php-general Digest 15 Aug 2009 08:00:28 -0000 Issue 6286
php-general Digest 15 Aug 2009 08:00:28 - Issue 6286 Topics (messages 296809 through 296817): Re: ini files as config - hidden 296809 by: João Cândido de Souza Neto 296810 by: João Cândido de Souza Neto 296811 by: Ben Dunlap 296815 by: Ashley Sheridan PHP_SAPI 296812 by: Martin Scotta Making HTML Scripts over PHP Programming 296813 by: network.qummatic.com Re: session variables - help RESOLVED 296814 by: Allen McCabe Re: File or directory? 296816 by: Clancy 296817 by: Ralph Deffke Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- A long time ago I worked in many shared servers, nowadays I´m not working with web sites, only systems, so my customers always has their own server. The question is: 1) The ini file you mentioned has ini extension? if yes, it must be out of the document root because if someone types its url, the browser will certainly show up its content. 2) Has it php extension? if yes, it can be inside the documento root because if someone types its url, PHP will show up only the result of its code.. Ben Dunlap bdun...@agentintellect.com escreveu na mensagem news:7997e80e0908141056i483f4e2h7dffe0c83b90d...@mail.gmail.com... 2009/8/14 João Cândido de Souza Neto j...@consultorweb.cnt.br: I think a good solution is to put the ini file out of your html folder so only your scripts can read it. I agree, and I try to do the same, but I've noticed that most open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS Made Simple) have always stored database credentials inside of DocumentRoot, by default. Not sure if this is a compromise to allow ease-of-use by less-technical users, or if my insistence on putting this sort of file outside of DocumentRoot is just paranoia (and not the good kind). I'd definitely be interested to hear how others on the list approach this problem. And that's only one part of the equation, if you're on a shared-hosting platform. Are you, or do you have your own server? Ben ---End Message--- ---BeginMessage--- It´s a cool solution as well. Martin Scotta martinsco...@gmail.com escreveu na mensagem news:6445d94e0908141103l6710c766wcc89f05111a65...@mail.gmail.com... 2009/8/14 Ben Dunlap bdun...@agentintellect.com 2009/8/14 João Cândido de Souza Neto j...@consultorweb.cnt.br: I think a good solution is to put the ini file out of your html folder so only your scripts can read it. I agree, and I try to do the same, but I've noticed that most open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS Made Simple) have always stored database credentials inside of DocumentRoot, by default. Not sure if this is a compromise to allow ease-of-use by less-technical users, or if my insistence on putting this sort of file outside of DocumentRoot is just paranoia (and not the good kind). I'd definitely be interested to hear how others on the list approach this problem. And that's only one part of the equation, if you're on a shared-hosting platform. Are you, or do you have your own server? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php A workaround to this is to simple let the browser get the ini as a php file. What? are you insane? no. it is really easy. 1) Name your ini files .php so, database.ini will be database.php 2) Put in the top of your script this line ;?php exit;? So, when the file is opened as an ini file the semilcolon indicates that it's a comment. But, when the browser call for this file... php just exit's in the first line. Our data will be safe as long as the first line will remains there. -- Martin Scotta ---End Message--- ---BeginMessage--- 1) Name your ini files .php so, database.ini will be database.php Actually I was assuming the configuration file to be a PHP script -- as is typical in big open-source CMSes. I took ini file earlier in the thread to be a generic description of any file, whatever the extension, that contains sensitive configuration data. Our data will be safe as long as the first line will remains there. And as long as the file is actually handed off to PHP for processing. Seems like there are plenty of situations, none of them too far-fetched, that could cause the web server to mistakenly serve a file with .php in its name as a generic text file rather than handling it correctly. I'd rather just have the file outside of DocumentRoot and avoid that risk entirely. But again, maybe that's just unproductive paranoia? Ben ---End Message--- ---BeginMessage--- On Fri, 2009-08-14 at 15:03 -0300, Martin Scotta wrote: 2009/8/14 Ben Dunlap
php-general Digest 15 Aug 2009 22:48:14 -0000 Issue 6287
php-general Digest 15 Aug 2009 22:48:14 - Issue 6287 Topics (messages 296818 through 296821): Re: File or directory? 296818 by: Ashley Sheridan Re: ini files as config - hidden 296819 by: Sancar Saran Another date exercise 296820 by: tedd 296821 by: Phpster Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On Sat, 2009-08-15 at 09:56 +0200, Ralph Deffke wrote: can u upload ur own files ? can u create a directory ? are u using a ftp client ? try ralph_def...@yahoo.de Clancy clanc...@cybec.com.au wrote in message news:kjhc85hpub7drihgappifphcboolt9u...@4ax.com... I have just got access to a new server, and am playing with upload/download procedures. I looked in the root directory, and see several objects which I assume to be directories. However I was surprised to find there does not appear to be any command to determine if an object is a file or directory, either in PHP FTP or plain FTP. I could try to change to them, or download them, but this seems overkill. Am I overlooking something obvious? That answer doesn't seem to quite come close even to answering the op question. Have you looked at ftp_rawlist which returns a detailed list of files, along with their permissions and directory flags? Or you could use ftp_size to determine the size of a file, which should be nothing for a directory. Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- On Friday 14 August 2009 08:31:46 pm דניאל דנון wrote: I'm building a little framework for my self, The configuration of the framework is done in an ini file, How do you suggest to hide its contents? .htaccess wont be good (or atleast only htaccess) since if its turned off The file contains mysql password and important data. How should I make sure the file stays hidden from someone who might tries to access it? Hello there, 1-) You have to parse ini file in each execution. It was negative for performance. I suggest use plain php array 2-) To hide your config put it in out of html document root. define('ROOTDIR', dirname(__FILE__).'