul 2002, Brinkman, Theodore wrote:
> Think about it for a moment.  E-commerce involving properly signed sites is,
> at the very least, more secure than handing your credit card to a waiter in
> a restauraunt.  The waiter can walk off with your card, and come back 2
> minutes later with your card.  You'll never know if he copied down the name,
> cc number and expiration date for later use.

And in real life, that's how most credit card numbers are stolen.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Referencing function return value

[Miguel Cruz]

On Sun, 7 Jul 2002, Anas Mughal wrote:
> I have a general question about referencing...
> 
> Would it be safe to reference a function return value?

Sure, unless the function returned a reference itself, in which case you 
have to continue keeping track of the validity of that reference (i.e., if 
its object gets unset(), I'm pretty sure it becomes invalid).

If a function returns a scalar or array, it's recreated in the caller's
context and will remain there until you explicitly get rid of it. It's not
like C where strings are pointers whose contents can disappear out from
under you at any moment.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] compare variables from text fields...

[Miguel Cruz]

On Sun, 7 Jul 2002, Jas wrote:
> What is the best function or operator to compare two text strings being
> inputted by a text field within a form?  Any help is appreciated.

== is always handy.

Depending on your needs, you may want to throw in a couple calls to
strlower (if you don't care about case matching). If you are even more 
flexible, look into soundex, levenshtein, metaphone, and similar_text. 
They're all documented in the online manual, and each provides a different 
sort of flexibility for dealing with variant spelling, etc.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ini_set() broken?

[Miguel Cruz]

On Sun, 7 Jul 2002, Greg Donald wrote:
> On Sun, 7 Jul 2002, Miguel Cruz wrote:
>>> >> if(ini_set("register_globals", "0"))
>>>   echo "ini_set success";
>>> else
>>>   echo "ini_set failed";
>>> ?>
>>
>> Please don't say "this code doesn't work." Say why you think it didn't 
>> work, whether that's because you received an error message, or a 
>> specific 
> 
> Uhh.. I don't have any thoughts as to why it doesn't work, that's why I 
> posted.  The function itself appears broken, my code is a test to that 
> notion. 

I can see where my wording was ambiguous. By "why you think it didn't
work", I don't mean "the explanation for its failure to function", but
rather "the experience you had that convinced you it was not working".

Obviously something happened to make you decide that it wasn't working. We 
need to know what that was. Maybe it was an error message. Maybe it was a 
plume of smoke rising from your computer. Maybe it was some sort of weird 
behavior of your program. It's just a general thing: We can't read your 
mind. Or at least I can't.

> If you can't be helpful then feel free to shutup..

Well, I did go on to answer your question. It could've been worse.

>>> So does anyone know why my code doesn't work then?  ini_set() seems 
>>> broken.  Can anyone confirm or deny?
>>
>> I believe the issue here is that by the time your PHP code starts
>> executing and gets to the ini_set call, it's too late to register the
> 
> "gets to the ini_set call" - what do you mean?  The code I posted is all 
> there is to the entire script.  Where else would I use the ini_set() 
> function except at the very beginning of a script?

Before your code starts, there is a whole bunch of initialization that
takes place in the script engine. It looks at its settings to see how it
should behave. It gathers all the data that came from the web server
(details about the user's request, etc.). It learns about its environment.
It populates global variables.

Having done these, it starts looking at your code. By this time it's too
late to change the way those prior steps were taken. It's like waiting
until the plane has taken off (i.e., execution of your code has begun) and
then telling the flight attendant you wished it were headed to Chicago
instead of Detroit.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Retrieving/Displaying hyperlinked images with PHP

[Miguel Cruz]

Instead of:

echo "http://www.website.com/images/".$result[FRONT_REND].";>";

Wouldn't you want it to be:

echo "';

...?

miguel

On Sun, 7 Jul 2002, markbm wrote:
> Thanks for the reply. The question is how to pull that hyperlink/file
> location and display the image file on a PHP page. Basically, the text in
> the FRONT_REND field is just an image name (1855.jpg), and I store the
> prefix to that location on the page. I have included all the code from my
> page belowthe issue at hand is noted by //Problem Area//. Note also,
> that all fields above this item are simply just retrieving text from a db
> field not retrieving a file from the db/web server location. Again, thanks
> for your help.
> 
> CODE:
> ===
> 
> 
> 
> 
> 
>  
> 
> 
> $db = mysql_connect("localhost", "username", "password");
> 
> 
> 
> mysql_select_db("dbname",$db);
> 
> 
> 
> $result = mysql_query("SELECT * FROM PRODUCTS",$db);
> 
> 
> printf("ID: %s\n", mysql_result($result,0,"ID"));
> printf("HPG_PLAN_ID: %s\n", mysql_result($result,0,"HPG_PLAN_ID"));
> printf("DESIGNER: %s\n", mysql_result($result,0,"DESIGNER"));
> printf("PLAN_NAME: %s\n", mysql_result($result,0,"PLAN_NAME"));
> printf("EXTERIOR: %s\n", mysql_result($result,0,"EXTERIOR"));
> printf("NUM_BEDROOMS: %s\n", mysql_result($result,0,"NUM_BEDROOMS"));
> printf("NUM_BATHS: %s\n", mysql_result($result,0,"NUM_BATHS"));
> printf("NUM_FLOORS: %s\n", mysql_result($result,0,"NUM_FLOORS"));
> printf("GARAGE: %s\n", mysql_result($result,0,"GARAGE"));
> printf("NUM_CARS: %s\n", mysql_result($result,0,"NUM_CARS"));
> printf("FOUNDATION: %s\n", mysql_result($result,0,"FOUNDATION"));
> printf("MAT_LIST: %s\n", mysql_result($result,0,"MAT_LIST"));
> printf("COLOR_REND: %s\n", mysql_result($result,0,"COLOR_REND"));
> printf("PICTURES: %s\n", mysql_result($result,0,"PICTURES"));
> printf("REPRODUCIBLE: %s\n", mysql_result($result,0,"REPRODUCIBLE"));
> printf("RR_REVERSE: %s\n", mysql_result($result,0,"RR_REVERSE"));
> printf("MIRROR_REV: %s\n", mysql_result($result,0,"MIRROR_REV"));
> printf("CAD_FILES: %s\n", mysql_result($result,0,"CAD_FILES"));
> printf("BONUS_ROOM: %s\n", mysql_result($result,0,"BONUS_ROOM"));
> printf("WIDTH: %s\n", mysql_result($result,0,"WIDTH"));
> printf("DEPTH: %s\n", mysql_result($result,0,"DEPTH"));
> printf("HEAT_SQ_FT: %s\n", mysql_result($result,0,"HEAT_SQ_FT"));
> printf("UNHEAT_SQ_FT: %s\n", mysql_result($result,0,"UNHEAT_SQ_FT"));
> printf("TOTAL_SQ_FT: %s\n", mysql_result($result,0,"TOTAL_SQ_FT"));
> printf("ROOF_TYPE: %s\n", mysql_result($result,0,"ROOF_TYPE"));
> printf("ROOF_PITCH: %s\n", mysql_result($result,0,"ROOF_PITCH"));
> printf("SEC_ROOF_PITCH: %s\n",
> mysql_result($result,0,"SEC_ROOF_PITCH"));
> printf("MAIN_CEIL_HEIGHT: %s\n",
> mysql_result($result,0,"MAIN_CEIL_HEIGHT"));
> printf("PLAN_DESCRIPTION: %s\n",
> mysql_result($result,0,"PLAN_DESCRIPTION"));
> printf("REL_PLAN1: %s\n", mysql_result($result,0,"REL_PLAN1"));
> printf("REL_PLAN2: %s\n", mysql_result($result,0,"REL_PLAN2"));
> printf("REL_PLAN3: %s\n", mysql_result($result,0,"REL_PLAN3"));
> printf("REL_PLAN4: %s\n", mysql_result($result,0,"REL_PLAN4"));
> printf("REL_PLAN5: %s\n", mysql_result($result,0,"REL_PLAN5"));
> printf("REL_PLAN6: %s\n", mysql_result($result,0,"REL_PLAN6"));
> printf("REL_PLAN7: %s\n", mysql_result($result,0,"REL_PLAN7"));
> printf("REL_PLAN8: %s\n", mysql_result($result,0,"REL_PLAN8"));
> printf("REL_PLAN9: %s\n", mysql_result($result,0,"REL_PLAN9"));
> 
> //Problem code //
> 
> // Then show image and/or details
> echo "http://www.website.com/images/".$result[FRONT_REND].";>";
> 
> 
> //printf("FRONT_REND: %s\n", mysql_result($result,0,' href=FRONT_REND>'));
> printf("REAR_REND: %s\n", mysql_result($result,0,"REAR_REND"));
> printf("SIDE_REND1: %s\n", mysql_re

