[PHP] Full versus relative URLs
Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Sorting times (SOLVED before tedds crappy SOLVED)
Shawn McKenzie schreef:
Shawn McKenzie wrote:
...
Not tested:
no shit.
function time_sort($a, $b)
{
if (strtotime($a) == strtotime($b)) {
return 0;
}
return (strtotime($a) strtotime($b) ? -1 : 1;
}
usort($time, time_sort);
Well, I just thought, since the strtotime() uses the current timestamp
to calculate the new timestamp, if you only give it a time then the
returned timestamp is today's date with the new time you passed. If you
had a large array and the callback started at 23:59:59 then you could
end up with some times from the date it started and some from the next
day, which of course would not be sorted correctly with respect to times
only. So, this might be better (not tested):
ditto (as in nice syntax error).
function time_sort($a, $b)
{
static $now = time();
if (strtotime($a, $now) == strtotime($b, $now)) {
return 0;
}
return (strtotime($a, $now) strtotime($b, $now) ? -1 : 1;
}
Your best bet above.
and G.W.Bush is a socialist.
I did a little test, the ultra-fast version offered by McKenzie
is really great as long as your array of time strings aren't ever
going to be longer than say 3-4 items (with the caveat that you
don't use a second argument to strtotime() ... if you do then
even with 3 items it's substantially slower).
for any reasonable number of items my tests show tedd's version
pisses on McKenzies from a great height (note that I actually
optimized Mckenzies variant by halfing the number of calls to
strtotime()).
I added a third variant, as a sort of control, which runs pretty
much on par with tedd's version but uses rather less LOC
(tedd you might like it as a little example of using array_multisort(),
i.e. a way of avoiding writing the double foreach loop in this case)
tedd's variant: sortTime1()
McKenzie's variant: sortTime2()
my variant: sortTime3()
sample output from one of my test runs:
===
===
No. of array items = 3, no of iterations = 1
---
timeSort1() ran for 1.306011 seconds
timeSort2() ran for 1.337358 seconds
timeSort3() ran for 1.742724 seconds
No. of array items = 6, no of iterations = 1
---
timeSort1() ran for 2.647697 seconds
timeSort2() ran for 2.475791 seconds
timeSort3() ran for 7.268916 seconds
No. of array items = 9, no of iterations = 1
---
timeSort1() ran for 3.891894 seconds
timeSort2() ran for 3.960463 seconds
timeSort3() ran for 18.440713 seconds
the test script:
===
===
?php
// TEST
ini_set(date.timezone, Europe/Amsterdam);
$iter = 1;
$time = array(
array(1:30pm, 7:30am, 12:30pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm,
4:30am, 6:45am, 12:00pm),
);
foreach ($time as $t)
testIt($t, $iter);
// FUNCS
function sortTime1($in_times)
{
$time = array();
foreach ($in_times as $t)
$time[] = strtotime($t);
sort($time);
$sort_time = array();
foreach ($time as $t)
$sort_time[] = date(g:ia, $t);
return $sort_time;
}
function timeSort2($in)
{
static $time = null;
if (!$time)
$time = time();
$now = array_fill(0, count($in), $time);
$out = array_map(strtotime, $in, $now);
array_multisort($out, SORT_NUMERIC, SORT_ASC, $in);
return $in;
}
function timeSort3($a, $b)
{
static $now = null;
if (!$now)
$now = time();
$a = strtotime($a, $now);
$b = strtotime($b, $now);
if ($a == $b)
return 0;
return $a $b ? -1 : 1;
}
function testIt($time, $iter)
{
echo \nNo. of array items = , count($time), , no of iterations =
$iter\n---\n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort2($time);
$e = microtime(true);
echo timeSort1() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort2($time);
$e = microtime(true);
echo timeSort2() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
usort($time, timeSort3);
$e = microtime(true);
echo timeSort3() ran for .round($e-$s, 6). seconds \n;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Paul M Foster wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? There is no difference - the browser will resolve relative URLs to absolute URLs before issuing the HTTP GET. /Per -- Per Jessen, Zürich (-0.9°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] E-Mail Attachment Filename Encoding Problem
Hey, my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. -eddy
Re: [PHP] Full versus relative URLs
My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Did you clear the cache between tests? That could explain the speed difference. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
Re: [PHP] Apache odd behavior
2009/2/16 Paul M Foster pa...@quillandmouse.com: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? You need to specify the absolute URL for all assets when using a URL scheme like this because the browser has no idea that index.php indicates the current directory so it resolves relative paths using the full URL. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-Mail Attachment Filename Encoding Problem
Hi, my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. This may help: http://www.phpguru.org/static/mime.mail.html -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.org (Updated February 14th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
Paul M Foster wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta Why would you want to do such a thing? If you want parameters in the filename without using get, use mod_rewrite and explode the page name - and use a delimiter or than a / - IE use an underscore, dash, upper case vs lower, etc to indicate your different variables. / has a special meaning in a URL string, I don't understand the motive of wanting to use it as a delimiter in a filename. That calls all kinds of weird issues (like the one you are experiencing, which is because the browser has no way to know index.php is a page - and the browser resolves relative URL's - that's not an apache issue) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] XSLTProcessor help
help, when I include xsl:apply-templates/ the XSLTProcessor only strips the XML tags and outputs the text see result --cut here result-- html headmeta http-equiv=Content-Type content=text/html; charset=UTF-8/head bodypre Hyalearl, 100-ton Sulieman-Class Scout/Courier 2008 03 10 All rights reserved 2008 Onno Meyer n...@none.com 10 Traveller 1.0 /pre/body /html -cut here-- cut here vehicle.php-- ?php $xslDoc = new DOMDocument(); $xslDoc-load(vehicle.xsl); $xmlDoc = new DOMDocument(); $xmlDoc-load(vehicle.xml); $proc = new XSLTProcessor(); $proc-importStylesheet($xslDoc); echo $proc-transformToXML($xmlDoc); ? --cut here- --cut here vehicle.xsl- ?xml version=1.0 ? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform; xsl:template match=/ html head /head body pre xsl:apply-templates/ /pre /body /html /xsl:template xsl:template match=meta !-- meta -- /xsl:template /xsl:stylesheet --cut here- --cut here vehicle.xml- ?xml version=1.0 encoding=UTF-8 ? vehicle id=1 xmlns=http://localhost/gurps/ns/; meta titleHyalearl, 100-ton Sulieman-Class Scout/Courier/title date year2008/year month03/month day10/day /date copyrightAll rights reserved 2008/copyright authorOnno Meyer/author emailn...@none.com/email TL10/TL backgroundTraveller/background version1.0/version /meta /vehicle --cut here- tom_a_sparks Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Make Yahoo!7 your homepage and win a trip to the Quiksilver Pro. Find out more -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Back to Basics - Re: [PHP] Re: for the security minded web developer - secure way to login?
Brilliant. Someone who understood my intentions :) It's not only a good
exercise but also useful. Once done in PHP and various JS frameworks, we
could port it to other languages. Would suggest to support as many as we can
because they all have pros and cons. PHP first tho :) . Maybe just good old
javascript as a start although the frameworks make it a lot easier. Who on
earth has Javascript turned off these days anyway? I don't know anyone who
is that paranoid. Sorry if someone here is but i believe if you are scared
of javascript you might as well not turn on a computer. There are always
going to be security holes.
Good on ya mate. Looks ok as an approach. Didn't look into all the details
though. I would suggest to put it under the MIT License as LGPL and GPL are
kind of restrictive as to the usage. Donations welcome of course :P.
If you want to host/version control the source code somewhere, i can offer a
git repository on my hosting or setup svn for you if you prefer that. Please
no CVS, i hate it. Just let me know if you need it.
I can also help with some development at some stage. I also believe that the
approach that i suggested would actually work well, even with a salt in the
original password hash. Maybe that salt should be hashed with a timestamp or
the same random salt as well lol. Computing a hash is not that expensive but
sending the salt might make it quite insecure because then an attacker knows
it. But i guess the salt's intension is primarily that an attacker cannot
use a pre-computed hash database from dictionaries. So maybe just sending it
is fine.
I might draw some diagrams and put them online somewhere to make it a bit
easier to understand.
Regards,
Tim
Tim-Hinnerk Heuer
http://www.ihostnz.com
Katharine Hepburn - Life is hard. After all, it kills you.
2009/2/16 Rene Veerman rene7...@gmail.com
Just for this case, where authentication of the server isn't an issue, and
things like deployment cost are,
i'd like to propose that we on this list look again at securing login/pass
through onewayHash functions, in an otherwise non-ssl environment.
i hate to be a critic of the community here, but isn't this insistence on
SSL a bit eh... lazy?
here's a starter for a onewayHash-based login crypto:
and think that with a proper layout of authentication architecture, one can
really secure a login system without having the administrative overhead of
installing SSL everywhere, and the monetary cost for a SSL certificate for
each domain.
I wish to code such a solution into a really-free library (so probably LGPL
or GPL + MIT) over the next 2 to 5 months.
This library would be a complete SQL, PHP javascript package (jQuery
plugged in), targetted for the novice programmer.
I'm halfway (or more?) there, i think.
For my own CMS, i have taken the following approach, which i'd like to hear
your improvements on:
(For onewayHash() i have MD5 and SHA256 implementations in both JS and
PHP..)
SQL:
create table users (
user_id integer,
user_login_name varchar(250),
user_login_hash varchar(250),
user_password_hash varchar(250),
other fields
primary key (user_id)
);
create table preferences (
pref_system_hash varchar(250)
);
PHP (pseudo-code) , on system installation:
preferences.pref_system_hash = onewayHash ( randomStringLength(100) );
PHP , on user-create:
users[user_id].user_login_hash = onewayHash(user_login_name +
preferences.pref_system_hash);
users[user_id].user_password_hash = onewayHash (someGooodPasswordNot +
preferences.pref_system_hash);
PHP, on request of a login form:
challenge = makeNewChallenge ();
//checks since when [browser IP] has last received a new challenge, if
threshold : make a new challenge. else return old challenge.
//a challenge is a random string (+ special chars) pushed through the
onewayHash function.
html = '
form id=loginForm
input type=hidden id=sh name=sh
value=preferences.pref_system_hash
input type=hidden id=ch name=ch value=challenge
input id=plain_user name=plain_user/
input id=plain_pass name=plain_pass/
input type=hidden id=user_hash name=user_hash/
input type=hidden id=pass_hash name=pass_hash/
/form
';
sendHTMLtoBrowser (html);
Javascript: on page with login form:
jQuery('#loginForm').submit (function () {
var sh = jQuery('#sh')[0]; //same for ch, plain_user, plain_pass,
all the inputs in the html form.
user_hash = onewayHash ( onewayHash ( plain_user.value + sh.value )
+ challenge );
//same for pass_hash basically
plain_user.value = ''; //clear out the plain text fields so they
dont get transmitted (same for plain_pass ofcourse)
jQuery.ajax ( /* submit login form through POST, handle results */ )
}
PHP, on receiving the login form data:
// walk through all the records in
Re: [PHP] Re: Sorting times (SOLVED before tedds crappy SOLVED)
Remember we have copy-on-write in PHP.
