[PHP] Sending Email via SMTP account using PHP
Hi, I'm looking for a good example for using a real SMTP account to send email from, such as serv...@somai.com where there is a user password and smtp server available. Please advise with a good example to reuse, Thanks Eli -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bitwise AND for 31-st bit
On Tuesday 17 May 2011 22:06:34 David Harkness wrote: It appears that PHP is truncating the constant 0x8000 to be within MIN_INT and MAX_INT instead of as a bit field, but when shifting 1 31 it doesn't do apply any constraints. That's pretty typical of bit-manipulation: it will merrily slide 1 bits off either end. This explains why produces 0 as it's doing 0x8000 0x7FFF. It also explains the second tests. Yes, that's it! I slightly expanded test output and now it's clear that you are right: $tst1 = (1 31); $tst2 = 0x8000; $tst1_eq = $tst1 0x8000; $tst2_eq = $tst2 0x8000; $str1 = sprintf(%1$032b, $tst1); $str2 = sprintf(%1$032b, $tst2); print tst1=$tst1 ($str1), tst1_eq=$tst1_eq, tst1_type=.gettype($tst1).\n; print tst2=$tst2 ($str2), tst2_eq=$tst2_eq, tst2_type=.gettype($tst2).\n; produces this output: tst1=-2147483648 (1000), tst1_eq=0, tst1_type=integer tst2=2147483647 (0111), tst2_eq=2147483647, tst2_type=integer Now it is obvious to me that PHP 5.2 clamps explicit constants to MAX_INT. Weird, b... On 64-bit 5.3.3 I get tst1=2147483648, tst1_eq=2147483648, tst1_type=integer tst2=2147483648, tst2_eq=2147483648, tst2_type=integer If I try the 64-bit-equivalent code I get tst1=-9223372036854775808, tst1_eq=-9223372036854775808, tst1_type=integer tst2=9.22337203685E+18, tst2_eq=-9223372036854775808, tst2_type=double I get similar results with 5.3 on my amd64 host too. It works as it should, no weirdness. Glad to know that 5.3 get it fixed. Pity to me that I can not update my 5.2 on ARM board. -- Vitalii Demianets -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] NOMAIL option for the list?
Michelle Konzack wrote: Hello Daniel Brown, Am 2011-05-17 13:15:50, hacktest Du folgendes herunter: On Tue, May 17, 2011 at 13:11, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Is this not longer subscriber only? Actually, it never has been. It's subscription to receive, but open to the public for one-off postings. Hmmm, when I tried to post to the List without subscribtion, any of my post where rejected and I had to subscribe... Unfortunately the messages are all coming into my CellPhone and I have to /dev/null it on my server. Ist there a way to set my account to NOMAIL option? Michelle, the list is ezmlm-driven, it should be possible to subscribe an alias to the list, which means that that address will be allowed to post, but will not receive any postings. Try this address: php-general-allow-subscribe-youralias=example@lists.php.net -- Per Jessen, Zürich (14.7°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] observer pattern
Lo, so, I'm wondering - how many of you use the observer pattern in php; and if so, do you implement it 'standalone' or with the spl classes? Is there any particular advantage to doing it your way; whichever your way is? Ken -- http://blogs.linux.ie/kenguest/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending messages from php to C++ application via UDP socket
Hello,
I am a first-time poster. I hope this is the proper way to ask my question:
I have a C++ media player application that I want to control via a php
website.
To that end the application has an UDP socket listening for Player
messages.
In C++ player messages have the following members:
class MessageHeader
{
UINT16 packetSize; // size of message in bytes
including header
UINT16 sequenceNum;// sequence number of message
UINT16 flags; // flags
UINT16 msgType;// msg type
}
class PlayerCommand : public MessageHeader
{
WCHAR command[MAX_PATH];// dynamic string
}
The php website is supposed to create an UDP socket in order to send player
commands (play, stop, next, etc.)
However, according to the documentation all php socket functions only take
messages in string format.
For example, int socket_sendto ( resource $socket , string $buf , int $len
,
My question is this:
If it is possible at all, how can I create a $buf - string that represents
the PlayerCommand class and is accepted by the C++ listening socket?
Thank you for your time!
Best Regards,
Christian Schlager
Carl Zeiss AG
Standort Jena/Jena location
Geschäftsfeld Planetarien/Planetarium Division
Softwareentwickler/Software developer
Phone : ++49 (3641) 64-2575
e-mail: schla...@zeiss.de
This message is intended for a particular addressee only and may contain
business or company secrets. If you have received this email in error, please
contact the sender and delete the message immediately. Any use of this email,
including saving, publishing, copying, replication or forwarding of the message
or the contents is not permitted.
Re: [PHP] Sending messages from php to C++ application via UDP socket
On Wed, May 18, 2011 at 3:16 PM, Schlager, Christian schla...@zeiss.dewrote:
Hello,
I am a first-time poster. I hope this is the proper way to ask my question:
I have a C++ media player application that I want to control via a php
website.
