Re: [PHP] What's wrong the __autoload()?
Oh, I get it. Thank you! On Wednesday 12 March 2008 15:26:01 Richard Heyes wrote: I'm wondering what's wrong with the use of __autoload(), since I see that projects like the Zend Framework don't use it and prefer to require_once each required file. Things that happen without you explicitly causing them (ie require() et al) can lead to confusion. For example a junior developer who doesn't know of its existence and is new to a job is less likely to admit ignorance and ask how a class is being defined when __autoload() is being used. -- Gustavo Narea. http://gustavonarea.net/ Get rid of unethical constraints! - Switch to Freedomware: http://softwareliberty.com/ - Reclaim your culture: http://lifesnotreadonly.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What's wrong the __autoload()?
Hello all, I'm wondering what's wrong with the use of __autoload(), since I see that projects like the Zend Framework don't use it and prefer to require_once each required file. Thanks in advance. -- Gustavo Narea. http://gustavonarea.net/ Get GNU/Linux! http://www.getgnulinux.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP !== Hypertext Pre-Processor
Hello everybody. Don't you think that PHP should no longer stand for Hypertext Pre-Processor? This great programming language is *much more* than a Hypertext Pre-Processor! Do you agree with a 3rd --and hopefully, the last-- change to the meaning of PHP? I don't have a candidate yet, but I do believe it definitely has to change. By the way, if it's going to change: Please, no more recursive acronyms. Cheers! -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP !== Hypertext Pre-Processor
Hi, Jay. Jay Blanchard wrote: [snip] Don't you think that PHP should no longer stand for Hypertext Pre-Processor? [/snip] I don't think that anyone is really worried about this anymore. Please take a look at this post http://blogs.phparch.com/mt/?p=125 and this comment by Chris Shiflett http://blogs.phparch.com/mt/?p=125#comment-7459. They aren't saying this acronym has to change, but it could be better... So, why don't we change it? That's what I mean. In the end, as I already said, PHP is much more than a Hypertext Preprocessor. Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP !== Hypertext Pre-Processor
Hi, Jay. Jay Blanchard wrote: [snip] Please take a look at this post http://blogs.phparch.com/mt/?p=125 and this comment by Chris Shiflett http://blogs.phparch.com/mt/?p=125#comment-7459. They aren't saying this acronym has to change, but it could be better... So, why don't we change it? That's what I mean. In the end, as I already said, PHP is much more than a Hypertext Preprocessor. [/snip] I know these guys and appreciate their viewpoint, but if you change the name you may do more harm than good. Let's call it Foo. When it was changed to Pre-Hypertext Preprocessor it was a kludge from Personal Home Page (which sounds like a hobbiests version of something other than a language). Any change will have to have back reference to PHP. The books on the shelf and the books being authored, how do you handle that? I am not suggesting to change PHP, but change what PHP stands for. Change PHP would have no point and would be worst, IMO. When you introduce somebody to PHP, you say It stands for Hypertext Pre-Processor and you can do server-side and command-line scripting, even GUI applications. I doesn't make sense, IMO. Hypertext PreProcessor was a fair name for PHP3, but It isn't for PHP4 nor PHP5... and It'll be worse for PHP6 http://www.php.net/~derick/meeting-notes.html. What about PHP9? I think PHP is growing and someday that recursive acronym will become unacceptable. I think we better make the switch now, I mean on the PHP6 release. Cheers! -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] APD generates no output
Hello, Jochem. Thanks for your response. I just filled a bug report because I realized there are many bugs like the one I have, specially with PHP v5.0.3. Cheers! Jochem Maas wrote: Gustavo Narea wrote: Hello everybody. I'm trying to use the Advanced PHP Debugger (APD), but it generates no output. Actually, It does generate a file, but with no content. What's going on? 1.- I installed the APD by running `pear install APD` with no problem. 2.- Setup my php.ini file the same way as described in http://php.net/apd. 3.- Restarted my web server. 4.- Called the apd_set_pprof_trace() function at the first line of my script. 5.- Loaded the web page. I have error_reporting set to E_ALL and display_errors is enabled, but... PHP doesn't output errors, does it mean that everything was OK? you would think that wouldn't you! but there is a possibility that php is crashing and leaving no trace of the event - I have seen it happen alot (I get the impression what I witnessed is related to the use of __get()/__set() in php5 objects) 6.- When I open the file generated by APD, I realize it's empty. 7.- Anyway, I run `pprofp -R pprof.number.0`, but there's no output (not even an error message). I was using PHP v5.0.4 and APD worked just fine, but I had to downgrade to PHP v5.0.3 and now I have this problem. In both versions of PHP I was using APD v1.0.1. The fact that I had downgraded to v5.0.3 has nothing to do with this problem (IMO), as I deleted all of the files in the previous PHP directory prior to install PHP 5.0.3. just because you have a pristine installation of php5.0.3 doesn't necessarily mean that: a, it's not broken. b, APD actually works with that version. TIA! Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] APD generates no output