Beat this :P :
?php
$timeArray = array(/* your string time data */);
function timeStamps($ar) {
$stamps = array();
foreach ($ar as $timeString) {
$stamps[strtotime($timeString)] = $timeString;
}
return $stamps;
}
function sortTime($ar) {
$timeStampAr = timeStamps($ar);
ksort($timeStampAr); // since the keys are integers, timestamps ksort
would do the right thing
$ar = array_values($timeStampAr);
return $ar; //dont really need this but just in case someone prefers to
use
//it differently or needs a copy
}
sortTime($timeArray);
/* this way the strtotime function is only applied once to each time string
which is probably the most expensive. And ksort uses the sort algorithm that
the PHP core programmers regard as the most efficient. I believe quick sort.
CODE NOT TESTED :P might have minor mistakes but i doubt it :P.*/
?
Tim-Hinnerk Heuer
http://www.ihostnz.com
Fred Allen - California is a fine place to live - if you happen to be an
orange.
2009/2/16 Jochem Maas joc...@iamjochem.com
Shawn McKenzie schreef:
Shawn McKenzie wrote:
...
Not tested:
no shit.
function time_sort($a, $b)
{
if (strtotime($a) == strtotime($b)) {
return 0;
}
return (strtotime($a) strtotime($b) ? -1 : 1;
}
usort($time, time_sort);
Well, I just thought, since the strtotime() uses the current timestamp
to calculate the new timestamp, if you only give it a time then the
returned timestamp is today's date with the new time you passed. If you
had a large array and the callback started at 23:59:59 then you could
end up with some times from the date it started and some from the next
day, which of course would not be sorted correctly with respect to times
only. So, this might be better (not tested):
ditto (as in nice syntax error).
function time_sort($a, $b)
{
static $now = time();
if (strtotime($a, $now) == strtotime($b, $now)) {
return 0;
}
return (strtotime($a, $now) strtotime($b, $now) ? -1 : 1;
}
Your best bet above.
and G.W.Bush is a socialist.
I did a little test, the ultra-fast version offered by McKenzie
is really great as long as your array of time strings aren't ever
going to be longer than say 3-4 items (with the caveat that you
don't use a second argument to strtotime() ... if you do then
even with 3 items it's substantially slower).
for any reasonable number of items my tests show tedd's version
pisses on McKenzies from a great height (note that I actually
optimized Mckenzies variant by halfing the number of calls to
strtotime()).
I added a third variant, as a sort of control, which runs pretty
much on par with tedd's version but uses rather less LOC
(tedd you might like it as a little example of using array_multisort(),
i.e. a way of avoiding writing the double foreach loop in this case)
tedd's variant: sortTime1()
McKenzie's variant: sortTime2()
my variant: sortTime3()
sample output from one of my test runs:
===
===
No. of array items = 3, no of iterations = 1
---
timeSort1() ran for 1.306011 seconds
timeSort2() ran for 1.337358 seconds
timeSort3() ran for 1.742724 seconds
No. of array items = 6, no of iterations = 1
---
timeSort1() ran for 2.647697 seconds
timeSort2() ran for 2.475791 seconds
timeSort3() ran for 7.268916 seconds
No. of array items = 9, no of iterations = 1
---
timeSort1() ran for 3.891894 seconds
timeSort2() ran for 3.960463 seconds
timeSort3() ran for 18.440713 seconds
the test script:
===
===
?php
// TEST
ini_set(date.timezone, Europe/Amsterdam);
$iter = 1;
$time = array(
array(1:30pm, 7:30am, 12:30pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm,
4:30am, 6:45am, 12:00pm),
);
foreach ($time as $t)
testIt($t, $iter);
// FUNCS
function sortTime1($in_times)
{
$time = array();
foreach ($in_times as $t)
$time[] = strtotime($t);
sort($time);
$sort_time = array();
foreach ($time as $t)
$sort_time[] = date(g:ia, $t);
return $sort_time;
}
function timeSort2($in)
{
static $time = null;
if (!$time)
$time = time();
$now = array_fill(0, count($in), $time);
$out = array_map(strtotime, $in, $now);
array_multisort($out, SORT_NUMERIC, SORT_ASC, $in);
return $in;
}
function timeSort3($a, $b)
{
static $now = null;
if (!$now)
$now = time();
$a = strtotime($a, $now);
$b = strtotime($b, $now);
if ($a == $b)
return 0;
return $a $b ? -1 : 1;
}
function
Re: [PHP] Full versus relative URLs
Should be the same as the dns request is cached and a request needs to be made anyway. You could argue that relative URLs are less secure, but i cannot really see why. Well i guess someone can easier steal your source but it doesnt get much harder with absolute URLs. Tim-Hinnerk Heuer http://www.ihostnz.com Alanis Morissette - We'll love you just the way you are if you're perfect. 2009/2/16 Dotan Cohen dotanco...@gmail.com My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Did you clear the cache between tests? That could explain the speed difference. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
[PHP] Re: XSLTProcessor help
'Twas brillig, and Tom Sparks at 16/02/09 10:49 did gyre and gimble: help, when I include xsl:apply-templates/ the XSLTProcessor only strips the XML tags and outputs the text see result --cut here vehicle.xsl- ?xml version=1.0 ? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform; xsl:template match=/ html head XSL needs to know that you are outputting XML-derived data... eg. try putting this before your xsl:template: xsl:output method=html indent=no encoding=UTF-8 omit-xml-declaration=yes/ Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
Symfony uses exactly this method for pretty urls. Check it out. Maybe it has everything you want :). Have a look at symfony's .htaccess rewrite rules at least. You have a few possibilities here: You can make ur own rewrite for urls that contain index.php or rewrite http://mysite.com/alfa/bravo/charlie/deltahttp://mysite.com/index.php/alfa/bravo/charlie/deltaas http://mysite.com/index.php/alfa/bravo/charlie/delta and other urls... Or in your framework or cms or whatever have helper functions to get the right urls for images etc. Paths like simply putting img src=/images/myimg.png alt=my img / shouldnt be too hard either. Tim-Hinnerk Heuer http://www.ihostnz.com Mike Ditka - If God had wanted man to play soccer, he wouldn't have given us arms. 2009/2/16 Michael A. Peters mpet...@mac.com Paul M Foster wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta Why would you want to do such a thing? If you want parameters in the filename without using get, use mod_rewrite and explode the page name - and use a delimiter or than a / - IE use an underscore, dash, upper case vs lower, etc to indicate your different variables. / has a special meaning in a URL string, I don't understand the motive of wanting to use it as a delimiter in a filename. That calls all kinds of weird issues (like the one you are experiencing, which is because the browser has no way to know index.php is a page - and the browser resolves relative URL's - that's not an apache issue) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Back to Basics - Re: [PHP] Re: for the security minded web developer - secure way to login?
On Feb 16, 2009, at 6:11 AM, German Geek wrote: Brilliant. Someone who understood my intentions :) It's not only a good exercise but also useful. Once done in PHP and various JS frameworks, we could port it to other languages. Would suggest to support as many as we can because they all have pros and cons. PHP first tho :) . Maybe just good old javascript as a start although the frameworks make it a lot easier. Who on earth has Javascript turned off these days anyway? I don't know anyone who is that paranoid. Sorry if someone here is but i believe if you are scared of javascript you might as well not turn on a computer. There are always going to be security holes. There are people who aren't in control of the computer they use. Such as anyone in a big corporation... The IT department might have decided to turn off javascript support to help protect their companies internal assets. Or Alot of people who use mobile devices that don't have java support. All I'm saying is there is a chance that even people who would want to leave java on normally might be in situations where they can't have it on. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: for the security minded web developer - secure way to login?
'Twas brillig, and Michael A. Peters at 16/02/09 00:10 did gyre and gimble: Colin Guthrie wrote: 'Twas brillig, and German Geek at 15/02/09 22:32 did gyre and gimble: Please enlighten me why it is so expensive? Is it maybe just the hassle of setting it up? The whole thing is about trust. Getting a certificate is nothing if the system is not backed up by a trust system. If a CA was setup that gave out certificates willy nilly to all and sundry, then this element of trust is lost. Cheap CA's do exist. They have crappy web sites and send you all kinds of junk mail etc. if you use them - but they do exist. I might end up just paying godaddy - I think they charge $12.00 / year, but since I already register through them, they already have my address etc. Yeah the cheap CA's are IMO actually a problem. I (personally) think we should have a new system for this scenario: http:// = totally insecure https:// = secure and to a reasonable degree of trust (e.g. no $12.00 certs!) httpus:// = secure but no aspect of trust. httpus:// would support SSL in exactly the same way as https but the UA would simply not display the URL any differently to a standard http connection. This would give responsible developers the ability to provide SSL services where they only really care about the pipe and not the trust aspect. The problem with the cheap certs is that people do not see much difference to the expensive ones and this leads to the possibility of being hijacked. The weakest link is always the end user not knowing any better. The High Validation certs used by big companies at least show up differently in FF now but if you were to replace it with a hijacked non HV cert, there is still a good chance most users would still use it. Sadly this isn't going to work without browser support tho' and that's very unlikely to happen at all. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Back to Basics - Re: [PHP] Re: for the security minded web developer - secure way to login?
yes there are situations like that but then it could just submit the form (which would happen anyway) and check the plaintext password like normally if the other mechanism fails. If people have js turned on it would simply increase security a little. The crucial part is just the sending of the password. Since it will not be a SSL url security aware ppl will not use their high priority passwords anyway. It's just for sites like facebook where you dont have to do money transactions etc. Tim-Hinnerk Heuer http://www.ihostnz.com Fred Allen - California is a fine place to live - if you happen to be an orange. 2009/2/17 Jason Pruim ja...@jasonpruim.com On Feb 16, 2009, at 6:11 AM, German Geek wrote: Brilliant. Someone who understood my intentions :) It's not only a good exercise but also useful. Once done in PHP and various JS frameworks, we could port it to other languages. Would suggest to support as many as we can because they all have pros and cons. PHP first tho :) . Maybe just good old javascript as a start although the frameworks make it a lot easier. Who on earth has Javascript turned off these days anyway? I don't know anyone who is that paranoid. Sorry if someone here is but i believe if you are scared of javascript you might as well not turn on a computer. There are always going to be security holes. There are people who aren't in control of the computer they use. Such as anyone in a big corporation... The IT department might have decided to turn off javascript support to help protect their companies internal assets. Or Alot of people who use mobile devices that don't have java support. All I'm saying is there is a chance that even people who would want to leave java on normally might be in situations where they can't have it on. :)
Re: [PHP] Re: Sorting times (SOLVED in half the time, hey tedd get your new and improved variant here)
German Geek schreef:
Remember we have copy-on-write in PHP.
