php-general Digest 24 Jan 2010 00:48:16 -0000 Issue 6554
php-general Digest 24 Jan 2010 00:48:16 - Issue 6554 Topics (messages 301376 through 301388): Re: Subversion Ubuntu client 301376 by: Nathan Rixham Re: ´ó¿Í»§ÓªÏú²ßÂÔÓëÇøÓòÊг¡¿ª·¢ 301377 by: hack988 hack988 301380 by: Shawn McKenzie Re: Cookies sessions 301378 by: tedd 301379 by: Nathan Rixham 301388 by: Michael A. Peters Re: ´ó¿Í»§ÓªÏú²ßÂÔÓëÇøÓòÊг¡¿ª·¢ (#8234-160784021-2959) 301381 by: Customer Service http vs https 301382 by: Ben Miller 301383 by: Jonathan Tapicer 301384 by: Nathan Rixham 301385 by: Adam Richardson memory efficient hash table extension? like lchash ... 301386 by: D. Dante Lorenso 301387 by: shiplu Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- shiplu wrote: On Sat, Jan 23, 2010 at 10:58 AM, Skip Evans s...@bigskypenguin.com wrote: Hey all, Can anyone recommend a good Subversion client for Ubuntu? If you use an ide, there should be a subversion client for it. its better to manage from ide. eclipse + pdt2 + subversive/svnkit = works (very well) for me ---End Message--- ---BeginMessage--- It's Spam.Have some administor for this mail-list can block this email address? 2010/1/22 Bipper Goes! bipper.g...@gmail.com: OP: Watch your mouth. 2010/1/21 Kaya Saman samank...@netscape.net Marc Hall wrote: From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, January 21, 2010 11:18 AM To: Marc Hall Cc: 'sssumjeg'; php-gene...@lists.php.net Subject: RE: [PHP] 大客户营销策略与区域市场开发 On Thu, 2010-01-21 at 11:15 -0500, Marc Hall wrote: Anyone speak Chinese? [snip/] From the looks of it, it appears to be one of those amazing job offer spam emails, but I can't read Chinese myself. If it's an 'Amazing' job offer perhaps I should inquire as China is a lot better then Turkey for IT jobs (where I am now)! Perhaps they might take me in as a Cisco and UNIX engineer and once I get over there after being picked up by a dark panel van or minibus perhaps wake up somewhere in downtown Shanghai with scars in the locations of my vital organs :-P I'm betting it's 100% mostly a scam as normally only people who wish to ask questions or collaborate use these lists 99.9% of the time. The rest are either clueless, time wasters, or spam emails! Of course many of you guys already know this and am just stating the obvious here :-) ok time for me to get spamming the other mailling lists: (ha oops did I just say that out loud?? hahahah ;-P ) Regards, Kaya -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ---End Message--- ---BeginMessage--- Marc Hall wrote: Anyone speak Chinese? Google does, sort of: Great customer marketing strategies, regional market development and sales team management and control gold Tactical Training Workshop Date: January 2010 22-24 (Shanghai) Date: January 2010 29-31 (Shenzhen) By the end of final, favorable to thank old and new customers; 3800 yuan / person (buy one get one, no discounts) -- - Object】 【Course chairman, general manager, marketing vice president, major account manager, region manager / regional manager, Channel manager, marketing director, brand managers and other middle and senior management. 【Background】 Course: China Marketing short period of 20 years walked the West path of a hundred years, local enterprise has been through the market Competition, trials and hardships, in learning the practice of growing up in the error correction, a considerable number of enterprises to master a marketing The essence of management theory and practice in the operating skills, can be sustained, rapid and healthy development; however, Some have been popular in China's north and south river, all-powerful in the market well-known enterprises, but due to marketing Management, there are numerous errors, and ultimately failed to get out from the brilliant to the failure of low-level reincarnation! Overall Case, failure or difficult to break through business problems is reflected in: In the market development, the lack of effective A viable market development strategy and the regional market and standardize management, the lack of a breakthrough in the market for large customers Effective mining and system management; internal management, the lack of a strong front-line sales force, which lead To difficult for local enterprises to grow by leaps and bounds. Viable regional market development and management, scientific and rational The big customer marketing
Re: [PHP] Weird Array Issue...
