Re: [PHP] https question
On Sep 25, 2013, at 1:55 PM, Tedd Sperling t...@sperling.com wrote: Hi gang: I have a client who had his entire site moved to another host -- no big problem. However, the old site had a https directory, where I had secure scripts to do credit-card transactions, but the new site doesn't have a https directory -- in fact it doesn't even have a http directory at all. So, what options do I have to do secure transactions? I remember someone saying that this could be done via a .htaccess file, but I don't have the code, nor am I positive this is the answer. What do you recommend? Thanks, tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 2:24 PM, Tedd Sperling tedd.sperl...@gmail.com wrote: I understand that cc processing should be done via https. Normally, that means to me that I place my $ scripts in a https directory -- the problem is that I don't have one with this host. So, I am asking how does one do that with a https directory? Thanks, tedd ___ tedd sperling tedd.sperl...@gmail.com I'm saying the site should be served entirely under HTTPS. There shouldn't be separate https/http directories. Apache (or whatever your web server is) has a certificate installed on it and that vhost is configured to only respond to https requests. Typically this also means running a separate vhost on http that redirects to the https variant. Where is this new host? It should be a dedicated box (vps or other) due to how the certificates need to be issued (dedicated ip address). Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:04 PM, Daniel Brown danbr...@php.net wrote: I'm in my mid-thirties and - despite having an optical mouse - I do indeed still use a mousepad. A customized one that the wife did for me for Christmas one year: images of Futurama, the Cleveland Browns, Minnesota Vikings, and several aircraft, all surrounding a picture of her and our daughter. I've found that shiny surfaces - such as my desk - reflect too much of the laser, causing the mouse to be far less responsive. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:26 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn josh.k...@gmail.com wrote: Slightly snobbish solution: Don't use windows. Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:23 PM, Larry Martell la...@software-horizons.com wrote: On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn josh.k...@gmail.com wrote: I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. When I'm on my MacBook (which is most of the time) I use the trackpad. But in the unfortunate times I have to be on a Windows box I always connect a mouse. Slightly snobbish solution: Don't use windows. --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pass parameter from client to server
Could also use jquery instead Best, -Josh ___ http://byjakt.com Currently mobile On Jul 19, 2013, at 4:08, Tedd Sperling t...@sperling.com wrote: One additional comment. Please change the javascript onclick to onchange -- that way the demo will work for Chrome as well as other Browsers. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
while true; do curl -X POST --data field=valuefield1=value1 http://myblog.com/comment.php; done Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Oct 11, 2012, at 4:07 PM, Paul M Foster pa...@quillandmouse.com wrote: Folks: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] else if vs switch
Way easier to just use a map.
$mapping = array(
'Calgary' = abc@emailaddress,
'Brooks' = def@emailaddress,
// etc
);
$toaddress = $mapping[$city];
Regards,
–Josh
Joshua Kehn | @joshkehn
http://joshuakehn.com
On Jun 15, 2012, at 6:20 PM, April Mains wrote:
I have 25 cities and am currently using the following to set the $toaddress
for submitting student pre-registration forms based on the city selected:
if ($city == Calgary) {
$toaddress = abc@emailaddress;
} elseif ($city == Brooks) {
$toaddress = def@emailaddress;
and so on.
Would using switch statements like the following make any appreciable
difference?
switch ($city) {
caseCalgary:
$toaddress = abc@emailaddress;
break;
caseBrooks:
$toaddress = def@emailaddress;
break;
and so on.
Is there a more elegant solution?
Thank you for your help,
April
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] To ? or not to ?
I leave them off of any non-view PHP file. It doesn't have any downsides, and leaving them in can cause problems. Just like short tags! Regards, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Apr 3, 2012, at 5:29 PM, Tedd Sperling wrote: Hi gang: Let me start a religious war -- should one end their scripts with ? or not? After years of never having a problem with ending any of my scripts with ?, I found that several students in my class had scripts that did not produce the desired result even after they were given the scripts via highlight_file() to cut and paste. As it turned out, several students copy/pasted the script with an addition whitespace after the ending ? and as such the scripts did not run as expected. You see, the scripts created image but apparently the image delivery method objected to the additional whitespace. Does anyone have more examples of where scripts will fail IF they end with ? (note the additional space)? Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Turning a string into a condition
Can you explain a more clearly what it is you're trying to accomplish? It sounds like you have a string $x $y in the database that you then replace into a string 4 5 which you want to test a conditional on. If this is the case, why are you storing conditionals in the database? Regards, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Feb 16, 2012, at 3:31 PM, Marc Guay wrote: Hi folks, I've constructed simple conditions based on DB data and would like to actually evaluate them with PHP. For example, the coded string $x $y has been str_replaced into 4 5, but now I would actually like to use that string in an if() statement. I tried eval() but got an unhelpful error, any thoughts would be welcome. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with date
$pubdate is probably null or something.