/'); define(CONFDIR,ROOTDIR.'../config/'); require(CONFDIR.'config.php'); Regards ---End Message--- ---BeginMessage--- Hi gang: Here's another exercise to consider. This is a date entry problem where the user can enter a date in various forms, but the return will be in a consistent format. For example, a user might enter a date in the form of: August 5, 2009 Aug 05 2009 Aug 5, 9 08/05/09 8-5-9 8 05 2009 8,5,9 Or any combination thereof. However, the resultant date will be standardized to: Aug 5, 2009. Extra points for solving this for Euro as well as US date formats (i.e., 5 Aug, 2009 vs Aug 5, 2009). And, extra extra points for accommodating month brevity, such as A for August and Mar for March and so on. Gentlemen, start your keyboards. :-) As always, should you or any of your IM Force be caught or killed, The Secretary will disavow any knowledge of your actions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com ---End Message--- ---BeginMessage--- On Aug 15, 2009, at 3:57 PM, tedd t...@sperling.com wrote: Hi gang: Here's another exercise to consider. This is a date entry problem where the user can enter a date in various forms, but the return will be in a consistent format. For example, a user might enter a date in the form of: August 5, 2009 Aug 05 2009 Aug 5, 9 08/05/09 8-5-9 8 05 2009 8,5,9 Or any combination thereof. However, the resultant date will be standardized to: Aug 5, 2009. Extra points for solving this for Euro as well as US date formats (i.e., 5 Aug, 2009 vs Aug 5, 2009). And, extra extra points for accommodating month brevity, such as A for August and Mar for March and so on. Gentlemen, start your keyboards. :-) As always, should you or any of your IM Force be caught or killed, The Secretary will disavow any knowledge of your actions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Use a js date picker and avoid the whole issue. Bastien Sent from my iPod ---End Message---
[PHP] Re: File or directory?
can u upload ur own files ? can u create a directory ? are u using a ftp client ? try ralph_def...@yahoo.de Clancy clanc...@cybec.com.au wrote in message news:kjhc85hpub7drihgappifphcboolt9u...@4ax.com... I have just got access to a new server, and am playing with upload/download procedures. I looked in the root directory, and see several objects which I assume to be directories. However I was surprised to find there does not appear to be any command to determine if an object is a file or directory, either in PHP FTP or plain FTP. I could try to change to them, or download them, but this seems overkill. Am I overlooking something obvious? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: File or directory?
On Sat, 2009-08-15 at 09:56 +0200, Ralph Deffke wrote: can u upload ur own files ? can u create a directory ? are u using a ftp client ? try ralph_def...@yahoo.de Clancy clanc...@cybec.com.au wrote in message news:kjhc85hpub7drihgappifphcboolt9u...@4ax.com... I have just got access to a new server, and am playing with upload/download procedures. I looked in the root directory, and see several objects which I assume to be directories. However I was surprised to find there does not appear to be any command to determine if an object is a file or directory, either in PHP FTP or plain FTP. I could try to change to them, or download them, but this seems overkill. Am I overlooking something obvious? That answer doesn't seem to quite come close even to answering the op question. Have you looked at ftp_rawlist which returns a detailed list of files, along with their permissions and directory flags? Or you could use ftp_size to determine the size of a file, which should be nothing for a directory. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ini files as config - hidden
On Friday 14 August 2009 08:31:46 pm דניאל דנון wrote: I'm building a little framework for my self, The configuration of the framework is done in an ini file, How do you suggest to hide its contents? .htaccess wont be good (or atleast only htaccess) since if its turned off The file contains mysql password and important data. How should I make sure the file stays hidden from someone who might tries to access it? Hello there, 1-) You have to parse ini file in each execution. It was negative for performance. I suggest use plain php array 2-) To hide your config put it in out of html document root. define('ROOTDIR', dirname(__FILE__).'/'); define(CONFDIR,ROOTDIR.'../config/'); require(CONFDIR.'config.php'); Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Another date exercise
Hi gang: Here's another exercise to consider. This is a date entry problem where the user can enter a date in various forms, but the return will be in a consistent format. For example, a user might enter a date in the form of: August 5, 2009 Aug 05 2009 Aug 5, 9 08/05/09 8-5-9 8 05 2009 8,5,9 Or any combination thereof. However, the resultant date will be standardized to: Aug 5, 2009. Extra points for solving this for Euro as well as US date formats (i.e., 5 Aug, 2009 vs Aug 5, 2009). And, extra extra points for accommodating month brevity, such as A for August and Mar for March and so on. Gentlemen, start your keyboards. :-) As always, should you or any of your IM Force be caught or killed, The Secretary will disavow any knowledge of your actions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Another date exercise
On Aug 15, 2009, at 3:57 PM, tedd t...@sperling.com wrote: Hi gang: Here's another exercise to consider. This is a date entry problem where the user can enter a date in various forms, but the return will be in a consistent format. For example, a user might enter a date in the form of: August 5, 2009 Aug 05 2009 Aug 5, 9 08/05/09 8-5-9 8 05 2009 8,5,9 Or any combination thereof. However, the resultant date will be standardized to: Aug 5, 2009. Extra points for solving this for Euro as well as US date formats (i.e., 5 Aug, 2009 vs Aug 5, 2009). And, extra extra points for accommodating month brevity, such as A for August and Mar for March and so on. Gentlemen, start your keyboards. :-) As always, should you or any of your IM Force be caught or killed, The Secretary will disavow any knowledge of your actions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Use a js date picker and avoid the whole issue. Bastien Sent from my iPod -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: File or directory?
