php-general Digest 26 Nov 2008 22:14:27 -0000 Issue 5812
php-general Digest 26 Nov 2008 22:14:27 - Issue 5812 Topics (messages 283819 through 283835): Re: Enable disable_functions globally and disable for a domain 283819 by: Stan Vassilev | FM 283820 by: sbeam 283831 by: mike Voting methodology 283821 by: tedd 283823 by: ceo.l-i-e.com 283824 by: Dan Joseph 283825 by: Yeti 283827 by: Daniel P. Brown 283828 by: ceo.l-i-e.com 283830 by: Ashley Sheridan 283832 by: Nathan Rixham 283834 by: tedd Online Calendars 283822 by: tedd 283826 by: Daniel P. Brown 283833 by: Nathan Rixham 283835 by: tedd pear mail() verses net-smtp() 283829 by: Al Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- Hi, Blacklists are by definition insecure, so I'd advise you to have two setups, one locked down (whitelist effectively) with only the needed extensions and features, and the other one more relaxed. Regards, Stan Vassilev Hi, Can I enable disable_functions globally and disable for individual domains? According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? Thanks! [1] http://es.php.net/features.safe-mode -- Santi Saez http://woop.es -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- On Wednesday 26 November 2008 05:10, Santi Saez wrote: According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? using Apache? you can set php_value etc in virtualhost block: http://us2.php.net/configuration.changes ---End Message--- ---BeginMessage--- php-fpm also allows per pool overrides. in php 5.3, i believe the php.ini can use conditionals such as path as well. On Wed, Nov 26, 2008 at 5:54 AM, sbeam [EMAIL PROTECTED] wrote: On Wednesday 26 November 2008 05:10, Santi Saez wrote: According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? using Apache? you can set php_value etc in virtualhost block: http://us2.php.net/configuration.changes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com ---End Message--- ---BeginMessage--- You have to have them registered and logged in with their Union ID to have any accountability at all... Anything else is just to wide open to ballot stuffing. You will need to provide reassurances of anonimity, presumably, and possibly some process/permissions/control/authentication/authorization in that regard. ---End Message--- ---BeginMessage--- On Wed, Nov 26, 2008 at 9:23 AM, tedd [EMAIL PROTECTED] wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. http://www.php.net/unsub.php espn.com wrote an article about this once. They ran a voting poll to determine the best uniforms in sports. It came down to two teams. A guy wrote a script to go in and vote over and over and over. They found 80,000 entries from him. They tracked it all by IP address, and then looked at the time logs for the vote. They noticed all the IPs were mostly the same, some slight changes, and then the times were consecutive within in a few minutes. Now, of course, filtering by time and IP isn't full proof, the best idea is to log in (as suggested already). But if you can't log in, you could do things such as IP logging, cookie. Unfortunately, workers are not always honorable. And I'm not just picking on union workers. If you can get them to log in do it, otherwise, log as much information as possible and set a cookie. -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a
[PHP] Enable disable_functions globally and disable for a domain
Hi, Can I enable disable_functions globally and disable for individual domains? According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? Thanks! [1] http://es.php.net/features.safe-mode -- Santi Saez http://woop.es -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Enable disable_functions globally and disable for a domain
On Wednesday 26 November 2008 05:10, Santi Saez wrote: According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? using Apache? you can set php_value etc in virtualhost block: http://us2.php.net/configuration.changes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Voting methodology
Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Online Calendars
Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
You have to have them registered and logged in with their Union ID to have any accountability at all... Anything else is just to wide open to ballot stuffing. You will need to provide reassurances of anonimity, presumably, and possibly some process/permissions/control/authentication/authorization in that regard. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Enable disable_functions globally and disable for a domain
Hi, Blacklists are by definition insecure, so I'd advise you to have two setups, one locked down (whitelist effectively) with only the needed extensions and features, and the other one more relaxed. Regards, Stan Vassilev Hi, Can I enable disable_functions globally and disable for individual domains? According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? Thanks! [1] http://es.php.net/features.safe-mode -- Santi Saez http://woop.es -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
