Re: [PHP] Greate day for you,
2010/4/7 Nilesh Govindarajan li...@itech7.com: On 04/07/10 21:41, Chris G wrote: http://sites.google.com/site/vfgbyuhoi6/kewe2w Bloody asshole spammer. Is there no spam filter at lists.php.net ? It was probably a virus or a trojahn, not intentionally sent to the list by the OP... -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP MySQL Insert Statements
2010/3/11 Martine Osias webi...@gmail.com: Hi, My insert statements on this web page don't execute. The select statements do work. This tells me that the database connection is working. The username and password are the administrator's. What else could prevent the insert statements from executing? Would you mind giving us some hints about how the INSERT statements looks like? Thanks. Thank you. Martine -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Auke van Slooten a...@muze.nl Hi, In a hobby project I'm relying on the order in which the following piece of PHP code is executed: $client-system-multiCall( $client-methodOne(), $client-methodTwo() ); Currently PHP always resolves $client-system (and executes the __get on $client) before resolving the arguments to the multiCall() method call. Hi! Can't you call the methods $client-methodOne() and $client-methodTwo() before the call to $client-system-multiCall()? That way, you could store they values in local variables, and then pass them to the $client-system-multiCall(), assuring that those methods are executed before the multiCall(). Something like: $methodOne = $client-methodOne(); $methodTwo = $client-methodTwo(); $client-system-multiCall($methodOne, $methodTwo); Cheers, Bruno. Is this order something that is specified by PHP and so can be relied upon to stay the same in the future or is it just how it currently works. If it cannot be relied upon to stay this way, I will have to rewrite the multiCall method and API... regards, Auke van Slooten Muze -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Auke van Slooten a...@muze.nl: Bruno Fajardo wrote: 2010/3/10 Auke van Slooten a...@muze.nl Hi, In a hobby project I'm relying on the order in which the following piece of PHP code is executed: $client-system-multiCall( $client-methodOne(), $client-methodTwo() ); Can't you call the methods $client-methodOne() and $client-methodTwo() before the call to $client-system-multiCall()? That way, you could store they values in local variables, and then pass them to the $client-system-multiCall(), assuring that those methods are executed before the multiCall(). Something like: $methodOne = $client-methodOne(); $methodTwo = $client-methodTwo(); $client-system-multiCall($methodOne, $methodTwo); Hi, This is not what I meant. I should perhaps mention that it's an xml-rpc client and the method calls are remote method calls. The multiCall method gathers multiple method calls into a single request. The trick I'm using now is to set a private property in the $client-__get() method when the property you're accessing is 'system'. From then untill you call the method 'multiCall', instead of calling the methods (in this case methodOne and methodTwo) the client creates a new object with the call information (method name and arguments) and returns that. In multiCall all arguments are therefor call information objects and multicall creates a single request based on that information. Hmm, you cleared that to me now... If you need to first create the property system and then call a method in that object system, can't you do something like: $client-system = null; $client-system-multiCall( $client-methodOne(), $client-methodTwo() ); I'm not testing these snippets of code, so sorry if I'm getting something wrong. Cheers, Bruno. So in your example the client would simply call methodOne and methodTwo and return the results. Then it would try to do a multiCall with whatever the previous methods have returned. regards, Auke van Slooten Muze -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Execution order of PHP
2010/3/10 Andrew Ballard aball...@gmail.com: On Wed, Mar 10, 2010 at 9:54 AM, Bruno Fajardo bsfaja...@gmail.com wrote: [snip] 2010/3/10 Auke van Slooten a...@muze.nl: This is not what I meant. I should perhaps mention that it's an xml-rpc client and the method calls are remote method calls. The multiCall method gathers multiple method calls into a single request. The trick I'm using now is to set a private property in the $client-__get() method when the property you're accessing is 'system'. From then untill you call the method 'multiCall', instead of calling the methods (in this case methodOne and methodTwo) the client creates a new object with the call information (method name and arguments) and returns that. In multiCall all arguments are therefor call information objects and multicall creates a single request based on that information. Hmm, you cleared that to me now... If you need to first create the property system and then call a method in that object system, can't you do something like: $client-system = null; $client-system-multiCall( $client-methodOne(), $client-methodTwo() ); I'm not testing these snippets of code, so sorry if I'm getting something wrong. Cheers, Bruno. [snip] I'm not sure you would want to assign null to $client-system. After all, __set() might not be defined. Yes, you're right, Andrew. Setting the property to null is not the best choice in this case. I agree with Rob here. If order is really crucial, then call the statements in the correct order: ?php /** * causes $client to call __get() in order to resolve * 'system' */ $system = $client-system; This was my point too, to create the object before the call to multiCall(), I just messed my example with the null assignment... :-) The code you suggested must solve the OP issue. Cheers, Bruno. /** * You should add some handling here to make sure that * $system is really an object that implements your * multiCall() method, and not something else (like null). */ $system-multiCall( $client-methodOne(), $client-methodTwo() ); ? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to get the 'return type' of a function?