Re: [PHP] ini_set() broken?

[Miguel Cruz]

On Sun, 7 Jul 2002, Greg Donald wrote:
> This code doesn't work:
> 
>  if(ini_set("register_globals", "0"))
>   echo "ini_set success";
> else
>   echo "ini_set failed";
> ?>

Please don't say "this code doesn't work." Say why you think it didn't 
work, whether that's because you received an error message, or a specific 
expected outcome was not realized, or whatever. Otherwise it doesn't 
really tell us anything. Obviously it doesn't work or you wouldn't be 
posting it.

> At http://php.net/ini_set it states the following setting is possible:
> 
> register_globals "0" PHP_INI_ALL
> 
> Translated, PHP_INI_ALL means: Entry can be set anywhere
> 
> So does anyone know why my code doesn't work then?  ini_set() seems 
> broken.  Can anyone confirm or deny?

I believe the issue here is that by the time your PHP code starts
executing and gets to the ini_set call, it's too late to register the
globals (which must happen before execution begins). Therefore I'd suggest
looking into .htaccess or whatever the IIS equivalent is. If there's no
equivalent then I'd suggest throwing the server out the window.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] newbie: question about question marks

[Miguel Cruz]

On Sun, 7 Jul 2002, Alexander Ross wrote:
> Can someone explain to me what the ? does.  I have a vague idea of what
> it means in a URL (please cearify that) but I haven't the slightest what
> it means in php code.  Thanks for your help

Read about the ternary operator at:

  http://www.php.net/manual/en/language.operators.comparison.php

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Mon, 8 Jul 2002, Alberto Serra wrote:
> Chris Shiflett wrote:
>> Of course, as users of Web browsers such as Netscape and Internet 
>> Explorer, we have to trust AOL/Time Warner and Microsoft, respectively, 
>> (yeah, scary thought) to only trust CAs that have high integrity, 
>> security, etc. An extensive C&A (Certification and Accredidation) 
>> process is used to make this guarantee.
> 
> Yes, but this is the part I doubt. When I buy a certificate from Kiev, 
> how on earth those guys sitting in Washington are to know who I am and 
> what I do for a living? They will have to handle the job to someone 
> else. This layering of delegations will include banks and governmental 
> stuff, and there is no such thing as a government that will not accept 
> bribery.

We (in the USA) bought our corporate certificate from Thawte, a company in
South Africa.

You wouldn't believe the amount of stuff they had me dredge up; it was
like a scavenger hunt. I had to get the lawyers to dig out the official
incorporation documents; I had to get accounting to dig out all sorts of
tax bills; I had to get phone bills and executive signatures and who knows
what else. When I sent them some Delaware incorporation document, they
were familiar enough with the format to know that an (unnumbered) page was
missing, and to ask me to find it and fax it to them.

> What we *do not* believe (correct me Richard if I misunderstood you) is 
> that Verisign (or whoever in their place) will actually do more than 
> verifying that www.goodguys.org is really existing and it's there. And 
> this is just a protection against hackers but has nothing to with 
> consumer's privacy or security. People at goodguys.org will not be 
> checked anyway as far as they behaviour as a company is concerbed (that 
> would cost *much* more than $200 and it would be way to easy for the 
> crooks to buy themselves a virginity by doubling the money).

Nobody thinks they're checking whether or not goodguys.com are good guys. 
It is your job as a consumer to research them. Once you have researched 
them and decided to do business with them, the certificate authority gives 
you a pretty solid basis for believing that you actually are dealing with 
the people you were prepared to trust. That's the point.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Sockets & 'requested address is not valid in its context'

[Miguel Cruz]

On Sat, 6 Jul 2002, Zac Hillier wrote:
> I'm opening a port on a remote machine presently I'm using fsockopen() which
> is fine for opening the port and sending data however I'm having trouble
> reading data back from the port.
> 
> So I've considered using socket functions but do not appear to be able to
> get a connection. When I run the code below pointing to 127.0.0.1 everything
> runs fine however when I point to 192.168.123.193 (Another machine on the
> local network without a server running) I get these errors.