Regards,
–Josh
Joshua Kehn | @joshkehn
http://joshuakehn.com
On Dec 7, 2011, at 1:48 PM, Jack wrote:
Hello All,
I have a problem where Dates are coming out as 12.31.1969 19:00:00 which of
course we didn't have PC's in 1969
I'm not able to see where the date is getting screwed up, any ideas??
//
#
function ShowFeed_RSS($XmlRoot) {
$title = GetFirstChildContentByPath($XmlRoot, channel/title);
$link = GetFirstChildContentByPath($XmlRoot, channel/link);
$desc = GetFirstChildContentByPath($XmlRoot, channel/description);
# Next 2 lines display the title of the feed, and feed description
# echo font face=arial color=blue size =2ba
href=\$link\$title/a/b\n;
# echo $desc;
$nodelist = GetChildrenByPathAndName($XmlRoot, channel, item);
if (!$nodelist) return 0;
foreach ($nodelist as $nl) {
$title = GetFirstChildContentByName($nl, title);
$link= GetFirstChildContentByName($nl, link);
$desc= GetFirstChildContentByName($nl, description);
$creator = GetFirstChildContentByName($nl, author);
#if (!$creator) $creator = GetFirstChildContentByName($nl,
dc:creator);
# echo JACK . $nl . br;
#$pubdate = GetFirstChildContentByName($nl, pubDate);
if (!isset($pubdate)) $pubdate = GetFirstChildContentByName($nl,
dc:date);
#if (!$pubdate) $pubdate = GetFirstChildContentByName($nl, dc:date);
if (isset($pubdate)) $pubdate = strtotime($pubdate);
if (isset($pubdate)) $pubdate = strftime(%m.%d.%Y %H:%M:%S, $pubdate);
$out = $creator;
if ( ($creator != ) ($pubdate != ) ) $out .= @ ;
$out .= $pubdate;
echo a class=\rss-link\ href=\$link\b$title/b/a;
echo font size=1 color=\black\$outbr;
echo font size=2$descbrbr;
# echo font size=1 class=rss-linkThis is not green/font;
}
# this line is after each rss feed group
# echo hr\n;
}
Thanks!
Jack
Re: [PHP] php hide menu
Sounds like a good job for client side JavaScript.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Jun 7, 2011, at 12:40 AM, Chris Stinemetz wrote:
I have three drop down menus in my form. How do I make it so the
second and third menus are only visible once the prior menu was
selected?
Below is the first two drop down menus.
Thanks in advance.
// Generating first menu using array.
$markets = array('MCI' = 'Kansas City',
'STL' = 'ST. Louis',
'ICT' = 'Wichita',
'OMA' = 'Omaha',
'LIN' = 'Lincoln');
echo select name='term'option value=''Choose Market/option\n;
foreach ($markets as $key = $market) {
echo option value='$key'$market/option\n;
}
echo /select;
// This will evaluate to TRUE so the text will be printed.
if (isset($markets)) {
echo This var is set so I will print.;
}
// Then, later, validating the menu
if (! array_key_exists($_POST['Market'], $choices)) {
echo You must select a market.;
}
$query=SELECT cell_sect FROM sector_list order by cell_sect;
$result = mysql_query ($query);
echo select name='cat'option value=''Choose Cell Sector/option;
// printing the list box select command
while($cellSect=mysql_fetch_array($result)){//Array or records stored
in $cellSect
echo option value=$cellSect[cell_sect]$cellSect[cell_sect]/option;
/* Option values are added by looping through the array */
}
echo /select;// Closing of list box
// This will evaluate to TRUE so the text will be printed.
if (isset($cellSect)) {
echo This var is set so I will print.;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Found this and I thought of you.