Hello everybody. I'm trying to use the Advanced PHP Debugger (APD), but it generates no output. Actually, It does generate a file, but with no content. What's going on? 1.- I installed the APD by running `pear install APD` with no problem. 2.- Setup my php.ini file the same way as described in http://php.net/apd. 3.- Restarted my web server. 4.- Called the apd_set_pprof_trace() function at the first line of my script. 5.- Loaded the web page. I have error_reporting set to E_ALL and display_errors is enabled, but... PHP doesn't output errors, does it mean that everything was OK? 6.- When I open the file generated by APD, I realize it's empty. 7.- Anyway, I run `pprofp -R pprof.number.0`, but there's no output (not even an error message). I was using PHP v5.0.4 and APD worked just fine, but I had to downgrade to PHP v5.0.3 and now I have this problem. In both versions of PHP I was using APD v1.0.1. The fact that I had downgraded to v5.0.3 has nothing to do with this problem (IMO), as I deleted all of the files in the previous PHP directory prior to install PHP 5.0.3. TIA! Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: security of uploaded gif files
Hi, James. James Benson wrote: Even if you can embed PHP in a GIF it would still need to be executed by PHP as PHP code, would PHP actually execute that file when it looks like an image, I would think PHP would output an error? Unless you include/require or eval() its content, PHP won't execute it. More importantly though, you should be checking the file extension of uploaded files to make sure it is only a .gif I can make a javascript file with a .gif extension, actually. Take a look at exif_imagetype(). Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security of uploaded gif files
Hi, Gerry. Gerry Danen wrote: There's a couple of things a person can do. 1. check for .gif extention 2. see if exif_imagetype() returns type IMAGETYPE_GIF 3. see if getimagesize() returns reasonable values and not FALSE 4. check the file content for binary vs text content It's enough to know whether it's an image and has a reasonable size. What if there is no .gif extension? Rename the file. I think the last step makes no sense. Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to create a php5 extensions on C/C++, reflecting php Class Api's ?
Hello, Edwin. Edwin Barrios wrote: Hi,I'm a PHP web programing, but i wanna learn how to develop php5 extensions on C/C++. I found php5 a good language to apply Objects programing, and it has very usefull examples of OO extensions as SimpleXML, DOM, Sqlite; for this reason i wanna develope my extension following those styles of API's . I've read some docs about creating a php extension that appears as new functions on PHP, but i can't find info to develop extensions that appear as classes on PHP . I think that in chapter #15 of PHP 5 Power Programming you're going to find what you are looking for. Saludos! -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is it possible to use header() to POST form data?
Hello. pw wrote: Does anyone know if it's possible to use the header() function to POST form data to a URL? If so what syntax needs to be used? I guess you cannot use the header() function in that way. Take a look at the header() documentation http://php.net/header. What do you need to do? Are you working with wrappers? If so, take a look at the 2nd example in the streams documentation http://php.net/stream. Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What software do you use for writing PHP?
Hi. £ukasz Hejnak wrote: I use Bluefish, it's a very nice GTK+ based editor, with all types of code highlightning (html, php, c/c++, pascal, java, python are just a part of it). And that's pretty much all the features of it I use, maybe also the well written replace method. Besides that I use it as a typical text editor, I'm not too keen on template's. I use Bluefish too and I like it, but I admit that the syntax highlighting cannot be worst: I have to press F5 when I type quotation marks in PHP. I think I'll switch to eclipse. If you're using Windows, I suggest you to use Macromedia Dreamweaver. Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: GD Graph tutorial?