To that end the application has an UDP socket listening for Player
messages.
In C++ player messages have the following members:
class MessageHeader
{
UINT16 packetSize; // size of message in bytes
including header
UINT16 sequenceNum;// sequence number of message
UINT16 flags; // flags
UINT16 msgType;// msg type
}
class PlayerCommand : public MessageHeader
{
WCHAR command[MAX_PATH];// dynamic string
}
The php website is supposed to create an UDP socket in order to send player
commands (play, stop, next, etc.)
However, according to the documentation all php socket functions only take
messages in string format.
For example, int socket_sendto ( resource $socket , string $buf , int $len
,
My question is this:
If it is possible at all, how can I create a $buf - string that represents
the PlayerCommand class and is accepted by the C++ listening socket?
You really want something like JSON, Thrift (http://thrift.apache.org/), XML
or some other format to package the data in a way that will be easily
manipulated at both ends, rather than trying to duplicate the in-memory
representation that your particular C++ compiler of choice is using. Doing
things that way leads to an extremely fragile system.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] Sending Email via SMTP account using PHP
On Wed, May 18, 2011 at 03:17, Eli Orr (Office) eli@logodial.com wrote: Hi, I'm looking for a good example for using a real SMTP account to send email from, such as serv...@somai.com where there is a user password and smtp server available. Please advise with a good example to reuse, Try this: http://links.parasane.net/boqp -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending messages from php to C++ application via UDP socket
Try to think a string is an array of bytes. Parse that array of bytes at C++ end. There should host to network and network to host data conversion function. Use them. -- Shiplu Mokadd.im
Re: [PHP] Sending Email via SMTP account using PHP
Thanks Daniel! It works perfect. Eli On 18/05/2011 17:47, Daniel Brown wrote: On Wed, May 18, 2011 at 03:17, Eli Orr (Office)eli@logodial.com wrote: Hi, I'm looking for a good example for using a real SMTP account to send email from, such as serv...@somai.com where there is a user password and smtp server available. Please advise with a good example to reuse, Try this: http://links.parasane.net/boqp -- Best Regards, *Eli Orr* CTO Founder *LogoDial Ltd.* M:+972-54-7379604 O:+972-74-703-2034 F: +972-77-3379604 Plaut 10, Rehovot, Israel Email: _Eli.Orr@LogoDial.com_ Skype: _eliorr.com_
[PHP] Warning: session_start()
Hi everyone,
I recently uploaded my website files to a server. When I tried to log into
my website, I received these error messages:
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start]:
Cannot send session cookie - headers already sent by (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start]:
Cannot send session cache limiter - headers already sent (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: Cannot modify header information - headers already sent by
(output started at /home2/myparcoa/public_html/index.php:10) in*
/home2/myparcoa/public_html/includes/login_form.php* on line *36*
*
*
The website worked fine on the Apache localhost server (I could log in), so
I'm not sure what's wrong with the code which is creating the error on the
online server. Any ideas? I've highlighted the two error lines (31 34).
I'd appreciate any insight! Thnx!
!---
WHEN USER CLICKS 'ENTER' TO LOGIN
!
?php
$submit = ($_POST['submit']);
if ($submit) // If user clicks the 'ENTER' button to login
{
// Connect to server and select database
include (includes/mysql_connect.inc);
include (includes/connect_res_directory.php);
// define login variables
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$check_login = mysql_query(SELECT * FROM unit_info
WHERE login = '$login'
AND password = '$password');
$data = mysql_fetch_assoc($check_login);
// Are all the fields filled?
if($login $password)
{
// If fields are entered, verify username and password in mysql
database
if (mysql_num_rows($check_login)) // If the login and password
exists
{
//Login
* session_start();*
$_SESSION ['login'] = $data['login'];
*header (Location: index_test.php); // webpage for correct
login*
exit;
}
else
{
// Invalid username/password
echo div class='alert'The username or password you entered is
incorrect./div;
}
}
else
echo div class='alert'Please enter all the fields!/div;
}
?
Re: [PHP] Warning: session_start()
On Wed, May 18, 2011 at 7:15 PM, Nazish naz...@jhu.edu wrote:
Hi everyone,
I recently uploaded my website files to a server. When I tried to log into
my website, I received these error messages:
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start
]:
Cannot send session cookie - headers already sent by (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start
]:
Cannot send session cache limiter - headers already sent (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: Cannot modify header information - headers already sent by
(output started at /home2/myparcoa/public_html/index.php:10) in*
/home2/myparcoa/public_html/includes/login_form.php* on line *36*
*
*
The website worked fine on the Apache localhost server (I could log in), so
I'm not sure what's wrong with the code which is creating the error on the
online server. Any ideas? I've highlighted the two error lines (31 34).
I'd appreciate any insight! Thnx!
!---
WHEN USER CLICKS 'ENTER' TO LOGIN
!