Op 1/23/10 3:28 AM, Don Wieland schreef: Hi, I have defined a stored procedure in my mySQL DB and when I call the procedure in my mySQL browser it returns the CORRECT results: DROP PROCEDURE IF EXISTS `Get_OHC_Years`; DELIMITER $$ CREATE definer=`do...@`` PROCEDURE `Get_OHC_Years`() BEGIN SELECT (YEAR(ohc_Date)) as ohc_year FROM Office_Hours_Cuttoff GROUP BY YEAR(ohc_Date) ORDER BY YEAR(ohc_Date) ASC; END $$ It returns: -- ohc_year-- 2010 2009 2008 2007 I doubt it will return the values in the order you have shown. I was assuming this will return an array in my PHP when I call it: /** *Get All Office Hours Cut-off YEARS */ $db-next_result(); this call to next_result() seems strange. $years = $db-query(CALL Get_OHC_Years()) or die(Records not found.); $yRow = $years-fetch_array(); echo pre; print_r($yRow); echo /pre; But the result it returns on my page is: Array ( [0] = 2007 [ohc_year] = 2007 What am I missing? Thanks! the bit where you actually RTM or source? you seem to be assuming what the fetch_array() call does, not being able to tell exactly what kind of object $db is I'll hazard a guess that fetch_array() is a wrapper method for mysql_fetch_array() - you'd want mysql_fetch_assoc() instead, and you'll need to loop to fetch all the rows. maybe try something like: echo pre; while ($yRow = $years-fetch_assoc()) print_r($yRow); echo /pre; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 304 Not Modified header not working within a class
Problem solved!!!
Everything was working ok with PHP. My class was working ok. The engineering
and logic behind PHP was working. So... what was the problem? Apache...
well, it wasn't a problem, but a misconfiguration or better said, a
mis-optimization.
In my first message, I stated: (quote)
there is no way I can send a 304 Not Modified header, when the data is
*over* ~100 bytes.
After 8 hours of working with this problem (which included sniffering and a
lot of workarounds), and while I was smoking my final cigarrette before
going to bed, I remembered that some time ago (well, some time like 2 years
ago xD), I had enabled mod_disk_cache, with the following configuration:
IfModule mod_disk_cache.c
CacheRoot /tmp/apachecache/
CacheEnable disk /
CacheDirLength 1
CacheDirLevels 5
CacheMaxFileSize 128000
*CacheMinFileSize 100*
/IfModule
I commented that part, restarted Apache and bingo Instantly I had an 304
header.
What do I think the problem was? Whenever Apache received a request, it
handled it directly from _his_ cache and simply omitted what PHP was telling
him to do. The weird thing was that the class entered the 304 header part,
but Apache always ended up sending an 200 OK header and then the CSS. In
first place it shouldn't have sended the CSS because when I entered the 304
part, it should have died. It simply couldn't send any other output. (And
that was why I sniffered, if it shouldn't send the CSS; he must have been
send some kind of error, but my surprise was really big when I saw that the
raw data was just plain CSS, no other data was present).
Why was Apache then sending a 304 whenever the data was under the 100 byte
limit? Because he didn't have it in his cache and was obeying what PHP told
him to do. (This configuration created a cache whenever the file size is
between the 100 and 128000 bytes).
Anyway... now I will be publishing the class soon on phpclasses.org under
the BSD license. I'll work now on documentation and code cleanup but
whenever it is ready I will leave the link in this same list (if it is
allowed) xD
Greetings, a lot of thanks to Richard for his code and Rene for his
suggestion to take a look at Apache and good night :P (Despite being 7AM xD)
On Wed, Jan 20, 2010 at 21:16, Camilo Sperberg csperb...@unreal4u.comwrote:
On Wed, Jan 20, 2010 at 04:34, richard gray r...@richgray.com wrote:
Camilo Sperberg wrote:
Hi list, my first message here :)
To the point: I'm programming a class that takes several CSS files,
parses,
compresses and saves into a cache file. However, I would like to go a
step
further and also use the browser cache, handling the 304 and 200 header
types myself.
Now, what is the problem? If I do it within a function, there is
absolutely
no problem, everything works like a charm. However, when I implement that
same concept into my class, there is no way I can send a 304 Not Modified
header, when the data is *over* ~100 bytes.
Hi Camilo
For what it is worth I have implemented cacheing in a class and for me the
304 not modified header gets sent fine ... some example headers output is
below together with the relevant code snippet..
