Re: [PHP] To ? or not to ?
Larry Garfield wrote: [snip] Donovan Most major projects at this point leave it off, and their coding standards say to as well. The official PHP docs are generally non-commital by design, but outside of those I think it's pretty well-established to just leave it off and be happy. --Larry Garfield Well, the preference doesn't really matter to me... my point of question was the use of ob_start, etc.. The books I've read in PHP also call for ending '?', so it's being taught to PHP'ers whether the php list and major projects likes it or not. I was wondering about the lists opinion on the use of ob_start, ob_end_flush regarding this topic. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To ? or not to ?
Stuart Dallas wrote: [snip] Usually when setting headers after such a script has been included when output buffering is turned off. Personally I never put the closing ? in if it's at the end of the file because it's unnecessary and can cause issues if it's present, but it's personal preference more than anything else. Ultimately you have to consider that there's a reason it's optional - things like that don't generally happen by accident. I remember Rasmus commenting on this style issue a few years back so a search of the archives should find an official position. -Stuart Could using ob_start and ob_end_flush eliminate the ambiguity of whether or not to use '?'? Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To ? or not to ?
Robert Cummings wrote: [snip] Could using ob_start and ob_end_flush eliminate the ambiguity of whether or not to use '?'? In the generally recommended case of don't use them at the end of your file... where's the ambiguity? http://www.php.net/manual/en/function.include.php http://www.php.net/manual/en/language.basic-syntax.phpmode.php Those seem to suggest to use them... thus the ambiguity. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] questions about $_SERVER
Stuart Dallas wrote: [snip] so $GLOBALS['GLOBALS']['GLOBALS']['GLOBALS']['_SERVER'] is a perfectly valid, if daft, way of accessing $_SERVER. -Stuart Now this is becoming educational! ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic captcha
Savetheinternet wrote: [snip] Securimage (phpcaptcha.org) looks relatively okay.[snip] ..a final follow up with my experience implementing securimage (in the case that others go searching). This turned out to be a good solution for my purposes. It fit nicely with my form checks that were already in place (the quick start guide leaves room for various schools of thought regarding input cleaning). My suggestion: be sure to first run their compatibility check script before spending time downloading the files / reading the quick start. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic captcha
Thanks for all the input. Yes, there are a lot of ways and means and issues that can be considered (thanks Simon), but this project will use a simple captcha, mostly because it is familiar to users and fits with the project. Yes, I've found some options via google, but was more inquiring to see if you all had success with certain open-source freeware scripts. I haven't used google's version, but the problem I have with using google API's is that there can be delay's in page loading (in my experience). I don't generally like linking to 3rd party API's when I can help it. Ashley, I've used some of your techniques before within projects where those types of things fit. One I thought about recently is displaying an array of colors in random order and asking the submitter to choose their favorite color from the list. Perhaps not fool proof, but nice creative option. Anyway, for this project, I think I need a familiar captcha. Again, thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic captcha
Savetheinternet wrote: [snip] There are plenty of free PHP captcha scripts out there. Just google captcha PHP. Securimage (phpcaptcha.org) looks relatively okay. Thanks, Michael Hi Michael, this looked promising.. however, requires some GD support it appears I don't have.. here is the results of their test file: GD Support: Yes! GD Version: bundled (2.0.34 compatible) imageftbbox function: No The imageftbbox() function is not included with your gd build. This function is required. TTF Support (FreeType): No No FreeType support. You cannot use Securimage 3.0, but can use 2.0 with gd fonts. JPEG Support: Yes! PNG Support: Yes! GIF Read Support: Yes! GIF Create Support: Yes! --- Will keep looking I guess. Thx. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic captcha
Donovan Brooke wrote: [snip] Hi Michael, this looked promising.. however, requires some GD support it appears I don't have.[snip] Hi, well, just did the test on the live server and it *does* support it there.. so I guess I use it.. just won't work in the development enviro. Thanks for the suggestion! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] basic captcha
Ashley Sheridan wrote: [snip] Well, if the answer doesn't matter, another could just pick anything and run with it couldn't they? Thanks, Ash For the favorite color thing? The idea would be to require one (but not all) of the word options in the list (so answer does matter)... most bots would not be able to deal with that.. however, like I said, not fool proof (and not recommended for sensitive purposes). ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pathinfo or other
Elbert F wrote: SCRIPT_NAME is a server side path, try REQUEST_URI. This includes the query string but it's easy to remove. Elbert http://swiftlet.org Hi, I thought I should say that server side SCRIPT_NAME seems to be fine for me in this case. Thanks for the input. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] basic captcha
Hello, Does anyone know of a basic (open source or freeware) form captcha system for PHP? TIA, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pathinfo or other
Hello, What is the best way to get the /somedir/ values in the request URI? I tried $t_pathinfo = $_SERVER['PATH_INFO']; but was given an error of undefined index. After looking at the docs, it appears the error derives from something I may have to do in the .ini file. However, is there a standard/better way of grabbing the info after the host and before the query string.. perhaps 'SCRIPT_NAME'? Thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sticky checkbox - strpos
Hi guys,
if (!strpos($t_product,$t_p)) {print checked;}
Would strpos be munged if $t_p contains commas?.. ie ,234,
Thanks,
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] sticky checkbox - strpos
Donovan Brooke wrote:
if (!strpos($t_product,$t_p)) {print checked;}
Nevermind.. bad syntax I guess.. this works:
(strpos($t_product,$t_p) !== false)
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Headers on smart phone browsers
Paul M Foster wrote: This is sort of obliquely related to PHP. I don't have a smart phone, but I need to know a couple of things: 1) Do smart phones use the same browsers as the desktop, or do they have their own stripped down versions of browsers? 2) When a browser broadcasts its header telling the server what kind of browser is involved, do they broadcast anything in the header to indicate that they're being run on a smart phone? 3) Bonus question: Is there a preferred method amongst coders to determine what type of environment is being browsed from, so as to serve up the proper type of page (desktop or smart phone version of a webpage)? Paul Hi Paul, I think this is a great PHP conversation.. and I don't understand why GOTO threads always get way more replies than something like this ;-) Diverse User Agent compatibility is going to be more and more of a challenge for us.. gone are the days of a few known browsers that are viewing our sites. From bots, to browsers, to mobile devices, to game UA's, to app UA's.., to IE's stubborn outlook on the web... the idea of user experience is growing complicated! ;-) I really liked Mari's posted link to the a list apart blog about responsive web design using media query (CSS).. however, it seems to me that it takes the use of many languages and techniques in many cases to get the job done... user agent serving (using PHP or JS or alike), flexible CSS and web design, and a keen eye on your target audience may all play apart. However, this is a PHP list.. and I think we can better approach this topic by limiting our scope to talk about how PHP could be useful. My first question, being that my first language is not PHP, is; is their any core PHP mobile detection functions/tools that exist? I have a running list of mobile UA's that I picked up somewhere that I often use and edit to distribute content accordingly. I also have a PHP mobile detection script that I picked up somewhere. I'm sure these things can be found via google as well. The problem, as Mari's link suggests, is that UA list's and browser sniffing scripts need maintaining quite regularly, since mobile UA's are being added on a weekly basis perhaps. Many of my projects do some PC UA (browser) sniffing.. especially for IE., as IE has it's own system that it uses for how to render content. Anyway, I'm happy to share what I have.. but like I said, PHP is not my first language, so I am interested to see what the more established PHP'ers may have to say. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Headers on smart phone browsers