Hello, Ashley. Ashley M. Kirchner wrote: Does anyone know of a good GD tutorial for creating graphs? I like this one: http://www.nyphp.org/content/presentations/GDintro/ Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] page duration tracking
Hello. Jesús Fernández wrote: I think you could use cookies for this. When the user loads the page you can write a cookie with the timestamp and the page loaded writen on it. Then when the user request another page, load if the cookie exists and then you can calculate the time spent on a certain page... If I click two links within 1 second from the home page, the result won't be what you were expecting, unless you also take into account the HTTP-REFERER, but... Is It a worthwhile task to be storing both timestamp and HTTP-REFERER for each loaded web page? I don't think so. So, If I must track the duration of time each individual visitor spent on a specific web page, I'd use the javascript method that Mike mentioned. Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Password() function
Hi. Ahmed Saad wrote: On 11/26/05, Yaswanth Narvaneni [EMAIL PROTECTED] wrote: I 'dont' want to use something like select * from table where table.passwd=password($passwd); Well, i think you better use a specific password hashing function rather than MySQL's password() 'cause it's implementation is not consistent across versions (IIRC. they broke backward compatibility in version 5).. Use md5() or sha1() so you know what alghorithm is used and you can be almost sure that implementation across langauges and versions is the same. Yes, That's something important. Yaswanth, take a look at: http://phpsec.org/articles/2005/password-hashing.html Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SQL Password() function
Hi.
Yaswanth Narvaneni wrote:
Hi!
Is there a function (or a code snippet) in PHP for mysql password() function?
I 'dont' want to use something like select * from table where
table.passwd=password($passwd);
Is there any other alternate way to do it?
Try this:
?php
$mypassword=this is my password!!!;
$query=mysql_query(SELECT PASSWORD('$mypassword'));
list($mysql_pass)=mysql_fetch_array($query);
mysql_free_result($query);unset($query);
printf( My password is quot;%squot; and Its hash value .
is quot;%squot; computed by the MySQL PASSWORD() function,
$mypassword, $mysql_pass);
?
You don't need a MySQL connection.
Happy weekend.
--
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
Hi, Richard. Richard Lynch wrote: On Sat, November 12, 2005 10:29 am, Gustavo Narea wrote: - AFAIK, there are 3 versions of the Standard SQL (1993, 1999 and 2003), but, Which one am I going to need for this test? I think it would be best to focus on SQL 92 because: A) It's unlikely that a significant number of Zend Cert questions would be THAT picuyane to depend on SQL99 (?) or SQL03 (??) B) Most db platforms haven't even caught up to SQL92 yet, not fully. They're all close but none are done. So you may miss a question or two because of the difference between reality and the Cert test question, but you won't miss a whole bunch of them. Yes, I am going to take that into account. By the way, I was wrong: There are more than 3 versions of this standard; according wikipedia there are five. - Should I learn to use another HTTP server? HTTP server? It might be good to play with PHP on a Windows box, just to see what it's like... Not with IIS, though, as that's just TOO painful :-) Good ;-), I spent a couple of years using PHP on Window$ (with Apache) before switching to GNU/Linux a few months ago. Another SQL server would probably be even more useful. PostgreSQL is probably the easiest (and certainly the cheapest) to try from a MySQL background. And PostgresQL is picky enough that all the bad habits you picked up in MySQL will get corrected pretty quick-like. :-) That's a good reason for me to learn PostgreSQL! Thanks you so much, Richard. Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
Hello. Alright, I get it. Thanks! Marco Kaiser wrote: Hi, i mean http://www.phparch.com/cert/ :) -- Marco Aren't they the same books? I mean, I see the same authors, the same titles and the same pictures. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Recommendations for the Zend PHP Certification
Hello everybody. I want to take the ZPC test the next year and I am going to buy these books: - Zend PHP Certification Study Guide. - Zend PHP Certification Practice Test Book. Are these ones enough? Should I get other books? By the way, my skills are oriented to LAMP and according to what I read on the ZPC's FAQs that is not good. I must know the Standard SQL, not only MySQL. So, I have these questions: - Where can I find the Standard SQL? I've been googling for it, but I couldn't find it. - AFAIK, there are 3 versions of the Standard SQL (1993, 1999 and 2003), but, Which one am I going to need for this test? - Should I learn to use another HTTP server? Do you have any other suggestion? Thanks in advanced! Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendations for the Zend PHP Certification