// See if client sent a page modified header to see if we can
// just send a not modified header instead
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])
$_SERVER['HTTP_IF_MODIFIED_SINCE'] == self::$_gmmodtime) {
header('HTTP/1.1 304 Not Modified');
return null;
}
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])
stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) == self::$_etag) {
header('HTTP/1.1 304 Not Modified');
return null;
}
HTTP/1.x 304 Not Modified
Date: Wed, 20 Jan 2010 07:21:32 GMT
Server: Apache/2.2.11 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=1000
Etag: 444fbd9951f540ec1b6928db864c10dc
Expires: Sun, 24 Jan 2010 06:16:06 GMT
Cache-Control: public, must-revalidate
Vary: Accept-Encoding
I hope it helps..
Regards
Rich
I'll try this (and some other things I recently thought about) when I get
back home on friday :) I'll keep you updated.
Thanks!
--
Mailed by:
UnReAl4U - unreal4u
ICQ #: 54472056
www1: http://www.chw.net/
www2: http://unreal4u.com/
--
Mailed by:
UnReAl4U - unreal4u
ICQ #: 54472056
www1: http://www.chw.net/
www2: http://unreal4u.com/
Re: [PHP] Subversion Ubuntu client
shiplu wrote: On Sat, Jan 23, 2010 at 10:58 AM, Skip Evans s...@bigskypenguin.com wrote: Hey all, Can anyone recommend a good Subversion client for Ubuntu? If you use an ide, there should be a subversion client for it. its better to manage from ide. eclipse + pdt2 + subversive/svnkit = works (very well) for me -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 大客户营销策略与区域市场开发
It's Spam.Have some administor for this mail-list can block this email address? 2010/1/22 Bipper Goes! bipper.g...@gmail.com: OP: Watch your mouth. 2010/1/21 Kaya Saman samank...@netscape.net Marc Hall wrote: From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk] Sent: Thursday, January 21, 2010 11:18 AM To: Marc Hall Cc: 'sssumjeg'; php-general@lists.php.net Subject: RE: [PHP] 大客户营销策略与区域市场开发 On Thu, 2010-01-21 at 11:15 -0500, Marc Hall wrote: Anyone speak Chinese? [snip/] From the looks of it, it appears to be one of those amazing job offer spam emails, but I can't read Chinese myself. If it's an 'Amazing' job offer perhaps I should inquire as China is a lot better then Turkey for IT jobs (where I am now)! Perhaps they might take me in as a Cisco and UNIX engineer and once I get over there after being picked up by a dark panel van or minibus perhaps wake up somewhere in downtown Shanghai with scars in the locations of my vital organs :-P I'm betting it's 100% mostly a scam as normally only people who wish to ask questions or collaborate use these lists 99.9% of the time. The rest are either clueless, time wasters, or spam emails! Of course many of you guys already know this and am just stating the obvious here :-) ok time for me to get spamming the other mailling lists: (ha oops did I just say that out loud?? hahahah ;-P ) Regards, Kaya -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
At 1:13 PM +1100 1/23/10, clanc...@cybec.com.au wrote: but I would be grateful for any suggestions how I could make this procedure more secure. We have given you advice that you should NOT use Cookies in any fashion to secure your site, but you remain steadfast that you know better -- so, what else can we say other than good luck. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
clanc...@cybec.com.au wrote: On Thu, 21 Jan 2010 22:00:30 +, a...@ashleysheridan.co.uk (Ashley Sheridan) wrote: On Fri, 2010-01-22 at 08:58 +1100, clanc...@cybec.com.au wrote: On Thu, 21 Jan 2010 08:54:44 -0500, tedd.sperl...@gmail.com (tedd) wrote: At 12:15 PM +1100 1/21/10, clanc...@cybec.com.au wrote: On Wed, 20 Jan 2010 20:05:42 -0200, bsfaja...@gmail.com (Bruno Fajardo) wrote: Well, I hope this information is helpful. Yes, thanks to everyone who contributed. I now have a better understanding of what cookies are, and have turned on output buffering, enabling me to put the handler where I want, and still be able to debug it. Clancy One last thing. I use sessions for the storage of variables I need between pages, but I use cookies to leave data on the user's computer in case they come back to my site and want to pick up where they left off. Both operations store variables, but are for different purposes. Yes; I'm doing that too. I am setting up a private website, and using cookies to control access to it. Clancy Don't use cookies, use sessions for this. Information stored in cookies is susceptible to being read by pretty much anyone, hence the scare of using cookies that people get. Cookies in themselves are not the problem, but using them for anything you want to keep safe, like login details, etc, is a bad idea. Generally, a session ID is stored in the cookie, which gives nothing away to anyone trying to read it. Thank you all for your comments. My reasoning in using a cookie for user recognition, rather than relying on the session ID, was that with a cookie I could ensure that the connection effectively lasted for some specified period, whereas the session ID lifetime seems to be somewhat short and ill-defined. In this way I can be sure that the user will not be logged out unexpectedly. The actual value of the cookie I use is an MD5 hash of