Beat this :P :
for speed it's way faster, slight issue though, it won't
give the expected output for arrays that contain the same
value more than once. not difficult to fix that,
below a new version of the test script with both your
original variant (timeSort4()) and a version that doesn't mislay
duplicates (timeSort5()). both take half the time to run roughly ... nice :-)
?php
// TEST
ini_set(date.timezone, Europe/Amsterdam);
$iter = 1;
$time = array(
array(1:30pm, 7:30am, 12:30pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm),
array(1:30pm, 7:30am, 12:30pm, 4:45pm, 8:15am, 11:00pm,
4:30am, 6:45am, 12:00pm),
);
foreach ($time as $t)
testIt($t, $iter);
// FUNCS
function sortTime1($in_times)
{
$time = array();
foreach ($in_times as $t)
$time[] = strtotime($t);
sort($time);
$sort_time = array();
foreach ($time as $t)
$sort_time[] = date(g:ia, $t);
return $sort_time;
}
function timeSort2($in)
{
static $time = null;
if (!$time)
$time = time();
$now = array_fill(0, count($in), $time);
$out = array_map(strtotime, $in, $now);
array_multisort($out, SORT_NUMERIC, SORT_ASC, $in);
return $in;
}
function timeSort3($a, $b)
{
static $now = null;
if (!$now)
$now = time();
$a = strtotime($a, $now);
$b = strtotime($b, $now);
if ($a == $b)
return 0;
return $a $b ? -1 : 1;
}
function timeSort4($ar)
{
$stamps = array();
foreach ($ar as $timeString)
$stamps[strtotime($timeString)] = $timeString;
ksort($stamps);
return array_values($stamps);
}
function timeSort5($ar)
{
$stamps = array();
foreach ($ar as $ts)
if (isset($stamps[$ts]))
$stamps[strtotime($ts)][1]++;
else
$stamps[strtotime($ts)] = array($ts, 1);
ksort($stamps);
$ar = array();
foreach ($stamps as $data)
for ($i = 0; $i $data[1]; $i++)
$ar[] = $data[0];
return $ar;
}
function testIt($time, $iter)
{
echo \nNo. of array items = , count($time), , no of iterations =
$iter\n---\n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort2($time);
$e = microtime(true);
echo timeSort1() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort2($time);
$e = microtime(true);
echo timeSort2() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
usort($time, timeSort3);
$e = microtime(true);
echo timeSort3() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort4($time);
$e = microtime(true);
echo timeSort4() ran for .round($e-$s, 6). seconds \n;
$s = microtime(true);
for ($i = 0; $i $iter; $i++)
timeSort5($time);
$e = microtime(true);
echo timeSort5() ran for .round($e-$s, 6). seconds \n;
}
?
?php
$timeArray = array(/* your string time data */);
function timeStamps($ar) {
$stamps = array();
foreach ($ar as $timeString) {
$stamps[strtotime($timeString)] = $timeString;
}
return $stamps;
}
function sortTime($ar) {
$timeStampAr = timeStamps($ar);
ksort($timeStampAr); // since the keys are integers, timestamps ksort
would do the right thing
$ar = array_values($timeStampAr);
return $ar; //dont really need this but just in case someone prefers to
use
//it differently or needs a copy
}
sortTime($timeArray);
/* this way the strtotime function is only applied once to each time string
which is probably the most expensive. And ksort uses the sort algorithm that
the PHP core programmers regard as the most efficient. I believe quick sort.
CODE NOT TESTED :P might have minor mistakes but i doubt it :P.*/
?
Tim-Hinnerk Heuer
http://www.ihostnz.com
Fred Allen - California is a fine place to live - if you happen to be an
orange.
2009/2/16 Jochem Maas joc...@iamjochem.com
Shawn McKenzie schreef:
Shawn McKenzie wrote:
...
Not tested:
no shit.
function time_sort($a, $b)
{
if (strtotime($a) == strtotime($b)) {
return 0;
}
return (strtotime($a) strtotime($b) ? -1 : 1;
}
usort($time, time_sort);
Well, I just thought, since the strtotime() uses the current timestamp
to calculate the new timestamp, if you only give it a time then the
returned timestamp is today's date with the new time you passed. If you
had a large array and the callback started at 23:59:59 then you could
end up with some times from the date it started and some from the next
day, which of course would not be sorted correctly with respect to times
only. So, this might be better (not tested):
ditto (as in nice syntax error).
function time_sort($a, $b)
{
static $now = time();
if (strtotime($a,
Re: [PHP] Re: for the security minded web developer - secure way to login?
well httpus seems like a good idea though. Thats the kind of response i was hoping for. :-) Maybe browsers would implement that idea in the future. I like that idea a lot actually. I mean when you login to your linux server the first time with openssh, you also have to accept the certificate. In the end you have to trust something somewhere anyway, even if it's just the programmers of the browser and other software... I mean who seriously looks through all the source code of the linux kernel even though it is open source? And even if someone does it (good on them), do they understand every single line? A back door could be just a few lines of hard to understand code, that you might skip. It could even be encrypted and assembly making it very hard to decipher. Who has that much time and brains? With windows you have to trust M$ even more because you cannot even look, and i seriously doubt anyone can disassemble the whole windows OS and read the code. They would not finish in this life time, not even through 50MB of source code i believe. That's a lot! A warning at the top of the page like as if there were blocked content would be sufficient until the user clicks to confirm the validity of of the cert. The warning could just stay until clicked or don't show me again or something like that. FF3 atm changes the whole page when a cert is not authenticated. httpus could have a small warning but leave the site in shape and let it work. This would also have to be implemented in web servers though, but why not? Seems like a brilliant idea to me. The warning could also only be displayed once. I mean you only get warned once that every form gets sent over an unsecured network anyway. I bet even you security contious have typed in something somewhere that you maybe shouldn't have :P. I certainly have... Anyway, good idea, suggest it to the Apache and FF developers and M$ might follow at some stage if they believe they can make $$ with it or they would loose some if they didn't :). Sorry, this is really loosing its (direct) context to PHP. But maybe you could even do a layer higher than the protocol and make a PHP module or something that encrypts requests in some way without the programmer having to be aware of it. Altho i cant think of any way right now since the browser does the request. Or maybe it could insert smartly a javascript and attach an event listener to all forms... How about a js library that even encrypts? One could use RSA or Diffie Hellman or similar for key exchange, all in js and php and store the session key in a cookie, just like the session id... Maybe js is a bit slow for those kind of calculations though. But maybe worth a thought. regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Alanis Morissette - We'll love you just the way you are if you're perfect. 2009/2/17 Colin Guthrie gm...@colin.guthr.ie 'Twas brillig, and Michael A. Peters at 16/02/09 00:10 did gyre and gimble: Colin Guthrie wrote: 'Twas brillig, and German Geek at 15/02/09 22:32 did gyre and gimble: Please enlighten me why it is so expensive? Is it maybe just the hassle of setting it up? The whole thing is about trust. Getting a certificate is nothing if the system is not backed up by a trust system. If a CA was setup that gave out certificates willy nilly to all and sundry, then this element of trust is lost. Cheap CA's do exist. They have crappy web sites and send you all kinds of junk mail etc. if you use them - but they do exist. I might end up just paying godaddy - I think they charge $12.00 / year, but since I already register through them, they already have my address etc. Yeah the cheap CA's are IMO actually a problem. I (personally) think we should have a new system for this scenario: http:// = totally insecure https:// = secure and to a reasonable degree of trust (e.g. no $12.00 certs!) httpus:// = secure but no aspect of trust. httpus:// would support SSL in exactly the same way as https but the UA would simply not display the URL any differently to a standard http connection. This would give responsible developers the ability to provide SSL services where they only really care about the pipe and not the trust aspect. The problem with the cheap certs is that people do not see much difference to the expensive ones and this leads to the possibility of being hijacked. The weakest link is always the end user not knowing any better. The High Validation certs used by big companies at least show up differently in FF now but if you were to replace it with a hijacked non HV cert, there is still a good chance most users would still use it. Sadly this isn't going to work without browser support tho' and that's very unlikely to happen at all. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker
Re: [PHP] E-Mail Attachment Filename Encoding Problem
2009/2/16 Richard Heyes rich...@php.net Hi, my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. This may help: http://www.phpguru.org/static/mime.mail.html Hi. I'm already using pear Mail_Mime. -eddy
Re: [PHP] Re: for the security minded web developer - secure way to login?
German Geek wrote: well httpus seems like a good idea though. Thats the kind of response i was hoping for. :-) Maybe browsers would implement that idea in the future. I like that idea a lot actually. I mean when you login to your linux server the first time with openssh, you also have to accept the certificate. In the end you have to trust something somewhere anyway, even if it's just the programmers of the browser and other software... If your server is remote, yes, the very first time you have to accept the public key. After that you can pass the key to other hosts you plan to log in. I mean who seriously looks through all the source code of the linux kernel even though it is open source? A lot of people do. That's how potential exploits are found. And even if someone does it (good on them), do they understand every single line? A back door could be just a few lines of hard to understand code, that you might skip. It could even be encrypted and assembly making it very hard to decipher. Who has that much time and brains? kernel engineer. The NSA. Etc. With windows you have to trust M$ even more because you cannot even look, and i seriously doubt anyone can disassemble the whole windows OS and read the code. They would not finish in this life time, not even through 50MB of source code i believe. That's a lot! At least parts of the windows source are made available to those who have a need to see it, have a lot of money, and are willing to sign an NDA. It's extremely hard to get access, but it can be done. A warning at the top of the page like as if there were blocked content would be sufficient until the user clicks to confirm the validity of of the cert. The warning could just stay until clicked or don't show me again or something like that. I agree - the way Opera does it is sufficient. FF3 atm changes the whole page when a cert is not authenticated. httpus could have a small warning but leave the site in shape and let it work. This would also have to be implemented in web servers though, but why not? Seems like a brilliant idea to me. The warning could also only be displayed once. The way opera does it, you click a button to accept it for one session. If you want to accept it permanently, you have to click the security tab on the warning and check a box. That's the way it should be done in FF3. It's not the job of FireFox to second guess the user. Inform them of the issue, but don't try to force them into rejecting it by making it over cumbersome to accept it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Back to Basics - Re: [PHP] Re: for the security minded web developer - secure way to login?
Rene Veerman wrote: Just for this case, where authentication of the server isn't an issue, and things like deployment cost are, i'd like to propose that we on this list look again at securing login/pass through onewayHash functions, in an otherwise non-ssl environment. i hate to be a critic of the community here, but isn't this insistence on SSL a bit eh... lazy? No. It's the right way to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-Mail Attachment Filename Encoding Problem
Edmund Hertle wrote: my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. I think you need to mime-encode it - mb_encode_mimeheader(). I haven't tried it with attachments though. /Per -- Per Jessen, Zürich (0.7°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: for the security minded web developer - secure way to login?