?php
$submit = ($_POST['submit']);
if ($submit) // If user clicks the 'ENTER' button to login
{
// Connect to server and select database
include (includes/mysql_connect.inc);
include (includes/connect_res_directory.php);
// define login variables
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$check_login = mysql_query(SELECT * FROM unit_info
WHERE login = '$login'
AND password = '$password');
$data = mysql_fetch_assoc($check_login);
// Are all the fields filled?
if($login $password)
{
// If fields are entered, verify username and password in mysql
database
if (mysql_num_rows($check_login)) // If the login and password
exists
{
//Login
* session_start();*
$_SESSION ['login'] = $data['login'];
*header (Location: index_test.php); // webpage for correct
login*
exit;
}
else
{
// Invalid username/password
echo div class='alert'The username or password you entered is
incorrect./div;
}
}
else
echo div class='alert'Please enter all the fields!/div;
}
?
Compare your configuration files. The option that's likely different here
is output_buffering. See the manual for full details:
http://php.net/outcontrol.configuration
To avoid this in future I suggest you make sure the configuration you're
running in production matches that which you're running in development,
other than display_errors (off or to a file in production, on in dev). In
fact it doesn't really matter if they're different so long as you know
what's different, why and that the code you write can cope with both, but
I'd recommend they're as similar as is logical.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] Warning: session_start()
Hello Nazish,
Try to delete your HTML comments before the ?php starting tag. So
remove *anything* before ?php.
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
Original message
From: Nazish naz...@jhu.edu
To: php-general@lists.php.net
Date created: , 9:15:37 PM
Subject: [PHP] Warning: session_start()
Hi everyone,
I recently uploaded my website files to a server. When I tried to log into
my website, I received these error messages:
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start]:
Cannot send session cookie - headers already sent by (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: session_start()
[function.session-starthttp://www.myparcoasis.com/function.session-start]:
Cannot send session cache limiter - headers already sent (output started at
/home2/myparcoa/public_html/index.php:10) in *
/home2/myparcoa/public_html/includes/login_form.php* on line *33*
*Warning*: Cannot modify header information - headers already sent by
(output started at /home2/myparcoa/public_html/index.php:10) in*
/home2/myparcoa/public_html/includes/login_form.php* on line *36*
*
*
The website worked fine on the Apache localhost server (I could log in), so
I'm not sure what's wrong with the code which is creating the error on the
online server. Any ideas? I've highlighted the two error lines (31 34).
I'd appreciate any insight! Thnx!
!---
WHEN USER CLICKS 'ENTER' TO LOGIN
!
?php
$submit = ($_POST['submit']);
if ($submit) // If user clicks the 'ENTER' button to login
{
// Connect to server and select database
include (includes/mysql_connect.inc);
include (includes/connect_res_directory.php);
// define login variables
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$check_login = mysql_query(SELECT * FROM unit_info
WHERE login = '$login'
AND password = '$password');
$data = mysql_fetch_assoc($check_login);
// Are all the fields filled?
if($login $password)
{
// If fields are entered, verify username and password in mysql
database
if (mysql_num_rows($check_login)) // If the login and password
exists
{
//Login
* session_start();*
$_SESSION ['login'] = $data['login'];
*header (Location: index_test.php); // webpage for correct
login*
exit;
}
else
{
// Invalid username/password
echo div class='alert'The username or password you entered is
incorrect./div;
}
}
else
echo div class='alert'Please enter all the fields!/div;
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] A Review Request
Hi gang: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/ What do you people think? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 3:22 PM, tedd wrote: Hi gang: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/ What do you people think? Cheers, tedd -- --- http://sperling.com/ I can say I really don't like your bracing style. I don't see a reason to use a form submit to go back to the login page, instead I normally present errors on page. Other then that, looks good. Maybe redirect http://sperling.com/php/ to an index of examples? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] A Review Request
At 3:31 PM -0400 5/18/11, Joshua Kehn wrote: On May 18, 2011, at 3:22 PM, tedd wrote: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/http://sperling.com/php/authorization/ What do you people think? -snip- I can say I really don't like your bracing style. I don't see a reason to use a form submit to go back to the login page, instead I normally present errors on page. Other then that, looks good. Maybe redirect http://sperling.com/php/http://sperling.com/php/ to an index of examples? Regards, -Josh -Josh: There are all sorts of bracing styles, as you can see here: http://rebel.lcc.edu/sperlt/citw229/brace-styles.php Fortunately, we are all free to choose the one we like. :-) I like the Whitesmiths style. As for your other comments, they made good sense to me, so I made adjustments. Thanks, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 4:34 PM, tedd wrote: -Josh: There are all sorts of bracing styles, as you can see here: http://rebel.lcc.edu/sperlt/citw229/brace-styles.php Fortunately, we are all free to choose the one we like. :-) I like the Whitesmiths style. As for your other comments, they made good sense to me, so I made adjustments. Thanks, tedd Tedd- Yes, bracing style is one of those personal preference things. Some work better for others. I use Allman style most of the time, unless I'm doing inline anon. functions in JavaScript, then I sometimes switch to KR. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: Re: [PHP] A Review Request