Ashley Sheridan wrote: [snip] Keeping a PHP angle to this, have you looked at using an up-to-date browscap.ini file with PHP? Basically, you can use that to read in the raw user agent string from the browser, and it then finds a matching entry in the ini file and gives you back some values about what it can assume about that device, such as whether it is known to support Java (although this is something you should be careful of, as it only tells you if it's is supported, not if there is an available JVM), if it is a mobile or search bot, what version of CSS it should support, etc. I use it myself in a personal web stats script, and as long as you keep the copy of the ini file recent, you should be OK. Interesting, I will check that out. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Headers on smart phone browsers
Stuart Dallas wrote: On 6 Feb 2012, at 21:12, Marc Guay wrote: the way your site renders should be purely based upon the size of the display. Although I mostly agree with this statement, it ignores the most interesting aspects of mobile technology, such as being able to ask the user for their GPS location and deliver content accordingly. I worked on some real estate websites that would show the user the houses for sale within a certai distance from where they were standing, and then leverage Google Maps for a get directions from where you are feature. The Mobile Web list has had some interesting discussions regarding this stuff... http://groups.yahoo.com/group/mobile-web/ On the contrary, my statement dealt only with the way a site renders, not the content it renders. We should definitely be taking advantage of the additional features of mobile devices where it makes sense because that's where the real game-changing power lies. -Stuart Right, the OP doesn't state the purpose exactly (design, function, etc..)... but even if it was design, as noted in Mari's link toward the bottom, responsive web design is not supported the same in all platforms... this is why I think, in many situations, a mix of UA detection and versatile design is still relevant (even in design). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Headers on smart phone browsers
Paul M Foster wrote:
[snip]
How about this: those of you with iPhones, Androids and the like, point
your phones at a page which reports $_SERVER['HTTP_USER_AGENT'] (like a
page which runs the phpinfo() function), and post what you get back from
that exercise and what device made the query. I'd like to see if there
is anything significant which indicates handheld platforms.
Paul
Logical, but I can save you that step :-) as I've been there done that..
Here is a PHP script (uses $_SESSION) for mobile users that I have found
to work fairly well. I'm absolutely sure that it contains false
positives, and potentially other minor bugs.. as it's just hard to keep
up with the ever changing UA's... but it's a start.
If it gets munged from email returns, I can zip it up.
Donovan
*INCLUDE IN HEAD
--start
?php
// ** Make sure to replace URL with your mobile URL below **
// Head
include('device_detect.php');//
session_start();
$is_mobile = mobile_device_detect();
if ($is_mobile) {
header(Location: URL);
die();
}
?
--end
SAVE TO A FILE CALLED 'device_detect.php'
--start
?php
// device_detect.php
function mobile_device_detect(){
//check if force pc is requested
$forcepc = isset($_REQUEST['forcepc']) ? $_REQUEST['forcepc']: 'false';
if ($forcepc == 'true') {
$_SESSION['forcepc'] = 'true';
return false;
} else if (isset($_SESSION['forcepc'])) {
$forcepc = $_SESSION['forcepc'];
if ($forcepc == 'true') {
return false;
}
} else {
$_SESSION['forcepc'] = 'false';
}
if (isset($_SESSION['mobiledevicedetect'])) {
return $_SESSION['mobiledevicedetect'];
}
//check if a profile header is indicated
//this is a very good indication it is a mobile device
if (isset($_SERVER['HTTP_X_WAP_PROFILE']) ||
isset($_SERVER['HTTP_PROFILE'])) {
$_SESSION['mobiledevicedetect'] = true;
return true;
}
$user_agent = $_SERVER['HTTP_USER_AGENT']; // get the user agent
value - this should be cleaned to ensure no nefarious input gets executed
$accept = $_SERVER['HTTP_ACCEPT']; // get the accept header value
switch(true){ // using a switch against the following statements
which could return true is more efficient than the previous method of
using if statements
case (eregi('ipod',$user_agent)||eregi('iphone',$user_agent)); // we
find the words iphone or ipod in the user agent
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case
(preg_match('/(nokia|sonyericsson|samsung|up.browser|up.link)/i',$user_agent));
// we find palm os in the user agent - the i at the end makes it case
insensitive
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case (eregi('android',$user_agent)); // we find android in the user
agent
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case (eregi('opera mini',$user_agent)); // we find opera mini in the
user agent
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case (eregi('blackberry',$user_agent)); // we find blackberry in the
user agent
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case (preg_match('/(palm
os|palm|hiptop|avantgo|plucker|xiino|blazer|elaine|treo)/i',$user_agent));
// we find palm os in the user agent - the i at the end makes it case
insensitive
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case (preg_match('/(windows ce; ppc;|windows ce; smartphone;|windows
ce; iemobile)/i',$user_agent)); // we find windows mobile in the user
agent - the i at the end makes it case insensitive
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case
((strpos($accept,'text/vnd.wap.wml')0)||(strpos($accept,'application/vnd.wap.xhtml+xml')0));
// is the device showing signs of support for text/vnd.wap.wml or
application/vnd.wap.xhtml+xml
$_SESSION['mobiledevicedetect'] = true;
return true;
break;
case
Re: [PHP] Headers on smart phone browsers
Mari Masuda wrote: [snip] For a concrete example of responsive design in action, point your browser to http://www.sasquatchfestival.com/ and then slowly make the window wider/skinnier to see how the design adapts to different viewport sizes. Very nice... makes for an easy display to a wide range of circumstances I think.. especially image resizing (in the blog example), which looks pretty smooth. But, in both the examples, it appears it can produce a choppy user experience when resizing the window as well... I suppose that resizing could be viewed as one of those 80/20 percent rule things.. meaning, window resizing is probably not a prevalent action for a user and it could be argued that one shouldn't code a site worrying too much about dynamic window resizing... but then there is a form of resizing, which is turning your iPAD to landscape view, etc.. I suppose one could probably still do some UA detection and serve up content based on the type of UA (ie. mobile, IE, game-based) and at that point, still incorporate responsive web design, but to that more-limited-category of UA's. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php.net problems?
Hi, is anyone else having problems with PHP.net today? Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.net problems?
Daniel Brown wrote: 2012/1/23 Alex Nikitinniks...@gmail.com: Rasmus confirmed that they are having issues with php.net: You can use the sk.php.net mirror while they fix their problems, as well as docs.php.net. We had a primary system failure at the same time as a migration was underway, which led to complications and subsequent failures of the mirroring network. The issues are being resolved and mirrors are coming back online. In the meantime, you may use one of the following mirrors: http://ca2.php.net/ http://sk.php.net/ http://docs.php.net/ And, until the matter is completely resolved, you can temporarily change your mirror preference at the bottom of this page: http://php.net/my.php Good!, thought I went insane there for a moment and couldn't remember any of the PHP functions... (as nothing was coming up in the search) ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php.net problems?