Hello, Marco. Thanks for your response! Marco Kaiser wrote: Hi Gustavo, I want to take the ZPC test the next year and I am going to buy these books: - Zend PHP Certification Study Guide. - Zend PHP Certification Practice Test Book. Take the Study Guide from php-architect. Its better than the Zend book. Aren't they the same books? I mean, I see the same authors, the same titles and the same pictures. Cheers. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
Hello. Richard Lynch wrote: On Thu, November 10, 2005 10:45 am, Gustavo Narea wrote: CAPTCHA tests are indispensables. The problem comes when you *only* use visual tests (such as visual turing numbers). If you need CAPTCHA tests, you may use them both visuals and audibles. This is a good example: https://www.e-gold.com/acct/login.html So the user who is both blind AND deaf? Or the blind user who is at a library computer with no audio output? You may find many possible solutions on the web-page I suggested. For example: Logic puzzles http://www.w3.org/TR/2003/WD-turingtest-20031105/#logic. As I said previously, It depends on the target of your website. For instance, if your website is for web designers, you may only need to use visual turing numbers: They must have a user agent which is able to process images and I cannot imagine a blind web designer. On the other hand, if your website is for programmers, you may want to know that programmers can be blind (although you won't take this into account): http://www.blindprogramming.com I saw some research where out of four people with normal hearing, all four were unable to distinguish the crappy audio output into the correct word and use a site. Granted, a very small sample, and the audio from the test site may well have been at the low end of the spectrum for quality. But it was a real site, and these were just regular people roped in for a test of the audio's usefulness. As cool as CAPTCHA seems at first, I don't think it's going to be a long-term solution. In the meantime, I think It's the best we can do. Best regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
Hello. Richard Lynch wrote: On Thu, November 10, 2005 10:11 am, Jochem Maas wrote: rant mode=troll sarcasm=true anger=+3 replies=duck ... or put another way - is there a good reason why the web should be any less discriminating than the rest of society. Yes. It's the WORLD WIDE WEB. I mean, it's all very well to discriminate against those people way far away whom you will never see in the first place, but they're not any farther away any more, are they? :-^ [tongue firmly planted in cheek, folks!] Yes, I agree with you here. And if you are a large corporation, you very well may be subject to laws with significant risks attached ($$$) for not being accessible. Google for Olympic Committee blind user Australia big fine for more on that topic. That alone makes it worth considering. But it depends on the country. It should be something international. At least in Venezuela, It isn't so. Another very good reason is that even normal users have a not-so-good experience with the damn things. I agree with you. On the other hand, in many sites, visual turing numbers are very hard to understand. Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot find bison and Flex even when those are installed
I'm not pretty sure, but I think I did this before running ./configure: # export YACC=bison Cheers. Dan McCullough wrote: You might have to change the configure option from with-bison=/usr/local/bison to with-bison=/usr or even with-bison= Happens to me alot. This would also be a better email for the PHP INSTALL list On 11/11/05, Jurgen [EMAIL PROTECTED] wrote: Dear group I tried to install php 4.3.11 on Linux Suse 6.4. I've installed bison and flex in /usr/local/ When I run ./configure in my php-dir he tells me he can't find bison and flex. How can I solve this matter Jurgen Campforts Lichtaartsebaan 58 2460 Kasterlee Tel: 0496/60.25.75 http://www.wandelmee.be -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] undefined index and php
Hello. [EMAIL PROTECTED] wrote: why the question mark and the colon? What is the long hang eqivalent. That's the Ternary operator. Whether you want to get further information, go to: http://php.net/manual/en/language.operators.comparison.php Regards. -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] java .vs php
Google uses PHP too. For example: http://toolbar.google.com/failed.php http://toolbar.google.com/whatsnew.php3 http://www.google.co.ve/search?q=%22google+uses+php%22 Regards. Skippy wrote: Quoting [EMAIL PROTECTED]: I know Yahoo! uses PHP and I've heard Google does as well? Google uses Python. http://www.python.org/Quotes.html -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: security code