some user information with an additional random component, so that it would be extremely difficult to extract anything useful from it. It could equally be a random number, as it is verified by matching with a value stored on the server. I am also considering changing it every so often (every hour?) while the user is logged in, so that an old value would be useless to a hacker. At present I am using a normal text window for the user to log in, and I suspect that this is by far the weakest link in the system. The website is relatively obscure, and there is nothing particularly valuable on it, but I would be grateful for any suggestions how I could make this procedure more secure. session_id's are (normally) saved in the cookie; and serve as a key to identify a user; so you store all your session based data for a user (such as the fact they are logged in) server side; then assign that info a key; then give that key to the users client so you can recognise them; this *is* what sessions do, session_id is that key, done automatically, via a cookie - to replicate this functionality with your own version is frankly a waste of time. It appears the problem here is that your sessions are timing out too quickly, two simple approaches would be to boost the session lifetime to last longer OR create a quick (ajax) request every X minutes to keep the user logged in when inactive (which they may not want). To answer your specific questions though - what can be done to make this process more secure - no matter what approach you take, when working via http and needing logged in / secure functionality; you need the client to identify themselves with a key of some sort - no matter how you make the key it's always going to be passed via http (GET/POST/COOKIE) - if some hacker passes the same key then your system is going to think it's the original user and give them access. To make it trickier you can store information such as the users IP address, user agent string etc in session and compare it on each request; if it changes log the user out and destroy the session data - however your never going to protect against the most common form of hacking, a nosy co-worker / person in the same house having a nosey while the user is at the toilet / making a brew. This is why many sites re-request password confirmation for potentially sensitive actions like transferring money, changing personal details and so forth (and send email confirmations to tell the user what changed - just in case). It must be pointed out though that non of this is worth even considering if you have sensitive ports (like ftp/ssh/mysql) open to the outside world as it's these back doors people will use to hack the whole server, not just one users personal account on a single site. Also protect against SQL injection attacks by sanitizing your data and so forth. Finally, view it as your responsibility to never store anything personal or identifying (or in fact anything) on the client side in a cookie - one simple
Re: [PHP] 大客户营销策略与区域市场开发
Marc Hall wrote: Anyone speak Chinese? Google does, sort of: Great customer marketing strategies, regional market development and sales team management and control gold Tactical Training Workshop Date: January 2010 22-24 (Shanghai) Date: January 2010 29-31 (Shenzhen) By the end of final, favorable to thank old and new customers; 3800 yuan / person (buy one get one, no discounts) -- - Object】 【Course chairman, general manager, marketing vice president, major account manager, region manager / regional manager, Channel manager, marketing director, brand managers and other middle and senior management. 【Background】 Course: China Marketing short period of 20 years walked the West path of a hundred years, local enterprise has been through the market Competition, trials and hardships, in learning the practice of growing up in the error correction, a considerable number of enterprises to master a marketing The essence of management theory and practice in the operating skills, can be sustained, rapid and healthy development; however, Some have been popular in China's north and south river, all-powerful in the market well-known enterprises, but due to marketing Management, there are numerous errors, and ultimately failed to get out from the brilliant to the failure of low-level reincarnation! Overall Case, failure or difficult to break through business problems is reflected in: In the market development, the lack of effective A viable market development strategy and the regional market and standardize management, the lack of a breakthrough in the market for large customers Effective mining and system management; internal management, the lack of a strong front-line sales force, which lead To difficult for local enterprises to grow by leaps and bounds. Viable regional market development and management, scientific and rational The big customer marketing techniques and strategies, sales force combat effectiveness, these three capabilities is a matter of corporate marketing The core elements of victory. This course will help you build a comprehensive and effective system of market penetration. 