On 18 May 2011 at 20:31, Joshua Kehn josh.k...@gmail.com wrote: On May 18, 2011, at 3:22 PM, tedd wrote: What do you people think? I can say I really don't like your bracing style. I completely disagree - having the braces lined up is the only way to go. Means I don't have to search all over creation for the matching one :-) More constructively: you might want to say Copy/Paste rather than Cut/Paste. I've found examples of this type to be very helpful in the past, btw. Much of my learning is done by poking around for information to solve problems I may have with some combination of PHP, ajax, javaScript, CSS, and/or HTML, so good for you is what I say. Tedd: you have written who's instead of whose on your √ website. tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On 11-05-18 04:42 PM, Tim Streater wrote: On 18 May 2011 at 20:31, Joshua Kehnjosh.k...@gmail.com wrote: On May 18, 2011, at 3:22 PM, tedd wrote: What do you people think? I can say I really don't like your bracing style. I completely disagree - having the braces lined up is the only way to go. Means I don't have to search all over creation for the matching one :-) Joshua's style (Allman) also lines up. I also find tedd's particular bracing style disconcerting. I always brace myself for it when I visit his site (sorry couldn't resist ;) I'm also in the Allman camp :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On 18 May 2011 22:34, tedd t...@sperling.com wrote: At 3:31 PM -0400 5/18/11, Joshua Kehn wrote: On May 18, 2011, at 3:22 PM, tedd wrote: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/http://sperling.com/php/authorization/ What do you people think? Good initiative. One thing though: Please do not EVER suggest that people copy/paste your code. Do NOT provide a nice option for copying it or suggest that it will work if you just copy this and add a suffix. Plenty of people will mess things up somehow, you'll discover a bug somewhere, etc. etc. Copypasted code is one of the worst things the web has done. So please don't add to it :) Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] A Review Request
Joshua's style (Allman) also lines up. I also find tedd's particular bracing style disconcerting. I always brace myself for it when I visit his site (sorry couldn't resist ;) I'm also in the Allman camp :) Cheers, Rob. IMO, the style used by tedd just wastes one tabulation index (the zeroth). Moreover, since I mostly endow myself with the luxury of Komodo or Eclipse for finding closing braces, I have been teaching myself nothing but KR for the last few years. I like it's efficiency. To put something useful in this post: Please correct This Authorization Proceedure to This authorization procedure or, if you must, This Authorization Procedure Otherwise I can only encourage such an initiative because it can help out and save time. Best regards, Jasper Mulder -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
At 10:55 PM +0200 5/18/11, Peter Lind wrote: On 18 May 2011 22:34, tedd t...@sperling.com wrote: At 3:31 PM -0400 5/18/11, Joshua Kehn wrote: On May 18, 2011, at 3:22 PM, tedd wrote: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/ What do you people think? Good initiative. One thing though: Please do not EVER suggest that people copy/paste your code. Do NOT provide a nice option for copying it or suggest that it will work if you just copy this and add a suffix. Plenty of people will mess things up somehow, you'll discover a bug somewhere, etc. etc. Copypasted code is one of the worst things the web has done. So please don't add to it :) Regards Peter Peter: Thanks, but the point here *is* to get people involved using PHP. The code I've placed in the Copy/Paste sections will work as-is *IF* the users follow directions. I've tested it and it does work. Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. However, I would have greatly appreciated someone showing me what an include was back in 1998. It could have saved me a lot of trouble. This is just one way to give-back. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On 18 May 2011 23:12, tedd t...@sperling.com wrote: At 10:55 PM +0200 5/18/11, Peter Lind wrote: On 18 May 2011 22:34, tedd t...@sperling.com wrote: At 3:31 PM -0400 5/18/11, Joshua Kehn wrote: On May 18, 2011, at 3:22 PM, tedd wrote: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/ What do you people think? Good initiative. One thing though: Please do not EVER suggest that people copy/paste your code. Do NOT provide a nice option for copying it or suggest that it will work if you just copy this and add a suffix. Plenty of people will mess things up somehow, you'll discover a bug somewhere, etc. etc. Copypasted code is one of the worst things the web has done. So please don't add to it :) Regards Peter Peter: Thanks, but the point here *is* to get people involved using PHP. Good and noble intent. Does not in any way have anything to do with copypasting. The code I've placed in the Copy/Paste sections will work as-is *IF* the users follow directions. I've tested it and it does work. *IF* the users follow directions - a lot of them won't. Some of them will copypaste it into different environments than you have envisaged. Then someone will probably also find a bug in it at some point. Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. However, I would have greatly appreciated someone showing me what an include was back in 1998. It could have saved me a lot of trouble. You make my point for me but for some reason don't want to follow the logical conclusion of it. Why? This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] A Review Request