Hello. CAPTCHA tests are indispensables. The problem comes when you *only* use visual tests (such as visual turing numbers). If you need CAPTCHA tests, you may use them both visuals and audibles. This is a good example: https://www.e-gold.com/acct/login.html Regards. Jochem Maas wrote: rant mode=troll sarcasm=true anger=+3 replies=duck this email contains swearing so that the sensitive amongst you will be spared what I have to say (assuming you have a stupid 'Im a sensitive person, don't expose me to bad language' mail filter) Gustavo Narea wrote: Hello, Clive. Depending on the target of your website, you shall need to keep in mind the (in)accessibility of this kind of tests: http://www.w3.org/TR/2003/WD-turingtest-20031105/ right and almost 3 people on the planet care in practice. besides the chances are the blind person in question will not be able to navigate through your sea of nested tables. (have you ever heard a screen reader walking thru 5 level of tabel nesting so that you can be told of the lovely logo image that the nested tables are apparently positioning ... fantastic oh any then there is the problem of inaccesibility of mailboxes (because it's full, overloaded, etc) because every spammer and his dog can write an automated mailing script that uses your webform if you don't stick some sort of CAPTCHA in there... the most inaccessible on the web currently is the 'look how clever we are' language and document structures used through out the W3C site - bloody impenetrable. pot calling the kettle black so what if every user agent under the sun can 'read' the W3C site - *I* can't read it, fat chance my browser will be able to explain it to me. given that 9 out of 10 government buildings worldwide are not even accessible by wheelchair users (I didn't do the research but I'm willing to put some money on it) worrying about inaccessible webforms is maybe a little premature. - and given that we, in the west (at the least - I don't believe asians, arabs, whatever are any nicer) are a bunch of body facist hate mongerers - your television and billboards are telling you that if you have a disability (that includes being ugly) then you should be figuring out how to get the f*** off our Calvin Klein planet or put another way - is there a good reason why the web should be any less discriminating than the rest of society. rant By the way, AFAIK they are also known as turing numbers. Regards. Clive wrote: Hi does any one have a class/function to generate those security code images. Yhe ones that you see on website that you must enter to submit a form thanks clive -- Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: security code
Hello, Clive. Depending on the target of your website, you shall need to keep in mind the (in)accessibility of this kind of tests: http://www.w3.org/TR/2003/WD-turingtest-20031105/ By the way, AFAIK they are also known as turing numbers. Regards. Clive wrote: Hi does any one have a class/function to generate those security code images. Yhe ones that you see on website that you must enter to submit a form thanks clive -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Security Issues - Where to look?
*Distrust everything coming from your users, even their user agents* *If you make your scripts taking this into account, they'll be pretty secure* Actually, I believe that the one thing you can trust in, is their IP addresses. Isn't it? By the way, I liked the link that Pablo suggested: http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ Cheers. Richard wrote: I've heard that php is not particularly secure, making it problematic if you intend to create a web site with commerce, etc. Is there a particular news group that addresses security issues? I'm looking for some guidlines on ensuring that my site is secure from malicious hackers. Thanks, Richard -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Hello, Chris. I will take into account what you said. It is right what you mentioned regarding that example. We have to take into account that cookies can be stolen. Thanks for the URLs, I will visit them. Cheers. Chris Shiflett wrote: Gustavo Narea wrote: By the way, I liked the link that Pablo suggested: http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ Be careful. There is a lot of misinformation out there regarding PHP security, and this article is a good example. Here's something that caught my eye: The second solution is to only store their username and password in a cookie, and with every call to the script, validate the username and password and verify if the user is an administrator. If the problem is how to expose a user's sensitive data as much as possible, then this is a solution. However, I doubt that's the intent. This is such a common mistake that it is something I specifically search for when auditing a PHP application, as I mention in this talk: http://brainbulb.com/talks/php-security-audit-howto.pdf The PHP Security Consortium is trying to resolve this problem of misinformation in a positive way (we don't want to disparage people's hard work and spread bad vibes). We've created a library of links to approved resources that we've read through to make sure the advice given is sound. You can find this library here: http://phpsec.org/library/ Hope that helps. Chris -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Security Issues - Where to look?
