php-general Digest 30 Dec 2010 23:32:34 -0000 Issue 7108
php-general Digest 30 Dec 2010 23:32:34 - Issue 7108 Topics (messages 310384 through 310402): Re: Hot Topics 310384 by: Jason Pruim 310385 by: Daniel Brown 310386 by: Ashley Sheridan 310398 by: Nathan Rixham Re: Do you trim() usernames and passwords? 310387 by: Paul M Foster 310388 by: Paul M Foster 310389 by: Ashley Sheridan 310390 by: Paul M Foster 310391 by: Omega -1911 310392 by: Ashley Sheridan 310393 by: Omega -1911 310394 by: Daniel P. Brown 310395 by: Ashley Sheridan 310396 by: Omega -1911 Re: File-Upload per Drag-N-Drop? 310397 by: Paul M Foster Developer needed, right place for it? 310399 by: Bill Marcy 310400 by: Daniel Brown 310401 by: German Geek Re: Regex for telephone numbers 310402 by: Ethan Rosenberg Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Jason Pruim On Dec 30, 2010, at 12:36 AM, Daniel Brown danbr...@php.net wrote: On Dec 29, 2010 11:48 PM, Jason Pruim li...@pruimphotography.com wrote: Weren't you playing with the possibility of including the amount of actual code written as well? Yeah, that was in for a few weeks, but I believe it was Robert Cummings who went out of his way to show its imperfections. Maybe we should incorporate a syntax checker to show parse errors for the week, too. ;-P Always thought that would be pretty cool :) And as someone who is married as well I agree with what you said. Sometimes it's easier to just say you're sorry then fighting even when you know you're right. Or when you top-post. Prune, Prune, Prune /me shakes head. Hey it was late last night and I was responding from my iPod :P I seem to remember you doing the same thing from your phone Mr. Brown :P ---End Message--- ---BeginMessage--- On Thu, Dec 30, 2010 at 08:23, Jason Pruim li...@pruimphotography.com wrote: I seem to remember you doing the same thing from your phone Mr. Brown :P Yeah. Android finally updated that a few weeks ago. Now you can respond inline, as I did from my DROID with that last post. ;-P -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ ---End Message--- ---BeginMessage--- On Thu, 2010-12-30 at 10:39 -0500, Daniel Brown wrote: On Thu, Dec 30, 2010 at 08:23, Jason Pruim li...@pruimphotography.com wrote: I seem to remember you doing the same thing from your phone Mr. Brown :P Yeah. Android finally updated that a few weeks ago. Now you can respond inline, as I did from my DROID with that last post. ;-P -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ Good to hear, I've been waiting for that. It's certainly kept me from posting as much lately. Thanks, Ash http://www.ashleysheridan.co.uk ---End Message--- ---BeginMessage--- Pretty sad day when you have to apologise for being a human on an open list to which you've contributed heavily for many many years. apology not accepted from me Dan, you've nothing to apologise for, and anybody who doesn't like to read a bit of banter between people on a list can just avert their eyes - it was hardly 4chan grade trolling! Best happy new year to you, Nathan Daniel Brown wrote: First, I have to admit that what I did was wrong. I had assumed (ASS-umed) that the other party in a discussion under a different thread would understand and appreciate the irony of my email in reply to his inappropriate message. Those of you who were barraged with the fallout know what I mean. Unfortunately, it was not well-received by the other person, which led to even further flaming and trolling. While I had tried both on- and off-list to urge the other party to move the discussion from the public forum to a private, one-on-one conversation, it was ignored and actually seemed to exacerbate the situation. For my part in that, I just wanted to send my general apologies to those bombarded with an unnecessary and somewhat illogical series of emails. If being married has taught me anything, it's that it's better to just apologize and move on, regardless of who's right or wrong. And if being married has taught me anything else, it's that, at least in this house, I'm always wrong. So sorry for the unnecessary banter. Moving on, those of you who have been on the list for several years may recall when I was running the ListWatch and PostTrack system, which would send a weekly summary of the list's activities at the time. Before stopping it (it was on a server that burned out, and I just never put it
Re: [PHP] Re: Do you trim() usernames and passwords?