Hah! That is an excellent example of why to turn error reporting off when deploying code. Regards, -Josh http:joshuakehn.com Currently mobile On Jun 4, 2011, at 7:34 PM, Richard Quadling rquadl...@gmail.com wrote: http://www.exxcire.com/login.php If nothing more than a good bad example. -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] about getting a site
On May 28, 2011, at 2:18 AM, Negin Nickparsa wrote: if i don't have any site can i share my php files in somewhere 4 free? if yes, what u suggest? Nergin- Several small points. 1. Use correct punctuation. Use capitalization. 2. Don't use phrases like what u suggest or somewhere 4 free as it will reflect poorly on yourself and cause most people to ignore your request. 3. The best things in life aren't free, if you want something useful you often have to pay for it in some form. 4. Question: By share do you mean host and run? 5. I am assuming a true flag thrown on point #4; I do not know of any free hosting sites worth mentioning. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] strcmp()?
On May 23, 2011, at 8:00 AM, tedd wrote:
At 8:13 AM + 5/23/11, Ford, Mike wrote:
-Original Message-
From: tedd [mailto:tedd.sperl...@gmail.com]
On Sat, 21 May 2011 09:26:02 -0400, tedd wrote:
The function strcmp() simply evaluates two strings and reports
back -1, 0, or 1 depending upon their alphabetical relationship.
It might do that, but don't bet your horse on it.
http://se.php.net/manual/en/function.strcmp.php
/Nisse
It works that way for me.
Are you absolutely certain about that?
echo strcmp('These are nearly equal', 'These are almost equal'), \n;
echo strcmp('different', 'unequal'), \n;
echo strcmp('b', 'a'), br /\n;
Result:
13
-17
1
The description of the function merely says that the result is 0, 0 or 0
-- it makes no promises about the actual value when it is non-zero.
Mike
Mike:
That's interesting. Try the same comparisons here:
http://www.webbytedd.com/lcc/citw229/string-compare.php
For me they are 1, -1, and 1.
Someone with more smarts than me* will have to figure this one out.
Cheers,
tedd
PS: * I can hear the peanut gallery saying That won't be hard. :-)
--
---
http://sperling.com/
Might that have something to do with the version of PHP running?
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 8:17 AM, tedd wrote: Mike: That's interesting. Try the same comparisons here: http://www.webbytedd.com/lcc/citw229/string-compare.php For me they are 1, -1, and 1. Might that have something to do with the version of PHP running? -Josh -Josh: I've written this on two different servers. One is Version 5.2.15 and the other is version 5.2.5 and they both report the same results. Cheers, tedd I just checked under 5.3.2 and it gives the same -1, 0, 1 results. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 9:28 AM, Alex Nikitin wrote: There is an interesting note in the comments for strcmp: Well, I am using PHP 4.0 and both strcmp and strcasecmp appear to be giving me very arbitrary and incomprehensible results. When I input strings, it appears that equal strings return 1, as well as some unequal strings, and that if the first argument is smaller then I *tend* to get negative numbers, but sometimes I get 1, and if larger I *tend* to get numbers larger than 1.. Guessing that earlier versions of php 4 and before would give the results that would have values other then 1, 0, -1, i looked through the change log, but nothing immediately jumped out, there was a lot of mbstring work done, and they did add the nat comparison functions, and play with the pcre engine a bit, which could have caused this as an unintended result for a few versions, i think though it was a bug at some point, so, maybe a php dev would chime in if they remember...? -- Alex -- -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray All this confusion makes me glad that I'm using === for equality checks instead of strcmp. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 9:45 AM, tedd wrote: At 9:32 AM -0400 5/23/11, Joshua Kehn wrote: All this confusion makes me glad that I'm using === for equality checks instead of strcmp. -Josh -Josh: Yes, but what if you were sorting? I know you could use sort(), but there might be logic where a strcmp() would better solve the problem. Cheers, tedd -- --- http://sperling.com/ Never encountered an issue using sort() as-is. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 9:47 AM, Alex Nikitin wrote: It depends on what you need to check, josh :) If you wanted to say find an anagram, or do a search with some typo correction, strcmp can be many times more helpful then a ===, that said comparing 2 strings to be equal === works about 20% quicker, so it works better for comparing two strings for equality (or unequality) anyways. There is no confusion, strcmp has a documented way in which it is to work in posix-compliant languages, ISO/IEC 9899:1999, 7.21.4.2, so as long as you follow the ISO guidelines for the scrcmp checking, your code should work correctly... -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray It's good to know it's functionality is available in the case that I ever need it. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 20, 2011, at 4:41 AM, Tim Streater wrote:
On 20 May 2011 at 04:03, Alex Nikitin niks...@gmail.com wrote:
but here is a brief example:
(!DEBUG) || error_log(Fetch Data: .memory_get_usage()/1048576);
reads and writes a lot better and faster then:
if(DEBUG) {
$memory = memory_get_usage()/1048576;
error_log(Fetch Data: .$memory);
}
Not to me it doesn't. I find such usage incomprehensible.
tim
I understand what you're doing, and I think it's a bad shortcut to be taking.