2010/2/23 Daniel Egeberg degeb...@php.net
2010/2/23 Dasn d...@lavabit.com:
Hello guys, I try to use 'ReflectionFunction' to retrieve the info of a
function.
For example:
?php
$rf = new ReflectionFunction('strstr');
echo $rf;
?
=== output ==
Function [ internal:standard function strstr ] {
- Parameters [3] {
Parameter #0 [ required $haystack ]
Parameter #1 [ required $needle ]
Parameter #2 [ optional $part ]
}
}
The problem is there's no 'return type' (i.e. 'string' in this example)
info about the function.
Could you tell me how to retrieve the 'return type'?
Thanks.
--
Dasn
That's not possible. Consider this function:
function foo()
{
switch (rand(0, 1)) {
case 0: return 42;
case 1: return 'bar';
}
}
What should the return type be?
Mixed?
http://www.php.net/manual/en/language.pseudo-types.php#language.types.mixed
--
Daniel Egeberg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
2010/1/20 clanc...@cybec.com.au: When you are working with sessions, provided you start your program with session_id(), you can then do anything you like with session variables at any point in your program. Hi, You meant session_start() instead of session_id(), right? But yes, once you started a session (before any output is sent to the browser, that includes echo and print statements, empty space chars, etc) you can do anything you like with the $_SESSION array, being able to read the stored values in other requests / scripts of your app, as long as the session is started. In my original question I asked if there was a cookie equivalent. As far as I know, yes, there is. You set a cookie using the setcookie() function. This function, in the same way as session_start(), must be called before any output is sent to the browser. Once a cookie is set in the client, you can read the $_COOKIE array in any subsequent request of your client, in any point of your app, just like session. Someone said there was, but the above is simply demonstrating that their suggested solution doesn't work. It appears there is no solution, but that the workaround is to turn on output buffering, at least until you finish setting cookies, so that you can be certain that no output is generated before this point. You don't need to use output buffering at all. You only need this mechanism if your script needs to output stuff before the session_start() or setcookie() functions get executed. Well, I hope this information is helpful. Cheers, Bruno. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies sessions
2010/1/19 clanc...@cybec.com.au: I am trying for the first time to use cookies. The manual contains the statement Cookies are part of the HTTP header, so setcookie() must be called before any output is sent to the browser. When I first started using sessions, I was alarmed to read a very similar statement about sessions, but I soon found that if I started my program with the statement session_start(); I could then set up, access, modify or clear any session variable at any time in my program. This is enormously useful, as I can put the session handling at any convenient point in my program, and can precede them with diagnostics if I need to. However I have almost immediately found that while I appear to be able to read cookies at any time, I cannot set them when I would like to. Is there any similar trick which will work with cookies? The only trick is that you have to call setcookie() before any output is sent to the browser, just like the session_start() behavior. If I really have to work out what they should be, and then set them up, before issuing any diagnostics, etc, it will make life decidely more complicated. (I assume that I can set several cookies using successive calls to setcookie()?) Yes, each one with a differente name. I was also somewhat surprised to find that a cookie is used to implement sessions. Does this place any limitations on using both sessions and cookies in the same program? No. The cookie in PHP that implements session is by default called PHPSESSID. As long as your other cookies are named differently, you should be fine. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What's the best way to extract HTML out of $var?