On Thu, Dec 30, 2010 at 03:05, Nicholas Kell n...@monkeyknight.com wrote: Even funnier yet - bottom post like you were asked. And to really bust your gut, this thread has gone on far too long off topic. I believe that the person you are referring to as Dani, is in fact Daniel. I don't, nor would I ever start to call you Omeggie just to get under your skin. Use your prestigious fraternity flaunting email and message Daniel directly to continue arguing. I'm not trying to be rude, but I do believe it is in the best interest of the list to kill this thread. Dotan, please chime in if your problem hasn't been solved. I will, as I am sure the rest of the list will be happy to help if it hasn't. Actually, though I've come to a decision regarding my site's password policies, I still enjoy reading the skirted personal attacks and borderline trolling. Seriously, it is as entertaining as it is informative. Who needs slashdot with action like this? If this stuff ever comes up again, will the participants be so kind as to CC me so I don't miss it? Thanks! -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
Jason Pruim On Dec 30, 2010, at 12:36 AM, Daniel Brown danbr...@php.net wrote: On Dec 29, 2010 11:48 PM, Jason Pruim li...@pruimphotography.com wrote: Weren't you playing with the possibility of including the amount of actual code written as well? Yeah, that was in for a few weeks, but I believe it was Robert Cummings who went out of his way to show its imperfections. Maybe we should incorporate a syntax checker to show parse errors for the week, too. ;-P Always thought that would be pretty cool :) And as someone who is married as well I agree with what you said. Sometimes it's easier to just say you're sorry then fighting even when you know you're right. Or when you top-post. Prune, Prune, Prune /me shakes head. Hey it was late last night and I was responding from my iPod :P I seem to remember you doing the same thing from your phone Mr. Brown :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
On Thu, Dec 30, 2010 at 08:23, Jason Pruim li...@pruimphotography.com wrote: I seem to remember you doing the same thing from your phone Mr. Brown :P Yeah. Android finally updated that a few weeks ago. Now you can respond inline, as I did from my DROID with that last post. ;-P -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
On Thu, 2010-12-30 at 10:39 -0500, Daniel Brown wrote: On Thu, Dec 30, 2010 at 08:23, Jason Pruim li...@pruimphotography.com wrote: I seem to remember you doing the same thing from your phone Mr. Brown :P Yeah. Android finally updated that a few weeks ago. Now you can respond inline, as I did from my DROID with that last post. ;-P -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ Good to hear, I've been waiting for that. It's certainly kept me from posting as much lately. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 05:32:38PM -0500, Daniel P. Brown wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. Okay Dan, just put the weapon down. I'm sure we can work this out. Yeah... that's it. It'll all be okay. We can talk about it ;-} Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 08:27:49PM -0500, Mujtaba Arshad wrote: craphound.com/images/xkcdwrongoninternet.jpg And this is why I love XKCD. LOL. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Thu, 2010-12-30 at 11:04 -0500, Paul M Foster wrote: On Wed, Dec 29, 2010 at 08:27:49PM -0500, Mujtaba Arshad wrote: craphound.com/images/xkcdwrongoninternet.jpg And this is why I love XKCD. LOL. Paul -- Paul M. Foster http://noferblatz.com It's got a comic for pretty much every situation! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 06:52:28PM -0500, TR Shaw wrote: [snip] So now lets look at the case where there is malware on your machine which will try to brute force your computationally hard password and is smart enough to use your graphics engine to increased computational power. Folks at MIT and Carnegie Mellon have already numerically proved that a 12 character password is not crackable using brute force in any reasonable timeframe. In fact an 8 character one has strength of years. I would contend that using that much power will make its existence known to you and coupled with the fact that you restart your computer every now and again and that you run an antivirus periodically that will eventually find it even if you don't notice the slow down. Partially for this reason, I have a CPU meter on my desktop. If I see the CPU usage climb oddly (and I have), I start checking what processes are eating my CPU. This is one reason I don't keep my Facebook page open all the time. It periodically sucks CPU. For some reason, Javascript seems to chew CPU harder than almost anything else I run. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
I'm pretty sure there is a lot that happened that has not been mentioned yet ;) But I digress... it's all came down to no one being able to contradict my post. If u consider an attempt to get personal a defense, I would hope that in a real world scenario, u have a better tactic.