On Sat, 15 Aug 2009 10:33:07 +0100, a...@ashleysheridan.co.uk (Ashley Sheridan) wrote: On Sat, 2009-08-15 at 09:56 +0200, Ralph Deffke wrote: can u upload ur own files ? can u create a directory ? Yes. are u using a ftp client ? No; I'm using straight PHP FTP Clancy clanc...@cybec.com.au wrote in message news:kjhc85hpub7drihgappifphcboolt9u...@4ax.com... I have just got access to a new server, and am playing with upload/download procedures. I looked in the root directory, and see several objects which I assume to be directories. However I was surprised to find there does not appear to be any command to determine if an object is a file or directory, either in PHP FTP or plain FTP. I could try to change to them, or download them, but this seems overkill. Am I overlooking something obvious? That answer doesn't seem to quite come close even to answering the op question. Have you looked at ftp_rawlist which returns a detailed list of files, along with their permissions and directory flags? Or you could use ftp_size to determine the size of a file, which should be nothing for a directory. Thanks, Yes; I found ftp_rawlist eventually, but I still haven't found a definition of the return code, though I think I know most of it. I guess that even a null file will hve some length? I will probably use the leading 'd' in the return code to test for directories.. (And I spent a long time trying to work out how 'drwxr-xr-x 2 riordan riordan 512 Jul 31 06:40 cgi-bin' could contain lots of spaces, before I remembered that, as a result of one of the weirder design decisions, HTML suppresses trailing spaces.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Issue with the huge import script
Hi, I have to import data from one database to another, I have to import around 10(1Lac) records. First I need to check if the record is already imported or not and import only those records which are not imported. Here is my logic $already_imported = get_already_imported_records(); format of the $already_imported is $already_imported[someid] = 'imported'; Now i take all records from another db and iterating through it. if (!key_exists($already_imported[$new_id])){ import_function($new_id) }else{ echo 'allready imported'.$already_imported[$new_id]; } Now my script is importing same records for more than one time. I am not able to get through this issue Is it because of the size of the records or something else...? Please suggest me some solution which is faster, safe and easy to code :D Thanks in advance -- Devendra Jadhav
[PHP] Re: Issue with the huge import script
Hi, this sounds huge, and cries for a sql version of the import. Are both databases the same? MySQL? I give u a draft for MySQL u export the data u have, then u got a textfile with 10+ sql statments in the php script u open the file and iterate over it by line (carefull it could be also ; in case its a Unix created file on a windows platform) line == one SQL insert in table bla bla... in the loop then just mysq_query with this line if the the someid is an unique index the insert will fail, so only those records are inserted beeing not already in the database. but I think as of the amount off records it doesn't sound like a every 10 minutes job, if it is a rara job, just do it with phpMyAdmin sorry not pulling out the code, but was a long day behind the keyboard, need some sleep ralph_def...@yahoo.de Devendra Jadhav devendra...@gmail.com wrote in message news:be4b00cf0908151815r1c7430d2j8a6cb0da1f10a...@mail.gmail.com... Hi, I have to import data from one database to another, I have to import around 10(1Lac) records. First I need to check if the record is already imported or not and import only those records which are not imported. Here is my logic $already_imported = get_already_imported_records(); format of the $already_imported is $already_imported[someid] = 'imported'; Now i take all records from another db and iterating through it. if (!key_exists($already_imported[$new_id])){ import_function($new_id) }else{ echo 'allready imported'.$already_imported[$new_id]; } Now my script is importing same records for more than one time. I am not able to get through this issue Is it because of the size of the records or something else...? Please suggest me some solution which is faster, safe and easy to code :D Thanks in advance -- Devendra Jadhav -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php