【Course】 benefits: * By keeping customer development strategy to enhance the large customer sales skills and abilities; effective integration company Resources, and big clients manage strategic alliances in order to establish a good relationship * Learn about the regional market analysis and management methods, and study the development of regional plans and implementation steps, to know more about Kinds of regional daily operation of the management skills. * Know how to brand and marketing end-to understand the brand strategy of enterprises and terminal Gonglue regional markets To promote the development of the role. * To strengthen the functions of the various marketing team spirit between departments to achieve overall synergy. To establish a fair high - Effective assessment incentives to build high-performance sales team. 【Course Outline】: Day 1: Regional Market Development and Management First, the regional market growth and performance 1, the regional market in the geographical concept 2, the regional market in the product concept 3 Aspects of the regional market transformation of the operational modalities 4, using what the determinants of the regional business model 5, the regional marketing strategy Second, the regional market development strategy 1, the market potential assessment * Consumer Analysis * Competition Analysis * Industry Analysis * Company's own resources analysis 2, the marketing objective programming * Dominant Index * Potential indicators * Regional Location * Offensive and defensive positioning 3, marketing strategy formulation * Product mix strategy * Pricing * Channel Strategy * Marketing Communication Strategy * Case: dogs rules of survival - Ya-off benefit the survival of dental xylitol 4, the regional market as a whole deployment strategy (plane management) * The use of regional conditions * Design of regional distribution strategy * Width of the distribution of the regional management of specific operational features * Depth distribution of the regional management of specific operational features 5, rapid access to regional markets * Rally to enter * Offensive to enter * Homeopathic to enter * Contrarian to enter * The core of the regional market Gonglue 6, the regional market operations Panorama 1, analysis of the status quo 2, set goals 3, production sales map 4, the market segmentation 5, adopt a forward strategy or pull strategy 6, to deal with competitors 7, Case: Coca-Cola recipe for success Third, the regional market expansion and to maintain 1, the regional market expansion strategy * The price-led strategy of crowding * Advertising-led strategy of crowding * The channel-led strategy of crowding * The service-oriented strategy of crowding 2, line management - route * Course Design
RE: Re: [PHP] 大客户营 销策略与区域市 场开发 (#8234-160784021-2959)
Dear Mr. Marc Hall, Thank you for contacting Nordstrom.com. My apologies, however I was unable to view or translate your message. We do not have anyone here that speaks Chinese. At this time, we are only able to accept chats and e-mails in Spanish or English. Please give us a call at 206.303.4700, and we can get an interpreter on the line to assist you. Please let me know if you have any further questions or concerns at 206.303.4700. Thank you for shopping with Nordstrom. Regards, Tonya Internet Customer Service Nordstrom Direct Visit us again at: www.nordstrom.com Known to be the leader of exceptional customer service. Further assistance needed? Join us in A HREF='https://admin.instantservice.com/Customer?ai=5714di=19887fc=1it=%28%238234-160784021-2959%29email=nos...@mckenzies.net'Live Chat./A -Original Message- From: Shawn McKenzie (nos...@mckenzies.net) Sent: Jan 23, 2010 10:35:32 AM Subject: Re: [PHP] 大客户营销策略与区域市场开发 Marc Hall wrote: Anyone speak Chinese? Google does, sort of: Great customer marketing strategies, regional market development and sales team management and control gold Tactical Training Workshop Date: January 2010 22-24 (Shanghai) Date: January 2010 29-31 (Shenzhen) By the end of final, favorable to thank old and new customers; 3800 yuan / person (buy one get one, no discounts) -- - Object】 【Course chairman, general manager, marketing vice president, major account manager, region manager / regional manager, Channel manager, marketing director, brand managers and other middle and senior management. 【Background】 Course: China Marketing short period of 20 years walked the West path of a hundred years, local enterprise has been through the market Competition, trials and hardships, in learning the practice of growing up in the error correction, a considerable number of enterprises to master a marketing The essence of management theory and practice in the operating skills, can be sustained, rapid and healthy development; however, Some have been popular in China's north and south river, all-powerful in the market well-known enterprises, but due to marketing Management, there are numerous errors, and ultimately failed to get out from the brilliant to the failure of low-level reincarnation! Overall Case, failure or difficult to break through business problems is reflected in: In the market development, the lack of effective A viable market development strategy and the regional market and standardize management, the lack of a breakthrough in the market for large customers Effective mining and system management; internal management, the lack of a strong front-line sales force, which lead To difficult for local enterprises to grow by leaps and bounds. Viable regional market development and management, scientific and rational The big customer marketing techniques and strategies, sales force combat effectiveness, these three capabilities is a matter of corporate marketing The core elements of victory. This course will help you build a comprehensive and effective system of market penetration. 