Make a dedicated class for logging and handle all this there.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote: Hello Alex, Two (stupid?) questions: 1. Why PHP_SELF is better than SCRIPT_NAME? 2. Why strcmp() is better than just comparing? -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion No idea about the first, and I've never used strcmp() before for an equality check. If there is something I'm missing I would love to know. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 19, 2011, at 3:16 PM, Alex Nikitin wrote:
PHP_SELF requires no processing (i.e. there is no need to do basename())
strcmp is binary-safe, i prefer and recommend using string-safe comparison
functions for strings... here is an example of why:
$value = 0;
if($value==not zero) {
echo oopsie, how did this happen, lets see how this works with strcmp
(or === which i would advise);
if(strcmp($value, not zero) == 0) {
echo You wont see this;
} else {
echo Because strcmp works correctly;
}
}
you can also use the exact comparator ===, as it compares types, it would
work well as well. Infact if you dont need to determing anything about the
string, i would suggest using the === operator as it is significantly
faster:
timed: 0m0.724s
?php
for($i=0; $i=1000; $i++){
if(1 === submit) {
continue;
}
}
timed: 0m4.785s
?php
for($i=0; $i=1000; $i++){
if(strcmp(1, submit)==0) {
continue;
}
}
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
I almost exclusively use ===.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 3:22 PM, tedd wrote: Hi gang: I am considering providing PHP code to the general public via my website This is my first attempt: http://sperling.com/php/authorization/ What do you people think? Cheers, tedd -- --- http://sperling.com/ I can say I really don't like your bracing style. I don't see a reason to use a form submit to go back to the login page, instead I normally present errors on page. Other then that, looks good. Maybe redirect http://sperling.com/php/ to an index of examples? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] A Review Request
On May 18, 2011, at 4:34 PM, tedd wrote: -Josh: There are all sorts of bracing styles, as you can see here: http://rebel.lcc.edu/sperlt/citw229/brace-styles.php Fortunately, we are all free to choose the one we like. :-) I like the Whitesmiths style. As for your other comments, they made good sense to me, so I made adjustments. Thanks, tedd Tedd- Yes, bracing style is one of those personal preference things. Some work better for others. I use Allman style most of the time, unless I'm doing inline anon. functions in JavaScript, then I sometimes switch to KR. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Short tag: why is it bad practice?
On May 10, 2011, at 11:11 AM, Andre Polykanine wrote: Hi everyone, Many times I heard that the following two peaces of code are written in a bad manner: 1. ? echo Hello, world!; ? 2. form action=script.php method=post pYour e-mail: input type=text id=uemail name=uemail value=?=$f['Email']?/p ... /form As for now, I use both quite often. Why is this considered not kosher, I mean, good coding practice? Thanks! -- With best regards from Ukraine, Andre Skype: Francophile Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion Because short tags aren't always enabled and can cause things to break when deploying code to different environments. Best practice dictates that your code should be as environmentally independent as possible. It's another few characters, why neglect it? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bold links
On May 10, 2011, at 1:10 PM, Micky Hulse wrote:
[OT]
Thanks for the informative reply Tedd.
I respect your opinion and I don't think my approach is more right
than yours. I am wondering if this is just a DTD thing. I always use
an HTML 4.01 strict DTD and have not used an XHTML doctype in ages.
As far as I can tell, the specs in XHTML say not recommended, but I
can't find similar text in HTML 4.01 specs.
bJenkins/b vs. span class=bazJenkins/span
... to me, the latter seems to be overkill.
b class=bazJenkins/b
I can't of many times I have done the above... If I need to hook into
the b or i I might just do this (for example):
div id=wrapperBob bJenkins/b/div
#wrapper b { do whatever here }
On Tue, May 10, 2011 at 7:41 AM, tedd tedd.sperl...@gmail.com wrote:
As for me, I choose to never use b and i for anything PERIOD and to
speak out against their use whenever I can. As for table in presentation,
judgment, the b and i tags present more problems than they solve so I
will continue to not use those tags and speak against them.
Looking at your site:
http://sperling.com/
Viewing the source code on your homepage, I see b used 15 times in
the body copy.
I am assuming that maybe you have no control over that portion of your
site due to the CMS you are using?