On 18 May 2011 at 22:22, Peter Lind peter.e.l...@gmail.com wrote: On 18 May 2011 23:12, tedd t...@sperling.com wrote: This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. Not obvious. If I have copy/pasted code and it hasn't worked, that's been no-one's fault but mine, and I've then gone back and looked at it more carefully. Any example given on the web, seems to me, is likely to be copy/pasted unless you take steps to make it not possible. tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] A Review Request
On 18 May 2011 23:28, Tim Streater t...@clothears.org.uk wrote: On 18 May 2011 at 22:22, Peter Lind peter.e.l...@gmail.com wrote: On 18 May 2011 23:12, tedd t...@sperling.com wrote: This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. Not obvious. If I have copy/pasted code and it hasn't worked, that's been no-one's fault but mine, and I've then gone back and looked at it more carefully. Any example given on the web, seems to me, is likely to be copy/pasted unless you take steps to make it not possible. I personally don't care if someone comes back whining to Tedd after copypasting the code. I would think it sad but it doesn't affect me as such. What I do care about are the people that will mindlessly copypaste the code, get it into halfworking state mixed with some other strange stuff that they picked up from some other site, then throw the whole together on a server and start telling their friends how awesomely easy php is and that they should just copypaste *their* code (not Tedd's because his only does a bit of the job). As is probably clear by now, in my opinion it would be much better to go the motions of the script a bit at a time, with comments of *why* things are done (not *what* is done) - and why you really should spend a bit more time learning about security, because if you copypaste Tedd's script and just change the password to 'mypass', you won't have learned a thing even as your script is bruteforced in 2 seconds flat. Anyway, I doubt I have much more to add to this so I'll refrain from it. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On Wed, May 18, 2011 at 2:22 PM, Peter Lind peter.e.l...@gmail.com wrote: You make my point for me but for some reason don't want to follow the logical conclusion of it. Why? This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. In my opinion this is hardly the logical conclusion. Are you suggesting that Tedd should post an *image* of the code so that people cannot copy-and-paste it? What if someone uses OCR to get the code? I find sample code useful in any form, but having a way to get it running easily so I can tweak it and learn on my own from there is awesome. And Tedd, that bracing style is atrocious! As they say, there's no accounting for style. :P Bravo on this initiative though. David
Re: Re: [PHP] A Review Request
On Wed, May 18, 2011 at 2:38 PM, Peter Lind peter.e.l...@gmail.com wrote: As is probably clear by now, in my opinion it would be much better to go the motions of the script a bit at a time, with comments of *why* things are done (not *what* is done) - and why you really should spend a bit more time learning about security . . . Ah yes, books. Yes I love books too and think they're great. This isn't a book to teach you how to be a professional PHP developer. This is a how to get X done example, at least in my view. It's perfect for a professional developer who needs to quickly get up to speed on how to do X in PHP, someone who can copy-and-paste the code, read it, and understand how to take it to the next level. David
Re: [PHP] A Review Request
At 11:22 PM +0200 5/18/11, Peter Lind wrote: On 18 May 2011 23:12, tedd t...@sperling.com wrote: Thanks, but the point here *is* to get people involved using PHP. Good and noble intent. Does not in any way have anything to do with copypasting. That's more of an argument than a fact -- and I don't feel comfortable calling it copypasting. I'll stick with calling the practice Copy/Paste as defined by Apple. Sure, people can argue that M$ invented the practice, as they did everything else, but I remember M$ claiming that the mouse wouldn't make it, and that was before Copy/Paste. :-) Back to point, I just spent 16 week teaching 16 college students via Introduction in PHP by giving them code to copy/paste. As a result, I saw most take-off and learn more than I taught. Sure, there were some who just didn't get it, but I think they would not have gotten-it even if I had forced them to hard-code everything. Some people are not geared for programming. --- *IF* the users follow directions - a lot of them won't. Some of them will copypaste it into different environments than you have envisaged. Then someone will probably also find a bug in it at some point. If they do find a bug, then I'll deal with it. But putting this link up for review by peers, as I've done here, is one way to help catch those bugs. -- Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. However, I would have greatly appreciated someone showing me what an include was back in 1998. It could have saved me a lot of trouble. You make my point for me but for some reason don't want to follow the logical conclusion of it. Why? I stated my reason, Perhaps I'm wrong, but that remains to be seen. However, it is not fact that your position is a logical conclusion -- it's just your conclusion. This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. I see the difference, but I don't agree with you. I say that if you give people a small sample of something that interest them and it works, it is far better than forcing them into Adventures in Keypunching to see any results, which was the way I was introduced into programming. That was NOT good. Ours is just a difference of opinion. Thanks for your help and opinion. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On 18 May 2011 23:50, tedd t...@sperling.com wrote: At 11:22 PM +0200 5/18/11, Peter Lind wrote: On 18 May 2011 23:12, tedd t...