Re: [PHP] Re: Do you trim() usernames and passwords?
On Thu, 2010-12-30 at 11:19 -0500, Omega -1911 wrote: I'm pretty sure there is a lot that happened that has not been mentioned yet ;) But I digress... it's all came down to no one being able to contradict my post. If u consider an attempt to get personal a defense, I would hope that in a real world scenario, u have a better tactic. I would just like to say, that I've not seen any proof of your statements, particularly pertaining to the government (of which country you've not specified.) Following the scientific methodology, it's up to the person who made the claim to provide proof, not on the opposition to provide evidence to the contrary. As such, the onus is on you to provide the proof of your statements. [/end_two_pence_worth] Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Do you trim() usernames and passwords?
Which topic ashley do u wish to discuss. With the eccouncil.org being in your neck of th woods, learning/reading what hackers are using/doing shouldn't be hard... On Dec 30, 2010 11:23 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Thu, 2010-12-30 at 11:19 -0500, Omega -1911 wrote: I'm pretty sure there is a lot that happened that has not been mentioned yet ;) But I digress... it's all came down to no one being able to contradict my post. If u consider an attempt to get personal a defense, I would hope that in a real world scenario, u have a better tactic. I would just like to say, that I've not seen any proof of your statements, particularly pertaining to the government (of which country you've not specified.) Following the scientific methodology, it's up to the person who made the claim to provide proof, not on the opposition to provide evidence to the contrary. As such, the onus is on you to provide the proof of your statements. [/end_two_pence_worth] Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Do you trim() usernames and passwords?
On Thu, Dec 30, 2010 at 11:27, Omega -1911 1911...@gmail.com wrote: Which topic ashley do u wish to discuss. With the eccouncil.org being in your neck of th woods, learning/reading what hackers are using/doing shouldn't be hard... Really, this entire thing has gone on for far too long. One final time, please either move the discussion off-list, where it belongs, or just drop it. This is the kind of stuff that makes good, talented people leave the list, or new folks decide they'd rather not ever even be involved. Everyone is entitled to their opinion, for sure, but this is not the proper place to air them, unless they're directly-related to PHP. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Thu, 2010-12-30 at 11:27 -0500, Omega -1911 wrote: Which topic ashley do u wish to discuss. With the eccouncil.org being in your neck of th woods, learning/reading what hackers are using/doing shouldn't be hard... On Dec 30, 2010 11:23 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Thu, 2010-12-30 at 11:19 -0500, Omega -1911 wrote: I'm pretty sure there is a lot that happened that has not been mentioned yet ;) But I digress... it's all came down to no one being able to contradict my post. If u consider an attempt to get personal a defense, I would hope that in a real world scenario, u have a better tactic. I would just like to say, that I've not seen any proof of your statements, particularly pertaining to the government (of which country you've not specified.) Following the scientific methodology, it's up to the person who made the claim to provide proof, not on the opposition to provide evidence to the contrary. As such, the onus is on you to provide the proof of your statements. [/end_two_pence_worth] Thanks, Ash http://www.ashleysheridan.co.uk Well, by my neck of the woods I assume you mean Earth here, as I'm not anywhere near there, to which I quote: The EC-Council University, based in the state of New Mexico, United States of America, And my email address itself should be a little give-a-way that I'm not based in the US ;) I'm looking for proof provided by you on some of your own statements: it is a known fact that post 9/11 companies that develop such leave ports open for Big Brother as required. And: Even though a firewall reports that the ports are blocked, they aren't. I'd be very interested to find out which companies are required to do this, and if any are at all, as it would go against a lot of laws we have on privacy over here in the UK. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: Do you trim() usernames and passwords?