Could you imagine using strong in all those instances where you used
b? Don't you think that would be overkill?
Sorry to everyone for taking this so OT for the PHP list.
[/OT]
Micky
Unless he is specifically saying to use .php extensions for url's I doubt it's
a CMS.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bold links
On Monday, May 9, 2011 at 6:53 PM, Micky Hulse wrote: On Mon, May 9, 2011 at 2:56 PM, tedd tedd.sperl...@gmail.com wrote: Really? How does the blind via readers, such as JAWS, understand what a B is? First, never use B -- or I for that matter. Second, use strong or em instead. Readers can understand and render STRONG and EMPHASIZED text, but not B and I text -- those tags mean nothing and that's the reason why they are not encouraged for use and even removed from XHTML. Third, if neither of those tags (i.e., strong or em ) work for you, they try using a class (or an id) with a css rule of: [OT] Tedd, it seems like you are spreading a little bit of mis-information here. * i — was italic, now for text in an “alternate voice,” such as foreign words, technical terms and typographically italicized text * b — was bold, now for “stylistically offset” text, such as keywords and typographically emboldened text (W3C:Markup, WHATWG) * em — was emphasis, now for stress emphasis, i.e., something you’d pronounce differently (W3C:Markup, WHATWG) * strong — was for stronger emphasis, now for strong importance, basically the same thing (stronger emphasis or importance is now indicated by nesting) (W3C:Markup, WHATWG) – http://html5doctor.com/i-b-em-strong-element/ Seems to me the original posted just wanted to stylistically offset or bold the last name... I dunno, maybe I am wrong, but here's no good reason to stress stronger emphasis on the last name. There's a time and a place and a reason to use one over the other. Also, I don't think b and i have been removed from XHTML... In fact, they are not even deprecated in XHTML. Ok, getting off of my soapbox now. :D [/OT] If you are only make the last name bold for stylistic purposes you should use CSS and a class. If you have text that needs to be emphasized or strongly put use the appropriate tags. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newsgroup status
If this is the PHP list thinking of it's moderately active. I sometimes forget which ones I'm subscribed to. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Wednesday, April 27, 2011 at 11:52 AM, Al wrote: Is this group off the air or just no topics being posted? I've not seen it so quiet in years. Al. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newsgroup status
On Wednesday, April 27, 2011 at 12:20 PM, Steve Staples wrote: On Wed, 2011-04-27 at 11:54 -0400, Joshua Kehn wrote: If this is the PHP list thinking of it's moderately active. I sometimes forget which ones I'm subscribed to. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com I guess we've all figured out how to deal with our problems... TO THE CLOUD!! Steve. As EC2 has shown, while clouds might look safe all white and fluffy, sometimes they can create drastic storms. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] files outside of the web tree
On Wednesday, April 27, 2011 at 1:08 PM, Jim Giner wrote: I have managed to build include files and store them above my public folder and the called pages manage to find them from the public folder and properly include them. My problem is with the html src= attribute. I have uploaded photos to be included in my web pages and I didn't want them in the web tree so I moved them above it also. I use php to get the root folder's name and then I add ../photos/ to the filename's path, but now my tags can't find them. Can I not do this? Nope, static elements need to be stored in a web accessible directory. If you could access things by saying `../` then that would defeat the purpose of storing things where they aren't accessible. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Flattery will get you nowhere
On Wednesday, April 27, 2011 at 3:54 PM, Marc Guay wrote: I just googled up php tedd form validation and can't find a single reference. What does this mean, that I respect tedd's skills or that he needs better SEO? I wasn't aware Tedd had a form validation lib written. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] JavaScript Injection ???
On Monday, April 18, 2011 at 1:06 PM, tedd wrote: Hi gang: Quite some time ago I had a demo that showed Javascript injection. It was where a user could type in: script alert(Evil Code);/script and a JavaScript alert would be shown. But now my demo no longer works. So, what happened? Was there a php update that prohibited that sort of behavior or did hosts start setting something to OFF, or what? If you know, please explain. Thanks, tedd -- --- http://sperling.com/ Not that I know of. Are you talking about on-page injection, like comments and such? Normally JS injection would be that (bad scripts inserted by the user on a comment form or review page) or where you are using eval() and they dump bad code into there. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Manipulating variables
I must be missing something, why do you need to use variable variables when
checking user answers?