You can't bind to a socket on another machine. You have to bind the socket
to a local address (i.e., on your machine) and then either listen for
incoming connections or initiate an outbound connection from that socket.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Retrieving/Displaying hyperlinked images with PHP

[Miguel Cruz]

On Sat, 6 Jul 2002, markbm wrote:
> I am trying to build a "product detail" page that pulls data from a
> MYSQL database using PHP. The data for the page includes product images,
> which I am trying to link to (i.e. from their location on the web
> server) instead of loading the images into the database. However, I
> cannot find any sample code that seems to work. Two questions:
> 
> 1. Is this possible (i.e. to store the HYPERLINK to the image in the
> database , and as the results are returned to the product detail screen,
> the image file will be displayed)? OR RATHER do I need to store the
> physical image file in the database location and query it that way?

It's obviously much easier to store the link or the file name in the 
database. In fact, it's so easy that I can't guess offhand what aspect of 
it you might be having trouble with. Perhaps you could show some more code 
and explain the symptoms you are observing.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printing Problem

[Miguel Cruz]

On Mon, 8 Jul 2002, Chris Kay wrote:
> I'll repeat my ealier question because some people can not think for
> themselves..

Why insult people who are trying to help you? Nobody gets paid to read 
this list; they're doing it to be nice.

> I want to run a print job of 200+ invoices
> 
> I have a javascript code to open a print dialog box and
> Then go to next invoice and do the loop..
> 
> Problem I am having is that I want it to pause if the ok button on the 
> dialog Box is not pressed..
> When I run the script it fly's throught and brings up a heap of printer
> Dialog boxes which causes me to ctrl+alt+del...
> 
> Anyway or pausing the script untill ok is pressed?

You are running into client behavior that is out of your control. If I had
to print that much stuff, I'd generate one big document containing all of
them, and insert page breaks. Then it would go as a single print job.  If
your operator is using IE, Try something like  at the top of each new invoice. 
Otherwise, generate RTF or PDF.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] please I want them to erase me of their mail lists

[Miguel Cruz]

On Sun, 7 Jul 2002, Rodolfo Contreras T. wrote:
> please I want them to erase me of their mail lists

In every single message from the list it say:

  list-unsubscribe: 

So why not send a message to [EMAIL PROTECTED] ? I 
think you will like the results.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Linked drop down selection lists and dynamically generatedlinks

[Miguel Cruz]

On Sun, 7 Jul 2002, Alberto Serra wrote:
> A 100% robust solution should contain both, and call PHP only if jscript 
> is not available on the client. But this is costly and requires the two 
> procedures to be realigned everytime you have some change going on. Most 
> applications can just use javascript and forget about it.

JavaScript cannot be counted on. You don't know whether it's available, 
and you don't know whether it's going to work the way you think it will. 
Any application which places a JavaScript barrier between users and the 
tasks they're trying to perform is a shoddy application indeed.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] inserting linebrakes in multisite forms

[Miguel Cruz]

On Sun, 7 Jul 2002, andy wrote:
> Alberto Serra <[EMAIL PROTECTED]> schrieb:
>> andy wrote:
>>> One Form has a textfield, I submit it to another html site where there
>>> is another form with a textfield. Inside this textfield I place a
>>> hidden field with the value of the field from page 1 then I submit to
>>> the actual php site inserting the values into a db.
>>
>> So, let's see if I got you right:
>>
>> Form 1: a textfield, you submit it to another page (no matter whether it
>> is on the same host or not, this should not make any difference)
>>
>> Form 2 contains:
>>1) a hidden field with the value from form 1
>>2) another text field for new user input
>> You submit form 2 and nl2br does not work on the values of the hidden
>> field. Right?
>>
>> If that is so it's simply because once the value gets put in
>> form2/field1 it has already lost the new lines.
>> So you should run nl2br on it *before* it gets submitted the second
>> time. Do it when you send the value to form2.
>
> I did try this out, but somehow this happens:
> 
> text br / br / text in new line
> 
> br/ is exacly where the linebrakes should be, but instead it is typed on
> screen.
> 
> Is there a solution for this?

That looks like the result of htmlentities(nl2br($string)).

Do it the other way around.

Better yet, don't call nl2br or htmlentities or anything else on data that
you are inserting into your database. Madness that way lies.
Instead, use those functions only when outputting data to the browser.

miguel

P.S. Please stop spamming the rec.travel.* newsgroups.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Sat, 6 Jul 2002, Richard Lynch wrote:
> I think we both agree that any old certificate is secure from snooping,
> right?

I would disagree with that.

In order to snoop on a connection, you need to have some access to the 
link.

This may be by being in the same building with one of the endpoints, or by 
being in the same building as one of the ISPs involved, or by having 
remotely compromised a machine in one of the above locations.

If you have this access, then you can divert packets. You can move wires
around, or you can outrace a router and take over a connection as it's 
being initiated.

Therefore you can present a certificate which is indistinguishable to the 
client from the "real" server's self-signed certificate, effectively 
hijacking the session.

> Yes, a C&A signed certificate is nominally "better" than a non-signed one,
> since you know that at some point, somebody paid somebody at least $119
> (US), and that the certificate has the same domain name as the domain name
> of the computer you are now surfing to.
> 
> You don't know it's the same computer, though, right?  It could easily be a
> stolen Cert and hijacked domain.
> 
> For that matter, you don't know that a CRIMINAL purchased the C&A signed
> Certificate in the first place.

No, but the chances of each of these other things happening are 
progressively less.

A certificate signed by a known certificate authority tells you that the 
server you're talking with has a unique token provided to the entity 
named. That's better than not knowing that. 

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Sort with PHP or SQL?

[Miguel Cruz]

On Sat, 6 Jul 2002, Patrick Teague wrote:
> $query = "SELECT * " .
>  "FROM Headers LEFT JOIN Pages ON (Headers.Header_ID=Pages.Header_ID) " .
>  "ORDER BY HeaderOrder DESC, Header, PageOrder DESC, PageTitle;";
> 
> Any ideas on optimizing this?  DB stuff doesn't come near the top of things
> I'm good at :)  The other problem is that any pages that end up having no
> Header "disappear", which is a good thing on the menu, but a bad thing on
> the admin pages when you're trying to connect all of them.