On Wed, Nov 26, 2008 at 9:23 AM, tedd [EMAIL PROTECTED] wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. http://www.php.net/unsub.php espn.com wrote an article about this once. They ran a voting poll to determine the best uniforms in sports. It came down to two teams. A guy wrote a script to go in and vote over and over and over. They found 80,000 entries from him. They tracked it all by IP address, and then looked at the time logs for the vote. They noticed all the IPs were mostly the same, some slight changes, and then the times were consecutive within in a few minutes. Now, of course, filtering by time and IP isn't full proof, the best idea is to log in (as suggested already). But if you can't log in, you could do things such as IP logging, cookie. Unfortunately, workers are not always honorable. And I'm not just picking on union workers. If you can get them to log in do it, otherwise, log as much information as possible and set a cookie. -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Voting methodology
I once had to implement something similar for a client's intranet page. First we designed it to work without login simply by logging the IPs (static and in the 10.10.*.* range) to avoid people voting twice or more. Then the client wanted to have some statistics like what department voted for what (yeah, not very democratic i know). So we changed it have the user log in before voting. Now we could also make sure that only authorized users were voting, unless a user forgot to log out and a delivery guy was taking his chances (very unlikely). I think the thingy about online voting is to ask oneself how serious the result has to be. Getting a 99% bulletproof result might be quite time consuming (thinking of HTTPS, tokens, authorization, etc. here). So it all depends on what your client wants. //A yeti -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Calendars
On Wed, Nov 26, 2008 at 9:25 AM, tedd [EMAIL PROTECTED] wrote: Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Related to the discussion about this last week or the week before? If you're going for an ASP (not the M$ thing, but Application Service Provider), I'd recommend Google calendar, hands-down. -- /Daniel P. Brown http://www.parasane.net/ [EMAIL PROTECTED] || [EMAIL PROTECTED] 1 LEFT: $149/mo. $0 Setup - Dual-Core/320GB HDD/1GB RAM/3TB 100Mbps/cPanel - SAME-DAY SETUP! Contact me to buy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
On Wed, Nov 26, 2008 at 9:23 AM, tedd [EMAIL PROTECTED] wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. Because this is going to be a member-only vote, half of your decision is already made. The rest of it is as Lynch described. And to preserve anonymity, don't attach the actual vote to the UserID of the account, just flip a boolean that they have, indeed, voted in that poll, or add their UserID to the list of voters. Then something like this: ?php // Just done to save run-on lines via email. function m($data) { return mysql_real_escape_string($data); } $sql = SELECT COUNT('UserID') FROM `polls` WHERE ; $sql .= `id` = '.m($pollID).' AND `UserID` = '.m($userID).'; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $voted = $row[0] == '1' ? True : False; ? And you can switch()/case your way to whether or not the voting form is shown or if that UserID is blocked from voting. This also lets you expand to control by groups if need be now or later, and disables people from voting from multiple computers. They have to be logged in to vote, and they can only vote once, but it allows for anonymity in elections, etc. Which, as a Teamster for the last twelve years, is something I personally appreciate. ;-P -- /Daniel P. Brown http://www.parasane.net/ [EMAIL PROTECTED] || [EMAIL PROTECTED] 1 LEFT: $149/mo. $0 Setup - Dual-Core/320GB HDD/1GB RAM/3TB 100Mbps/cPanel - SAME-DAY SETUP! Contact me to buy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
You should probably also wrap a vote in a transaction, so a user is not locked out from voting unless you are 100% sure their vote got counted, nor vice versa. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pear mail() verses net-smtp()
Anyone have opinions on these two mail functions for sending smtp emails, pear mail() verses net-smtp()? Which is best, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
On Wed, 2008-11-26 at 09:23 -0500, tedd wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com I did something similar at work. Basically, the URL to the voting system was sent out automatically to a list of email addresses. When the user fills in the form, the address is marked off as used. One requirement was that the form be completely anonymous, so the results were stored with no link back to the user who made them. Also, only add the voting results if the users email address has not already been used. If you're really worried, use SSL to protect it from interference. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Enable disable_functions globally and disable for a domain
php-fpm also allows per pool overrides. in php 5.3, i believe the php.ini can use conditionals such as path as well. On Wed, Nov 26, 2008 at 5:54 AM, sbeam [EMAIL PROTECTED] wrote: On Wednesday 26 November 2008 05:10, Santi Saez wrote: According to PHP documentation [1] it can be only set via php.ini.. For shared hosting scenarios, it will be great this feature.. disable insecure functions globally, and enable for certain domains, any workaround to make this? using Apache? you can set php_value etc in virtualhost block: http://us2.php.net/configuration.changes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Voting methodology