2010/1/15 alexus ale...@gmail.com: What's the best way to extract HTML out of $var? example of $var $var = a href=http://http://stackoverflow.com/Stack Overflow/a I want $var2 = http://starckoverflow.com/; example: preg_match(); what else? Hi, If you simply wants to remove all tags from the string, try using the strip_tags function (http://php.net/strip_tags). -- http://alexus.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] header(Location:...) fails
2010/1/13 Richard S. Crawford rscrawf...@mossroot.com
Here is a snippet of code that is going to be the death of me:
// Create a new project
$projectcode = strtoupper(addslashes($_POST['projectcode'])); // project
code
// Make sure the project code is unique
if (!$existingproject = mysql_query(select * from pb_versions where
projectcode like '.strtoupper($projectcode).')) {
die (Could not check for existing project code!br /.mysql_error());
}
$numprojects = mysql_num_rows($existingproject);
if ($numprojects 0) {
$pid = mysql_result($existingproject,0,versionID);
header(Location:managebudget.php?e=1pid=$pid);
}
Now, even if $numprojects is 1, 2, 3, etc., the header() command is not
executed. Strangely, a header(Location) command later on in the script
*is* executed. I've output the value of $numprojects, so I know that it's
greater than 0, so the command
header(Location:managebudget.php?e=1pid=$pid); *should* be executed...
but it isn't. (Weirdly, if I put a die() command *after* this header()
command, it works... but it seems pathologically inelegant to do so.)
There's nothing in wrong in putting a die command after the
header(Location). In fact, it is common. The header() command by
itself don't imply in the send of the request. You can have many
header() commands in sequence, and the header will be sent only in the
end of the process.
Cheers,
Bruno.
Obviously, I'm missing something incredibly basic. Can anyone help me figure
this out?
--
Richard S. Crawford (rscrawf...@mossroot.com)
http://www.mossroot.com
Publisher and Editor in Chief, Daikaijuzine (http://www.daikaijuzine.com)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SVG and PHP
2010/1/5 Alice Wei aj...@alumni.iu.edu Hi, Just went online and saw an SVG generated from Python, and wanted to do the similar thing by loading the SVG into an PHP script. Here is the script that I have: ?php #Load the Map $ourFileName= USA_Counties_with_FIPS_and_names.svg; $fh = fopen($ourFileName, r) or die(Can't open file); fclose($fh); ? The problem is that my screen appears as blank even though I could open up USA_Counties_with_FIPS_and_names.svg and see the entire US Map. Does anyone know what I might have done wrong here? Aren't you just opening the file? I think that you need to print it in some way suitable to your application. Try using fread() or other function to read the contents of the file. Thanks in advance. Alice _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/
Re: [PHP] Dual PHP installation and session sharing
Hi, Zareef. I have not tried storing session in a database, and I think it's not an option in my case, since I'm working on a legacy software that uses distributed databases across several servers. Actually, I guess it would be easier to setup a new webserver, running PHP 5 only, and discontinue the current one. But if there's a chance to share session in the actual environment, I would certainly prefer that. Thanks for the reply! 2009/7/19 Zareef Ahmed zareef.ah...@gmail.com On Sat, Jul 18, 2009 at 1:34 AM, Bruno Fajardo bsfaja...@gmail.com wrote: Hi all, I'm using Apache/2.2.3 (Linux/SUSE), running PHP 4.4.7 in CGI mode, in a dual installation with PHP 5.1.2 running as an Apache module. Scripts with .php5 extension are executed by PHP 5, and those with .php are executed by PHP 4, and everything runs as expected. My question is: is it possible to share session data between .php and .php5 scripts in this environment? All my tests failed. have you tried using database as session storage and setting session id manually in your application. Thanks in advance! -- Zareef Ahmed :: A PHP Developer in India ( Delhi ) Homepage :: http://www.zareef.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dual PHP installation and session sharing
Hi all, I'm using Apache/2.2.3 (Linux/SUSE), running PHP 4.4.7 in CGI mode, in a dual installation with PHP 5.1.2 running as an Apache module. Scripts with .php5 extension are executed by PHP 5, and those with .php are executed by PHP 4, and everything runs as expected. My question is: is it possible to share session data between .php and .php5 scripts in this environment? All my tests failed. Thanks in advance!