Wont mind doing once I get home. You should study the council. The base of a company does not mean they don't have branches. If you read past the first page, you would understand... joint council... does microsoft have an office there ;). What's your site again... interested. On a cell right now, but in the mean time pardon me...
Re: [PHP] File-Upload per Drag-N-Drop?
On Wed, Dec 29, 2010 at 07:23:25PM +0100, Michelle Konzack wrote: Hello, my users have an Online-File-Store with nearly anything they need but one feature is missing: Drag-D-Drop. I like to implement Drag-D-Drop so users can Drag a file from a File- Manager and Drop it on the Upload-Icon in my Webinterface. Can someone tell me HOW THIS WORKS? This is a client-side question. Javascript can handle drag-n-drop; WordPress does this in its site administration screens. However, it does not do it from a file manager window. In any case, this is a client side, not a PHP question. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Hot Topics
Pretty sad day when you have to apologise for being a human on an open list to which you've contributed heavily for many many years. apology not accepted from me Dan, you've nothing to apologise for, and anybody who doesn't like to read a bit of banter between people on a list can just avert their eyes - it was hardly 4chan grade trolling! Best happy new year to you, Nathan Daniel Brown wrote: First, I have to admit that what I did was wrong. I had assumed (ASS-umed) that the other party in a discussion under a different thread would understand and appreciate the irony of my email in reply to his inappropriate message. Those of you who were barraged with the fallout know what I mean. Unfortunately, it was not well-received by the other person, which led to even further flaming and trolling. While I had tried both on- and off-list to urge the other party to move the discussion from the public forum to a private, one-on-one conversation, it was ignored and actually seemed to exacerbate the situation. For my part in that, I just wanted to send my general apologies to those bombarded with an unnecessary and somewhat illogical series of emails. If being married has taught me anything, it's that it's better to just apologize and move on, regardless of who's right or wrong. And if being married has taught me anything else, it's that, at least in this house, I'm always wrong. So sorry for the unnecessary banter. Moving on, those of you who have been on the list for several years may recall when I was running the ListWatch and PostTrack system, which would send a weekly summary of the list's activities at the time. Before stopping it (it was on a server that burned out, and I just never put it back online), I had added a topic tracker as well, which would give the percentage of activity for a given topic, as well as the ratio of its discussion versus all messages to the list. Several people have asked if/when it would be coming back online, so I'm contemplating bringing it back beginning with the first week of January (next week). Does anyone have any thoughts on that, or any ideas for other interesting metrics they'd like to see? I'm particularly interested in the opinions of folks who recall the old system, but any opinions and ideas are more than welcome. If you'd rather send it to me directly instead of on the list, feel free. Happy early New Year, all. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Developer needed, right place for it?
Looking to get a bit of PHP work done, is this the right place for it, or is there a better place to ask? Bill
Re: [PHP] Developer needed, right place for it?
On Thu, Dec 30, 2010 at 15:44, Bill Marcy bill.ma...@gmail.com wrote: Looking to get a bit of PHP work done, is this the right place for it, or is there a better place to ask? This is generally fine for one-off PHP requests, sure. We really need to get a jobs list up. I'll work on that, but in the meantime, go ahead and post the message here, Bill. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Developer needed, right place for it?