tedd wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. Cheers, tedd vote form collects choice and union member id. unique index on unionMemberId in the db swap union id for ip if needed if using ip and you want subnet detection simply convert the ip to it's integer value and count everything +/- subnet/X(size) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Online Calendars
tedd wrote: Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Cheers, tedd to integrate in with a system? open or closed source? feature list? (you could mean a massive task manager or a tiny calender widget) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Voting methodology
At 9:23 AM -0500 11/26/08, tedd wrote: Hi gang: What methodology would be the best for online voting? I have a client who is a Union and they want members to vote online, but don't want someone to stuff the voting box. I have some ideas of my own, but would like to hear what you people would recommend. Cheers, tedd Thanks guys for the suggestions. I think registering the member via their union ID vard number and then recording their vote as Daniel suggested is probably best. They were leaning toward some popular canned script that they say all other unions use (don't know what that is) because it's secure (don't know what that means). I'll find out soon enough. Thanks again. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Online Calendars
At 9:18 PM + 11/26/08, Nathan Rixham wrote: tedd wrote: Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Cheers, tedd to integrate in with a system? open or closed source? feature list? (you could mean a massive task manager or a tiny calender widget) Nathan: You're right -- I was vague. I'm looking for a calendar script that provides date information for simple scheduling. Most post will take the form a title within the calendar day with a pop-up if the user is interested in seeing more. In other words, a pretty simple calendar connected to a database. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pear mail() verses net-smtp()
Al wrote: Anyone have opinions on these two mail functions for sending smtp emails, pear mail() verses net-smtp()? Which is best, etc. Pear mail puts everything together and if necessary uses net_smtp to send it. If you want to have to build the emails yourself, you can do it and then use net_smtp to send it - but it's pretty hard to do and get right for all situations. Otherwise, use pear mail to do everything for you. http://pear.php.net/package/Net_SMTP/ » Packages that depend on Net_SMTP * Mail -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pear mail() verses net-smtp()
Al wrote: Anyone have opinions on these two mail functions for sending smtp emails, pear mail() verses net-smtp()? Which is best, etc. Pear mail puts everything together and if necessary uses net_smtp to send it. If you want to have to build the emails yourself, you can do it and then use net_smtp to send it - but it's pretty hard to do and get right for all situations. Otherwise, use pear mail to do everything for you. http://pear.php.net/package/Net_SMTP/ » Packages that depend on Net_SMTP * Mail -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Online Calendars
tedd wrote: At 9:18 PM + 11/26/08, Nathan Rixham wrote: tedd wrote: Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Cheers, tedd to integrate in with a system? open or closed source? feature list? (you could mean a massive task manager or a tiny calender widget) Nathan: You're right -- I was vague. I'm looking for a calendar script that provides date information for simple scheduling. Most post will take the form a title within the calendar day with a pop-up if the user is interested in seeing more. In other words, a pretty simple calendar connected to a database. Cheers, tedd I'd be lying if I said I knew, as I've always rolled my own; however a google such as: http://www.google.co.uk/search?q=php+appointment+calendar may throw up a nice find. note: there are lot's of systems and widgets for bigger applications that would do the job, you could get a full web mail and task management system easily enough (and odds are a much better product). if it's just a simple front end display thing, then I'm sure even a common news or blog script could be modified by showing the calendar entries (news items/blog posts) in a calendar view.. fat lot of help I am eh :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RSE in Ganymede + General Dev Talk
Evening all, Just wondered if anybody else had tranfer problems using the ftp connector of the RSE plugin for eclipse ganymede, I keep getting a no transfer and the export from project dialog telling me to pick a remote folder (Even though I have). Not looking for a fix, just wondered if anybody else had troubles with it? On a brighter note (I'm waffling tonight) it did encourage me to stop being lazy and start writing deployment and rollback scripts for my svn repos again, so not all bad :) ps: if anybody isn't updating live sites from scp like this and wants more info; just give me a shout - it's simple, 100x faster than ftp and a good practise regards! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RSE in Ganymede + General Dev Talk