【Course】 benefits: * By keeping customer development strategy to enhance the large customer sales skills and abilities; effective integration company Resources, and big clients manage strategic alliances in order to establish a good relationship * Learn about the regional market analysis and management methods, and study the development of regional plans and implementation steps, to know more about Kinds of regional daily operation of the management skills. * Know how to brand and marketing end-to understand the brand strategy of enterprises and terminal Gonglue regional markets To promote the development of the role. * To strengthen the functions of the various marketing team spirit between departments to achieve overall synergy. To establish a fair high - Effective assessment incentives to build high-performance sales team. 【Course Outline】: Day 1: Regional Market Development and Management First, the regional market growth and performance 1, the regional market in the geographical concept 2, the regional market in the product concept 3 Aspects of the regional market transformation of the operational modalities 4, using what the determinants of the regional business model 5, the regional marketing strategy Second, the regional market development strategy 1, the market potential assessment * Consumer Analysis * Competition Analysis * Industry Analysis * Company's own resources analysis 2, the marketing objective programming * Dominant Index * Potential indicators * Regional Location * Offensive and defensive positioning 3, marketing strategy formulation * Product mix strategy * Pricing * Channel Strategy * Marketing Communication Strategy * Case: dogs rules of survival - Ya-off benefit the survival of dental xylitol 4, the regional market as a whole deployment strategy (plane
[PHP] http vs https
Is there a PHP function that will return whether the request was http or https? I have functions that need to cURL other servers - sometimes over SSL, sometimes not, depending whether the function is called from http://www.mydomain.com/script_that_calls_function.php or https://www.mydomain.com/script_that_calls_function.php Hope the question is clear. Thanks, Ben
Re: [PHP] http vs https
Hi, isset($_SERVER['HTTPS']) should do it. Regards, Jonathan On Sat, Jan 23, 2010 at 2:11 PM, Ben Miller biprel...@gmail.com wrote: Is there a PHP function that will return whether the request was http or https? I have functions that need to cURL other servers - sometimes over SSL, sometimes not, depending whether the function is called from http://www.mydomain.com/script_that_calls_function.php or https://www.mydomain.com/script_that_calls_function.php Hope the question is clear. Thanks, Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: http vs https
Ben Miller wrote: Is there a PHP function that will return whether the request was http or https? I have functions that need to cURL other servers - sometimes over SSL, sometimes not, depending whether the function is called from http://www.mydomain.com/script_that_calls_function.php or https://www.mydomain.com/script_that_calls_function.php Hope the question is clear. Thanks, $_SERVER['HTTPS'] Set to a non-empty value if the script was queried through the HTTPS protocol. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: http vs https
Just as a warning, I have worked on linux servers where this did not work, perhaps because of what silverquick points out: http://www.php.net/manual/en/reserved.variables.server.php I think the HTTPS element will only be present under Apache 2.x. It's not in the list of special variables here: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html#RewriteCond But it is here: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond Again, not sure that was the issue, but I know there have been some linux servers that didn't provide this information, so make sure you test it out well. Adam On Sat, Jan 23, 2010 at 12:44 PM, Nathan Rixham nrix...@gmail.com wrote: Ben Miller wrote: Is there a PHP function that will return whether the request was http or https? I have functions that need to cURL other servers - sometimes over SSL, sometimes not, depending whether the function is called from http://www.mydomain.com/script_that_calls_function.php or https://www.mydomain.com/script_that_calls_function.php Hope the question is clear. Thanks, $_SERVER['HTTPS'] Set to a non-empty value if the script was queried through the HTTPS protocol. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
[PHP] memory efficient hash table extension? like lchash ...