Re: [PHP] Best Encryption Algorithm
Hi there! Try out AES. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Bruno. 2009/6/3 Hemant Patel hemant.develo...@gmail.com Hello Everyone, Hope you all are doing great. Now we are creating a application which has high level of security so its obvious that we will require a algorithm for encryption/decrytpion.So Can anybody suggest me the best algorithm for encryption(irrespective of any languageJust a Algorithm). With Regards, Hemant Patel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MYSQL 5 auto increment not working
2009/5/21 Leidago !Noabeb leid...@googlemail.com Hi All I know this is not strictly a PHP question, but i have a problem whenever i insert a record using PHP. Basically the auto increment field does not work at all. Here's the structure of the table that i'm using: CREATE TABLE `children` ( `cid` int(4) NOT NULL auto_increment, `cname` char(50) default NULL, `csname` char(50) default NULL, PRIMARY KEY (`cid`) ) ENGINE=InnoDB I use PHP 5.1 and MYSQL 5 I'm pretty sure the code i use to insert the data is sound since i've tested it with older versions of MYSQL. Has anyone else had similar problems? Did you left empty the field `cid` (PK) in your INSERT statement?
Re: [PHP] Variables not initialized. Is it possible to...
This kind of tip is raised in form of notices. So, to enable that, use the following function on top of your scripts: error_reporting(E_ALL | E_NOTICE); Best regards, Bruno. 2009/5/18 Paul M Foster pa...@quillandmouse.com On Mon, May 18, 2009 at 05:38:37PM +0200, Cesco wrote: Is it possible to set a parameter in PHP 5 to ask the interpreter to raise an error every time I try to use a variable that wasn't initialized before ? For example, I've write this piece of code in Python: print(DonaldDuck) I get this error: Traceback (most recent call last): File /Users/Cesco/Desktop/prova.py, line 3, in module print(DonaldDuck); NameError: name 'DonaldDuck' is not defined Until now I've seen that when I write this PHP equivalent: echo($DonaldDuck); When I try to run it, the PHP writes a blank string, because the variable is not yet initialized and PHP assumes that its value is an empty string (I guess) I'd like to have the same behaviour of Python in PHP, do you think that it is possible? Set your error reporting higher: error_reporting(E_ALL); at the top of your script. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Injection - Solution
Hi there!
2009/5/6 Igor Escobar titiolin...@gmail.com
Hi folks,
Someone know how i can improve this function to protect my envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is not enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,,$value;
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
What if someone posts, in any form of your app, a message containing
or, from or where? Those are very common words, and eliminate
them is not the best solution, IMO.
Use mysql_real_escape_string() like Shawn said, possibly something
like this would do the trick (from
http://br2.php.net/manual/en/function.mysql-query.php):
$query = sprintf(SELECT firstname, lastname, address, age FROM
friends WHERE firstname='%s' AND lastname='%s',
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
Cheers,
Bruno.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SQL Injection - Solution
2009/5/6 Igor Escobar titiolin...@gmail.com:
hun...by the way I forgot to mention, I am Brazilian and here in Brazil
these words are not common ...
Igor,
I'm brazilian too, but that is not the point. Deny the use of *any*
word as input in your app is unnecessary. The problem that you're
trying to solve, has been solved a long time ago.
Bruno.
That is a recursive function and i can use array_map becouse i some cases we
obtain arrays of arrays and that will generate a error.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 2:36 PM, Shawn McKenzie nos...@mckenzies.net wrote:
Igor Escobar wrote:
Hunnn...
So, what do you think now?
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM','SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] = (!get_magic_quotes_gpc()) ?
addslashes(str_ireplace(trim($sanitizeRules,,$value))) :
str_ireplace(trim($sanitizeRules,,$value));
endif;
endforeach;
return $arraSanitized;
}
Stay on list please. I don't like the ternary or the brace omissions
(alternate syntax) :-) however
My point was that in my opinion you don't need the replace at all.
Also, do you really want to strip all 'or', * and = from all fields?
These may be perfectly valid in your app. Or is a very, very common
word, so is from and come to think of it, where, select, insert and delete.
For any of the SQL injections to work in your query, there will need to
be quotes or the backtick ` in the user supplied content. The quotes
are escaped by mysql_real_escape_string().