Hello. I found a document titled A Guide to Building Secure Web Applications http://www.cgisecurity.com/owasp/html/index.html while I was reading one of the documents you suggested us, and I would like to know what do you think about it? -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Thanks for the explanation, Richard. I'll definitely take it into account. So, let's distrust *everything*. Best regards. Richard Lynch wrote: On Tue, November 8, 2005 9:43 am, Gustavo Narea wrote: *Distrust everything coming from your users, even their user agents* *If you make your scripts taking this into account, they'll be pretty secure* Actually, I believe that the one thing you can trust in, is their IP addresses. Isn't it? No! IP is useless for identification or authentication of the general web-surfer: Users behind firwalls will all appear to be from one (1) IP AOL users change IPs faster than drummers change underwear But even in the more restricted case of an IP you know will never change (e.g.: intranet application), that IP can be spoofed, by a knowlegable person. And/or traffic to/from that IP can be targetted and examined. The user's IP address is a useless bit of fluff you should ignore at all times if you REALLY care about security. This is not to say it's not TOTALLY useless... You might, for example, allow developers from 192.168.*.* to surf to your http://php.net/phpinfo page on a development box. After all, if somebody has already broken through enough walls to surf to it, and mask their IP as 192.168.*.*, you probably already have MUCH bigger problems than them seeing phpinfo() output... It would be BETTER to require a password of some kind, but it's not totally wack to just use $_SERVER['REMOTE_ADDR'] for this. You can use IP for statistical analysis of visits/visitors and be reasonably certain that MOST of the IP addresses are accurate and semi-static for a crude visitor/traffic monitoring, but knowing that a certain percentage of error is inherent to that data -- more like an opinion poll than anything. -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Security Issues - Where to look?
Thanks once again, Chris. I must read that guide. Have a nice day! Chris Shiflett wrote: Gustavo Narea wrote: I found a document titled A Guide to Building Secure Web Applications http://www.cgisecurity.com/owasp/html/index.html while I was reading one of the documents you suggested us, and I would like to know what do you think about it? The OWASP Guide is good, but that site has an old version. You can check OWASP for the latest: http://www.owasp.org/documentation/guide/guide_downloads.html Hope that helps. Chris -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hotmail don't accept this message function any more!!
Hello. xfedex wrote: The function works fine if you send it to a different domain? I think it's not a hotmail problem, instead, may be a configuration problem in your webserver. Saludos! Fede. I agree with Fede. On the other hand, Have you changed any setting in your Hotmail account? Have you searched for that message into the junk mail folder? -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: str_ireplace problems.
Hi, Daniel. Daniel Spain wrote: //Remove the drive letter and replace it with a single slash $step1 = str_ireplace(T:\\, \\, $_POST['path']); $step2 = file:server01\\staffpub.$step1; $html = a href=\.$step2staff.\Staff/abr /; $result = htmlspecialchars($html); Where is the definition of $step2staff? On the other hand, What's the problem? What is what you get? Do you get any error message? -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: str_ireplace problems.
Daniel Spain wrote: //Remove the drive letter and replace it with a single slash $step1 = str_ireplace(T:\\, \\, $_POST['path']); I would use: $step1 = ereg_replace(trim(^[:alpha:]),,$_POST['path']); This will remove the first letter of the string. You should use this, unless this letter is T forever. As far as I can see, this is for Windows, and the letter may change depending on the machine. On the other hand, you should verify that the user is sending you a right path. The instruction I suggested you is based on Regular Expressions. If you want to get more information about them, I suggest you: http://www.regular-expressions.info PS: If get_magic_quotes_gpc() returns true, you should use stripslashes() too: $step1 = ereg_replace(trim(^[:alpha:]),, stripslashes($_POST['path'])); -- Best regards, Gustavo Narea. PHP Documentation - Spanish Translation Team. Valencia, Venezuela. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Substr by words
Hello, Marcus.