All, I'm loading millions of records into a backend PHP cli script that I need to build a hash index from to optimize key lookups for data that I'm importing into a MySQL database. The problem is that storing this data in a PHP array is not very memory efficient and my millions of records are consuming about 4-6 GB of ram. I have tried using some external key/value storage solutions like MemcacheDB, MongoDB, and straight MySQL, but none of these are fast enough for what I'm trying to do. Then I found the lchash extension for PHP and it looks like exactly what I want. It's a c-lib hash which is accessed from PHP. Using it would be slightly slower than using straight PHP arrays, but would be much more memory efficient since not all data needs to be stored as PHP zvals, etc. Problem is that the lchash extension can't ben installed in my PHP 5.3 build because pecl install lchash fails with a message about invalid checksum on the README file. Apparently this extension has been neglected and abandoned and hasn't been updated since 2005. Is there something like lchash that *is* being maintained? What would you all suggest? -- Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] memory efficient hash table extension? like lchash ...
On Sun, Jan 24, 2010 at 3:11 AM, D. Dante Lorenso da...@lorenso.com wrote: All, I'm loading millions of records into a backend PHP cli script that I need to build a hash index from to optimize key lookups for data that I'm importing into a MySQL database. The problem is that storing this data in a PHP array is not very memory efficient and my millions of records are consuming about 4-6 GB of ram. What are you storing? An array of row objects?? In that case storing only the row id is will reduce the memory. If you are loading full row objects, it will take a lot of memory. But if you just load the row id values, it will significantly decrease the memory amount. Besides, You can load row ids in a chunk by chunk basis. if you have 10 millions of rows to process. load 1 rows as a chunk. process them then load the next chunk. This will significantly reduce memory usage. A good algorithm can solve your problem anytime. ;-) -- Shiplu Mokaddim My talks, http://talk.cmyweb.net Follow me, http://twitter.com/shiplu SUST Programmers, http://groups.google.com/group/p2psust Innovation distinguishes bet ... ... (ask Steve Jobs the rest) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
tedd wrote:
At 1:13 PM +1100 1/23/10, clanc...@cybec.com.au wrote:
but I would be grateful for any suggestions how I
could make this procedure more secure.
We have given you advice that you should NOT use Cookies in any fashion
to secure your site, but you remain steadfast that you know better --
so, what else can we say other than good luck.
tedd
These are my basic guidelines - what I like to do.
It may not be the best thing for every type od web site.
1) I have a user database that has username and a password hash. The
password itself is never stored.
The password hash is sha1sum(strtolower($username) . $salt . $password)
The salt is something like 5dgudsdgh5673g and should be stored as a
private variable in your user authentication class.
The reason I have the username there to is because some passwords are
very popular, using the username when generating the hash ensures that
two users with identical password will have different hashes. This is
important if an sql injection attack ever manages to get a dump of your
user database.
You should protect against sql injection by using prepared statements
for any database query that involves user submitted data (such as
username and password) but you still want to make sure that hashes are
unique, and you do that by adding the username to the salt.
When a user successfully logs in, the unique id of the user is then
stored as a session variable.
For administrative tasks, in addition to requiring that the user be
logged in to an account with admin privileges, all administrative tasks
are in a directory that is protected by apache authentication.
So to get to those kind of pages, the user has to have a
username/password that is stored in a .htpasswd file for Apache to let
them in AND they have to be logged in as a user that has been
authenticated as an administrative user.
I personally do all login via https so that username/password combos are
never sent plain text. That's more expensive because you need to
purchase a SSL certificate. You can use self-signed but it is better to
use an SSL certificate from a certificate authority.
For session security, I have the following directives set in my php.ini
file:
session.use_only_cookies = 1
- That prevents the session id from being sent via get.
session.cookie_lifetime = 0
- That instructs the browser to delete the cookie when the browsing
session ends.
session.cookie_httponly = 1
- That theoretically denies access to the cookie from scripting
languages. I say theoretically because when testing my site for XSS
security, I was initially able to get some XSS attacks to display my
session id (tested in firefox 2 w/o noscript - noscript blocked it even
with the domain allowed), so they were getting it somehow.
Since I have secure login which is a different domain from main domain,
in my web app itself I set
if (file_exists('/srv/path/DEVEL')) {
ini_set(session.cookie_domain,.mydomain.devel);
} else {
ini_set(session.cookie_domain,.mydomain.org);
}
That way, secure.mydomain.org (which is used for login) uses the same
session variable as www.mydomain.org (used for rest of site) so that
when the user logs in, the session variable that specifies the user on
the non secure domain gets updated when the user logs in on the secure
domain.