Colin Guthrie wrote: Yeah the cheap CA's are IMO actually a problem. I (personally) think we should have a new system for this scenario: http:// = totally insecure https:// = secure and to a reasonable degree of trust (e.g. no $12.00 certs!) httpus:// = secure but no aspect of trust. Colin, I think you're mixing apples and oranges here - http(s) was never meant to provide any indication of trust. Besides, how do you suggest we distinguish between CAs with no trust and CAs with trust? /Per -- Per Jessen, Zürich (1.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-Mail Attachment Filename Encoding Problem
Per Jessen schrieb: Edmund Hertle wrote: my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. I think you need to mime-encode it - mb_encode_mimeheader(). I haven't tried it with attachments though. /Per To me it looks like he only wants the spaces and special-chars in the filename to be readable again. I guess you submit the filename over the url, by doing that it automatically gets url-encoded (spaces and special chars are converted to entities). If that's all you want (convert the entities to chars again), you need to apply a urldecode() on the filename, then I think you should be fine. Greets Calle -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-Mail Attachment Filename Encoding Problem
Carl-Fredrik Gustafsson wrote: To me it looks like he only wants the spaces and special-chars in the filename to be readable again. Yep, I think so too. Spaces are no problem, but 8-bit characters need to be encoded. /Per -- Per Jessen, Zürich (1.2°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Online Part Time Job Available
Hi, Our online market research organization starts recruiting self-motivated and reliable individuals willing to take part in well-paying research conducted by leading international businesses. Your opinion as a consumer is important for the success and profitability of many business ventures. That is why they are ready to pay for what you think. Our members are paid for participating in online surveys, focus group discussions, and product/service evaluations. What's best, all you need to work with us is a computer, an Internet connection, and will to voice your honest opinion. We'd like to hear from you soon if you want to become one of our highly valued survey takers. Please excuse us if this email is unwanted for you and we have disturbed you in some way, but this is a serious and sincere enquiry. Please reply to 15966nyazaha...@gmail.com Best regards, Stephanie Cunningham
Re: [PHP] Re: Sorting times (SOLVED before tedds crappy SOLVED)
At 9:56 AM +0100 2/16/09, Jochem Maas wrote: for any reasonable number of items my tests show tedd's version pisses on McKenzies from a great height (note that I actually optimized Mckenzies variant by halfing the number of calls to strtotime()). ROTFLOL. -- I seldom say that! From a great height!!! Now that's funny! I added a third variant, as a sort of control, which runs pretty much on par with tedd's version but uses rather less LOC (tedd you might like it as a little example of using array_multisort(), i.e. a way of avoiding writing the double foreach loop in this case) The speed of the sort doesn't matter at all. The maximum number of data that needed to be sorted in my problem would have been 126 (18 different times for 7 days). I only presented part of the problem here. It was a distilled version of the problem I was working on, which was to allow people to enter times that they were available for tutoring in two hour chunks. So, a person might say they were available from 7:00 am to 9:00 am AND also state that they were available from 7:30 am to 9:30 am, which was a no-no. Having two loops allowed me to check after converting to seconds AND sorting to see if there were any overlaps. In such case I simply deleted the offending data from the array before converting everything back into normal time (min:sec). Re this post -- all I needed was a push in the right direction. I was thinking about sorting, but I didn't even consider converting everything to seconds and then sorting. That's really all I needed AND another reason why this list is so great! Not only did I get a push in the right direction, but I got a good laugh out of it -- from great heights indeed. :-) Thanks and Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ?php=
... Sorry, should've mentioned, I'm talking about PHP6. -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.org (Updated February 14th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-Mail Attachment Filename Encoding Problem
I'm already using pear Mail_Mime. [Ducks and runs off] -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.org (Updated February 14th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
On Sun, Feb 15, 2009 at 9:17 PM, Andrew Ballard aball...@gmail.com wrote: On Sun, Feb 15, 2009 at 1:22 PM, דניאל דנון danondan...@gmail.com wrote: Hello, Is there anyway to get a list of sitess that are on a specific IP? I looked, But I couldn't find anything. I tried to make some with dns_get_record and gethostbyaddr, but couldn't make anything Thank Daniel You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Andrew Move ZIG for great justice! -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Sorting times (SOLVED before tedds crappy SOLVED)
tedd wrote: At 9:56 AM +0100 2/16/09, Jochem Maas wrote: for any reasonable number of items my tests show tedd's version pisses on McKenzies from a great height (note that I actually optimized Mckenzies variant by halfing the number of calls to strtotime()). ROTFLOL. -- I seldom say that! Haha! Yes, I was trolling and got a good one from Jochem! I would say ROTFLMAO! From a great height!!! Now that's funny! Too funny. I'll have to remember to work this in to some conversation today at work. ;-) I added a third variant, as a sort of control, which runs pretty much on par with tedd's version but uses rather less LOC (tedd you might like it as a little example of using array_multisort(), i.e. a way of avoiding writing the double foreach loop in this case) The speed of the sort doesn't matter at all. The maximum number of data that needed to be sorted in my problem would have been 126 (18 different times for 7 days). I only presented part of the problem here. It was a distilled version of the problem I was working on, which was to allow people to enter times that they were available for tutoring in two hour chunks. So, a person might say they were available from 7:00 am to 9:00 am AND also state that they were available from 7:30 am to 9:30 am, which was a no-no. Having two loops allowed me to check after converting to seconds AND sorting to see if there were any overlaps. In such case I simply deleted the offending data from the array before converting everything back into normal time (min:sec). Re this post -- all I needed was a push in the right direction. I was thinking about sorting, but I didn't even consider converting everything to seconds and then sorting. That's really all I needed AND another reason why this list is so great! Not only did I get a push in the right direction, but I got a good laugh out of it -- from great heights indeed. :-) Thanks and Cheers, tedd -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reverse IP lookup
On Mon, 16 Feb 2009 10:26:17 -0500, Robert Cummings wrote: On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. And, it does a poor job. My web host's IP where numerous domains are VHOST'ed (including several of my domains) - TAA DAA - _only_ the web hosting server.domain.name. Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 * Killfiling google banter.com: jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
This may be a little more accurate: http://www.domaintools.com/reverse-ip/ But I think you have to pay if you want to use it a lot. 2009/2/16 Jonesy gm...@jonz.net: On Mon, 16 Feb 2009 10:26:17 -0500, Robert Cummings wrote: On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. And, it does a poor job. My web host's IP where numerous domains are VHOST'ed (including several of my domains) - TAA DAA - _only_ the web hosting server.domain.name. Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 * Killfiling google banter.com: jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Advice wanted
Hi, I am wanting to ask some advice on project I have in mind, but I am having problems finding examples. What I am working on is a set of tools that creates reports based on actions. I have the reports working good, but what I advice on is this. I like to create a page that shows a calendar. If an actions kicked off a report. I like to see on that calendar the date or link show a clickable link or under that date the name of the report. Does anyone know where I can find examples so I can see what I need to do? Payne -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
On Mon, Feb 16, 2009 at 10:51 AM, Lewis Wright lewiswri...@gmail.comwrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ But I think you have to pay if you want to use it a lot. I was going to post that one, but you have to pay to subscribe if you want more than the first few results for an address. Andrew
Re: [PHP] Online Part Time Job Available
Richmal Whitehead schrieb: Hi, Our online market research organization starts recruiting self-motivated and reliable individuals willing to take part in well-paying research conducted by leading international businesses. Your opinion as a consumer is important for the success and profitability of many business ventures. That is why they are ready to pay for what you think. Our members are paid for participating in online surveys, focus group discussions, and product/service evaluations. What's best, all you need to work with us is a computer, an Internet connection, and will to voice your honest opinion. We'd like to hear from you soon if you want to become one of our highly valued survey takers. Please excuse us if this email is unwanted for you and we have disturbed you in some way, but this is a serious and sincere enquiry. Please reply to 15966nyazaha...@gmail.com Best regards, Stephanie Cunningham Die in a fire. /Marc -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
Lewis Wright wrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ Yep, than one was a lot better than yougetsignal. /Per -- Per Jessen, Zürich (0.7°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
At 10:26 AM -0500 2/16/09, Robert Cummings wrote: On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. Cheers, Rob. That's a good start. What I meant to say, is any idea of how to do it via coding? However, I received a very detailed explanation of the problem from Nathan and I understand the complexity much better now. Thanks, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Sorting times (SOLVED before tedds crappy SOLVED)
At 9:45 AM -0600 2/16/09, Shawn McKenzie wrote: tedd wrote: At 9:56 AM +0100 2/16/09, Jochem Maas wrote: for any reasonable number of items my tests show tedd's version pisses on McKenzies from a great height (note that I actually optimized Mckenzies variant by halfing the number of calls to strtotime()). ROTFLOL. -- I seldom say that! Haha! Yes, I was trolling and got a good one from Jochem! I would say ROTFLMAO! From a great height!!! Now that's funny! Too funny. I'll have to remember to work this in to some conversation today at work. ;-) It's good that you take things like that. I've been hammered by people before and it's always nice to see the humor and not take offense. One of the best insults I ever received was right after the OK bombing incident and I was speaking to a group of people and one said I wonder how big a crater you'll leave if we doused you down with diesel fuel? -- meaning I was full of fertilizer. I almost died laughing. I have several others. :-) Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reverse IP lookup
On Mon, 16 Feb 2009 15:47:19 + (UTC), Jonesy wrote: On Mon, 16 Feb 2009 10:26:17 -0500, Robert Cummings wrote: On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. And, it does a poor job. My web host's IP where numerous domains are VHOST'ed (including several of my domains) - TAA DAA - _only_ the web hosting server.domain.name (EDIT: was listed.) Well, now... Mea culpa. After I saw those results, I clicked away from that desktop and back here to the destop running slrn -- posted the above -- and then moved on through other ng's. Later, I returned to the desktop with the active browser. And staring me in the face was a two-column, screenfull+ list of domain names hosted by my web host -- including all of mine. So, it would appear to work 'well'. It just doesn't let on how it's doing the processing -- or, that it's processing in the background. It may be a browser quirk (konqueror) dealing with an IE-centric web server. Jonesy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ***SPAM*** Re[2]: help J0B.
I'm out of the office until February 18th, 2009. I'll respond to you when I return. If you need assistance before then, contact adrie...@airporter.com, or l...@airporter.com. Thanks, Larry On Feb 16, 2009, at 6:40 AM, php-general@lists.php.net wrote: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
Hello, Is there anyway to get a list of sitess that are on a specific IP? I looked, But I couldn't find anything. I tried to make some with dns_get_record and gethostbyaddr, but couldn't make anything Thank Daniel Well actually you can't basically because of the way the Name Service reverse resolution works. AFAIK you may assign many domain names to a single IP as A records (main resolution option) or as CNAME (aliases) but you can't assign multiple IP's on the same domain name (meaning you can't make many PTR records for the same IP). So perhaps there are solutions to this using search engines but you can't know for sure. This is the way it works. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Zend Guard/Optimizer alternatives?
Is there a cheaper alternative to Guard/Optimizer? I have a single small PHP file that is part of a larger solution I sell, and I want it to be protected - and it has to be a runtime so it will run on anyone's standard PHP server. Zend's $600 was a little bit of sticker shock. Any alternatives? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
Hello list. Recently we had some serious discussion on local boards. I prefer calling PHP as Web Framework of C and C++ if you had a time for this fruitless discussion. Please send your opinions. Regards Sancar I think that you can't assume that PHP is a C framework for the web, basically because when you use a framework (or API or whatever label you choose to use for describing it) in a language it just abstracts some aspects of the language making it easier to code. Since you can't compile PHP (as you would probably need to do with a C API) and since you don't even need C to write something in PHP you can't call it a C or C++ framework. In addition to this there is an API for C that can be used to code web applications and it is known as CGI (it is provided by many languages) PHP is coded in C and some things are similar in syntax and style but this is the only relation I can find between the two. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? Paul I assume that in order for this to work you will have to use mod_rewrite for apache to work properly. Check the framework's installation instructions to see if you configured mod_rewrite correctly for this to work properly. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Guard/Optimizer alternatives?