The logic should be something like:
$answer_key = array('question1' = 'answer', 'question2' = 'answer', );
foreach($answer_key as $q = $a)
{
check_answer($_POST[$q], $a);
}
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Feb 23, 2011, at 11:48 PM, Ron Piggott wrote:
Is there a way to make this syntax:
$checking_answer = $answer_reference_2;
Equal to:
$checking_answer = $answer_reference_ . ($i + 1);
(where $i = 1)
making $checking_answer take on the value of $answer_reference_2 ?
I am trying to develop a web app quiz and I need to test the users answers.
Ron
The Verse of the Day
“Encouragement from God’s Word”
http://www.TheVerseOfTheDay.info
Re: [PHP] Parse question
On Jan 21, 2011, at 7:52 PM, Ron Piggott wrote: Would someone write me a syntax so all the web site addresses in $data turn into links $data = “Visit our web site http://www.site.com, http://www.secondsite.org and http://www.thirdsite.info.”; My desired results for what I am asking for help turn $data into: $output =“Visit our web site a href=”http://www.site.com”http://www.site.com/a, a href=”http://www.secondsite.org”http://www.secondsite.org/a and a href=”http://www.thirdsite.info”http://www.thirdsite.info/a.”; Please make provision for .net web sites as well. Ron I would check for url regex patterns and build a solution off of that. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:53 PM, Donovan Brooke wrote: The idea of using existing resources for efficiency is very valid indeed.. especially with a job at hand. But, there are good reasons to roll-your-own... education and knowing your own code are 2 that are important to me right now. Besides, a cookie based log-in system is really not that complex. ;-) Now.. payment gateway API? AJAX requests? I'll take the snippets please. Cheers, Donovan (moving on to database administration) Payment gateways suck. AJAX requests are easy if you roll JavaScript well and have a decent inspector (Firebug). I agree, a simple login is not that complex. I thought it was a bit more involved then that. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 19, 2011, at 9:43 AM, Jay Blanchard wrote: [snip] ... [/snip] Imagine when there'll be the day when you do not have to code at all...just copy 'n paste snippets together in the order that you wish them to work in and Voila'! - instant web app. Th!! They have that. It's called Ruby on Rails. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Tue, Jan 18, 2011 at 23:39, Joshua Kehn josh.k...@gmail.com wrote: The use of existing packages is so increasingly prevalent that I have the unfortunate displeasure of knowing many developers who do nothing but this, yet who can't even answer simple questions about general coding, and who cry and complain that a previous developer must have borked something. I think Donovan is right on track here --- he's just getting started, and challenging himself to learn the language at a deeper level. That will make him a developer, not just a copy-and-paster. I do see from where it is you're coming, though, Josh --- once you've gotten the fundamentals, a lot of times it's easier - sometimes even a better idea - to use an existing, mature solution. What helps you to determine its value from a code standpoint? Your existing experience. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ You are correct, and it is a shame to see many developers fall into the copy / paste realm, especially with a language like PHP where such snippets are often found easily but of dubious quality. Rolling your own is a great way to understand how things work (or should work) internally, as well as giving you valuable practice. I don't mean to discredit is. As I mentioned, more often then not I'm a fan of it. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 19, 2011, at 12:44 PM, Micky Hulse wrote: On Wed, Jan 19, 2011 at 6:45 AM, Joshua Kehn josh.k...@gmail.com wrote: They have that. It's called Ruby on Rails. CodeIgniter and/or Django (Python) are fun. What about a middle of the road solution? Google for php micro framework and/or python micro framework. I have yet to use a micro framework myself, but I am looking forward to playing around with one for one of my next PHP projects... I would love to find one that has a decent micro templating system. :D M I love using CodeIgniter. I think it's the best minimalist PHP framework out there, and thankfully it doesn't pretend to be Rails. I've been told to look at Lithium but haven't gotten around to it yet. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 10:30 PM, Donovan Brooke wrote:
Hello,
I must not understand PHP's switch/case..
The case '0' below fires when $t_mssg = apparently.
Is this how it's suppose to work? I would think
it would only fire if it equaled 0.