Daniel Brown wrote: On Mon, Jan 23, 2012 at 15:59, Donovan Brookeli...@euca.us wrote: Good!, thought I went insane there for a moment and couldn't remember any of the PHP functions... (as nothing was coming up in the search) ;-) Can't it be both? ;-P Purple cucumbers are automobile.. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable Troubleshooting Code
Jim Lucas wrote:
[snip]
if (!isset($pmatch) || substr($key,0,strlen($pmatch)) == $pmatch) {
print $key = $valuebr /;
}
[snip]
I would change the above the the following:
if ( empty($pmatch) || ( strpos($key, $pmatch) === 0 ) ) {
print $key = $valuebr /;
}
it would be slightly faster
love the skin the cat game!
What I like about this Jim is that the strpos() could be changed to
allow a contains argument rather than a begins with argument...
for example if you wanted to find all variable names containing 'foo'.
Something like:
if ( empty($pmatch) || (( strpos($tkey, $pmatch) === 0 ) || (
strpos($tkey, $pmatch) 0 ))) {
print $key = $valuebr /;
}
t_foo
foo_t
t_foo_t
would all be found.
Thanks!
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passing variables to php script
David Savage wrote: OK...I admit I'm new at thisI have this html file: html head titleGenerate pdf file of LD, Toll Free, and Directory Assistance calls/titl /head body form action=Q:\ASTERISK\callrecs.php method=post pAccount Number:input type=text name=acctnum/p pYear (4 digit):input type=text name=billyear/p pMonth (2 digit):input type=text name=billmonth/p pinput type=submit //p /form /body /html to which I would input an account number, 4 digit year, then 2 digit month. Then click Submit. What I see in the error log is: [06-Jan-2012 11:42:21] PHP Notice: Undefined index: acctnum [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billyear [06-Jan-2012 11:42:21] PHP Notice: Undefined index: billmonth where line numbers point othe the following php lines: $who=$_POST[acctnum]; $year_to_process=$_POST[billyear]; ; $month_to_process= $_POST[billmonth]; WHAT AM I DOING WRONG ? David I think the error indicates that there is no acctnum,etc. set in your POST array.. but your syntax looks O.K... so, assuming the php code is in callrecs.php, I'm guessing you either have a redirect in there, or are not hitting the callrecs.php with the form data. I'd suggest to post your callrecs.php file. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable Troubleshooting Code
Just to share, a Mr. Harkness forwarded me a consolidated version of my
code.. basically substituting the innards for:
if (!isset($pmatch) || substr($key,0,strlen($pmatch)) == $pmatch) {
print $key = $valuebr /;
}
Cheers,
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Non required argument
Simon J Welsh wrote:
[snip]
function list_formvars($pmatch=null) {...
http://php.net/manual/en/functions.arguments.php#functions.arguments.default
Thanks!.. missed that doc somehow.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Variable Troubleshooting Code
Hello!,
I work in another language mostly and often develop while displaying
variables (post,get,and defined) and their values at the bottom of the
page or in specific places. So, I thought I'd forward my PHP version as
an effort of good Karma to the list perhaps! ;-)
Below is 2 simple functions that are helpful for troubleshooting while
developing. Just place this code into a .php file and require it at the
top of any PHP page. Then, at the bottom of the page, or in a specific
(more pertinent) location, call the functions with something like this:
?PHP
//troubleshooting code
print 'br /bTesting:/bp';
print htmlentities(list_formvars());
print htmlentities(list_vars(get_defined_vars()));
print '/p';
?
-
Optionally, you can call only specific naming conventions of your
variables (if you use them).. ie:
print htmlentities(list_vars(get_defined_vars(),'t_'));
The above will display all defined vars such as:
t_name=value
t_city=value
t_address=value
etc..
Code:
---
/*
FUNCTION NAME: list_formvars
INPUT: optional begins with var
OUTPUT: Name = Value br /
Name = Value br /
USE: For troubleshooting code
Example Use:
list_formvars();
list_formvars('f_a');
*/function list_formvars($pmatch = null) {
print br /b'get' Vars:/bbr /;
foreach ($_GET as $key = $value) {
if (isset($pmatch)) {
if (substr($key,0,strlen($pmatch)) == $pmatch) {
print $key = $valuebr /;
}
} else {
print $key = $valuebr /;
}
}
print br /b'post' Vars:/bbr /;
foreach ($_POST as $key = $value) {
if (isset($pmatch)) {
if (substr($key,0,strlen($pmatch)) == $pmatch) {
print $key = $valuebr /;
}
} else {
print $key = $valuebr /;
}
}
}/*
FUNCTION NAME: list_vars
INPUT: get_defined_vars(),begins with match
OUTPUT: Name = Value br /
Name = Value br /
USE: For troubleshooting code
Example Use:
list_vars(get_defined_vars());
list_vars(get_defined_vars(),'t_');
*/function list_vars($a_vars,$pmatch = null) {
print br /b'defined' Vars:/bbr /;
foreach ($a_vars as $key = $value) {
if (isset($pmatch)) {
if (substr($key,0,strlen($pmatch)) == $pmatch) {
print $key = $valuebr /;
}
} else {
print $key = $valuebr /;
}
}
}
Cheers,
Donovan
P.S. Always open to good criticism if you peeps see something that can
be written better.. this is about my 3rd PHP project only... so, still
heavily learning ;-)
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Non required argument
Hello,
I have a simple function that contains an argument that is not required, ie:
function list_formvars($pmatch) {...
However, if I call the function without the argument, I get a warning
(I'm having the app show all warnings for development):
Warning: Missing argument 1 for list_formvars(), called in ...
Though the function works fine, how would I go about then making
argument not required. I've tried using an if statement with an isset()
condition, but perhaps I don't have the syntax correct?
Anyway,
TIA for your comments.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Non required argument
function list_formvars($pmatch=value) {... }
thanks to Tolga.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login with Remember me Feature
alekto wrote: Hi, I have implemented a remember me feature in my login-script, but I can't get it to function! If I might be so bold... then you haven't implemented the feature yet, right? ;-) I want to make it possible for the users to stay logged in for 30 days. This is what I got this far: You have a logic problem... If I were you, I would write it out more simplistically first... something like: if session cookie keep logged in else, if remember me if verifiable set session cookie and redirect Of course, that is not an example of exact logic to use, and is just a method example of how you can solve your problem. As others have suggested, I would first start reading about ob_start,ob_end_clean(which works well before a header redirect), and ob_end_flush. I agree about only needing to store the user ID in your cookie's (session and rememberme) (hashed perhaps), and not the password. My last comment would be a kind request to strip out all unnecessary html etc.. when posting questions to the list. I usually would not take the time to look through a mess like that. ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best editor?