SELECT from pages and use LEFT OUTER JOIN if you want to include pages
with no header.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Fri, 5 Jul 2002, Richard Lynch wrote:
> But unless you paid the $200 to get it from a CA, surfers will see a nasty
> (and totally inaccurate/misleading) warning about how insecure it is.

It is easy to launch a man-the-middle attack against a session being
initiated between a client and a server with a self-signed certificate.  
You just send the client a self-signed certificate of your own, and it
can't tell it apart from the real one - same error message shows up.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Cannot enable extensions. Why?

[Miguel Cruz]

On Sat, 6 Jul 2002, Alberto Serra wrote:
> Don't fire back, today is Ivan Kupala Day and I am sitting here working 
> while everyone else in town is having a drink, so I'm in the mood for 
> cracking jokes a bit :))

I can't believe it! I totally forgot it was Ivan Kupala Day!

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: I am probably dumb but why isn't this inserting stuffinto my DB?

[Miguel Cruz]

On Sat, 6 Jul 2002, JJ Harrison wrote:
> $query = "INSERT INTO tececo_stats values ('', $id, $visited, $time,
> $remote_dns, $remote_ip, $referer, $browser, $system)";
> mysql_query($query);

You should always do the following if you are having trouble:

1) print out $query and try it yourself at the mysql command line.   

2) print mysql_error().
   
In this case I think the problem is that you've failed to quote the
strings in your INSERT. Try something like

  INSERT INTO tececo_stats values ('', '$id', '$visited', '$time' ...

Also note that as it stands, I could potentially make big trouble for you 
by putting clever values into HTTP_REFERER (which is totally under my 
control as a visitor to your site). So make sure you mysql_escape_string 
or addslashes those values (unless you have magic_quotes turned on, in 
which case you can ignore this lecture).

miguel



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] suppressing errors with "@"

[Miguel Cruz]

On Sat, 6 Jul 2002, Uri Even-Chen wrote:
> I tried to suppress warnings in isset expressions (Uninitialized string
> offset warnings).  The original line was something like this:
> 
> if (!(isset($GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> 
> When I added the "@" sign like this:
> 
> if (!(isset(@$GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> 
> My program stopped working, and I got errors like:
> 
> PHP Parse error:  parse error, expecting `T_VARIABLE' or `'$'' 
> 
> Eventually, I put the "@" in this place:
> 
> if (!(@isset($GLOBALS['SPEEDY_GLOBAL_VARS']['PAGE_NAME'])))
> 
> Which works, but why didn't it work the other way?  Is it some kind of
> PHP bug?

It does seem to be a disagreement with the manual:

   http://www.php.net/manual/en/language.operators.errorcontrol.php

There it says that you can stick @ before a variable name.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] help with eval problems...

[Miguel Cruz]

On Fri, 5 Jul 2002, Kelly Meeks wrote:
> If I had this information stored in a database field, 
> ">
> 
> how could I assign it to a variable and output it?

I'm not sure that you can eval() HTML.

Perhaps if your cell contained:

   echo ""

you would have better luck. Don't quote me on it though.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Sat, 6 Jul 2002, Alberto Serra wrote:
> yes, but in that case your Apache is running just ONE web site. Most 
> people buy VirtualDomains which are namebased and not IP based. And they 
> cannot share an IP number with other sites with SSL, AFAIK. Or am I 
> misunderstanding the docs?

You're right, one IP number per HTTPs hostname. This is because the server 
sends its certificate - which contains the hostname - to the browser 
before the browser has told the server which hostname it is trying to 
reach.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Fri, 5 Jul 2002, Scott Fletcher wrote:
> For Miguel Cruz posting back there.  If I understand correctly, the private
> key are inside the public key.  Is this correct?

I'm not completely sure I understand your question. When you visit a site 
using HTTPS, here's basically what happens:

1. Your browser initiates the connection and sends the server information 
about which key types it supports. 

2. The server sends you its certificate, which is the server's public key 
signed with a certificate authority's private key. It also sends a 
response to the client's list of supported key types, so that they can 
find some common ground.

3. Your browser verifies the certificate using the certificate authority's 
public key, which was distributed with the browser.

4. Based on its capabilities (as sent in step 1) and the server's 
capabilities (as received in step 2), the browser generates a new key to 
be used for this session. It's a symmetric key, no public or private 
stuff. The browser sends this to the server.

5. From here on, the browser and server use a key derived from this 
symmetric key to encode the data they send back and forth.

It's possible you were just asking whether, as a general matter, private
keys are contained within public keys. No, with public-key cryptography as
I understand it, that's not the case. They are related to each other but 
neither contains the other.

First, you need an algorithm which is relatively easy to operate in one 
direction, but is next to impossible in the other direction. As a silly 
example, "adding 5 to the number" is a bad algorithm for this application 
since it's easy to reverse - just subtract 5 instead. 

A pretty common algorithm involves the product of two very large prime 
numbers and depends on the difficulty of guessing, from the product, what 
those two primes were. I'll spare you the math, but for a trivial example, 
see if you can figure out the two factors of 31,622,417 are (hint: they're 
both 4-digit numbers). The problem gets substantially harder as the 
numbers grow.

The public and private key are derived from the product and its prime
factors. Either of these keys can be combined with arbitrary data to
produce encoded data that can easily be decoded with the use of the other
key. However, going the other way - for instance, arriving at the private
key given the public key and encoded data - is next to impossible because
the algorithm is difficult to reverse. Just like it was really easy for me
to multiply those two prime numbers to get 31622417 but it'll take you a
much longer time to figure out what they were, even though it's not a very
big number and there's only a single right answer.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Fri, 5 Jul 2002, Lazor, Ed wrote:
> I saw that Microsoft has a Certificate Authority server package that allows
> you to create your own key.  Is there a way to do this in linux?  In this
> particular instance, it's me accessing my own web site.  I'd like to encrypt
> the session and I'm don't need someone to confirm anything.

Sure. OpenSSL comes with all the tools you need to become your own 
certificate authority.

http://www.openssl.org/

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] gc_probability: requests tallied per server or domain?

[Miguel Cruz]

On Fri, 5 Jul 2002, Johnson, Kirk wrote:
>> On Tue, 2 Jul 2002, Johnson, Kirk wrote:
>>> Is the number of requests (used for garbage collection), tallied on a
>>> per server basis, or on a per domain basis?
>> 
>> Pretty fair bet it's a per-server basis.
> 
> Thanks, miguel. That would be my guess, too. If both of us guessed the same
> thing, then we must be right. Right?!? ;)

Sounds good to me. Now let's move on to lottery numbers!