@sperling.com wrote: Thanks, but the point here *is* to get people involved using PHP. Good and noble intent. Does not in any way have anything to do with copypasting. That's more of an argument than a fact -- and I don't feel comfortable calling it copypasting. I'll stick with calling the practice Copy/Paste as defined by Apple. Sure, people can argue that M$ invented the practice, as they did everything else, but I remember M$ claiming that the mouse wouldn't make it, and that was before Copy/Paste. :-) Back to point, I just spent 16 week teaching 16 college students via Introduction in PHP by giving them code to copy/paste. As a result, I saw most take-off and learn more than I taught. Sure, there were some who just didn't get it, but I think they would not have gotten-it even if I had forced them to hard-code everything. Some people are not geared for programming. --- *IF* the users follow directions - a lot of them won't. Some of them will copypaste it into different environments than you have envisaged. Then someone will probably also find a bug in it at some point. If they do find a bug, then I'll deal with it. But putting this link up for review by peers, as I've done here, is one way to help catch those bugs. -- Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. However, I would have greatly appreciated someone showing me what an include was back in 1998. It could have saved me a lot of trouble. You make my point for me but for some reason don't want to follow the logical conclusion of it. Why? I stated my reason, Perhaps I'm wrong, but that remains to be seen. However, it is not fact that your position is a logical conclusion -- it's just your conclusion. Premise: The code I've placed in the Copy/Paste sections will work as-is *IF* the users follow directions. I've tested it and it does work. Premise: Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. Logical conclusion: you cannot guarantee what you're trying to, namely it does work. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
At 2:41 PM -0700 5/18/11, David Harkness wrote: On Wed, May 18, 2011 at 2:22 PM, Peter Lind mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote: You make my point for me but for some reason don't want to follow the logical conclusion of it. Why? This is just one way to give-back. Suggesting people that they copypaste your code is a very bad way of giving back. Suggesting that they read and understand the code is a great way. I hope you see the difference. In my opinion this is hardly the logical conclusion. Are you suggesting that Tedd should post an *image* of the code so that people cannot copy-and-paste it? What if someone uses OCR to get the code? I find sample code useful in any form, but having a way to get it running easily so I can tweak it and learn on my own from there is awesome. And Tedd, that bracing style is atrocious! As they say, there's no accounting for style. :P Bravo on this initiative though. David David: Thanks for the support. :-) You know, if you sat down with me and saw how my IDE handles braces, I think you might see the reason why I code like I do. I can double click on any brace and the entire section within the brace (plus braces) is highlighted. From there I can indent, outdent, cut/paste, drag-drop, or do whatever I want. This is NOT to say that you can't. Also, I use this bracing style for not only PHP, but for JavaScript, and even CSS -- not to mention numerous other languages that came before. I've been using this brace style since my old C days back in the late 80's and FB since 1984. I even use a similar indent style for tabs and divs in html. It all works for me. YMMV. I just try to be consistent through all my programming. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 3:06 PM, tedd wrote: You know, if you sat down with me and saw how my IDE handles braces, I think you might see the reason why I code like I do. Tedd, I like the demo. Thanks for posting it. From another post of yours, I take it that you're a Mac guy. Which IDE do you use? Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: NOMAIL option for the list?
Hello Daniel Brown, Am 2011-05-17 15:07:58, hacktest Du folgendes herunter: On Tue, May 17, 2011 at 15:00, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Ist there a way to set my account to NOMAIL option? To stop receiving emails you mean? As in unsubscribing? I mean, STOP receiving mail without UNSUBSCRIBING. Which is a standardd function of newer majordomo and mailman. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
[PHP] Re: Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading
Hello HallMarc Websites, Am 2011-05-17 18:51:18, hacktest Du folgendes herunter: My concern is with the admission of belonging to 137 mailing lists! Where do you find the time? I fly over the subjects and if something is interesting I jump in. I have gotten sometimes VERY good ideas only by reading messages here. Same goes for postgesql lists... However, I am on a bunch of developer lists and I think, arround 2/3 of the list are only Low-Traffic list with less then 100 messages per month Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
[PHP] [SPAM] Re: Explode Question
Hello ad...@buskirkgraphics.com, since YOU ARE an ADMIN, you should real know abut, HOW TO WRITE A NEW MESSAGE and not to hijack a SPAM thread... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: Re: [PHP] A Review Request