No, you are right. Your script is better.
I just forgot something I learned about REGEXES: The REGEX engine is
eager. Thus, in this case, It's not necessary to use the caret. The
REGEX engine will start from the first word It finds.
I would use yours ;-).
Best regards,
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.
Marcus Bointon wrote:
On 31 Oct 2005, at 03:29, Gustavo Narea wrote:
I think It is OK what I said about the caret, but what we need to
change is the position of \W*:
Your suggestion: /(\b\w+\b\W*){1,$MaxWords}/
My suggestion: /^(\W*\b\w+\b){1,$MaxWords}/
We need the *first* ($MaxWords)th words.
I makes no difference - they will both work. Mine doesn't care where
the first word starts because it doesn't use ^, and yours doesn't care
where the first word starts because it's got ^ followed by \W*. Your
overall match will end up with leading spaces, mine will end up with
trailing spaces - the subsequent trim fixes them both. I like mine
because it has 1 less char ;^)
Ultimately, if it works for you, great!
Marcus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Substr by words
My script will fail if the amount of words in $MyOriginalString is less
than $MaxWords. So, this is the new suggestion:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 50; // How many words are needed?
$replacement = ereg_replace
(^([[:space:]]*[^[:space:][:cntrl:]]+){1,$MaxWords},
,$MyOriginalString);
echo substr( $MyOriginalString, 0, ($replacement) ?
-strlen($replacement) : strlen($MyOriginalString));
?
Four lines.
BTW: Did I mention that I was forgetful? ;-)
Best regards,
Gustavo Narea.
Gustavo Narea wrote:
Hello.
What do you think about this:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
echo substr( $MyOriginalString, 0, -strlen(ereg_replace
(^([[:space:]]*[^[:space:][:cntrl:]]+){1,$MaxWords},
,$MyOriginalString)));
?
Only 3 lines.
You have to change $MaxWords to 50 if that's what you need.
Best regards,
Gustavo Narea.
Danny wrote:
Hi,
I need to extract 50 words more or less from a description field. How
can i
do that?. Substr, cuts the words. Is there any other way to that, without
using and array? I mean and implemented function in PHP 4.x
I´ve been googling around, but wordwrap, and substr is driving me mad...
Thanks in advance
Best Regards
--
dpc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Substr by words
Hello.
Marcus Bointon wrote:
On 30 Oct 2005, at 06:22, Gustavo Narea wrote:
You could get the regex to do the search and the extraction in one go:
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$matches = array();
if (preg_match(/(\b\w+\b\W*){1,$MaxWords}/, $MyOriginalString,
$matches)) {
$result = trim($matches[0]);
echo $result;
}
I have not used preg_* functions yet, so I may be wrong:
I think that trim($matches[0]) will return the whole string with no
change. On the other hand, I think we have to place a caret after the
first slash.
What about this:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$matches = array();
if (preg_match(/^(\b\w+\b\W*){1,$MaxWords}/, $MyOriginalString,
$matches)) {
unset($matches[0]);
$result = implode( ,$matches);
echo $result;
}
?
By the way, if you're able to use preg_* functions, I suggest you to use
this script instead of the former I suggested. What's the difference?
Let's suppose we have a string with typos such as Mandriva , Red Hat ,
Debian (the right one is Mandriva, Red Hat, Debian, without spaces
before commas). The former script will find 6 words (because of the
spaces before commas), while the latter will find 4 words (Mandriva Red
Hat Debian). In this case, the former was wrong and the latter right.
However, the former doesn't not remove punctuation marks nor spaces
(tabs, fine feeds, among others); the latter will remove any character
which is a non-word character. If you need words + punctuation marks +
spaces up to the ($MaxWords)th word, this is my suggestion:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$replacement = preg_match(/^(\W*\b\w+\b){1,$MaxWords}/, '',
$MyOriginalString);
$result = substr( $MyOriginalString, 0, ($replacement) ?
-strlen($replacement) : strlen($MyOriginalString));
echo $result;
?
Best regards,
Gustavo Narea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Substr by words
Other mistake in my last script.