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Handling of constants in strings

[Miguel Cruz]

On Fri, 5 Jul 2002, Uwe Birkenhain wrote:
> Miguel Cruz schrieb ...
>> On Tue, 2 Jul 2002, Uwe Birkenhain wrote:
>>> A question - since english is not my first language - what do you mean
>>> with
>>>
>>>> It's not all that common to bury constants in strings
>>>
>>> Is something bad about it?
>>
>> I think so. It would slow parsing down to a crawl and create a host of
>> ambiguities if every letter that ever appeared in a string had to be
>> compared against the list of defined constants (after all, you might
>> have a constant called 'a'). With normal variables, it only has to
>> worry about it when there's a $ before it or {} around it, which is
>> much simpler.
> 
> you are right about that!
> 
> But since you have to take the constant out of the string (with {} or ". .")
> it shouldn't be a problem to use constants.
> Correct?

Correct.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] localhost - passing variables

[Miguel Cruz]

On Fri, 5 Jul 2002, Tony Tzankoff wrote:
> Is it possible to pass variables in PHP on the localhost server? Is there
> some kind of setting or something that I need? I am new to this and am not
> sure how to go about this. When I upload to a server, the script I have
> works just fine; but when I work on it locally, it does not work. Please
> help while I am still technically sane. Thanks. :oP

Can you explain a little better what you're trying to do and what the 
symptoms you're observing are?

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How Do Y'all Secure your Sites... (Cookies vs. IP Number)...

[Miguel Cruz]

On Fri, 5 Jul 2002, Scott Fletcher wrote:
> We also use the "$_SERVER['REMOTE_ADDR'] to allow only the credit bureau
> employee to log in to the administration website that is if the
> employee's machine is at the credit bureau place.  This help with some
> security but not a full security because people outside of the credit
> bureau can easily change the IP address on his/her machine or is in a
> local network behind the the firewall with make up IP addreses since it
> won't be used in the internet or real network.

People outside cannot change their IP addresses to those used by machines
behind your firewall (unless they are in your building and your firewall
is horribly misconfigured). Well, they can change them but it serves
little purpose. Return traffic would not be routed to them.

The best they can do is spoof those addresses, but that's a one-way 
street: If you pass a token, they won't receive it, so you can easily 
ignore them.

On the other hand, the IP address issue doesn't really add any security 
here; it's the token.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] HTTPS vs. HTTP ?

[Miguel Cruz]

On Fri, 5 Jul 2002, Jerome Houston wrote:
> if the browser is making a request, and it sees an https:// at the beginning 
> of the request URL, it will :
> 1.  get the domain's public key from a public key server
> 2.  encrypt the whole request with the domain's public key
> 3.  submit it to the web server.

We have public key servers?

Around these parts the client and server use a self-contained process to 
handle the key exchange. The server's key has been signed by a certificate 
authority (Verisign, etc.) whose public key is already stored in the 
browser... or not, in which case the client alerts the user and generally 
continues nevertheless.

> If the web server sees that this is an encrypted request, it will :
> 1.  decrypt the request with it's private key
> 2.  process it and generate a response (usually in the form of html)
> 3.  encrypt the response with it's private key
> 4.  send it back to the browser

Sort of. The server's key is used to encrypt the exchange of a new key
which lasts only for the lifetime of the transaction. This ephemeral key
is what's used to encrypt the actual data. But this nuance is probably not
very important to understanding the practical issues of working with PHP 
and HTTPs.

> Now, one of the things that many people are confused about is that they
> think there must be a lock icon at the bottom of the browser when they
> are entering sensitive info (like credit card numbers).  Nope.  The only
> important thing is that the form which takes the sensitive data SUBMITS
> to an https:// URL.  Because (as above) it will encrypt the request
> (which includes the sensitive data) BEFORE it submits it over the
> internet.  But most people don't know how to check that a form submits
> to an to an https:// URL.

Yup. You'd think that the browser developers would come up with a way to 
indicate this (mouse pointer turning to a lock when hovering over a submit 
button, etc.).

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How Do Y'all Secure your Sites... (Cookies vs. IP Number)...

[Miguel Cruz]

On Fri, 5 Jul 2002, Kondwani Spike Mkandawire wrote:
> Quick Question on Cookies vs. IP Number:
> 
> They appear to be easy to set (well at least in PHP), hence quite
> easily to get around (The user of your Site simply deletes the
> Cookie on his Hard Drive...)  In Konqueror you are actually
> given the option of rejecting cookies...  Using
> getenv($REMOTE_ADDR) to retrieve someones IP number
> isn't too reliable either in the case that someone is using
> Dial Up...  I just want to get ideas from other PHP Coders as
> to how they secure their Sites and actually keep an accurate
> record as to who and how many people visit  your sites..
> coz even a combination of Cookies and IP would be easily
> by-passed...

IP numbers are pretty useless for this. A given user's IP address can 
change during a session, and multiple users can share IP addresses.

I'm not sure what your concerns about cookies are wrt security; they can
be part of a pretty tight system. Perhaps you could elaborate. For people
who don't accept session cookies, you'll have to pass a token around in
the URL or in a hidden form item.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Scheduling tasks

[Miguel Cruz]

On Fri, 5 Jul 2002, Frank S. Kicenko wrote:
> I couldn't find anything in the help files or the faq... but.
> 
> Are there any scheduling fuctions with PHP? What I'm looking for is
> something functionally close to a crontab.

Crontab would work.

Or you could make a library that you include in often-requested files
which checks and updates a task list to take care of anything that needs
to be done.  You may not get perfect Swiss-train timing but if your site
has decent levels of traffic it should work.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Handling of constants in strings

[Miguel Cruz]

On Tue, 2 Jul 2002, Uwe Birkenhain wrote:
> A question - since english is not my first language - what do you mean with
> >It's not all that common to bury constants in strings
> 
> Is something bad about it?

I think so. It would slow parsing down to a crawl and create a host of
ambiguities if every letter that ever appeared in a string had to be
compared against the list of defined constants (after all, you might have
a constant called 'a'). With normal variables, it only has to worry about
it when there's a $ before it or {} around it, which is much simpler.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] gc_probability: requests tallied per server or domain?