Matty Sarro wrote: Hey everyone, I am a super newbie.. in the spirit of the super newbie.. :-) http://interrobang.jwgh.org/songs/editors.mp3 -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your passwords, even if they have the key. Hello, since this thread is about studying mcrypt... In another language, for a top security with the ability to retrieve data situation, I use a method that stores an encrypted key, but then also, the entire pages are encrypted as well, with a separate utility, where I only know the key. Think of it as compiling your software, only it is not compiling, it's encrypting, and it's then able to run as if it were compiled. The end result is that the key to any encrypted sensitive info does not reside on the server, it resides with me on my local system... thus the passwords are safely encrypted, yet I can retrieve them manually. I don't know that PHP has the ability to run in compiled or encrypted form.. does it? If not, I guess a 1 way, non-key encryption would be the only way to be absolutely secure with saved data in PHP (such as a hash). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] What makes your local system any less vulnerable of a point than your server, of anything, its more vulnerable and failure-prone, so unless i'm not getting something, that seems like a poor design decision (i'm sorry) [snip] In the model I profiled, it is a system design that * requires * the ability to retrieve secured data. For my solution, they would have to have physical entry into the premises that hold the key/s (local encryption done offline). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... [snip] Of course, obfuscation is never a great security solution. Compiling it into C++ is interesting... the question would be if the code could be de-compiled.. if so, then probably not a great solution either. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] It's never a good idea to store all your keys in code, True, but in the system I was referring to, only the closed source app knows how to see the key in the encrypted templates and there is no way for another to know how to decrypt the encrypted templates to see any of the other keys in the code... It's a unique solution for this type of topic. I don't want to go into too many details because it's not about PHP and my intention with bringing it up was to see if others knew of a similar solution within PHP.. which I'm thinking there is not. that is why we have an iv, and a salt that you can use... neither is program encryption, since i can dump it in it's executing form out of memory fairly easily; Well, not with the situation/app I was talking about.. this is why hard drive encryption without a controller that does crypto off the main system is fairly pointless... I'm not exactly sure what you are saying here.. but there are good reasons to have built the system that I was referring to... safe retrieval of secured data being the main idea. Look, I agree that in a typical online passphrase type of setup, creating a hash to be matched for access is a great solution under sensitive situations. You don't need to retrieve the pass as the owner can change it if they forget... however, encryption is absolutely not worth nothing and the O.P. stated he was trying to learn about PHP's mcrypt. Much of the time, a spec requires the access retrieval of secured data and a developer will have no choice anyway ;-). Not all sensitive data is at the same sensitivity level either... so mcrypt has its place. Cheers, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_POST value disappearing?
Hello!, I must not be understanding something as I would expect 'f_file' to show up in the print_r below.: ---form-- form action=index.php method=post enctype=multipart/form-data input type=hidden name=f_ap value=upload / input type=hidden name=f_action value=doit / input type=file name=f_file / input type=submit value=Upload / /form ---endform-- --index.php-- ?php print_r($_POST); ? --/index.php-- The result I get is: Array ( [f_ap] = upload [f_action] = doit ) --- Can someone enlighten me? Thanks, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST value disappearing?
Jônatas Zechim wrote: Hi.. You need to use $_FILES ( http://php.net/manual/pt_BR/reserved.variables.files.php) Regards, Jônatas Zechim Thanks guys. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the best 1 book for php
Kirk Bailey wrote: If I only had 1 book on php, what would it be? I have to disagree with the php.net 'docs' being the best book. Though most of us will have a php.net tab open in your browser every time we write code, it's not the same learning that comes with a good book IMO. Reading a book can give a more robust understanding to a language, perhaps especially when starting out. You get to listen in on the author's perceptions of tools, theories of practice, etc.. which can help with concepts, reasoning, and understanding etc.. Perhaps you start to get a similar type of learning with a good talk list combined with php.net however... perhaps with a bit of spam. ;-) Anyway, someone mentioned Larry Ullman's books and I'd have to second that suggestion. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Resizing an image
Andre Polykanine wrote: Hi everyone, Image processing is a part of Php language completely unknown to me :-(. So there is my task: I need to process an uploaded image. We allow uploading of gif, jpeg, and png images. If an image is wider than 600px, it should be proportionally resized to the width of 600px. Yes, I've just read about ImageCopyResampled(). My questions are: 1. what are the restrictions of ImageCopyResampled()? Can I make a jpg image from a jpg one, and a png image from a png one? And what about gif's? 2. I don't need to output the image as the script output, I need to upload it as a file (replacing the uploaded larger file). Could I make it with fwrite and then copy it to the server? All of the examples give header(image/jpeg)... Thanks! Hi Andre, http://www.imagemagick.org/script/index.php http://us.php.net/manual/en/refs.utilspec.image.php Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Upload Progress Meter
Brad Broerman wrote: Essentially, they all require Flash or Java... You are generally talking about two different sides of the client/server relationship.. unless you are talking about Applets, right?... so I have an issue with the statement. If jquery does one (as mentioned), it's likely not Flash nor Java. I'm not trying to be an arse or anything, but I don't see it being that limiting. I do think it's difficult to recommend a progress meter when there is not a lot of info given of what is being metered. If you need to meter the processes for javascript, then you'd likely use javascript, if you need to meter a server-side intensive task, then you could use a server-side method, or a combination of things. It all comes down to a pretty graphic to watch while your waiting for a task to finish. ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] adding objects to $SESSION with serialize()
Daniele Capuano wrote:
Hi,
I'm developing a web application using moodle, and I'm trying to create a
PHP object tree to be used in $SESSION. Objects are defined as
class foo {
private $module_name;
private $sub_modules = array();
}
I have a main module (object) and I use the following function to add
serialized sub modules to such object:
public function add_sub_module($mod) {
$name = $mod-get_mod_name();
$this-sub_modules[$name] = serialize($mod);
}
where the get_mod_name() function simply returns the $module_name private
field. After adding a sub module to the main module, I always update the
main module in $SESSION using serialize($main_module).
Once returned to the page, i restore the main module with
unserialize($SESSION-$main_module_name), and then I call the following
function to retrieve a sub module:
public functionsearch_sub_module($name='') {;
foreach($this-sub_modules as $mod_name = $mod) {
if ($name == $mod_name) {
return unserialize($mod);
}
$obj_mod_file = $mod_name..php;
require_once($obj_mod_file);
$obj_mod = unserialize($mod);
$modr = $obj_mod-search_sub_module($name);
if ($modr != NULL) {
return $modr;
}
}
return NULL;
}
I found that sub_modules added to the main_module-sub_modules list are
correctly retrieved, but if I add a sub module to a main_module's sub
module, it cannot be get after the main module has been serialized. What do
I mistake?
Please help.
Thanks
Daniele
Is '$SESSION' just a typo?.. s/b '$_SESSION'.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help with _get error
Jack wrote: Hello All, I'm having a problem with this line of code which worked fine for years: $l_url2 = ..$_GET[SERVER_NAME]; Here is the error: [Wed Mar 23 13:33:49 2011] [error] [client 16.139.201.61] PHP Notice: Use of undefined constant SERVER_NAME - assumed 'SERVER_NAME' in /home//modules/jack.php on line 322 Thanks! J You need to learn the differences in error reporting levels. My guess is you changed hosts recently. ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Howdy (new in here)
Tamara Temple wrote:
On Feb 15, 2011, at 4:17 PM, Donovan Brooke wrote:
[snip]
This is what I show my students:
http://rebel.lcc.edu/sperlt/citw229/brace-styles.php
Cheers,
tedd
I didn't know there were names for bracing styles... but
Neither did I -- just the KR style was the only name I recognized. (I
still have a first edition!)
However, I think on my next project, I will use Whitesmith's Style.