Gustavo Narea wrote:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$replacement = preg_match(/^(\W*\b\w+\b){1,$MaxWords}/, '',
$MyOriginalString);
$result = substr( $MyOriginalString, 0, ($replacement) ?
-strlen($replacement) : strlen($MyOriginalString));
echo $result;
?
Instead of preg_match(), I had to type preg_replace():
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$replacement = preg_replace(/^(\W*\b\w+\b){1,$MaxWords}/, '',
$MyOriginalString);
$result = substr( $MyOriginalString, 0, ($replacement) ?
-strlen($replacement) : strlen($MyOriginalString));
echo $result;
?
Best regards,
Gustavo Narea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Substr by words
Hello, Marcus.
Marcus Bointon wrote:
On 30 Oct 2005, at 15:35, Gustavo Narea wrote:
I think that trim($matches[0]) will return the whole string with no
change.
No, it will return the entire matching pattern, not just the sub-
matches. I added the trim to remove any leading space, and there will
nearly always be a trailing space because of the part of my pattern
that defines a word will include it. It was simpler to use trim than to
make the pattern skip it. Did you actually try it?
No. I said that I was not that sure about this because I have not used
preg_* functions yet.
On the other hand, I think we have to place a caret after the first
slash.
Only if you insist that your string must start with a word - putting a
^ at the start would make it omit the first word if there was a space
in front if it.
I think It is OK what I said about the caret, but what we need to change
is the position of \W*:
Your suggestion: /(\b\w+\b\W*){1,$MaxWords}/
My suggestion: /^(\W*\b\w+\b){1,$MaxWords}/
We need the *first* ($MaxWords)th words.
Instead of preg_match(), I had to type preg_replace():
err. I think you missed the point here. You don't need all that messy
substr stuff at all. The preg_match already did it.
Sorry, you are right. Maybe I thought I was talking about the former
script I suggested...
What do you think if we use the script you suggested, but we change the
regex to what I said above? It will look like:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
$matches = array();
if (preg_match(/^(\W*\b\w+\b){1,$MaxWords}/, $MyOriginalString,
$matches)) {
$result = trim($matches[0]);
echo $result;
}
?
Best regards,
Gustavo Narea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Substr by words
Hello.
What do you think about this:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
echo substr( $MyOriginalString, 0, -strlen(ereg_replace
(^([[:space:]]*[^[:space:][:cntrl:]]+){1,$MaxWords},
,$MyOriginalString)));
?
Only 3 lines.
You have to change $MaxWords to 50 if that's what you need.
Best regards,
Gustavo Narea.
Danny wrote:
Hi,
I need to extract 50 words more or less from a description field. How can i
do that?. Substr, cuts the words. Is there any other way to that, without
using and array? I mean and implemented function in PHP 4.x
I´ve been googling around, but wordwrap, and substr is driving me mad...
Thanks in advance
Best Regards
--
dpc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Substr by words
If forgot to say that It counts ($MaxWords) words, It doesn't matter if
they're separated by simple spaces, line feeds (Unix, dos or mac), tabs,
among others.
On the other hand, you won't have any problem if you use non-English
characters.
Best regards,
Gustavo Narea.
Gustavo Narea wrote:
Hello.
What do you think about this:
?php
$MyOriginalString = This is my original string.\nWhat do you think
about this script?;
$MaxWords = 6; // How many words are needed?
echo substr( $MyOriginalString, 0, -strlen(ereg_replace
(^([[:space:]]*[^[:space:][:cntrl:]]+){1,$MaxWords},
,$MyOriginalString)));
?
Only 3 lines.
You have to change $MaxWords to 50 if that's what you need.
Best regards,
Gustavo Narea.
Danny wrote:
Hi,
I need to extract 50 words more or less from a description field. How
can i
do that?. Substr, cuts the words. Is there any other way to that, without
using and array? I mean and implemented function in PHP 4.x
I´ve been googling around, but wordwrap, and substr is driving me mad...
Thanks in advance
Best Regards
--
dpc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Substr by words
Gustavo Narea wrote: If forgot to say that It counts ($MaxWords) words, It doesn't matter if they're separated by simple spaces, line feeds (Unix, dos or mac), tabs, And punctuation marks. Sorry, I'm very forgetful tonight! Cheers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