[Miguel Cruz]

On Tue, 2 Jul 2002, Johnson, Kirk wrote:
> Is the number of requests (used for garbage collection), tallied on a per
> server basis, or on a per domain basis? What about in a load-balanced
> environment?

Pretty fair bet it's a per-server basis.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] checking the path from which someone has arrived at aspecific script

[Miguel Cruz]

On Fri, 28 Jun 2002, Kris Vose wrote:
> Basically I want to check to see if a user has gone to PayPal.com and
> paid for a product before I disseminate the username and password
> through a script called thankyou.php.
> 
> I tried using an if statement that checks the global variable
> $HTTP_REFERER:
> 
> if($GLOBALS['HTTP_REFERER'] == 
>"https://www.paypal.com/cgi-bin/webscr?__track=_xclick-flow:p/xcl/pay/buy-confirm:_xclick-payment-confirm-submit";)
> {
> 
> 
> //access code that disseminates usernames and passwords
> 
> 
> }
> 
> 
> Unfortunately...This is not working.  I went to the php manual and it
> basically stated that not all web sites will post the $HTTP_REFERER.  I
> believe that is what is happening in this case.

Also, anyone can fake HTTP_REFERER to be anything they want, so it's a 
pretty lousy payment verification mechanism.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] addslahes and magic quote woes

[Miguel Cruz]

On Wed, 3 Jul 2002, Jean-Christian Imbeault wrote:
> Erik Price wrote:
>> Turn off magic_quotes and do addslashes() explicitly every time you do
>> a database insert.  Then make sure you always stripslash() data
>> returned from a database query.
>> 
>> magic_quotes is convenient for newbies, but after a while you'll find it 
>> only trips you up, as you've discovered.
> 
> I totally agree.

Chalk me up as another magic_quotes hater. 

Unless your code is very simplistic, you'll end up with far more
stripslasheses than you would have had addslasheses. So it's a net waste
of time, and leads to all sorts of irritating data corruption bugs that
are a nuisance to track down.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Weird preg problem

[Miguel Cruz]

On Thu, 4 Jul 2002, SP wrote:
> Hi I am trying to check if a word contains only capital letters.  For
> some reason it's not working.  The below example is checking the word
> "weird" to see if it's all capital letters but it's saying it's matches.  
> I've tried checking for only lower case letters with "WEIRD" and it's
> not working there too.  What am I doing wrong?
> 
> 
> $pattern = "A-Z";
> $regexp = '/^['.$pattern.']*$/i';
> if( preg_match($regexp, "weird") )
>   echo "matches";
> else
>   echo "does not match";

Easiest approach:

  if ($str != strtoupper($str))
echo 'String contains lower-case letters.';

Using preg:

  if (preg_match('/[a-z]/', $str))
echo 'String contains lower-case letters.';

If you don't want any other characters to appear, ONLY capital letters 
(your question was a little ambiguous to me):

  if (preg_match('/[^A-Z]/', $str))
echo 'String contains something other than capital letters.';

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: mac ie and force download

[Miguel Cruz]

On Tue, 2 Jul 2002, Richard Lynch wrote:
> If you can't do .htaccess, for whatever reason, second-best choice is:
> 
>  HREF=download.php/filenameyouwant.doc?filename=filenameyouwant.doc>Download<
> /A>
> 
> Apache and PHP are gonna ignore the bogus /filenameyouwant.doc part, while
> the browser stupidly believes that's what it surfed to, since it looks like
> the "end" of the URL.

Why not do

  download

and then in download.php, just set

  $filename = substr($_SERVER['PATH_INFO'], 1);

...?

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Authentication

[Miguel Cruz]

On Thu, 4 Jul 2002, Alberto Serra wrote:
>> As a caveat to Mr. Serra's suggestion, remember that there are *many*
>> users who will go through an IP masquerading gateway or proxy, so
>> their IP may fluctuate, even though they are actively browsing. For
>> this reason, it is often necessary to tolerate some fluctuation in
>> the IP address, perhaps only in the last octet though.
> 
> Thanks, I guess I'll just do that. I was actually wondering how to leave 
> this barrier up without being nasty to normal users. That also solves 
> the dial-up problem, at least much of it, as callers will fluctuate 
> mostly on the last octet if they do reconnect through the same ISP, 
> right? Besides, IP masquerading gateways ARE a problem with the 
> suggestion I gave. And I guess this also explains why we are having so 
> much trouble in counting users (that is, IPs) whenever ADSL connection 
> come around. Any suggestion?

I'd suggest ignoring IP altogether and focusing on other tactics. There 
are just too many pitfalls in trusting IPs and too much user annoyance 
possible from not trusting them.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pdf_show_boxed

[Miguel Cruz]

On Tue, 2 Jul 2002, Hugo Wetterberg wrote:
> I have a problem with pdf_show_boxed(), it doesn't output anything.
> Everything else shows up just fine. Is there something that I have
> overlooked in this code?
> 
> pdf_show_boxed (
>  $pdf,//Object
>  $issuedesc,  //text
>  70,//left
>  700,//top
>  350,   //width
>  400,   //height
>  left);   //justify

I bet the text is off the page. Try changing 'top' to 400 and see what 
miracles ensue.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Spam Bots/E-mail Addys

[Miguel Cruz]

On Fri, 14 Jun 2002, Manuel Lemos wrote:
> I would say that the long standing users are even more aware that they 
> should not turn off Javascript because they are experienced enough to 
> know that some sites of their preference do not work right without 
> Javascript.
> 
> I believe that users that disable Javascript just for a short period 
> because soon or later they realize that it is their loss. Users that 
> keep Javascript disable for a long time are not being smart, they are 
> just being stubborn. Soon or later they realize that being stubborn is 
> masochism.

I keep JavaScript off most of the time. This state of affairs has gone on
for about 5 years now (in the 4 years I was using the web prior to that,
it wasn't enough of a nuisance to worry about) and I haven't yet realized
I'm stubborn (though maybe that's the problem).

I don't know of any major sites that require it - even Microsoft's own
MSNBC works fine with scripting disabled. Only four types of sites require
JavaScript, in my experience:

1) Really flashy or otherwise non-transactional sales sites like car 
companies and movie studios.

2) Transactional sites that are a first effort. Eventually the company 
either abandons the JavaScript requirement (Amazon, eBay, etc.) or goes 
out of business. Not that JavaScript drove them out of business, but it's 
symptomatic of a general lack of understanding of the web world.