Hi Bill, I'm a senior PHP/Javascript/Actionscript 3 developer. If you need some PHP work done, contact me off-list and I can see what I can do for you. Regards, Tim ++Tim Hinnerk Heuer++ http://www.ihostnz.com On 31 December 2010 09:44, Bill Marcy bill.ma...@gmail.com wrote: Looking to get a bit of PHP work done, is this the right place for it, or is there a better place to ask? Bill
Re: [PHP] Regex for telephone numbers
At 07:27 PM 12/29/2010, Josh Kehn wrote: On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg eth...@earthlink.net wrote: Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You can't, phone numbers are more complex then that. You could use \d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though. Regards, -Josh ___ http://joshuakehn.com Sent from my iPod Josh - I used use \d{3}-\d{3}-\d{4}. It works beautifully!! FYI [to all the list] -- I thank all for their input. I only needed US phones, and I am forcing the user of the form to conform to xxx-xxx- as the input format. Ethan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers
On Thu, Dec 30, 2010 at 14:07, Ethan Rosenberg eth...@earthlink.net wrote: Josh - I used use \d{3}-\d{3}-\d{4}. It works beautifully!! Just keep in mind that invalid numbers will also pass that check, such as 000-000- or 123-456-6789. That's why my example was a bit more involved. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] memory usage/release GC
Hi folks, With the recent thread about password security, I wrote a small quick script to generate a random or all possible passwords based on certain parameters for a brute force use. On a very long running execution for a complex password in length with full use of the keys (94 characters), including upper case, the script seems to consumes more memory (shown in Windows task manager) as time progress. Below are snippets from the script file that does the workload: while (!$this-isMax()) { for ($b = 0; $b = $this-pwdLength; $b++) { if ($this-counter[$b] $this-max) { $this-pwd[$b] = $this-charList[$this-counter[$b]]; $this-counter[$b]++; break; } else { $this-counter[$b] = 1; $this-pwd[$b] = $this-charList[0]; } } } private function isMax() { for ($a = $this-pwdLength-1; $a=0; $a--) { if ($this-counter[$a] $this-max) return false; } return true; } Could someone please tell me why the above code consumes additional memory as time progress for the execution of the while loop? Researching PHP GC on google didn't shed light on problem. Generating all possible combinations for 20 length with 94 possibilities each, the script easily consumes more than 1GB RAM in few minutes. BTW, gc_enabled() reports on. Thanks, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Fwd: Fwd: Re: [PHP] goto - My comments
At 02:38 PM 12/27/2010, Jim Lucas wrote: On 12/27/2010 10:42 AM, Ethan Rosenberg wrote: snip Now, here is the real puzzler The purpose of this routine is to be able to have two(2) forms on one page,but not simultaneously.Additionally, l do not wish to call a separate program every time a new form is used. The assumption is that the second form depends on the entries in the first form. I realize this is not the case here. The age request and the kitten form both appear on the page together. How do I accomplish having them appear separately? If it requires Java Script or jQuery, what is the code to be used? snip The key is to look at the value of the submit button. This needs to be unique. Change around your logic a little and you will have it. ?php // if form not yet submitted // display form if ( isset($_POST['submit']) $_POST['submit'] === 'Submit' ) { // process form input // split date value into components $dateArr = explode('/', $_POST['dob']); // calculate timestamp corresponding to date value $dateTs = strtotime($_POST['dob']); // calculate timestamp corresponding to 'today' $now = strtotime('today'); // check that the value entered is in the correct format if ( sizeof($dateArr) != 3 ) { die('ERROR: Please enter a valid date of birth'); } // check that the value entered is a valid date if ( !checkdate($dateArr[0], $dateArr[1], $dateArr[2]) ) { die('ERROR: Please enter a valid date of birth'); } // check that the date entered is earlier than 'today' if ( $dateTs = $now ) { die('ERROR: Please enter a date of birth earlier than today'); } // calculate difference between date of birth and today in days // convert to years // convert remaining days to months // print output $ageDays = floor(($now - $dateTs) / 86400); $ageYears = floor($ageDays / 365); $ageMonths = floor(($ageDays - ($ageYears * 365)) / 30); echo You are approximately $ageYears years and $ageMonths months old.; } else if ( isset($_POST['submit']) $_POST['submit'] === 'Submit Kitten' ) { $name_cat = $_POST['cat']; echo Your Kitten is $name_cat; } else { echo HTML form method=post action=agecalc3.php Enter your date of birth, in mm/dd/ format: br / input type=text name=dob / input type=submit name=submit value=Submit / /form br /br / form method=post