I should mention that I did try the ionCube online encoder, which I think is a great idea... but its runtimes failed to load on both of my test systems, requiring editing of php.ini. That's over the top for my users. I need something that's rock-solid and that will never require my users to have to know anything or do anything special (they are business people, not developers or server admins). On Feb 16, 2009, at 9:10 AM, Brian Dunning wrote: Is there a cheaper alternative to Guard/Optimizer? I have a single small PHP file that is part of a larger solution I sell, and I want it to be protected - and it has to be a runtime so it will run on anyone's standard PHP server. Zend's $600 was a little bit of sticker shock. Any alternatives? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend Guard/Optimizer alternatives?
I should mention that I did try the ionCube online encoder, which I think is a great idea... but its runtimes failed to load on both of my test systems, requiring editing of php.ini. That's over the top for my users. I need something that's rock-solid and that will never require my users to have to know anything or do anything special (they are business people, not developers or server admins). On Feb 16, 2009, at 9:10 AM, Brian Dunning wrote: Is there a cheaper alternative to Guard/Optimizer? I have a single small PHP file that is part of a larger solution I sell, and I want it to be protected - and it has to be a runtime so it will run on anyone's standard PHP server. Zend's $600 was a little bit of sticker shock. Any alternatives? There is this pecl extension that I tested once and it works: http://pecl.php.net/package/bcompiler Your users won't need to do anything special if you encode the PHP projects that you host (in case I am getting this right). But there are no magical solutions to anything. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
On Mon, Feb 16, 2009 at 07:30:57PM +0200, Thodoris wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? Paul I assume that in order for this to work you will have to use mod_rewrite for apache to work properly. Check the framework's installation instructions to see if you configured mod_rewrite correctly for this to work properly. mod_rewrite isn't involved. Apache has a lookback feature that looks back through the URL until it finds an actual file it can execute, which in this case is index.php. Unfortunately, it appears that Apache believes the directory in which linked files are found is the *whole* URL. mod_rewrite might resolve this, but it isn't allowed on all servers. So it's not a reliable solution. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
On Mon, Feb 16, 2009 at 07:39:29PM +0200, Thodoris wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. Paul So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
Re: [PHP] Full versus relative URLs
On Mon, Feb 16, 2009 at 07:39:29PM +0200, Thodoris wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. Paul I sometimes use something like this in my scripts for every script to determine itself: // Find what is the name of this script $self = basename($_SERVER['PHP_SELF']); You can probably take advantage of the $_SERVER information so that you don't need to rewrite every url you use. Hope that helps. -- Thodoris
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
I'd personally say that PHP was originally intended to essentially be a framework for the web, but has since evolved in to its own language. It's just my opinion though... 2009/2/16 Thodoris t...@kinetix.gr: Hello list. Recently we had some serious discussion on local boards. I prefer calling PHP as Web Framework of C and C++ if you had a time for this fruitless discussion. Please send your opinions. Regards Sancar I think that you can't assume that PHP is a C framework for the web, basically because when you use a framework (or API or whatever label you choose to use for describing it) in a language it just abstracts some aspects of the language making it easier to code. Since you can't compile PHP (as you would probably need to do with a C API) and since you don't even need C to write something in PHP you can't call it a C or C++ framework. In addition to this there is an API for C that can be used to code web applications and it is known as CGI (it is provided by many languages) PHP is coded in C and some things are similar in syntax and style but this is the only relation I can find between the two. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
I'd personally say that PHP was originally intended to essentially be a framework for the web, but has since evolved in to its own language. It's just my opinion though... Well you can see that some basic facts from PHP history can prove you wrong: http://www.php.net/manual/en/history.php.php Actually PHP started as a set of perl scripts and then was rewritten in C as a form interpreter. Of course you could always think what you want even if it is not a fact and the fact is that it's purpose was never to become a C or C++ API for web applications. Not to mention that there is a difference between a framework and an API. -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
On Mon, Feb 16, 2009 at 08:09:51PM +0200, Dotan Cohen wrote: Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. Paul So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reverse IP lookup
On Sun, Feb 15, 2009 at 9:17 PM, Andrew Ballard aball...@gmail.com wrote: On Sun, Feb 15, 2009 at 1:22 PM, דניאל דנון danondan...@gmail.com wrote: Hello, Is there anyway to get a list of sitess that are on a specific IP? I looked, But I couldn't find anything. I tried to make some with dns_get_record and gethostbyaddr, but couldn't make anything Thank Daniel You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Andrew From my test I can say it doesn't work. I put in our web server (which has a couple of virtual hosts on it) and got 16 host names back most of which are for completely different servers - all at purdue.edu, but not even in the same department. Steve.
Re: [PHP] Full versus relative URLs
So put it all in one place: ?php include path.inc; printa href=\$path/dir/file.php\; ? Full URLs don't break when users save the pages to disk. That would be fine if the pages weren't being crafted in Dreamweaver, where inserting links like that is a pain. For that you'd have to ask on the Dreamweaver list. I don't really like those tools. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
[PHP] inset data to multiple tables
I am trying to find a solution to enter data from a web page to several
tables in the same database; actually, I have 9 tables bus several are
basically id fields for foreign keys.
So far, I have found:
use mysql_insert_id() - the examples and directions are
incomprehensible (to me, anyway)
use several insert statements - what do you mean by that?
The following is what I am trying to use - the first INSERT INTO books
works fine. The rest, no.
The string $some_fieldIN are values from input statements.
$sql1 = INSERT INTO books ( title, sub_title, descr, comment, bk_cover,
publish_date, ISBN, language ) VALUES ('$titleIN', '$sub_titleIN',
'$descrIN','$commentIN', '$bk_coverIN', '$publish_dateIN', '$ISBNIN',
'$languageIN');
$result1 = mysql_query($sql1, $db);
$sql1 = INSERT INTO authors (first_name, last_name) VALUES ('$first_nameIN',
'$last_nameIN');
$result = mysql_query($sql1, $db);
$sql1 = INSERT INTO publishers (publisher) VALUES ('$publisherIN');
$result = mysql_query($sql1, $db);
Obviously, I don't understand anything here.
Questions:
1. Do we really need the statements - $result1 = mysql_query($sql1,
$db); ? Why? What purpose do they serve?
2. How can one use mysql_insert_id() to insert data into multiple
tables? Why would you need to insert an id - especially since there are
only 2 fields in the pulblishers table (above) - id (auto-increment) and
publishers? As I ;understand it, when the id field is auto-increment, a
simple
INSERT INTO publishers (publisher) VALUES ('$publisherIN') works fine (but not
above)
Can somebody suggest anything? TIA
--
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ?php=
'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: ... Sorry, should've mentioned, I'm talking about PHP6. Not heard about it but I'd like it. Short tags are evil but the ?= thing is pretty handy so having a ?php= option would suit me quite nicely. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ?php=
On Mon, Feb 16, 2009 at 2:58 PM, Colin Guthrie gm...@colin.guthr.ie wrote: 'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: Those reply lines are funny. =) -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: for the security minded web developer - secure way to login?
'Twas brillig, and Per Jessen at 16/02/09 13:49 did gyre and gimble: Colin Guthrie wrote: Yeah the cheap CA's are IMO actually a problem. I (personally) think we should have a new system for this scenario: http:// = totally insecure https:// = secure and to a reasonable degree of trust (e.g. no $12.00 certs!) httpus:// = secure but no aspect of trust. Colin, I think you're mixing apples and oranges here - http(s) was never meant to provide any indication of trust. Besides, how do you suggest we distinguish between CAs with no trust and CAs with trust? Well you're probably right. I appreciate that https doesn't provide trust by default, but ultimately that's how Joe Bloggs public has been told to deal with it look for the padlock etc. etc. to be sure that your session is secure blah blah. Now with the HV certs the UI also has the company name in the URL and this *is* going towards a trust infrastructure. Perhaps where we should go is that even if the URL is https:// there is no UI change in the browser. Only if the cert is trusted by a CA should the browser UI change to indicate this in some way, with HV certs being explicitly indicated as such to increase the trust aspect. That way you can use https + self singed cert without getting any warnings but also without any disadvantages too. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ?php=
'Twas brillig, and Eric Butera at 16/02/09 20:01 did gyre and gimble: On Mon, Feb 16, 2009 at 2:58 PM, Colin Guthrie gm...@colin.guthr.ie wrote: 'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: Those reply lines are funny. =) Can't take credit as I saw someone else with it and *ahem* liberated it. I remember reading the source of it at school so it brought a smile... Still one of my favourite poems :) Col PS: for those who don't know, it's the Jabberwocky by Lewis Carroll: http://www.jabberwocky.com/carroll/jabber/jabberwocky.html -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: for the security minded web developer - secure way to login?
Colin Guthrie wrote: 'Twas brillig, and Per Jessen at 16/02/09 13:49 did gyre and gimble: Colin Guthrie wrote: Colin, I think you're mixing apples and oranges here - http(s) was never meant to provide any indication of trust. Besides, how do you suggest we distinguish between CAs with no trust and CAs with trust? Well you're probably right. I appreciate that https doesn't provide trust by default, but ultimately that's how Joe Bloggs public has been told to deal with it look for the padlock etc. etc. to be sure that your session is secure blah blah. Now with the HV certs the UI also has the company name in the URL and this *is* going towards a trust infrastructure. If you are e-commerce then trust is an issue and you should pay for one of the certs that turns your url bar a pretty color. If you just want a public/private key encryption, you don't need the pretty color and shouldn't be forced to use a CA. Trust the pretty color as authenticated. Perhaps where we should go is that even if the URL is https:// there is no UI change in the browser. Only if the cert is trusted by a CA should the browser UI change to indicate this in some way, with HV certs being explicitly indicated as such to increase the trust aspect. One idea I saw is to only show the lock when a trusted CA is used. I'm fine with that. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
On Mon, 2009-02-16 at 20:19 +0200, Thodoris wrote: On Mon, Feb 16, 2009 at 07:39:29PM +0200, Thodoris wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. Paul I sometimes use something like this in my scripts for every script to determine itself: // Find what is the name of this script $self = basename($_SERVER['PHP_SELF']); You can probably take advantage of the $_SERVER information so that you don't need to rewrite every url you use. Hope that helps. I know it's been said before, but beware of relying on this value just for the sole purpose of deciding where things are located, as without a bit of error checking on it, it can be used for injection attacks and what-not, although, sadly, I forget the exact post recently that had the link that explained this issue on PHP_SELF. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
And an equally important question: How do you prevent your servers from showing up in searches like this? On Feb 16, 2009, at 7:51 AM, Lewis Wright wrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: inset data to multiple tables
'Twas brillig, and PJ at 16/02/09 19:57 did gyre and gimble:
Questions:
1. Do we really need the statements - $result1 = mysql_query($sql1,
$db); ? Why? What purpose do they serve?