3) Gee-whiz sites by web developers who are trying to show off their 
prowess.

4) Moronic amateurish sites commissioned by small business owners who 
don't understand the web and think users will like them better if their 
site has every single available gimmick (marquee text in the status bar, 
music playing while you visit the site, etc.). They pay $100 for the site 
plus $20 per gimmick, and they get what they paid for.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Nested IF's (Is there a LIMIT ?)

[Miguel Cruz]

I am too lazy to count your braces for you, but no, there's not really a 
limit to how many ifs you can nest.

It helps to use an editor that flashes the bracket's companion when you 
type or edit one. That way you can easily see whether they're balanced in 
the right place.

miguel

On Fri, 14 Jun 2002, Daniel Negron/KBE wrote:
> This is my code, it seems that either I have the curly brackets in the
> wrong place OR there is a limit to how many times you can set IF's.  So
> before I pull out the shotgun, and take out this machine, I figure I would
> ask the "Cousel Of the PHP OverLords".
> 
> So you know, I happen to also be using "validateEmailFormat"  that was
> suggested a few minutes ago by Manuel... Thanx by the way, you saved me
> some time.
> I also chage the permissions on the files on the server to 777 so there
> would be no mistake.
> I also changed the order of the IF statements for the validateEmail class.
> I have run it both ways with the same result.
> 
> TIA
> 
>  include "config.php";
> include "form_validator.class";
> include "validateEmailFormat.php";
> if ($submit) {
>   if ($form_complete)
> {
>   $my_form = new form_validator;
> if($my_form ->validate_fields("first, last, email, company, address, city,
> state, zip, phone")) {
>   $isValid = validateEmailFormat($email);
>  if(!$isValid) {
> echo "Your Email Address Is InValid, \n Please Press
> your Web Browsers 'BACK' button and re-enter your email address";
>   }else{
>   $db = mysql_connect($dbhost,$dbuname,$dbpass);
>   mysql_select_db($dbname,$db);
>   $sql = "INSERT INTO $prefix";
>   $sql .= "(first, last, email, company, address, city, state, zip,
> phone, fax, mobile, comments)";
>   $sql .= "VALUES";
>   $sql .= "('$first', '$last', '$email', '$company', '$address',
> '$city', '$state', '$zip', '$phone', '$fax', '$mobile', '$comments')";
>   $result = mysql_query($sql);
>  if (!$result) {echo("error: " . mysql_error() . "\n$sql\n");}
>   echo "Thank You for your submission.One of our agents
> will review your submission and forward your username and password.\n";
>   echo "You will not receive this email instantly\n";
>   }else{
>   echo ($my_form->error_message . "");
>}
>   }
>  }
> }
> else
> {
> ?>
> 
> 
> html code in here,
> 
> 
>  }
> ?>
> 
> 
> 
> Thank You
> 
> <><><><><><><><><><><><><><><><>
> 
> Daniel Negrón
> Lotus Notes Administrator / Developer
> KB Electronics, Inc.
> 954.346.4900x122
> http://www.kbelectronics.com
> 
> <><><><><><><><><><><><><><><><>
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re[2]: [PHP] sessions help

[Miguel Cruz]

On Thu, 13 Jun 2002, Kevin Stone wrote:
> Your problem is here..
> >  return ($_SESSION['node'] = $node_id);
> 
> I do not believe that you can both set and return a varaible on the same
> line.  FYI, the variable which you're returning in this function is global..
> so there's no reason to return it anyway.  Just fill the index and you're
> all set.

There's no particular reason that in itself shouldn't work - the return 
value of an assignment is the result of the assignment.

Try:

   $i = 1;
   echo $i = $i + 3;

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Different colors on lines

[Miguel Cruz]

On Fri, 14 Jun 2002, Bård Tommy Nilsen wrote:
> Can anyone help out with this ??
> 
> Since i do the search after the query, there is an problem if line 1 in the
> Sql table matches, line 2 does not, but line 3 does.
> 
> Then the result will display the same color on the two lines
> That would be printet in this example.
> 
> How can i make sure that it will allways display the colors
> On each line ??
> 
> $query_1 = mysql_query("select * from $tabell_4"); 
> $number_1 = mysql_numrows($query_1) ;
> $i_1 = 0;
> $bgcolor[0] = "#FFE38E";
> $bgcolor[1] = "#FF";
> 
> $Search = "Test";
> 
> while ($i_1 < $number_1) {
>  $Name = mysql_result($query_1,$i_1,"Name");
> 
> if (eregi ($Search, $Name)) {
> 
> Echo '';
> 
> }
> 
> $i++;
> }

  $bgcolor[0] = "#FFE38E";
  $bgcolor[1] = "#FF";
  $i = 0;
  while ($row = mysql_fetch_assoc($query_1))
  {
$name = $row['name'];
if (eregi($search, $name))
  echo ''; 
  }

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Email validation

[Miguel Cruz]

On Fri, 14 Jun 2002, Manuel Lemos wrote:
> On 06/14/2002 03:06 AM, Miguel Cruz wrote:
>> On Fri, 14 Jun 2002, Manuel Lemos wrote:
>>> The following classes use this validation regular expression string.  
>>> It does not exclude some invalid addresses but includes all valid
>>> addresses.
>>>
>>> 
>"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$"
>> 
>> It doesn't, as far as I can tell, allow this valid address:
>> 
>>[EMAIL PROTECTED]
> 
> I never heard of TLD with more than 4 characters. Is this recent?

About a year old, I think. Not that it's being used a whole lot yet, 
admittedly.

>> And what's with all the nonsense characters in the domain name portion?
>> Only letters, numbers, hyphen, and period are allowed after the @ sign.
> 
> I just followed the BNF of the RFC to figure which characters would 
> eventually be valid. At least it does not exclude valid characters.

The RFCs would also suggest that the final component of a domain could be
longer than 4 characters. In fact, accommodating that has been a clear
operational requirement for some time, as it's long been threatened that
such domains would exist in the primary root, and for people who use the
various splinternet alternate roots, it's been reality for years.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Spam Bots/E-mail Addys

[Miguel Cruz]

On Fri, 14 Jun 2002, Analysis & Solutions wrote:
> On Thu, Jun 13, 2002 at 10:36:56PM -0500, Miguel Cruz wrote:
>> If you're doing the site for the US government, you're (thank goodness) 
>> required by law to make sure it works without JavaScript.
> 
> REALLY?!  That's good news.  Could you please provide a source for that?