I don't see any way for a SQL injection without the user input
containing quotes or the backtick to break out of your query or
prematurely terminate an expression. Some examples here, however they
don't mention the backtick:
http://us2.php.net/manual/en/security.database.sql-injection.php
This might be more useful:
||function _antiSqlInjection($Target)
{
if(is_array($Target)) {
$Value = array_map('_antiSqlInjection', $Target);
} else {
if(get_magic_quotes_gpc()) {
$Target = stripslashes($Target);
}
// replace backtick with single quote or whatever
$Target = str_replace(`, ', $Target);
$Value = mysql_real_escape_string($Target);
}
return $Value;
}
Thanks!
-Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE: AJAX with POST
Ajax is asynchronous. The option of asynchronous or synchronous can be set
in the XMLHTTPRequest object (used by Ajax), but a synchronous call is not
Ajax.
Cheers,
Bruno.
2009/4/5 Phpster phps...@gmail.com
Ajax can be both async and sync. Itsbthe fourth param in the open call and
I believe by default it's a sync call not async
Bastien
Sent from my iPod
On Apr 4, 2009, at 21:33, Skip Evans s...@bigskypenguin.com wrote:
But my function using GET does seem to wait.
Granted I cobbled it together from various samples and didn't author it
from my own deep understanding of the exact process, but here's the snippet
that does the real work.
req.open('GET', url, false);
req.send(null);
if(req.responseText) {
if(req.responseText.substring(0,7) == 'debug!!') {
alert(req.responseText.substring(7));
}
}
return(req.responseText);
It seems to wait until it has data to return, because it works perfectly.
I can send it a URL from another function and get the data back from server
to the function as expected.
The only part of it I'm unsure of is this:
req.send(null);
What does that do? As I said, I cobbled this function from examples, got
it working, and presto, was off and running.
Skip
Brad Broerman wrote:
Well, as the A in Ajax is asynchronous, there's no real way to make it
wait. What you would normally do is use a callback:
function createXHRObject( )
{
if (typeof XMLHttpRequest != undefined)
{
return new XMLHttpRequest();
}
else if (typeof ActiveXObject != undefined)
{
return new ActiveXObject(Microsoft.XMLHTTP);
}
else
{
throw new Error(XMLHttpRequest not supported);
}
}
function sendAjaxRequest( websvcurl , params, callbackFn )
{
var xhrObject = createXHRObject();
xhrObject.open(POST, websvcurl, true);
xhrObject.onreadystatechange = function()
{
if (xhrObject.readyState == 4)
{
if( xhrObject.responseXML != null )
{
callbackFn (xhrObject.responseXML);
}
}
}
xhrObject.setRequestHeader(Content-type,
application/x-www-form-urlencoded);
xhrObject.setRequestHeader(Content-length, params.length);
xhrObject.setRequestHeader(Connection, close);
xhrObject.send(params);
}
-Original Message-
From: Skip Evans [mailto:s...@bigskypenguin.com]
Sent: Saturday, April 04, 2009 5:30 PM
To: php-general@lists.php.net
Subject: AJAX with POST
Hey all,
At the risk of being told this is a PHP and not a JS list, but
also knowing the discussions on this list, to the benefit of
all I believe, very wildly, I'm posting this JS code snippet
for some advice.
As I posted earlier, my AJAX app that uses a GET to post to
the server (and get a response), fails on IE with larger data,
so I thought I'd take a shot at writing a POST function, but
so far I can get it to get the data back, but the problem is
by the time the data has come back the function has already
returned null back to the calling function. What I need this
function to do is wait for the data to come back and then send
it back to caller. Here's the function. Any advice would be
greatly appreciated. (The code to get the appropriate object
per browser has been omitted.)
http.open(POST, url, true);
//Send the proper header information along with the request
http.setRequestHeader(Content-type,
application/x-www-form-urlencoded);
http.setRequestHeader(Content-length, url.length);
http.setRequestHeader(Connection, close);
http.send(url);
http.onreadystatechange = function() {//Call a function when
the state changes.
if(http.readyState == 4 http.status == 200) {
alert('['+http.responseText+']');
return (http.responseText);
}
}
--
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison WI 53703
608.250.2720
http://bigskypenguin.com
Those of you who believe in
telekinesis, raise my hand.