These statements send your SQL to the server. Without them you are just
assigning and SQL command to a variable so they are really rather
important :p
2. How can one use mysql_insert_id() to insert data into multiple
tables? Why would you need to insert an id - especially since there are
only 2 fields in the pulblishers table (above) - id (auto-increment) and
publishers? As I ;understand it, when the id field is auto-increment, a
simple
INSERT INTO publishers (publisher) VALUES ('$publisherIN') works fine (but not
above)
Can somebody suggest anything? TIA
Short answer, you can't! It's not what it's for!
You have to do your insert first (with mysql_query() as you did above),
and then call $my_generated_id = mysql_insert_id(); This will fill the
variable $my_generated_id with the value of the auto_increment field in
your table from the last call to mysql_query with an INSERT statement.
Also, you are possibly running risks above if you do not properly escape
your variables:
e.g. You have:
$sql1 = INSERT INTO authors (first_name, last_name) VALUES
('$first_nameIN', '$last_nameIN');
Your examples do not show where the values came from but if it's
directly from a form post or similar, if I put the value:
'blah','blah'); DELETE FROM authors;
The query generated could be:
INSERT INTO authors(firstname,lastname) VALUES ('blah','blah'); DELETE
FROM authors;.
Obviously this is a massive security risk and is generally referred to
as SQL Injection Attacks.
You should look into using the function mysql_real_escape_string() to
escape all your inputs.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
I know it's been said before, but beware of relying on this value just for the sole purpose of deciding where things are located, as without a bit of error checking on it, it can be used for injection attacks and what-not, although, sadly, I forget the exact post recently that had the link that explained this issue on PHP_SELF. Alternatively, $_SERVER['PHP_SELF']) could be switch()ed for known values, and $path be set accordingly with hardcoded values. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
RE: [PHP] Re: ?php=
Sorry, should've mentioned, I'm talking about PHP6. Not heard about it but I'd like it. Short tags are evil but the ?= thing is pretty handy so having a ?php= option would suit me quite nicely. Agree - while the short tags can be annoying, we need some way to shorthand string output and I think good fit. Has this been listed as coming at the same time as short tags go away (or preferably, before...)? --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / www.nyphp.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
Tim-Hinnerk Heuer http://www.ihostnz.com Mike Ditka - If God had wanted man to play soccer, he wouldn't have given us arms. 2009/2/17 Paul M Foster pa...@quillandmouse.com On Mon, Feb 16, 2009 at 07:39:29PM +0200, Thodoris wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. In that case you could change your hosts file (unix: /etc/hosts windows: %windir%\system32\drivers\etc\hosts) and add a line with the live server's ip like so: 123.456.789.12 www.example.com and all your URLs would be right. When you need to check the live domain, you can simply comment out that line with #. ;) Hope this helps a few people. Saved me a lot of grief. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
2009/2/16 Paul M Foster pa...@quillandmouse.com: On Mon, Feb 16, 2009 at 07:30:57PM +0200, Thodoris wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? Paul I assume that in order for this to work you will have to use mod_rewrite for apache to work properly. Check the framework's installation instructions to see if you configured mod_rewrite correctly for this to work properly. mod_rewrite isn't involved. Apache has a lookback feature that looks back through the URL until it finds an actual file it can execute, which in this case is index.php. Unfortunately, it appears that Apache believes the directory in which linked files are found is the *whole* URL. mod_rewrite might resolve this, but it isn't allowed on all servers. So it's not a reliable solution. This is your problem, you're not understanding where the paths are being resolved. Apache has absolutely no involvement in resolving relative paths in your HTML files to absolute URLs. The browser does this. All you need to do is use absolute URLs and everything will work fine. By absolute, in case you don't know, I mean starting with a / and being from the document root in the web server. For example, if you have a tag like a href=arse.phparse/a and arse.php is in the same directory as index.php you need to change it to a href=/arse.phparse/a. Another example... if you have a href=somedir/crack.phpcrack/a where crack.php is in the subdirectory somedir beneath where index.php is you need to change the tag to a href=/somedir/crack.phpcrack/a. You need to apply this to all URLs in your code, including stylesheets, images and javascript references. This should not be a difficult concept to grasp, so maybe I'm not explaining it right. If so please explain what you understand by what I'm saying and I can alter it to be more helpful. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
2009/2/16 Thodoris t...@kinetix.gr: In addition to this there is an API for C that can be used to code web applications and it is known as CGI (it is provided by many languages) CGI is a protocol not an API and has no specific connection to C. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
On Mon, 2009-02-16 at 20:34 +, Stuart wrote: 2009/2/16 Paul M Foster pa...@quillandmouse.com: On Mon, Feb 16, 2009 at 07:30:57PM +0200, Thodoris wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? Paul I assume that in order for this to work you will have to use mod_rewrite for apache to work properly. Check the framework's installation instructions to see if you configured mod_rewrite correctly for this to work properly. mod_rewrite isn't involved. Apache has a lookback feature that looks back through the URL until it finds an actual file it can execute, which in this case is index.php. Unfortunately, it appears that Apache believes the directory in which linked files are found is the *whole* URL. mod_rewrite might resolve this, but it isn't allowed on all servers. So it's not a reliable solution. This is your problem, you're not understanding where the paths are being resolved. Apache has absolutely no involvement in resolving relative paths in your HTML files to absolute URLs. The browser does this. All you need to do is use absolute URLs and everything will work fine. By absolute, in case you don't know, I mean starting with a / and being from the document root in the web server. For example, if you have a tag like a href=arse.phparse/a and arse.php is in the same directory as index.php you need to change it to a href=/arse.phparse/a. Another example... if you have a href=somedir/crack.phpcrack/a where crack.php is in the subdirectory somedir beneath where index.php is you need to change the tag to a href=/somedir/crack.phpcrack/a. You need to apply this to all URLs in your code, including stylesheets, images and javascript references. This should not be a difficult concept to grasp, so maybe I'm not explaining it right. If so please explain what you understand by what I'm saying and I can alter it to be more helpful. -Stuart -- http://stut.net/ I've read through this thread and not noticed anyone mention the base tag. This allows you to specify a URL to which relative ones are mapped to, which could be just what you're looking for, as I believe all the browsers support it (the tag has been around for donkeys years, so I'd be surprised if any browsers didn't support it) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
I thought its an interface as in Common Gateway Interface. :-P You are right it isn't a specific connection to C. CGI can basically be used with any language. A protocol to me is something like TCP/IP or http etc. Like a language between a network of nodes. Tim-Hinnerk Heuer http://www.ihostnz.com Katharine Hepburn - Life is hard. After all, it kills you. 2009/2/17 Stuart stut...@gmail.com 2009/2/16 Thodoris t...@kinetix.gr: In addition to this there is an API for C that can be used to code web applications and it is known as CGI (it is provided by many languages) CGI is a protocol not an API and has no specific connection to C. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Part Time Job Available
On Tue, 2008-09-16 at 17:12 +0200, Marc wrote: Richmal Whitehead schrieb: Hi, Our online market research organization starts recruiting self-motivated and reliable individuals willing to take part in well-paying research conducted by leading international businesses. Your opinion as a consumer is important for the success and profitability of many business ventures. That is why they are ready to pay for what you think. Our members are paid for participating in online surveys, focus group discussions, and product/service evaluations. What's best, all you need to work with us is a computer, an Internet connection, and will to voice your honest opinion. We'd like to hear from you soon if you want to become one of our highly valued survey takers. Please excuse us if this email is unwanted for you and we have disturbed you in some way, but this is a serious and sincere enquiry. Please reply to 15966nyazaha...@gmail.com Best regards, Stephanie Cunningham Die in a fire. /Marc -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Well, they did say your honest opinion was wanted ;) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: ?php=
Please folks, honor my request and remove me from the list. Yes I signed up intentionally, and yes I tried (3 times) to de-list myself but I still get the emails. You guys seem like nice folks, so I don't want to lodge a complaint somewhere... I just one somebody to take responsibility and delete me from the list. Michael Roberts Senior Recruitment Strategist Corporate Staffing Services 150 Monument Road, Suite 510 Bala Cynwyd, PA 19004 P 610-771-1084 F 610-771-0390 E mrobe...@jobscss.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Colin Guthrie Sent: Monday, February 16, 2009 3:14 PM To: php-general@lists.php.net Subject: [PHP] Re: ?php= 'Twas brillig, and Eric Butera at 16/02/09 20:01 did gyre and gimble: On Mon, Feb 16, 2009 at 2:58 PM, Colin Guthrie gm...@colin.guthr.ie wrote: 'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: Those reply lines are funny. =) Can't take credit as I saw someone else with it and *ahem* liberated it. I remember reading the source of it at school so it brought a smile... Still one of my favourite poems :) Col PS: for those who don't know, it's the Jabberwocky by Lewis Carroll: http://www.jabberwocky.com/carroll/jabber/jabberwocky.html -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Full versus relative URLs
2009/2/16 Paul M Foster pa...@quillandmouse.com: On Mon, Feb 16, 2009 at 07:39:29PM +0200, Thodoris wrote: Here's a question related to my last post. When specifying a link in a HTML file (like to the css or an image file), there are two ways of doing it. One is to simply include the relative path to the file (relative to the doc root), like: /graphics/my_portrait.gif Or you can include the full URL, like: http://example.com/graphics/my_portrait.gif My casual observation seems to indicate that the former will load faster than the latter. But has anyone done any benchmarking on it? Paul I am not aware if absolute URLs are faster or not (in case they are there will be such a small difference you cannot probably notice) but IMHO it is a bad practice to use full URLs. Basically because renaming directories or scripts will cause great pain in the ass. Of course resources that are coming outside your own site are needed to use absolute URLs and nobody is assuming that are useless. Agreed. But here's the real reason, in my case. We develop the pages on an internal server, which has the URL http://pokey/mysite.com. When we move the pages to the live server at mysite.com, all the URLs would have to be rewritten. Ugh. My advice would be to stop coding and sort this out as soon as possible. If your development server has a different layout to your live server you're simply asking for trouble, especially since you're using a front controller pattern (as evidenced in another thread). It's simple to fix this. Add a hosts entry for mysite.local pointing at pokey's IP. Change the server software so it has a virtual host for mysite.local pointed at the mysite.com directory in the existing web rooot. This is not difficult and will allow you to solve both of the problems you are currently asking this list about. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
I don't think you can unfortunately. 2009/2/16 Brian Dunning br...@briandunning.com: And an equally important question: How do you prevent your servers from showing up in searches like this? On Feb 16, 2009, at 7:51 AM, Lewis Wright wrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Opinions Please, Describing PHP as Web Framework of C and C++