Section 508 of the Rehabilitation Act Amendments (which is so exciting 
that it has its own web site, www.section508.gov) requires that 
information made available to the public through electronic means be done 
so in a manner that provides broad accessibility to people with a wide 
variety of impairments. It took a long time (the law was passed in 1998) 
to figure out what that would mean - I was working for the government at 
the time and it was a bit frustrating, as expectations for the final 
requirements kept changing, even though the compliance deadline was 
expected to arrive before the guidelines! 

Reading the final law, it looks like they eased up from the position taken
in the penultimate proposal which was looking solid as I left for the
private sector. That position was that any scripted process had to be
accompanied by a non-client-side-scripted alternative. In the final
version, that's been replaced with a not-too-clear statement (paragraph l)
which may or may not say the same thing. Here's the full set of
requirements as put forth in 36 CFR 1194.22, "Web-based intranet and
internet information and applications":

(a) A text equivalent for every non-text element shall be provided (e.g., 
via "alt", "longdesc", or in element content).

(b) Equivalent alternatives for any multimedia presentation shall be 
synchronized with the presentation.

(c) Web pages shall be designed so that all information conveyed with 
color is also available without color, for example from context or markup.

(d) Documents shall be organized so they are readable without requiring an 
associated style sheet.

(e) Redundant text links shall be provided for each active region of a 
server-side image map.

(f) Client-side image maps shall be provided instead of server-side image 
maps except where the regions cannot be defined with an available 
geometric shape.

(g) Row and column headers shall be identified for data tables.

(h) Markup shall be used to associate data cells and header cells for data 
tables that have two or more logical levels of row or column headers.

(i) Frames shall be titled with text that facilitates frame identification 
and navigation.

(j) Pages shall be designed to avoid causing the screen to flicker with a 
frequency greater than 2 Hz and lower than 55 Hz.

(k) A text-only page, with equivalent information or functionality, shall 
be provided to make a web site comply with the provisions of this part, 
when compliance cannot be accomplished in any other way. The content of 
the text-only page shall be updated whenever the primary page changes.

(l) When pages utilize scripting languages to display content, or to 
create interface elements, the information provided by the script shall be 
identified with functional text that can be read by assistive technology.

(m) When a web page requires that an applet, plug-in or other application 
be present on the client system to interpret page content, the page must 
provide a link to a plug-in or applet that complies with ¤1194.21(a) 
through (l).

(n) When electronic forms are designed to be completed on-line, the form 
shall allow people using assistive technology to access the information, 
field elements, and functionality required for completion and submission 
of the form, including all directions and cues.

(o) A method shall be provided that permits users to skip repetitive 
navigation links.

(p) When a timed response is required, the user shall be alerted and given 
sufficient time to indicate more time is required.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Advanced User Authentication

[Miguel Cruz]

I think you're making it needlessly complicated. Why don't you just

  select * from * FROM auth WHERE authname = '$username' AND
  authpass = password('$password')

and not worry about "WHERE authlevel = 1"?

Then, if that query is successful, you can just fetch the result row 
and see what 'authlevel' is for that user, and act accordingly.

miguel

On Fri, 14 Jun 2002, César Aracena wrote:
> I’m trying to make a somehow “advanced” user authentication system fro
> my own web site. What I’m using as a model example, is the
> authentication system explained by Luke Welling & Laura Thomson in their
> book “PHP and MySQL Web Development”. In the book, they explain how to
> make apparently a perfect user authentication system, but only for one
> level users. I would like to change that somehow in order to make my
> scripts recognize whether the user is an Administrator or a Common User,
> identified by a “authlevel” field in my DB (1 for Admin – 2 for Users).
> 
> I’m making all my web sites, by using an “include” schema, so the user
> is authenticated only in the Header (included in all the pages).
> 
> What I have so far is:
> 
>  
> // this is where the original script begin
> 
> session_start();
> 
> if ($userid && $password)
> {
>   $db_conn = mysql_connect("localhost", "user", "password");
>   mysql_select_db("dbname", $db_conn);
>   $query = "SELECT * FROM auth WHERE authname = '$username' AND
> authpass = password('$password') AND authlevel = 1";
>   $result = mysql_query($query, $db_conn);
>   if (mysql_num_rows($result) > 0)
>   {
>   $valid_user = $userid;
>   session_register("valid_admin");
>   }
> 
> // this is what I tried to add
> 
>   else if (mysql_num_rows($result) >= 0)
>   {
>   $query1 = "SELECT * FROM auth WHERE authname =
> '$username' AND authpass = password('$password') AND authlevel = 0";
>   $result1 = mysql_query($query1, $db_conn);
>   if (musql_num_rows($result1) > 0)
>   {
>   $valid_user = $userid;
>   session_register("valid_user");
>   }
>   }
> }
> ?>
> 
> It works great when used in it’s original state, but does no good to
> what I’m trying to do here. Also, I’m willing to learn from this so I
> don’t want to rush and get it already done out there ;-)
> 
> By the way, before you ask, I use MySQL and PHP 4 under a Apache
> emulator (PHPTriad) running under WinXP (and damn, it works good and
> smooth).
> 
> Hope to get some knowledge from you guys and gals,
> 
> Cesar Aracena  
> CE / MCSE+I
> Neuquen, Argentina
> +54.299.6356688
> +54.299.4466621
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Gathering user info with php or php and mysql.

[Miguel Cruz]

On Fri, 14 Jun 2002, Chris Bunting wrote:
> My htaccess file:
> 
> ErrorDocument 401 /error/error401.php
> ErrorDocument 403 /error/error403.php
> ErrorDocument 404 /error/error404.php
> ErrorDocument 500 /error/error405.php
> 
> My question is this, Is it possible to use php to get the referring url, 
> browser, os, date of error and stuff and then either write it to a text file 
> or possible log it into mysql?

Run this little program:

  

and see if you don't learn something useful.

migue


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Email validation

[Miguel Cruz]

On Fri, 14 Jun 2002, Manuel Lemos wrote:
> The following classes use this validation regular expression string. It 
> does not exclude some invalid addresses but includes all valid addresses.
> 
> 
>"^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$"

It doesn't, as far as I can tell, allow this valid address:

   [EMAIL PROTECTED]

And what's with all the nonsense characters in the domain name portion?
Only letters, numbers, hyphen, and period are allowed after the @ sign.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php