I would be more inclined to try other styles if my editor of choice,
TextMate, were to easily support them; as it is now, TextMate
automatically un-indents the line when you type a closing } on an open
line, and automatically indents on an open line after a opening { -- so,
what to do? I don't really want to dive into programming my editor's
functions (which I could do with TextMate) as that is really getting
into non-productive tweaking.
The issue I had at times with the KR style was locating the the
matching (open or closed) brace.. as they were not on the same
character column.
I never really found this to be a problem as long as I kept the various
branches short enough. I was unlucky enough to find someone who coded a
function that went on for 30 pages one (this was in C, not PHP) and
*that* was hard to untangle. Of course, one of the first things I did
when I had a spare moment was to chop it up in to individual functions
Well, in either case it add's a bit of complexity.. if you are not
searching for an end brace, you are scrolling to find a function (or
include file perhaps)... but yes, I try to keep them short as well.
One thing I do at times is comment what end brace is what..
} // end to: if $num == 6
I still can't get away from BBedit, but the only automatic thing I have
turned on is text suggestion... which I think about turning off every
time I code. ;-)
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Howdy (new in here)
[snip] This is what I show my students: http://rebel.lcc.edu/sperlt/citw229/brace-styles.php Cheers, tedd I didn't know there were names for bracing styles... but I used the KR Style on my last project, which I would call the Larry Ullman style since that is where I took it from. However, I think on my next project, I will use Whitesmith's Style. The issue I had at times with the KR style was locating the the matching (open or closed) brace.. as they were not on the same character column. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure monetary transactions
Paul M Foster wrote: [snip] In essence, my customer is not responsible for any confidential/secure information, which is all handled by the merchant gateway. For whatever unknown reason, my customer has been convinced they should go with a different merchant service company. However, this company doesn't have the same kind of secure payment pages. (Yes, they're legitimate, but they're simply a payment processor. They don't have the additional site to accept manual input of payment information and such.) I've explained to my customer that, in doing this, he will need: [snip] I've done quite many of these... all of which could be questionable as to PCI-compliance... however, first, why you would require an ecommerce app? Most gateweways come with an SDK with examples that you can start from. For PCI compliance, go through the steps at the link Gary posted and see where (if any) there become issues. Very basically, never store the credit card, encrypt it always, and I don't see a reason why this could not be done securely as long as your shared environment is secured. If your shared environment is not secure and you require PCI compliance, tell them they need to go to a VPS or something... about the same pricing. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] First PHP site - thanks - euca_phpmysql function library
Hello, Just wanted to say thanks to those that helped me get through my first PHP project (over the last month). As is with much of the work we server-side language people do, the back-end (non-public) side of this site is perhaps the more interesting. However, here is the link to the site: http://www.impactseven.org/ They have full control over the content in the admin pages, and much of this content will soon change as I simply copy/pasted some of their old site's content to the database fields. btw, I7 is a great source for working capitol if you are in the need, and if you are in Wisconsin, USA. ;-) Also, for good karma ;-), here is a link to a small function library containing just a few (mostly MySQL) functions that I created for this site: http://www.euca.us/downloads/euca_phpmysql.zip (4KB) (if used, please keep the 'www.euca.us' credit in place) It has 4 functions: dbconnect global_id list_formvars list_vars You can read all about them in the file, but here is the basic rundown. dbconnect - basic connection/error reporting for MySQL global_id - If you've ever run into data relations changing between related tables, you may want to look into this one. ;-) list_formvars - list all request vars (for testing) with the option to display only certain matched vars. list_vars - list all set vars (for testing) with option to display only certain matched vars. The later two I usually post either at the end of the page, or at the end of page within !-- -- for testing/development purposes. Lastly, I'm sure I will add to this library as time goes by, but if you find that you've used it and made changes, drop me the file so I can learn as well. Thanks again!, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: nl2br problem
Al wrote: [snip] You have an example of a page you'd like to control that we can see? On the surface, it appears you may be able to control the rendering with advanced CSS2/3 selectors. Thus, the browsers will do the work for you. Al.. Hello, yes and no.. ;-) Right now browsers receive a google warning of malicious site.. which is one of the reasons they are asking me to redo it. It doesn't actually have any maliciousness ;-) in it, but I don't want to post the link for that reason. I'm a few days off from going live though (and fixing that problem).. and could post the link then if needed. However, I think the solution I came up with is working fine for the most part. For Ash, yea, I thought of doing some more sophisticated parsing of the content as you suggest, but the KISS philosophy has merit as well, especially when trying to finish a project within a deadline. ;-) Thanks for comments. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] nl2br problem
Hello, I have CMS form that allows HTML for the body of a site. To keep the form somewhat WYSIWYG, I am using the nl2br() function for displaying: nl2br($t_body) This works great for normal stuff.. but for pages with tables etc.. it creates a lot of extra br /'s :-). I thought about doing an if statement.. if $t_body contains table then don't use nl2br().. but I'm thinking there has got to be a better way... because pages that use both WYSIWYG returns in the form AND tables would then not display well. Any thoughts? Thanks, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] nl2br problem
Daniel Brown wrote:
[snip]
Absolutely. Look into employing TinyMCE or CKEditor (or the older
FCKEditor) so you don't have to do so much server-side processing.
This will only apply to pages moving forward, mind you, not for
displaying existing table data. You'll need to make the determination
if it's right for your specific case.
I probably should have went that route! I'm really bad about
looking for existing solutions. ;-) Instead, I
I am using a conditional where if the content contains
a table, then don't use nl2br... then I told the admin
that if they use tables in their body content, then they will
have to include the br /'s themselves.
---
$t_tablecount = substr_count($t_body, 'table');
$t_endtablecount = substr_count($t_body, '/table');
if (($t_tablecount 0) ($t_endtablecount 0)) {
print $t_body;
} else {
print nl2br($t_body);
}
---
I guess that will work for now.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] String Encodings - loose guidelines
Marc Guay wrote: 1.) Saving strings to a database One thing I always forget to remember is to send tge SET NAMES utf8 command to MySQL after making a connection. This will save you 1000 headaches if you're working with non-latin characters. I can't count the number of times I've thrown htmlentities, htmlspecialchars, utf8_encode/decode/, stripslashes, etc, etc around trying to figure out why those É's aren't being saved or read properly. I imagine this might fall into the category of best practice. Marc Thanks for the heads up! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] 2nd Pair of eyes please
Hello,
to respond to some of the comments/questions..
No, it wasn't parsing anything... and yes, I put
ini_set('display_errors', 1);
error_reporting(E_ALL | E_STRICT);
at the top of the page.
(as well as there is a custom built PHP management app that
allows to turn on the display_errors.. which is apparently
done.)
Having said all that, this server config (of which I have very limited
access) does appear to shut down parsing
entirely more quickly than my dev machines that are set
as mentioned.
..usually not a problem (old hat in troubleshooting) and am nearing the
end of the this job... but yes, strange that small errors trigger
shutting down parsing entirely.
Daevid,
Lot's of misc. comments for not being able to spot my syntax issue and
not knowing the details of my project! ;-)
However, I will take a look some time at your wrapper for future reference.