Nathan Rixham wrote: Just wondered if anybody else had tranfer problems using the ftp connector of the RSE plugin for eclipse ganymede, confusion, it's fine in ganymede off in europa - sorry! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Online Calendars
Hi, Or you can get PHP webhost and install eGroupWare. http://www.egroupware.org/ I like to use that because I can have more control. -- Regards, Michael Leung http://www.itblogs.info http://www.michaelleung.info On Thu, Nov 27, 2008 at 9:37 AM, Nathan Rixham [EMAIL PROTECTED] wrote: tedd wrote: At 9:18 PM + 11/26/08, Nathan Rixham wrote: tedd wrote: Hi gang: What online calendars would any of you recommend or have experiences with one way or the other? Cheers, tedd to integrate in with a system? open or closed source? feature list? (you could mean a massive task manager or a tiny calender widget) Nathan: You're right -- I was vague. I'm looking for a calendar script that provides date information for simple scheduling. Most post will take the form a title within the calendar day with a pop-up if the user is interested in seeing more. In other words, a pretty simple calendar connected to a database. Cheers, tedd I'd be lying if I said I knew, as I've always rolled my own; however a google such as: http://www.google.co.uk/search?q=php+appointment+calendarmay throw up a nice find. note: there are lot's of systems and widgets for bigger applications that would do the job, you could get a full web mail and task management system easily enough (and odds are a much better product). if it's just a simple front end display thing, then I'm sure even a common news or blog script could be modified by showing the calendar entries (news items/blog posts) in a calendar view.. fat lot of help I am eh :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Michael Leung http://www.itblogs.info http://www.michaelleung.info
Re: [PHP] RSE in Ganymede + General Dev Talk
Nathan Rixham schreef: Evening all, Just wondered if anybody else had tranfer problems using the ftp connector of the RSE plugin for eclipse ganymede, I keep getting a no transfer and the export from project dialog telling me to pick a remote folder (Even though I have). Not looking for a fix, just wondered if anybody else had troubles with it? On a brighter note (I'm waffling tonight) it did encourage me to stop being lazy and start writing deployment and rollback scripts for my svn repos again, so not all bad :) my deployment/rollbacks are generally in the form: cvs up -r FOOTAG as for DB schemas, I stick to non-destructive additions which can be added before hand and stay in place in case of a rollback. not ideal, but it's simple enough that my colleagues understand it and can tag and rollout new version even when Im not there to handhold ... not too mention that there is hardly ever time or money to spend on something as pointless (well you try explaining it to a relatively small client) deployment management tools/scripts. ps: if anybody isn't updating live sites from scp like this and wants more info; just give me a shout - it's simple, 100x faster than ftp and a good practise HI THERE. IM UP FOR LEARNING A NEW TRICK OR TOO. regards! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Netbeans 6.5 WAS: phpDesigner 2008?
On Tue, 2008-11-18 at 10:32 +, Holografix wrote: Hi I tried PHPDesigner some time ago. It's not bad but now I'm using Netbeans and it's a good editor: http://www.netbeans.org/ (it's free!) I watched the little movie demo and was impressed, so I just installed and tried the Netbeans 6.5 (.sh installer for Linux b/c the Ubuntu repository has 6.1 still) and am really disappointed at how pokey the GUI is?! It's so slow as to be unusable. I'm baffled by this, as I've been using Eclipse PDT (which is a pig) and that also uses Java, but it's nowhere near as slow as Netbeans is. My system is far from old: Intel P4 CPU 3.20GHz with 2GB RAM. java version 1.6.0_10 Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Java HotSpot(TM) Client VM (build 11.0-b15, mixed mode, sharing) (also tried with the OpenJDK or whatever it's called, and had the same miserable experience) I tried to adjust some of the netbeans.conf that I saw in the FAQ to no avail: netbeans_default_options=-J-client -J-Xverify:none -J-Xmx256m -J-Xss2m -J-Xms32m -J-XX:PermSize=32m -J-XX:MaxPermSize=200m -J-Dapple.laf.useScreenMenuBar=true -J-Dsun.java2d.noddraw=true -J-XX:CompileThreshold=100 -Dswing.aatext=true The fonts also looked horrible! All pixeley and like I was back in the 1980's. I read the forums and searched for slow and saw other poor souls with similar experiences, but no solutions. :( Oh well... Guess I'll stick with Eclipse PDT (and how does Zend get off charging $400 for Zend Studio which amounts to a few Eclipse plugins?!? Seriously? That's $150 at best) Daevid. http://www.daevid.com