2009/2/16 German Geek geek...@gmail.com: I thought its an interface as in Common Gateway Interface. :-P You are right it isn't a specific connection to C. CGI can basically be used with any language. A protocol to me is something like TCP/IP or http etc. Like a language between a network of nodes. A protocol in computer science is defined as rules determining the format and transmission of data. CGI is a protocol defining the format and transmission of data between two entities, most commonly an HTTP server and an executable of some sort. It has no connection to TCP/IP, HTTP or networks in general. -Stuart -- http://stut.net/ 2009/2/17 Stuart stut...@gmail.com 2009/2/16 Thodoris t...@kinetix.gr: In addition to this there is an API for C that can be used to code web applications and it is known as CGI (it is provided by many languages) CGI is a protocol not an API and has no specific connection to C. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Advice wanted
On Mon, 2009-02-16 at 10:53 -0500, Payne wrote: Hi, I am wanting to ask some advice on project I have in mind, but I am having problems finding examples. What I am working on is a set of tools that creates reports based on actions. I have the reports working good, but what I advice on is this. I like to create a page that shows a calendar. If an actions kicked off a report. I like to see on that calendar the date or link show a clickable link or under that date the name of the report. Does anyone know where I can find examples so I can see what I need to do? Payne I've put together a simple script that outputs a calendar, which is easy to then tie into a database and create clickable links: http://www.ashleysheridan.co.uk/coding_php_calendar.php Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ?php=
2009/2/16 Mike Roberts mrobe...@jobscss.com: Please folks, honor my request and remove me from the list. Yes I signed up intentionally, and yes I tried (3 times) to de-list myself but I still get the emails. You guys seem like nice folks, so I don't want to lodge a complaint somewhere... I just one somebody to take responsibility and delete me from the list. What exactly have you done three times? Send an email to php-general-unsubscr...@lists.php.net then follow the instructions in the automated email you receive, usually a few minutes later. If this is what you've done already then there may be a problem with the system, but please make sure you've fully read, understood and actioned the instructions in the email you get back. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
On Mon, 2009-02-16 at 20:49 +, Lewis Wright wrote: I don't think you can unfortunately. 2009/2/16 Brian Dunning br...@briandunning.com: And an equally important question: How do you prevent your servers from showing up in searches like this? On Feb 16, 2009, at 7:51 AM, Lewis Wright wrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Yeah, if your server is available online, then the IP is available, and could potentially end up on any list, i.e. a search engines results. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Online Part Time Job Available
Ashley Sheridan wrote: On Tue, 2008-09-16 at 17:12 +0200, Marc wrote: Richmal Whitehead schrieb: Hi, Our online market research organization starts recruiting self-motivated and reliable individuals willing to take part in well-paying research conducted by leading international businesses. Your opinion as a consumer is important for the success and profitability of many business ventures. That is why they are ready to pay for what you think. Our members are paid for participating in online surveys, focus group discussions, and product/service evaluations. What's best, all you need to work with us is a computer, an Internet connection, and will to voice your honest opinion. We'd like to hear from you soon if you want to become one of our highly valued survey takers. Please excuse us if this email is unwanted for you and we have disturbed you in some way, but this is a serious and sincere enquiry. Please reply to 15966nyazaha...@gmail.com Best regards, Stephanie Cunningham Die in a fire. /Marc -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Well, they did say your honest opinion was wanted ;) Ash www.ashleysheridan.co.uk Several stipulations rule out most of the gang that hang out here. For example: * self-motivated * reliable individuals * honest opinion Oh well, next time maybe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Apache odd behavior
2009/2/16 Ashley Sheridan a...@ashleysheridan.co.uk: On Mon, 2009-02-16 at 20:34 +, Stuart wrote: 2009/2/16 Paul M Foster pa...@quillandmouse.com: On Mon, Feb 16, 2009 at 07:30:57PM +0200, Thodoris wrote: I'm submitting a url like this: http://mysite.com/index.php/alfa/bravo/charlie/delta The index.php calls has code to decode the url segments (alfa/bravo/charlie/delta). It determines that the controller is alfa, the method is bravo, and converts charlie and delta to $_GET['charlie'] = 'delta'. It verifies that the controller and method exist, and calls the controller and method. This works fine. The right controller gets called and the right method, and the GET parameter looks like it should. The method sets some variables and then calls a render() function to render the page, which is in the doc root of the site. The page does get rendered, but without the stylesheet, and none of the graphics show up. Why? Because, according to the logs, Apache appears to be looking for the images and everything else in the directory index.php/alfa/bravo/charlie/delta, which of course doesn't exist. No, I don't have an .htaccess file with RewriteEngine on. Apache figures out that index.php is the file to look for in the original URL, but can't figure out that everything else is relative to that file, not the entire URL. This method is in use in at least one other MVC framework. What am I doing wrong? Paul I assume that in order for this to work you will have to use mod_rewrite for apache to work properly. Check the framework's installation instructions to see if you configured mod_rewrite correctly for this to work properly. mod_rewrite isn't involved. Apache has a lookback feature that looks back through the URL until it finds an actual file it can execute, which in this case is index.php. Unfortunately, it appears that Apache believes the directory in which linked files are found is the *whole* URL. mod_rewrite might resolve this, but it isn't allowed on all servers. So it's not a reliable solution. This is your problem, you're not understanding where the paths are being resolved. Apache has absolutely no involvement in resolving relative paths in your HTML files to absolute URLs. The browser does this. All you need to do is use absolute URLs and everything will work fine. By absolute, in case you don't know, I mean starting with a / and being from the document root in the web server. For example, if you have a tag like a href=arse.phparse/a and arse.php is in the same directory as index.php you need to change it to a href=/arse.phparse/a. Another example... if you have a href=somedir/crack.phpcrack/a where crack.php is in the subdirectory somedir beneath where index.php is you need to change the tag to a href=/somedir/crack.phpcrack/a. You need to apply this to all URLs in your code, including stylesheets, images and javascript references. This should not be a difficult concept to grasp, so maybe I'm not explaining it right. If so please explain what you understand by what I'm saying and I can alter it to be more helpful. -Stuart -- http://stut.net/ I've read through this thread and not noticed anyone mention the base tag. This allows you to specify a URL to which relative ones are mapped to, which could be just what you're looking for, as I believe all the browsers support it (the tag has been around for donkeys years, so I'd be surprised if any browsers didn't support it) That should also work, yes. Personally I'd use absolute URLs but each to their own. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Online Part Time Job Available
-Original Message- From: Al [mailto:n...@ridersite.org] Sent: Monday, February 16, 2009 3:00 PM To: php-general@lists.php.net Subject: Re: [PHP] Online Part Time Job Available Please excuse us if this email is unwanted for you and we have disturbed you in some way, but this is a serious and sincere enquiry. Please reply to 15966nyazaha...@gmail.com Best regards, Stephanie Cunningham Die in a fire. Well, they did say your honest opinion was wanted ;) Several stipulations rule out most of the gang that hang out here. For example: * self-motivated * reliable individuals * honest opinion Oh well, next time maybe Your lack of an emoticon accompanying this message can mean only one thing: This is war! * Most of the people on this list are independent developers (or do independent development in addition to their day jobs) * Hand-in-hand with independent development is sole responsibility * Honest opinions abound on this list... that's why so many of the discussions that would probably be passed over entirely on other lists are discussed in great detail and from a wide variety of perspectives. :p (And yes, I realize you were [probably] joking.) // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: inset data to multiple tables
Hell, I feel about as dumb as can be. I just goth things straight and
it seems to work just fine...
Here is where my problem was...
$sql1 = INSERT INTO books
( title, sub_title, descr, comment, bk_cover,
publish_date, ISBN, language )
VALUES
('$titleIN', '$sub_titleIN', '$descrIN',
'$commentIN', '$bk_coverIN', '$publish_dateIN',
'$ISBNIN', '$languageIN');
$result1 = mysql_query($sql1, $db);
$sql2 = INSERT INTO authors
(first_name, last_name) VALUES ('$first_nameIN',
'$last_nameIN');
$result2 = mysql_query($sql2, $db);
$sql3 = INSERT INTO publishers
(publisher) VALUES ('$publisherIN');
$result3 = mysql_query($sql3, $db);
In effect, once I understood what the $result statements meant, all
became clear.
It looks like I can now add more $sql4... etc as long as I have the
correct input strings and all should be hunky-dory, whatever that means.
Of course, I am quite new to this and do and will appreciate any
comments and/or suggestions.
My next questions will be about how to automate inserts of foreign key
tables... :-(
More questions below...
Colin Guthrie wrote:
Also, you are possibly running risks above if you do not properly
escape your variables:
e.g. You have:
$sql1 = INSERT INTO authors (first_name, last_name) VALUES
('$first_nameIN', '$last_nameIN');
Your examples do not show where the values came from but if it's
directly from a form post or similar, if I put the value:
'blah','blah'); DELETE FROM authors;
Sorry, don't understand... If you put the value where and how?
The query generated could be:
INSERT INTO authors(firstname,lastname) VALUES ('blah','blah'); DELETE
FROM authors;.
Obviously this is a massive security risk and is generally referred to
as SQL Injection Attacks.
Sad that there are such people around who have nothing better to do than
do attacks...
You should look into using the function mysql_real_escape_string() to
escape all your inputs.
I'm trying - I just looked at the PHP manual on
mysql_real_escape_string() and it just confuses me more and more. Not
clear, yet, just what the escape string thing is :-(
When you say escape all your inputs - just what do you mean? Does that
mean I need some special routines that have to be repeated over and over
every time there is an input... but what do you mean by an input? And,
from looking at all the comments in the manual, it's not clear just
where to stop...
Col
--
Phil Jourdan --- p...@ptahhotep.com
http://www.ptahhotep.com
http://www.chiccantine.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: E-Mail Attachment Filename Encoding Problem
Hello, on 02/16/2009 06:19 AM Edmund Hertle said the following: my problem is that I send an e-mail with an attachment (pdf file). I get the filename out of a mysql table. While using echo or downloading the file, the filename is showed as expected but as an attachment it is not properly encoded: Should be: PC-Beschaffung 2008 (nur für Lehre) Will be: US-ASCII''PC-Beschaffung%202008%20(nur%20f%C3%BCr%20Lehre) I think I have to encode the file name and already tried utf8encode but this didn't help. You need to use q-encoding. You may want to try this MIME message composing and sending class that encodes file name attachments properly when necessary: http://www.phpclasses.org/mimemessage -- Regards, Manuel Lemos Find and post PHP jobs http://www.phpclasses.org/jobs/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: inset data to multiple tables
PJ wrote:
Hell, I feel about as dumb as can be. I just goth things straight and
it seems to work just fine...
Here is where my problem was...
$sql1 = INSERT INTO books
( title, sub_title, descr, comment, bk_cover,
publish_date, ISBN, language )
VALUES
('$titleIN', '$sub_titleIN', '$descrIN',
'$commentIN', '$bk_coverIN', '$publish_dateIN',
'$ISBNIN', '$languageIN');
$result1 = mysql_query($sql1, $db);
$sql2 = INSERT INTO authors
(first_name, last_name) VALUES ('$first_nameIN',
'$last_nameIN');
$result2 = mysql_query($sql2, $db);
$sql3 = INSERT INTO publishers
(publisher) VALUES ('$publisherIN');
$result3 = mysql_query($sql3, $db);
In effect, once I understood what the $result statements meant, all
became clear.
It looks like I can now add more $sql4... etc as long as I have the
correct input strings and all should be hunky-dory, whatever that means.
hunky dory means all good.
$result1 will send $sql1 to the mysql db and get the result of what that
did (in this case an insert). You can use this to see if it worked or not.
if $result1 returns false, it didn't work.
$result2 sends $sql2 to the db and returns what happened there.
Of course, I am quite new to this and do and will appreciate any
comments and/or suggestions.
My next questions will be about how to automate inserts of foreign key
tables... :-(
More questions below...