Cheers,
Donovan (1 block of code at a time)
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] 2nd Pair of eyes please
Oops, sorry, this was suppose to go to the PHP-DB list! Ignore! thx, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] String Encodings - loose guidelines
Hello, I don't yet have a complete understanding of string encodings for the various environments they may need to pass through or be in. I have found bits and pieces within Larry's book, the online docs, and by googling... and my app seems to be working fine, but I don't yet feel confident on best practices. So, I thought I'd see if I could spark some feedback to the following: 1.) Saving strings to a database 2.) print/echo'ing string fields from a database. a. Allowing HTML? b. Not allowing HTML? 3.) print/echo'ing string fields into form textareas. 4.) Simply encoding strings to send over a GET request. 5.) Simply displaying strings from the $_REQUEST array. 6.) string encoding for redirects I understand that some of the above may depend on what database is being used. However, here is basically what I'm using successfully so far (disclaimer: obviously I am not sure of things here which is why I am asking the question ;-) ): 1.) $t_string = mysql_real_escape_string($f_varied_chars); //if using MySQL (optionally could use htmlspecialchars()?) to not allow html? 2.) print $db_string; a. Nothing different.. or perhaps htmlspecialchars_decode()? b. use htmlspecialchars upon saving to database, or using print htmlentities($db_string);?? 3.) textarea..?PHP print htmlspecialchars($db_string); ?/textarea? 4.) $t_string = urlencode($t_varied_chars); //(not sure if htmlentities would be needed in certain situations) a href=page.php?f_string=$t_stringx/a 5.) print urldecode($_GET['t_string']); //(not sure if html_entity_decode() would be needed in certain situations where you would want to display html?) 6.) ob_end_clean(); // destroy buffer $t_string = urlencode(text with varied chars); $t_url = page.php?f_string=$t_string; header (Location: $t_url); exit; TIA, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Formatting
Ethan Rosenberg wrote:
Dear list -
I have a program with the following statement: $out = system('ls -l',
$retval); The output is a string. How do I format the output to be in
the Linux format, that is in columns. I cannot think of a way to use
explode to do it.
Advice and comments, please.
Thanks
Ethan
MySQL 5.1 PHP 5.3.3-6 Linux [Debian (sid)]
Something like?:
print pre;
$out = system('ls -l', $retval);
print /pre;
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
[snip] ?php session_name(uniqid()); session_start(); echo session_id(); ? YAY! it worked!! so then i tried this: ?php session_name(uniqid()); session_start(); $_SESSION['t_'. time()] = time(); echo session_id(); echo 'pre'; print_r($_SESSION); echo '/pre'; ? and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old previous session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve old session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... Hello, What seems to be missing from this thread is talk about the root of the problem. You would never want to create the same cookie name for alike web-apps for the very reason Paul has discovered. Session_name works because it changes the name of the PHP session cookie. This is important for CMS builders, Forum builders, or other app builders etc.. Paul mentions: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well, there are only 2 ways that I know of to retain *state* in a web app (no matter what web server-side language you are working with), which are cookies or passing a variable in all links... so I would re-phrase Paul's statement above to say, to retain state, there is *always* some reference to login data (whether direct or indirect (encrypted)), but right, it's not a good idea to store AUTH info. Extending Tedd's suggestion, Instead of a unique ID for a session name (most often session *cookie*), I really prefer a hash of something that results in a recognizable cookie name over something random. In my opinion only, it is a bit shady to create a cookie that is unrecognizable. At the least, when I am managing my own cookies, I will delete wierd cookie names. What I usually do for sessions is create a cookie name that is based on the domain, and also lists the word session... so a format something like: domain_session A format such as above lets the user know right away where the cookie comes from and what it does. I would post code, but I haven't written the hash in PHP yet. One last note about this hash, I always include a default to the IP address in the case of development, or if the site does not have a domain name. Oh, and one last last note, Accessing a web app with localhost does not work well with cookies either.. so in my hash, I redirect those who access my app from localhost to the localhost IP (127.0.0.1) right away. I know that last part is a bit complicated, but I help write the hash if the list is interested. I was really surprised to find no mention of this on the PHP's examples of sessions. Sorry for the long post! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email address syntax checker
Govinda wrote: [snip] Hi D :-) I was following along.. also felt pleased to be introduced to filter_var ... and then happened to see this: http://us3.php.net/manual/en/function.filter-var.php [snip] Note that FILTER_VALIDATE_EMAIL used in isolation is not enough for most (if not all) web based registration forms. Good to know G... (and yea, I read something similar).. but only administrators can add registrants in the system I'm building.. and even then, email is not required, so I'm not worried about it on this job, but I'll keep all the posts for this thread in mind for down the road. Trying to finish a PHP book while watching the Packers is not working for me too well. ;-) Thanks, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: email address syntax checker
Gary wrote: [snip] In fact I'm wondering why the OP doesn't just do what every other site seems to do - accept the registering user's input as valid, and ask them to validate it by sending them an email address to that address. Assuming an email address is even really required for operation of the users' accounts. Email is not required for operation. Now, my forum on the other hand, written in another language, does validate in the way you suggest. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array to var - with different name
Paul M Foster wrote:
[snip]
Shawn, I don't know if I have a good reason, other than I rather like
working with string vars instead of array vars from $_REQUEST for
(sticky forms and conditionals). I can check/verify them as well in the
process.
You should probably get used to dealing with the array variables.
However, you can also look at the extract() function. It won't do
exactly what you want, but it will pull the array keys/values into the
current symbol table. Use with caution (note the second parameter to the
function).
Paul
Well, It occurs to me that you can't code in PHP without getting use to
dealing with arrays. ;-)
I just much rather like typing:
input name=f_email value=?PHP if (isset($t_email)) { print
htmlspecialchars($t_email);} ? /
Instead of:
input name=f_email value=?PHP if (isset($_GET['f_email'])) { print
htmlspecialchars($_GET['f_email']);} ? /
or
if ($t_ok) {
}
instead of:
if ($_GET['f_ok']) {
}
Save's a lot of typing time as far as I can tell.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array to var - with different name
Donovan Brooke wrote:
[snip]
if ($t_ok) {
}
Small correction.. with my established naming convention.. the above
ideally would be:
if ($b_ok) {
}
D
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email address syntax checker
Peter Lind wrote:
[snip]
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo Bad user! Bad user!;
}
Regards
Peter
thanks peter... wish I would have known about filter_var before
writing the other checkers. ;-)
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] email address syntax checker
Nilesh Govindarajan wrote:
On 01/20/2011 09:44 AM, Donovan Brooke wrote:
Hi Guys,
I'm waddling my way through database interaction and thought someone on
the list may already have a simple email checker that they'd like to
share...
you know, looking for the @ char and dots etc..
I did a quick search of the archives and found a couple elaborate
things.. but
I'm looking for something simple. This job will have trusted users and
the checker is more to help them catch mistakes when registering.
Thanks!,
Donovan
Well, I had created an email validator long ago, after a neat research
on Google, reading RFCs, etc.
I don't guarantee that it's without bugs, but it has been correct for me
in all valid invalid email addresses I used for test.