At 2:44 PM -0700 5/18/11, David Harkness wrote: On Wed, May 18, 2011 at 2:38 PM, Peter Lind mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote: As is probably clear by now, in my opinion it would be much better to go the motions of the script a bit at a time, with comments of *why* things are done (not *what* is done) - and why you really should spend a bit more time learning about security . . . Ah yes, books. Yes I love books too and think they're great. This isn't a book to teach you how to be a professional PHP developer. This is a how to get X done example, at least in my view. It's perfect for a professional developer who needs to quickly get up to speed on how to do X in PHP, someone who can copy-and-paste the code, read it, and understand how to take it to the next level. David David: That's certainly part of it. I want to show web developers simple things they can use in their web sites. I think most of these people aren't stupid, but rather they are simply not informed about some very easy things that can help them tremendously. Am I going to get some flack for this? Certainly, some people won't get it, but that's not my target audience. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
At 12:03 AM +0200 5/19/11, Peter Lind wrote: On 18 May 2011 23:50, tedd t...@sperling.com wrote: Premise: The code I've placed in the Copy/Paste sections will work as-is *IF* the users follow directions. I've tested it and it does work. Premise: Granted, for over a dozen years I've provided various code to users and have more than my share of stories to tell of how they don't follow directions -- just take a look at my Web Tips pages. Logical conclusion: you cannot guarantee what you're trying to, namely it does work. Regards Peter What??? The only logical conclusion here is a lack of clarity. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] [SPAM] Re: Explode Question
Okay, Can you translate this lingo for me? since YOU ARE an ADMIN, you should real know abut, HOW TO WRITE A NEW MESSAGE and not to hijack a SPAM thread... I thought to abut was the act of leaning for support? Maybe I am wrong. I am on good advice that the word real is anything but a verb. And I of course would not be me if I did not comment on the use of all capitals. I will refer to some reading material on that matter. http://www.grammarbook.com/punctuation/capital.asp If you say I hijacked a spam thread , then shame on me. It will not happen again. Grammar is not king but close would be nice!! Richard L. Buskirk -Original Message- From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net] Sent: Wednesday, May 18, 2011 6:43 PM To: php-general@lists.php.net Cc: ad...@buskirkgraphics.com Subject: [PHP] [SPAM] Re: Explode Question Hello ad...@buskirkgraphics.com, since YOU ARE an ADMIN, you should real know abut, HOW TO WRITE A NEW MESSAGE and not to hijack a SPAM thread... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [SPAM] Re: Explode Question
On Wed, May 18, 2011 at 6:42 PM, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Hello ad...@buskirkgraphics.com, since YOU ARE an ADMIN, you should real know abut, HOW TO WRITE A NEW MESSAGE and not to hijack a SPAM thread... What? -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
Re: [PHP] [SPAM] Re: Explode Question
On Wed, May 18, 2011 at 4:30 PM, ad...@buskirkgraphics.com wrote: If you say I hijacked a spam thread , then shame on me. It will not happen again. Do you have ANY IDEA how HARD I work to hand-craft my spam emails? Please do not HIJACK them with your work-related, information-seeking drivel! Thank you. David P.S. It's so close to Friday I can taste it!
[PHP] Filtering data not with mysql...
Hey Everyone, Probably a simple question but I wanted to make sure I was right before I got to far ahead of my self I have a form that I am working on and this form will be emailed to the recipient for processing (Not stored in a database). When I store in a database, I simply run all the data through mysql_real_escape_string() and it's all good... Without the database, is it just as easy as addslashes($var)? or is there more that needs to be done? In the end, the info will be echoed back out to the user to be viewed but not edited and emailed to someone to add the registration collect money, etc etc. Am I on the right track or do I need to rethink my whole process? :) Thanks Everyone! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Filtering data not with mysql...
To quote Jonathan Well, mysql_real_escape_string doesn't protect against sql injections more than addslashes, but that's not the reason you use it. addslashes() was from the developers of PHP whereas mysql_real_escape_string uses the underlying MySQL C++ API (i.e. from the developers of MySQL). mysql_real_escape_string escapes EOF chars, quotes, backslashes, carriage returns, nulls, and line feeds. There is also the charset aspect. However, it is a common thought among a lot of PHP programmers (beginning and even more advanced) that SQL injections are the only thing to guard against with sanitizing user input using it in a query. That, actually, is incorrect. If you only rely on *_escape_string and addslashes because you are only thinking about injections, you leave yourself vulnerable to attacks from users. http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf It's a nice read, especially if you like reading articles about PHP programming (*guilty*). Scroll down to page 78 where they talk about LIKE attacks. Richard L. Buskirk -Original Message- From: Jason Pruim [mailto:li...@pruimphotography.com] Sent: Wednesday, May 18, 2011 9:19 PM To: php-general@lists.php.net Subject: [PHP] Filtering data not with mysql... Hey Everyone, Probably a simple question but I wanted to make sure I was right before I got to far ahead of my self I have a form that I am working on and this form will be emailed to the recipient for processing (Not stored in a database). When I store in a database, I simply run all the data through mysql_real_escape_string() and it's all good... Without the database, is it just as easy as addslashes($var)? or is there more that needs to be done? In the end, the info will be echoed back out to the user to be viewed but not edited and emailed to someone to add the registration collect money, etc etc. Am I on the right track or do I need to rethink my whole process? :) Thanks Everyone! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Filtering data not with mysql...