The query generated could be:
INSERT INTO authors(firstname,lastname) VALUES ('blah','blah'); DELETE
FROM authors;.
Obviously this is a massive security risk and is generally referred to
as SQL Injection Attacks.
Sad that there are such people around who have nothing better to do than
do attacks...
People also do it for a living ;)
You should look into using the function mysql_real_escape_string() to
escape all your inputs.
I'm trying - I just looked at the PHP manual on
mysql_real_escape_string() and it just confuses me more and more. Not
clear, yet, just what the escape string thing is :-(
Instead of doing this (for an imaginary table):
$sql = insert into table1(field1, field2) values ('$value1', '$value2');
do
$sql = insert into table1(field1, field2) values (' .
mysql_real_escape_string($value1) . ', ' .
mysql_real_escape_string($value2) . ');
Now $value1 and $value2 can only be used as data, they can't be used
against you.
If you don't do that, try adding a last name of O'Reilly - your code
will break because of the ' in the name.
When you say escape all your inputs - just what do you mean? Does that
mean I need some special routines that have to be repeated over and over
every time there is an input... but what do you mean by an input? And,
from looking at all the comments in the manual, it's not clear just
where to stop...
input means anything a user gives you. Whether it's a first name, last
name, a comment in a blog, a website url - anything you get from a user
must be escaped.
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
Lewis Wright wrote: This may be a little more accurate: http://www.domaintools.com/reverse-ip/ But I think you have to pay if you want to use it a lot. 2009/2/16 Jonesy gm...@jonz.net: On Mon, 16 Feb 2009 10:26:17 -0500, Robert Cummings wrote: On Mon, 2009-02-16 at 10:11 -0500, tedd wrote: At 9:17 PM -0500 2/15/09, Andrew Ballard wrote: You mean like this one? http://www.yougetsignal.com/tools/web-sites-on-web-server/ I don't know how reliable or up-to-date it is. Now that's something I would like to know how it works. Anyone have any ideas as to how that works? It tells you how it's done. And, it does a poor job. My web host's IP where numerous domains are VHOST'ed (including several of my domains) - TAA DAA - _only_ the web hosting server.domain.name. Jonesy -- Marvin L Jones| jonz | W3DHJ | linux 38.24N 104.55W | @ config.com | Jonesy | OS/2 * Killfiling google banter.com: jonz.net/ng.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This one too. http://www.robtex.com/ip/XX.XX.XX.XX.html replace the XX with your hosts IP address. I know that it works for all of my ip address (personally and work related) Not sure how old the data is, but it does list the new domains that I started hosting about a month ago. YMMV -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ?php=
At 7:58 PM + 2/16/09, Colin Guthrie wrote: 'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: ... Sorry, should've mentioned, I'm talking about PHP6. Not heard about it but I'd like it. Short tags are evil but the ?= thing is pretty handy so having a ?php= option would suit me quite nicely. Col Any time I see that short tag, I want to change it -- I'm almost obsessive about it. My vote would be to never use the short tag every again. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ?php=
On Mon, Feb 16, 2009 at 6:32 PM, tedd tedd.sperl...@gmail.com wrote: At 7:58 PM + 2/16/09, Colin Guthrie wrote: 'Twas brillig, and Richard Heyes at 16/02/09 15:04 did gyre and gimble: ... Sorry, should've mentioned, I'm talking about PHP6. Not heard about it but I'd like it. Short tags are evil but the ?= thing is pretty handy so having a ?php= option would suit me quite nicely. Col Any time I see that short tag, I want to change it -- I'm almost obsessive about it. My vote would be to never use the short tag every again. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php As long as we're taking votes... Most of my template code looks like this: ?php echo $this-escape($this-var) ? I'd be happy to never see any variation of ?= again as it is not the bottleneck of my productivity. -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Reverse IP lookup
At 12:22 PM -0800 2/16/09, Brian Dunning wrote: And an equally important question: How do you prevent your servers from showing up in searches like this? If I was selling hosting services, I might be concerned with clients knowing how many web sites I piled on each other. For example, it appears that my sperling.com site has 83 other web sites on it. No wonder why sometimes it seems pretty slow. However, I don't know if having 83 other sties is typical/common/good/bad/ or depends. But I do have clients who have dedicated servers -- I've always wanted one as well, but simply can't afford it. Oh well, when one of my hair-brain ideas pay off, I'll get one. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Why is this secure?
Hi all! The following code seems like it should be open to session
fixation attacks, but is not. Why?!
This is the beginning of the private page...
?php
session_start();
if (!isset($_SESSION['user']))
{
header(Location: http://[address of login page]?requestedpage=[token
for this page]);
exit();
}
If an attacker caused a known user to request the above page with ?
PHPSESSID=1234, the session_start would then register 1234 as the
current session
This is from the login page...
?php
if($_POST['[a posted form var]'])
{
// check submitted credentials against known users
$status = authenticate(...);
// if user/pass combination is correct
if ($status == 1)
{
// initiate a session
session_start();
// register some session variables
$_SESSION['XX] = filter($_POST['XX']);
// redirect to protected page
header(Location: ...[requested page]);
exit();
}
}
When the user logged in above, the session_start would use the session
cookie from the first session_start above and have a validated session
with an SID known to the attacker.
However, the top snippet does not cause an SID to be recorded in a
cookie, but the bottom one does. Hence, the attack is prevented, but
why?
Thanks, cheers!
- Sean
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why is this secure?
On Mon, 2009-02-16 at 13:49 -0500, Sean DeNigris wrote:
Hi all! The following code seems like it should be open to session
fixation attacks, but is not. Why?!
This is the beginning of the private page...
?php
session_start();
if (!isset($_SESSION['user']))
{
header(Location: http://[address of login page]?requestedpage=[token
for this page]);
exit();
}
If an attacker caused a known user to request the above page with ?
PHPSESSID=1234, the session_start would then register 1234 as the
current session
This is from the login page...
?php
if($_POST['[a posted form var]'])
{
// check submitted credentials against known users
$status = authenticate(...);
// if user/pass combination is correct
if ($status == 1)
{
// initiate a session
session_start();
// register some session variables
$_SESSION['XX] = filter($_POST['XX']);
// redirect to protected page
header(Location: ...[requested page]);
exit();
}
}
When the user logged in above, the session_start would use the session
cookie from the first session_start above and have a validated session
with an SID known to the attacker.
However, the top snippet does not cause an SID to be recorded in a
cookie, but the bottom one does. Hence, the attack is prevented, but
why?
Thanks, cheers!
- Sean
Erm, is this a trick question or your homework?
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Why is this secure?
lol, neither. It was from a site I had coded. I read an article
about session fixation and it seemed vulnerable based on what I read,
but when I tested it, it didn't seem to be and I wasn't sure why.
What made you think that?
- Sean
On Feb 16, 2009, at 8:16 PM, Ashley Sheridan wrote:
On Mon, 2009-02-16 at 13:49 -0500, Sean DeNigris wrote:
Hi all! The following code seems like it should be open to session
fixation attacks, but is not. Why?!
This is the beginning of the private page...
?php
session_start();
if (!isset($_SESSION['user']))
{
header(Location: http://[address of login page]?
requestedpage=[token
for this page]);
exit();
}
If an attacker caused a known user to request the above page with ?
PHPSESSID=1234, the session_start would then register 1234 as the
current session
This is from the login page...
?php
if($_POST['[a posted form var]'])
{
// check submitted credentials against known users
$status = authenticate(...);
// if user/pass combination is correct
if ($status == 1)
{
// initiate a session
session_start();
// register some session variables
$_SESSION['XX] = filter($_POST['XX']);
// redirect to protected page
header(Location: ...[requested page]);
exit();
}
}
When the user logged in above, the session_start would use the
session
cookie from the first session_start above and have a validated
session
with an SID known to the attacker.
However, the top snippet does not cause an SID to be recorded in a
cookie, but the bottom one does. Hence, the attack is prevented, but
why?
Thanks, cheers!
- Sean
Erm, is this a trick question or your homework?
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Files redirect - using PHP and .htaccess
Hi, there are two choices (example): 1) file_redirect.php?src=file/root.jpg --- shows an image 2) .htaccess --- if is requested file/root.jpg than redirect to xyzfile/root.jpg In both cases I can restrict the access to some files only. If we talk about PHP, the file/image.jpg can be directed to xyzfile/image.jpg - and the client won't know. BUT if we talk about .htaccess - can the client find out where it really points out? For example file/image.jpg will be directed to xyzfile/image.jpg --- I suppose it sends a response to the browser and tells him the new path which it should request, am I right? If so, than it's not really secure, since the user will be able to test and try all other filenames and get somewhere I don't want him to go - I know I might be too careful, BUT I am interested how PROs do this. Your comments will be appreciated, Martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Files redirect - using PHP and .htaccess
Martin Zvarík napsal(a): Hi, there are two choices (example): 1) file_redirect.php?src=file/root.jpg --- shows an image 2) .htaccess --- if is requested file/root.jpg than redirect to xyzfile/root.jpg In both cases I can restrict the access to some files only. If we talk about PHP, the file/image.jpg can be directed to xyzfile/image.jpg - and the client won't know. BUT if we talk about .htaccess - can the client find out where it really points out? For example file/image.jpg will be directed to xyzfile/image.jpg --- I suppose it sends a response to the browser and tells him the new path which it should request, am I right? If so, than it's not really secure, since the user will be able to test and try all other filenames and get somewhere I don't want him to go - I know I might be too careful, BUT I am interested how PROs do this. Your comments will be appreciated, Martin AHA, from what I've just read, the .htaccess is server-side, so the client won't know the real directory. Can somebody confirm? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: XSLTProcessor help
same result cut here--- htmlheadmeta http-equiv=Content-Type content=text/html; charset=UTF-8/headbodypre Hyalearl, 100-ton Sulieman-Class Scout/Courier 2008 03 10 All rights reserved 2008 Onno Meyer n...@none.com 10 Traveller 1.0 /pre/body/html -cut here--- -cut here--- ?xml version=1.0 ? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform;; xsl:output method=html indent=no encoding=UTF-8 omit-xml-declaration=yes/ xsl:template match=/ html head /head body pre xsl:apply-templates/ /pre /body /html /xsl:template xsl:template match=meta !-- head -- /xsl:template /xsl:stylesheet -cut here--- tom_a_sparks Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html - Original Message From: Colin Guthrie gm...@colin.guthr.ie To: php-general@lists.php.net Sent: Monday, 16 February, 2009 9:41:46 PM Subject: [PHP] Re: XSLTProcessor help 'Twas brillig, and Tom Sparks at 16/02/09 10:49 did gyre and gimble: help, when I include xsl:apply-templates/ the XSLTProcessor only strips the XML tags and outputs the text see result --cut here vehicle.xsl- ?xml version=1.0 ? xsl:stylesheet version=1.0 xmlns:xsl=http://www.w3.org/1999/XSL/Transform;; xsl:template match=/ html head XSL needs to know that you are outputting XML-derived data... eg. try putting this before your xsl:template: xsl:output method=html indent=no encoding=UTF-8 omit-xml-declaration=yes/ Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Make Yahoo!7 your homepage and win a trip to the Quiksilver Pro. Find out more -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