action=agecalc3.php Enter your kitten's name: br / input type=text name=cat / input type=submit name=submit value=Submit Kitten / /form HTML; } ? Jim Lucas Jim - Thanks. Would you please look at the code you wrote again. I must have botched it, because both the age and kitten form still are on the same page. The age page should appear, the data should be accepted and then the kitten page should appear. Ethan PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily- crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote: On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Wrong. I use a program called pwgen to generate passwords for me, which I cannot remember. I use another program I built to store them in an encrypted file. When I have to supply a password which I've forgotten (as usual), I fire up my password vault, find the password, and paste it wherever it's needed. Users would be wise to follow a scheme like this, rather than using their dog's name or somesuch as their passwords. Paul -- Paul M. Foster http://noferblatz.com What is wrong? That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. 20? child's play. How about 250+ randomly generated passwords and username combinations? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Won't there also be a higher chance of getting your username/password combination stolen if you are keylogged, if you are typing in your passwords all day everyday? Obviously, the people on this list will say I don't get keylogged, cause I am that pro but whatever, just don't force people to enter passwords, no one appreciates it. On Fri, Dec 31, 2010 at 1:26 AM, Tamara Temple tamouse.li...@gmail.comwrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Mujtaba
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? My point has been completely missed by you. I'm not saying don't allow copy pasting usernames and passwords (though I think that this is a poor choice). I'm saying don't automatically trim the passwords. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote: On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote: On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Wrong. I use a program called pwgen to generate passwords for me, which I cannot remember. I use another program I built to store them in an encrypted file. When I have to supply a password which I've forgotten (as usual), I fire up my password vault, find the password, and paste it wherever it's needed. Users would be wise to follow a scheme like this, rather than using their dog's name or somesuch as their passwords. Paul -- Paul M. Foster http://noferblatz.com What is wrong? That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. 20? child's play. How about 250+ randomly generated passwords and username combinations? Why do you randomly generate 250+ usernames and passwords?? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 7:27 PM, Mujtaba Arshad wrote: craphound.com/images/xkcdwrongoninternet.jpg Least you could do is give Randall the love, instead of Cory :) http://xkcd.com/386/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
On Dec 29, 2010, at 6:12 PM, Ethan Rosenberg wrote: I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. http://lmgtfy.com/?q=regex+to+validate+US+phone+numbers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote: On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/ passwords??? My point has been completely missed by you. I'm not saying don't allow copy pasting usernames and passwords (though I think that this is a poor choice). I'm saying don't automatically trim the passwords. Sorry, I was mislead by your use of the phrase Users should not be copy-pasting passwords or usernames above. I'd love to hear what you think is an alternative to identifying with web app that keeps track of information about someone that is more secure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 12:41 AM, Joshua Kehn wrote: On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote: 20? child's play. How about 250+ randomly generated passwords and username combinations? Why do you randomly generate 250+ usernames and passwords?? I generate unique pairs for the various website, email account, computer systems, and other things i've signed up for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 12:37 AM, Mujtaba Arshad wrote: Won't there also be a higher chance of getting your username/ password combination stolen if you are keylogged, if you are typing in your passwords all day everyday? Obviously, the people on this list will say I don't get keylogged, cause I am that pro but whatever, just don't force people to enter passwords, no one appreciates it. On Fri, Dec 31, 2010 at 1:26 AM, Tamara Temple tamouse.li...@gmail.com wrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily- crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This is an entirely different problem than not letting people copy/ paste their user/password info. I *never* said i do this every day.