-- Kurt Vonnegut
--
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison WI 53703
608.250.2720
http://bigskypenguin.com
Those of you who believe in
telekinesis, raise my hand.
-- Kurt Vonnegut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Extract result from a https remote server response
Assigning the return of file_get_contents to a variable? Didn't get your point... 2009/2/13 m a r k u s queribus2...@hotmail.com Shawn McKenzie wrote: Shawn McKenzie wrote: m a r k u s wrote: Hi all, Example : https://www.moneybookers.com/app/email_check.pl?email=t...@toto.comcust_id=123546password=123 The MB server response displayed is : Illegal operation. We would like to put the result below in a php variable and process it . An idea ? PS: The server is secured. The php functions like file(), file_get_contents(), readfile(), fopen() has been tested. Regards -- m a r k u s allow_url_fopen = On We have no control of the MB remote server configuration. -- m a r k u s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sprintf thousand separator.
Can you extend the JPGraph class, intercepting the desired method, formatting the output the way you need? 2009/2/11 João Cândido de Souza Neto j...@consultorweb.cnt.br No, I can´t, because if I do it how can jpgrhph render without numeric data? hehehe Richard Heyes rich...@php.net escreveu na mensagem news:af8726440902110523x63ce5485p6534d10063eb4...@mail.gmail.com... Thanks for your answer, but my real problem is to get thousand separator in jpgraph class which uses sprintf to display almost everithing; Can you format it first, and then pass it to JPGraph ? -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.org (Updated January 31st) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php validate user password
tedd,
I think that the problem of the duplicated hashes in the database
(in the case of two users using the same password) persists with a
constant prefix in the passwords. Although the random salt portion get
stored in the database concatenated to the hash, the attacker don't
know the string length of the salt, making the attack very difficult.
Cheers
2009/2/9 tedd tedd.sperl...@gmail.com:
At 2:02 PM + 2/9/09, Stuart wrote:
2009/2/9 Michael Kubler mdk...@gmail.com:
These days SHA should really be used instead of MD5, and you should be
SALTing the password as well.
Here's a great guide :
http://phpsec.org/articles/2005/password-hashing.html
Good advice. I would also advise against stripping and trimming
anything from passwords. By removing characters you're significantly
reducing the number of possible passwords.
I read the article and didn't find any objection to it, but before we all
jump on the SHA bus, why can't we do this:
1. Allow the user to pick whatever password they want.
2. After entry, add a token string to it, such as 'a14fmw9'.
3. Do a M5() hash and store the hash the dB.
When the user wants to log back in:
1. They enter their password.
2. We add the token string ('a14fmw9') to it.
3. Then we M5() the string and compare that hash with what's stored. That
will work.
Furthermore, if the token string is stored in the script, or in a
configuration file, and not in the database (as suggested by the author),
then if someone obtains access to the database, all the dictionary and other
such brute force attacks will be more difficult because the hashes are more
complex than one would normally expect, right?
If not so, then where am I wrong?
Another scheme would be simply to use the user's password and generate a
hash. Then reverse the users password and generate another hash. Then
shuffle the two hashes, or take pairs, or quads, or any number of other
techniques to obscure the hash. As long at the process can be reversed, it
will work.
From my limited view, a minor amount of work can throw a major monkey wrench
in any method of trying to crack a hash -- am I wrong?