Jason Pruim wrote: Hey Everyone, Probably a simple question but I wanted to make sure I was right before I got to far ahead of my self I have a form that I am working on and this form will be emailed to the recipient for processing (Not stored in a database). When I store in a database, I simply run all the data through mysql_real_escape_string() and it's all good... Without the database, is it just as easy as addslashes($var)? or is there more that needs to be done? In the end, the info will be echoed back out to the user to be viewed but not edited and emailed to someone to add the registration collect money, etc etc. Am I on the right track or do I need to rethink my whole process? :) Thanks Everyone! Addslashes and mysql_real_escape_string are designed to escape certain characters which would otherwise cause problems when used in a sql query - as you aren't using a database, you don't need them here. For the display you'll want to make sure that html entities are rendered correctly, so process with htmlentities or htmlspecialchars for display. There is probably nothing you need to do to the emailed version. Cheers -- David Robley Honey, PLEASE don't pick up the PH$@#*$^(#@$^%(*NO CARRIER Today is Prickle-Prickle, the 66th day of Discord in the YOLD 3177. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Filtering data not with mysql...
On Wed, May 18, 2011 at 9:18 PM, Jason Pruim li...@pruimphotography.comwrote: Hey Everyone, Probably a simple question but I wanted to make sure I was right before I got to far ahead of my self I have a form that I am working on and this form will be emailed to the recipient for processing (Not stored in a database). When I store in a database, I simply run all the data through mysql_real_escape_string() and it's all good... Without the database, is it just as easy as addslashes($var)? or is there more that needs to be done? In the end, the info will be echoed back out to the user to be viewed but not edited and emailed to someone to add the registration collect money, etc etc. Am I on the right track or do I need to rethink my whole process? :) Security depends on keeping a keen eye on context. You want to always be sure that your PHP scripts appropriately validate input according to the context (what cultures or languages are you expecting, what character encodings, etc.), and you want to escape output according to context. There are of course many other security issues developers have to watch for, but these two areas are the source of many of the security issues in web apps, and it sounds like you're looking for feedback specific to these two concerns. In this case it sounds like you'll be outputting user data using HTML, so the data should be properly escaped for HTML (also focused on context, as the output can be within a tag, an attribute of a tag, or a url of a tag, and each situation requires specific escaping.) Additionally, it sounds like you'll be using the user data in an email, so you'll have to properly escape the output to avoid email injection. To deal with the input validation and HTML escaping, I use my framework, Nephtali, but many other frameworks help you achieve this (including facebooks' XHP, which is quite clever according to context: http://www.facebook.com/notes/facebook-engineering/xhp-a-new-way-to-write-php/294003943919), and the combination of PHP filters and functions like htmlspecialchars(), urlencode, etc., greatly facilitate rolling your own library if you wish. To prevent email injection, I use the Zend Framework Email classes, as they're very powerful, easy to use, and protect against injection. I'm a security expert by any means, as I've made mistakes in the past that have provided education the hard way! In fact, I'll confess that there was a point a few years ago that I'd sent Rasmus Lerdorf a link to promote my framework (back when it was OOP-based rather than the functionally inspired, which was a long time ago), and I thought I'd make a few quick edits just to make it easy for him to view the source and see how I was handling what I thought was a cool little parallel processing idea (it really wasn't that cool, I was young and dumb, and the implementation was slow.) In my haste to add the code, I actually worked outside of the framework's natural encoding capabilities, and I forgot to manually handle the validation and encoding (the feature was new enough that I hadn't yet integrated into the natural flow of processing.) Alas, because I noted the security focus of the framework, Rasmus ran some security tests on my site (which performed slowly because of my stupid parallel idea) and that code that I forgot to manually handle lead to the reply below: Given this claim and the fact that you are eating your own dogfood, as you say, then it is probably a bad sign that you have an XSS on framework site. The site is so slow it is hard to poke it for others, but there is an obvious one in the !--current_url=-- html comment. You are not escaping the url correctly there. It's been said before, but let me say it with meaning: NOW THAT'S EMBARRASSING! I tried to make a quick little edit, and even though I'd built a framework that focused on proper validation and escaping, I still forgot to add the validation and escaping code for one little snippet I told myself I'd get back to later to manually handle. *Moral:* Don't rush. Carefully deliberate on the context, both in terms of the expectations for input AND the nature of output. If you do this, you eventually will get the level of security you're after (that, and fuzz the heck out of something before you send it to Rasmus :) Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
Re: [PHP] Filtering data not with mysql...
On Wed, May 18, 2011 at 10:46 PM, Adam Richardson simples...@gmail.comwrote: I'm a security expert by any means, as I've made mistakes in the past that have provided education the hard way! Just to be very clear, this is a mistake (as the rest of the sentence implies), and it should have said: I'm *not* a security expert by any means, as I've made mistakes in the past that have provided education the hard way! Just another lesson on rushing :) Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com
Re: [PHP] Re: NOMAIL option for the list?
Michelle Konzack wrote: Hello Daniel Brown, Am 2011-05-17 15:07:58, hacktest Du folgendes herunter: On Tue, May 17, 2011 at 15:00, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Ist there a way to set my account to NOMAIL option? To stop receiving emails you mean? As in unsubscribing? I mean, STOP receiving mail without UNSUBSCRIBING. Which is a standardd function of newer majordomo and mailman. ezmlm uses the expression 'alias' for this functionality. See my posting from yesterday. -- Per Jessen, Zürich (16.9°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