Code:
?php
function checkMail($mail) {
if(strlen($mail) = 0) {
return false;
}
$split = explode('@', $mail);
if(count($split) 2) {
return false;
}
list($username, $domain) = $split;
/*
* Don't allow
* Two dots, Two @
* !, #, $, ^, , *, (, ), [, ], {, }, ?, /, \, ~, `, , , ',
*/
$userNameRegex1 = '/\.{2,}|@{2,}|[\!#\$\^\*\(\)\[\]{}\?\/\\\|~`\']+/';
/*
* Username should consist of only
* A-Z, a-z, 0-9, -, ., _, +, %
*/
$userNameRegex2 = '/[a-z0-9_.+%-]+/i';
/*
* Domain cannot contain two successive dots
*/
$domainRegex1 = '/\.{2,}/';
/*
* Domain can contain only
* A-Z, a-z, 0-9, ., -,
*/
$domainRegex2 = '/[a-z0-9.-]+/i';
if(preg_match($userNameRegex1, $username) or
!preg_match($userNameRegex2, $username) or
preg_match($domainRegex1, $domain) or
!preg_match($domainRegex2, $domain) or
!checkdnsrr($domain, 'MX')) {
return false;
} else {
return true;
}
}
Thanks! I think I'll go w/ Peter's suggestion for this site, but will
take note of this for reference's sake!
Cheers,
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] array to var - with different name
Hello again!
I'm trying to find a good way to convert array key/value's to
variable name values... but with the caveat of the name being
slightly different than the original key
(to fit my naming conventions).
first, I (tediously) did this:
---
if (isset($_GET['f_action'])) {
$t_action = $_GET['f_action'];
}
if (isset($_POST['f_action'])) {
$t_action = $_POST['f_action'];
}
if (isset($_GET['f_ap'])) {
$t_ap = $_GET['f_ap'];
}
if (isset($_POST['f_ap'])) {
$t_ap = $_POST['f_ap'];
}
---
Instead, I wanted to find *all* incoming f_ keys in the POST/GET
array, and convert them to a variable name consisting of t_ in one
statement.
I then did this test and it appears to work (sorry for email line breaks):
-
$a_formvars = array('f_1' = '1','f_2' = '2','f_3' = '3','f_4' =
'4','f_5' = '5','f_6' = '6',);
$t_string = ;
foreach ($a_formvars as $key = $value) {
if (substr($key,0,2) == 'f_') {
$t_string = $t_string . t_ . substr($key,2) . =$value;
parse_str($t_string);
}
}
-
I figure I can adapt the above by doing something like:
$a_formvars = array_merge($_POST,$_GET);
However, I thought I'd check with you all to see if there is something
I'm missing. I don't speak PHP that well and there may be an easier way.
Thanks,
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] array to var - with different name
Tommy Pham wrote:
[snip]
foreach ($_REQUEST as $key = $value) $$key = $value;
short-circuited one-liners :)
Regards,
Tommy
akk... wrong clicked before I had a chance to fix the code. anyway,
foreach ($_GET as $key = $value) if (substr($key, 0, 2) == 'f_')
${'t_'.substr($key, 2)} = $value;
Tommy, excellent.. I had just rewrote your first suggestion:
foreach ($a_formvars as $key = $value) ${str_replace('f_', 't_',$key)}
= $value;
(which works)
but I like that you are only affecting the vars that *begin* with
$match. I suppose the above would also work with $_REQUEST.
Shawn, I don't know if I have a good reason, other than I rather like
working with string vars instead of array vars from $_REQUEST for
(sticky forms and conditionals). I can check/verify them as well in the
process.
Thanks to all that posted.. I always learn from the skin the cat game.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] email address syntax checker
Hi Guys, I'm waddling my way through database interaction and thought someone on the list may already have a simple email checker that they'd like to share... you know, looking for the @ char and dots etc.. I did a quick search of the archives and found a couple elaborate things.. but I'm looking for something simple. This job will have trusted users and the checker is more to help them catch mistakes when registering. Thanks!, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [PHP]: permission problem www-data
Moses wrote: Hi Everyone, I am creating a file in PHP script which takes a value from a form and writes it to a file. However, i don't have the mode permission for the file instead it is owned by www-data.What can i do to ensure that the file is owned by me. drwxr-xr-x 2 www-data www-data 4096 2011-01-17 22:01 18757170111.0 -rw-r--r-- 1 www-data www-data 40 2011-01-17 23:39 32238.hydro Thanks. Hi Moses, I think the answer to your question lies in more info from you. I assume that you want your user account to have permission? Why? What are you doing with the file? Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] 2nd Pair of eyes
Hello,
I warned the list that I may have questions! ;-)
...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)
---Start---
if ($_post['f_action']=='login') {
// connect to database (custom function)
$r = dbconnect();
// success?
if ($r['a_success']) {
$query = SELECT u_id FROM cms_users WHERE u_name =
$_post['f_user'] AND u_pass = $_post['f_pass'];
if ($r = @mysql_query($query))
{
// test
print !-- userID: $r --;
}
mysql_close();
} else {
// Not connected to db
$t_mssg = mysql_error();
}
}
---End---
No info is given in PHP error reporting because it
returns no source to the page. Can you see where this n00b went wrong?
Thanks!
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Simon J Welsh wrote: [snip] ---Start--- $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Array indices either need to be accessed without quotes for the key, or by enclosing the variable in curly braces. --- Simon Welsh Admin of http://simon.geek.nz/ Excellent Simon, that did it. Thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Daniel Brown wrote:
On Tue, Jan 18, 2011 at 12:49, Donovan Brookeli...@euca.us wrote:
Hello,
I warned the list that I may have questions! ;-)
...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)
---Start---
if ($_post['f_action']=='login') {
$_POST is cAsE-SeNsItIvE, like all variables.
// connect to database (custom function)
$r = dbconnect();
Did you define this function?
Hi Daniel, good point (that I'm sure I would have caught ;-) ) about
the $_POST... and yes, dbconnect(); is defined.
Looks like it was the array indices syntax that was the culprit.
Also for others, yes, I'll be adding the var cleaning and checkers.
Thanks again.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] switch case madness
Hello,
I must not understand PHP's switch/case..
The case '0' below fires when $t_mssg = apparently.
Is this how it's suppose to work? I would think
it would only fire if it equaled 0.