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php validate user password
Or, like the article suggested, a random portion for the hash... I agree with you, Micah. The hash collision is a problem, and must be avoided. Same password hashes for different users are very good candidates for a dictionary attack. Probably, in most of this cases, users picked easy passwords, like 1234 or admin. Cheers 2009/2/9 Micah Gersten mi...@onshore.com onlist this time... tedd wrote: snip I think the MD5() hash is a pretty good way and if the weakness is the user's lack of uniqueness in determining their passwords, then we can focus on that problem instead of looking to another hash. And besides, the solution presented was to create a salt and use that -- that's just another step in the algorithm process not much different than what I propose. Cheers, tedd The MD5 hash IS the problem. The problem isn't the uniqueness of the passwords, but rather the uniqueness of the hash. The solution is to use another hash that does not have the same collision issues. Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
In my opinion, you would achieve better results using a template engine, like Smarty (http://www.smarty.net/). In addition, your code would be entirely separated from presentation in a elegant way. 2009/2/6 Frank Stanovcak blindspot...@comcast.net: I'm in the process of seperating logic from display in a section of code, and wanted to make sure I wasn't treading on a performance landmine here, so I ask you wizened masters of the dark arts this... is there a serious performance hit, or reason not to use long, ie more than 30 - 40 lines, comma conjoined echo statments... echo 'blah', $var, 'blah', $var2,...ad nauseum ... to output mixed html and php var values? If so could you refer me to a work around, or better way? Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
Well, Smarty's caching layer is very fast. Maybe not as fast as an echo statement, but apparentely Frank was also interested in separate logic from presentation, and a series of echo's is not the best solution in my opinion. :-) But the best solution depends of the context of the application, i agree. 2009/2/6 Eric Butera eric.but...@gmail.com: On Fri, Feb 6, 2009 at 12:15 PM, Bruno Fajardo bsfaja...@gmail.com wrote: In my opinion, you would achieve better results using a template engine, like Smarty (http://www.smarty.net/). In addition, your code would be entirely separated from presentation in a elegant way. 2009/2/6 Frank Stanovcak blindspot...@comcast.net: I'm in the process of seperating logic from display in a section of code, and wanted to make sure I wasn't treading on a performance landmine here, so I ask you wizened masters of the dark arts this... is there a serious performance hit, or reason not to use long, ie more than 30 - 40 lines, comma conjoined echo statments... echo 'blah', $var, 'blah', $var2,...ad nauseum ... to output mixed html and php var values? If so could you refer me to a work around, or better way? Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php In a thread about performance you suggest Smarty? Really? :D -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] long echo statement performance question
I am so stick to Smarty that I never tried other solutions, like Savant. Thanks for the tip, I'll try it right away. Cheers. 2009/2/6 Eric Butera eric.but...@gmail.com: On Fri, Feb 6, 2009 at 1:43 PM, Bruno Fajardo bsfaja...@gmail.com wrote: Well, Smarty's caching layer is very fast. Maybe not as fast as an echo statement, but apparentely Frank was also interested in separate logic from presentation, and a series of echo's is not the best solution in my opinion. :-) But the best solution depends of the context of the application, i agree. Right on. I was just playing anyways. I'm a strong supporter of things like Savant Zend_View. Use PHP, but for read only type of things with no logic. -- http://www.voom.me | EFnet: #voom -- Bruno Fajardo - Desenvolvimento bruno.faja...@dinamize.com - www.dinamize.com Dinamize RS - Porto Alegre-RS - CEP 90420-111 Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150 Dinamize BA - Lauro de Freitas - Fone 71 3379.7830 Dinamize SC - Joinville - Fone 47 3025.1182 Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172 Dinamize SP - São Paulo - Fone 11 6824.6250 Dinamize PR - Curitiba - Fone 41 3306.4388 Dinamize RS - Caxias do Sul - Fone 54 3533.4333 Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Blank page of hell..what to look for
Maybe X-Debug (http://www.xdebug.org/) could help you find bugs in your code, and for development environments it's recommended to use the most sensitive level of messages (turn on E_STRICT and E_NOTIVE, for example). 2009/2/5 Ashley Sheridan a...@ashleysheridan.co.uk On Thu, 2009-02-05 at 12:22 -0500, Paul M Foster wrote: On Thu, Feb 05, 2009 at 11:11:03AM -0600, Terion Miller wrote: Speaking of IDE, which do people on here prefer, I have been using Dreamweaver CS3 just because as originally a designer I was/am used to it... I did finally find the problem but moving an echo(damnit); from line to line commenting out everything below it...Oi ...is this ever going to get easier for me I often wonder... Use Vim. ;-} Paul -- Paul M. Foster Any editor with coloured syntax highlighting will help. Just scanning through the script visually should let you spot the obvious errors, and then breaking the script down into chunks with echo statements is the next step. You don't need to break it down line by line, that takes ages! Instead, put one halfway through your code, that will let you know if the error is in the top or bottom half, then just keep breaking it down half at a time and soon you'll have the part the error is in. It's just a typical trial-and-error algorithm. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