There are several good php books that discuss session security and php
web applications. I don't remember which books I used when learning my
technique, but it would be a good idea to buy or borrow some recent
books on php web application design.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
On Sat, 23 Jan 2010 09:32:37 -0500, tedd.sperl...@gmail.com (tedd) wrote: At 1:13 PM +1100 1/23/10, clanc...@cybec.com.au wrote: but I would be grateful for any suggestions how I could make this procedure more secure. We have given you advice that you should NOT use Cookies in any fashion to secure your site, but you remain steadfast that you know better -- so, what else can we say other than good luck. BUT you have told me to use sessions, and sessions use a Cookie! If the Cookie I use contains random data, the only difference in security is in the time that it remains valid. Neither contains any useful information, but while they are valid both will enable you to bypass security. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
On Sat, 23 Jan 2010 15:10:11 +, nrix...@gmail.com (Nathan Rixham) wrote: To answer your specific questions though - what can be done to make this process more secure - no matter what approach you take, when working via http and needing logged in / secure functionality; you need the client to identify themselves with a key of some sort - no matter how you make the key it's always going to be passed via http (GET/POST/COOKIE) - if some hacker passes the same key then your system is going to think it's the original user and give them access. To make it trickier you can store information such as the users IP address, user agent string etc in session and compare it on each request; if it changes log the user out and destroy the session data - however your never going to protect against the most common form of hacking, a nosy co-worker / person in the same house having a nosey while the user is at the toilet / making a brew. This is why many sites re-request password confirmation for potentially sensitive actions like transferring money, changing personal details and so forth (and send email confirmations to tell the user what changed - just in case). It must be pointed out though that non of this is worth even considering if you have sensitive ports (like ftp/ssh/mysql) open to the outside world as it's these back doors people will use to hack the whole server, not just one users personal account on a single site. Also protect against SQL injection attacks by sanitizing your data and so forth. Thank you for your thoughtful suggestions. I totally agree. If someone goes sniffing, or the like, they might be able to get somewhat limited access to the domain. On the other hand if they can crack the FTP, and get into the master server, they can download the whole site. Finally, view it as your responsibility to never store anything personal or identifying (or in fact anything) on the client side in a cookie - one simple key (session_id) in the cookie and everything on the safe secure server is the way to go. I have thought of storing customising information for a particular user in a cookie, but it would simply consist of a set of parameter values. As they would be processed in exactly the same way as if they had been entered as parameters they would presumably represent no more, or less, threat than the parameters which are essential to the operation of the site (and which can readily be read, or bookmarked -- or, on reflection, experimented with). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Users, groups, and permissions
I am using a Quadra Hosting Multi Domain (http://www.quadrahosting.com.au/) to host five different domains. As site owner I have FTP access to the root directory, and to everything underneath it. There is no domain directly attached to the root. Each domain has its own directory tree under the root directory, and I have a separate directory Engine containing the PHP code for all the sites. Each domain directory has a series of data files defining the various pages, optionally some configuration files, and a very short program index.php, which sets up a few user variables, and then passes control to the main program in Engine (by including it). The Engine processes a set of parameters, and from these generates the actual page which is passed to the user. The data files are almost entirely simple text files, and I do not use a database. The permissions are currently as they were set up by the provider. All directories in the system have permissions drwxr-xr-x, and all other files rw-r--r-- (when I read them as site owner -- I don't know if they are somehow changed when I access the site by downloading a page from one of the domains). I can load and run any of the files in Engine by including them into Index.php, and I can include images anywhere in the domain in the current page. I can also download them directly by quoting their full path. I can also show pages defined by data files in Engine, but I can neither show nor download images in Engine. I haven't tried accessing pages in other domains. As the permissions for group and others are the same for all directories, and all files, I don't understand how I can download images in the current domain, but not in Engine. Is it possible to reset the permissions so that different values are seen from different domains, and how can I tell which group I am actually in when I access a particular domain? Also is it possible to temporarily include a user in group, if they are not already there? Clancy. (The PHP manual has been down all day, and Google is not particularly helpful for this type of thing unless you already know the terminology, so I have largely been floundering in the dark. And when you look up 'user permissions' most books immediately assume database.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