--
print -$t_mssg- br /;
if (isset($t_mssg)) {
switch ($t_mssg) {
case 0:
echo 'pspan style=color:red;Log In Successful/span/p';
break;
}
}
--
TIA,
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case madness
Thanks. I had initialized $t_mssg as an empty string further up the chain out of old habit.. removed that, and now it works... just built my first basic cookie-based PHP/MySQL log-in script from scratch! ;-) Fun stuff, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case madness
-- D Brooke I just died a bit on the inside. Why would you build that from scratch? Regards, -Josh Alright, I'll bite (since I affected you that much) ;-), do tell... Why not? Would you rather I use PHP's session_start()? Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch case madness
Why not use one of the countless, not to mention secure and stable cookie management systems available? If it's an exercise cool, I misunderstood. I'm not one to normally shun people rolling their own code, lord knows I've done it more then once or twice, but there are some things I wouldn't touch with a ten foot pool, and cookie management is one of them. The other would be things like CSV parsers or text manipulations. Regards, -Josh The idea of using existing resources for efficiency is very valid indeed.. especially with a job at hand. But, there are good reasons to roll-your-own... education and knowing your own code are 2 that are important to me right now. Besides, a cookie based log-in system is really not that complex. ;-) Now.. payment gateway API? AJAX requests? I'll take the snippets please. Cheers, Donovan (moving on to database administration) -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array Symbol Suggestion
sono...@fannullone.us wrote: I'd like to make a suggestion for a change, or possibly an addition, to the PHP language. I'm learning PHP and have been very excited with what it can do in relation to HTML. But when I got to the part about arrays, I was disappointed to see that they are designated with a $ the same as other variables. I was learning Perl before I switched, and it uses the @ sign to designate an array. That makes it a lot simpler to see at a glance what is an array and what isn't - at least for beginners like me. Has there been any talk of adopting the @ sign for arrays in PHP? Or is that symbol used for something else that I haven't read about yet? What is the proper channel for making suggestions like this? Thanks, Marc Hi Marc, I'm a PHP n00b as well and had similar thoughts regarding this.. just imagine two variables called the same thing.. a string and array.. and accidentally resetting one.. $oops = something; however, from my experience, there is often this kind of problem in any language, and that is where naming conventions come in very handy. I don't know if the PHP community has any standard convention.. but I would suggest something like: $a_foo (for arrays) $f_foo (imploding into form variables) $s_foo (string variables) $db_foo (variables coming from databases perhaps) etc.. This way, you'd never be confused of the origin of the variable. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
tedd wrote: At 1:54 PM -0500 1/7/11, Joshua Kehn wrote: Why should someone stop learning ever? Because my head fills up. I have to wait until I forget something before I can learn something new. The up-side is that I'm learning something new almost every day now. Cheers, tedd lol.. I just play too many video games.. it frees up all sorts of space. ;-) Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] First PHP job
Hello!, .. will try to keep this short! I've been a long time lurker but minimal poster. I made it a new years resolution to finally take on PHP jobs and now have my first one (with a completion date in a couple weeks!). I've been scripting in another language for many years and do know a thing or two.. but anticipate bothering the list a few times in the near future... hope that is fine with you all. I'm just about through Larry Ullman's PHP third edition that I started a couple days ago. Good book to start with I think, even for folks who have some kind of head start in Web Programming. I'm able to skim over a lot of it. I don't know how you all remain sane in dealing with quotes workarounds in echo/print statements, having to open/close PHP parsing using ?php ? all the time, and having to deal with array's for just about everything... but I'm sure I'll get used to it and it will become second nature at some point. ;-) ..Just turned 40 and had to finally change my monitor settings from 1920 X 1200 to 1344 X 840, which was like breathing fresh air after being in a coal mine for 8 hours... I should have done that 5 years ago I think. Cheers, to a new year, and new tricks for old dogs! ;-), Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Help: Validate Domain Name by Regular Express
Daniel Brown wrote: On Sun, Jan 9, 2011 at 11:58, teddtedd.sperl...@gmail.com wrote: For example -- http://xn--19g.com -- is square-root dot com. In all browsers except Safari, PUNYCODE is shown in the address bar, but in Safari it's shown as ˆ.com Not sure if that's a typo or an issue in translation while the email was being relayed through the tubes, but ˆ.com directs to xn--wqa.com here. error in translation. I get the same domain for: seamonkey firefox googlechrome safari but yes, the actual square root character appears in safari only. Interesting! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Static content at runtime
k...@bitflop.com wrote: On Tue, 28 Dec 2010 23:25:57 -0600 Donovan Brookeli...@euca.us wrote: and btw, I found that Billy Hoffman article to be inaccurate in many of his assertions. Would you mind sharing in what ways you found his assertions inaccurate? Kind regards, Kim Cheers, Donovan -- D Brooke Well sure.. I have some time.. it's the holidays. ;-) I don't entirely agree with the premise first of all... I think serving dynamic content at runtime works well 90% (loose figure) of the time and ultimately creates a system that is easy to troubleshoot and maintain, and which always has realtime accurate data. I should first preface my comments that I am not against a publishing system, nor a caching system when the project needs, or growth/performance needs, would require (or could benefit from) it.. however, I also believe that those requirements are a small portion of the projects/jobs out there these days. The author says: Since the web server is not serving a static file, there will be no Last-Modified header sent by default. That means no conditional GETs and no 304 responses which means lots of bandwidth consumption. That is not quite accurate.. a programmer can force http headers. PHP, like virtually all application tiers, produces a chucked response. This is because the web server has no idea what the content length will be because it is dynamically generated. Dynamically generated chunked responses will not send the Accept-Range header. This means no pausing or resuming or error recovering. The entire resource must be re-downloaded. First, I think he means Accept-Ranges header.. and as in my previous comment, a programmer can manipulate http headers... which makes some of his other reasoning not quite accurate. Lastly he proceeds on to illustrate a dynamic resource (http://example.com/combine.php?files=a.js|b.js|c.js), apparently, as a a reason why serving dynamic content is not as good as serving static content (for security reasons). At this point, it's really just him showing off his ability to spot hackable code I think. ;-) My answer to that is that it has nothing to do with runtime code vs. published static content, and everything to do with the noob programmer who decided to make a hackable get request a part of their app. Overall, to me that article may provoke some good thought.. but I would treat it like Rush Limbaugh.. don't buy into all of it. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Static content at runtime
k...@bitflop.com wrote: Hi. I am currently looking into improving a system that (like many systems) generate static content at runtime. I have always been against generating static content at runtime and believe static content should be generated by a cronjob or manually at some idle time (if possible). This will provide real static content (no PHP at all) that doesn't need to be checked every time a request is made hence a huge performance benefit is achieved. Does your needs really call for a publishing system at all? Back in the day, machines were slow and search engines didn't like much of the URL past the ?.. thus creative app design was needed to get around these issues, such as publishing systems and caching etc... Since it was stated you are improving a system.. I thought this would be something to consider. Today, it's a lot easier to create a punctual, scalable, and search engine friendly app that doesn't use a publishing system (nor caching). Anyway, my point is sometimes improving a system, can mean making it simpler. If publishing or caching is not needed, why complicate the matter?.. and btw, I found that Billy Hoffman article to be inaccurate in many of his assertions. Cheers, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Robust PDF editing on the fly
Hello!, Longtime member, rare poster here. I am browsing around right now regarding the subject line, and have looked at the HTML_toPDF project http://www.rustyparts.com/pdf.php that also includes a PDFEncryptor system in it.. but I thought I'd post to the list to see if anyone has any recommendations or comments. I'm particularly looking at editing some of the more advanced security features of PDF (if possible) on-the-fly.. things such as limiting printing, encryption etc.. I am building some basic epub sale/distrobution/DRM features for a client. TIA for any comments! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Robust PDF editing on the fly
Ashley Sheridan wrote: [snip] I don't think PHP really has anything good for higher level editing of PDF's. Simple stuff only really. You could maybe look at doing some command line stuff on a system using a later version of OpenOffice which has just now got some very good PDF editing features. Thanks, Ash http://www.ashleysheridan.co.uk Hi Ashley, Actually, I installed this: http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=tcpdf and was able to apply certain DRM stuff right away. I haven't yet tried editing an existing pdf document with it.. but I created a pdf from scratch that required a password to do just about anything... open, print, modify, copy etc.. A good start anyway. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