--
print -$t_mssg- br /;
if (isset($t_mssg)) {
switch ($t_mssg) {
case 0:
echo 'pspan style=color:red;Log In Successful/span/p';
break;
}
}
--
TIA,
Donovan
--
D Brooke
I use switch cases so rarely I would have to refer you to the documentation.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:01 PM, Donovan Brooke wrote: Thanks. I had initialized $t_mssg as an empty string further up the chain out of old habit.. removed that, and now it works... just built my first basic cookie-based PHP/MySQL log-in script from scratch! ;-) Fun stuff, Donovan -- D Brooke I just died a bit on the inside. Why would you build that from scratch? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:33 PM, Donovan Brooke wrote: -- D Brooke I just died a bit on the inside. Why would you build that from scratch? Regards, -Josh Alright, I'll bite (since I affected you that much) ;-), do tell... Why not? Would you rather I use PHP's session_start()? Donovan Why not use one of the countless, not to mention secure and stable cookie management systems available? If it's an exercise cool, I misunderstood. I'm not one to normally shun people rolling their own code, lord knows I've done it more then once or twice, but there are some things I wouldn't touch with a ten foot pool, and cookie management is one of them. The other would be things like CSV parsers or text manipulations. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] PHP tutorials
On Jan 16, 2011, at 1:26 PM, tedd wrote: Hi gang: In the past we talked about PHP tutorials, but I don't remember if there was a single clearinghouse/link for them or not -- is there one? If not, what do you recommend? Disclaimer: This is a clear solicitation by me for help with my PHP class. I will be teaching this class at my local college starting this semester. Please realize this is the first time my local college has considered PHP anything of importance. In the past, the college has been totally ingrained in .NET (i.e., APS, VB, C#). They believe their focus should be teaching students what the Corporate World wants and those needs have been defined by the State of Michigan and General Motors. Considering that neither of those institutions are financially solvent, other avenues are being considered. I know I can Google for PHP tutorials, but I am looking for recommendations from this list as to which tutorials/references are the best. Thanks, tedd -- --- http://sperling.com/ I have always had good luck http://www.tizag.com/phpT/ I guess it would depend on what topics you want to cover. Do the students have prior programming experience? HTML / CSS / JavaScript (other frontend web stack language) experience? Do you want to do simple junk (submit form, view results) or more complex actions (database involvement, basic CMS, authentication systems)? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] A bad design decision or pure genius?
On Jan 13, 2011, at 7:49 PM, li...@pruimphotography.com wrote: Hey Everyone, I have a question about php javascript... Yes I know this forum is for php BUT I needed an opinion on where to look for stuff... I have a application that I'm working on that uses google maps to display interactive maps (using javascript) on the website. I now have the need to display multiple maps on the same page and from what I can tell I have to create new instances and variables for all of them... What I'm wondering is since I know very little javascript would it be bad to create a PHP function to write the java code for the proper number of maps I need to display? The map info is being pulled from a database where events are being added and could contain 2 or 200 maps... Or should I learn javascript and figure out how to create a loop in there so that I can just loop it in the java and not repeat code? Thanks for any assistance you can give! Jason Pruim pru...@gmail.com Love the lists@ email address there. My preference would be to invest some time in frontend (JavaScript) skills, as that would be the most proper way to implement it. If you don't have the time, might as well use whatever tools you are most comfortable with. Could turn into a bit of a mess though. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Array Symbol Suggestion
On Jan 12, 2011, at 3:28 PM, Ashley Sheridan wrote: If you check out the manual pages for those functions as well, you'll see other related functions. I must say, of any language I've used, the php.net documentation is by far the best, giving plenty of information and user comments too. It's a resource I still can't do without, and I reckon even the old hands on this list would say the same. Thanks, Ash http://www.ashleysheridan.co.uk I fully agree with you on php.net being some of the best documentation out there. I would say that a lot of the Java documentation is wonderfully done as well. It doesn't offer user comments, but it is very complete and covers just about every aspect of a class. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 11:55 AM, la...@garfieldtech.com wrote: Hi folks. I have a project coming up that will involve writing a non-trivial command line PHP application. Most of it will be nice and abstracted and standalone and all of that jazz, but it will need to do command line interation. I'm not sure yet if it will be interactive or if I just need to parse lots of command line switches. Has anyone used a CLI-handling library they like? I recall briefly using the PEAR CLI library many many years ago and disliking it because it was only barely a step above the raw PHP-CLI SAPI, and still required lots of if-else branching in my code. I don't know if there's anything better since then, however. I prefer clean OO to procedural, but can work with procedural if needs be. The fewer dependencies it has the better as well. Any recommendations? (Open source, GPLv2-compatible required.) --Larry Garfield Larry- Why are you writing a command line application in PHP? I would think that is starting off on a very wrong foot. Can you explain the requirements / use cases a bit more? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 12:12 PM, Daniel Brown wrote: On Fri, Jan 7, 2011 at 12:01, Joshua Kehn josh.k...@gmail.com wrote: Why are you writing a command line application in PHP? I would think that is starting off on a very wrong foot. I would not be exaggerating to say that I've written over a thousand command line applications in PHP since about 2003. For a variety of reasons and uses (more and more because my wife needs something done or I'm adding more home automation stuff) I write no less than ten each week. For the majority, it's because it's easier than writing it in C and more portable than Bash --- I can write a PHP script and put it on a dozen machines at home and in the offices and it'll work the same (when written properly). No need to worry about OS or architecture. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams Using another language more suited towards CLI / standalone (non-web) development would be easier. PHP at it's core is a templating language. I don't think it is as suited as say Python for developing standalone applications. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 12:34 PM, Daniel Brown wrote: On Fri, Jan 7, 2011 at 12:18, Joshua Kehn josh.k...@gmail.com wrote: Using another language more suited towards CLI / standalone (non-web) development would be easier. PHP at it's core is a templating language. I don't think it is as suited as say Python for developing standalone applications. One might argue that it depends on your mastery of and comfort with the language. That in mind, the same is true of nearly any programming language. And thanks for reminding me of what PHP is at its core. ;-P -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ My apologies. I just view PHP as a perfected web language, due to it's templating nature, while using it for other things (scripts, utilities, cron) is a misuse in my opinion. It does completely depend on your mastery of the language. If you're very good with PHP and you don't often do non-web things it might not make sense to learn another language as well. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:48 PM, Nathan Nobbe wrote: shrug, you must not be too familiar with php then. 9 times out of 10 it's the natural, perfect choice for a cli program. there are situations where you get past what php is ideal for on the cli, typically when you get into heavy forking or require threading. It does completely depend on your mastery of the language. If you're very good with PHP and you don't often do non-web things it might not make sense to learn another language as well. why bother learning 2 languages when 1 will suit most needs perfectly? for most folks who work with the web and a typical deployment environment like a linux server, the second language of choice most likely would be a client side one like javascript. -nathan You can't say that PHP is a more natural CLI choice then bash or Python. Maybe I'm using PHP too much for web development. Perhaps I am unfamiliar with it. Why bother learning other languages? Is this a joke? Why should someone stop learning ever? Having a mastery of multiple languages can only enhance you. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:53 PM, Ashley Sheridan wrote: There's no real reason why you shouldn't use PHP for cli apps, it has a lot of features specifically intended for it even. I've found it to be fast enough for my needs, it's familiar, and I don't need to compile an app every time I make a small code change. Yes PHP is primarily a web-based language, but there's no reason it can't be used other places too. In fact, I've even got PHP installed on my Android phone, although I've yet to find a practical use for that! Thanks, Ash http://www.ashleysheridan.co.uk I don't see a reason other then I find other languages more nimble for small scripts. If you are using lots of shared PHP code then of course it would make sense to leverage that existing code rather then re-implement it. The OP was asking (I assume) about a standalone application built from scratch. I would kill for a PHP interpreter (+ Haskell and Python) on iOS. Unfortunately I haven't found one. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:41 PM, la...@garfieldtech.com wrote: Application is perhaps a misnomer. I'm not looking at rewriting Emacs or anything. Just some batch processing that would get run as: php myscript.php --config=foo.xml --setting-1=stuff And then it will run off and move a few million records around between different data stores, a process that will probably take an hour or so. (The backend will be cycling through a queue server.) I just need something to make handling of the args and environment easier, because I find the native SAPI calls to be ugly/cumbersome. I'm sure it could be written in Perl or Python or Java. But I know extremely little Perl, no Python, and my Java is quite rusty, plus there are mature PHP libraries that talk to the 3rd party systems I'm tying together. My PHP-fu is much stronger than my Perl, Python, and Java combined. OT Yeah, PHP was intended as a template language only; that fell by the wayside a decade ago or more when people started building real web apps in it, which are a lot more than templates. That boat has long since sailed and is irrelevant to this discussion. /OT --Larry Garfield In that case I can't offer any good CLI libs, but it sounds like a few others here could offer some. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 2, 2011, at 11:48 AM, ad...@buskirkgraphics.com wrote: Add this to your .htaccess file and HTML files will be handled like PHP files allowing you put PHP in HTML files. AddType application/x-httpd-php .html Richard L. Buskirk I would not recommend this approach, some perfectly valid reasons given by Ash. It's the wrong mindset to have. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 2, 2011, at 12:50 PM, ad...@buskirkgraphics.com wrote: The question was The .php extension is a requirement? The answer is no. While me and Ash may completely disagree on the php parser, the simple answer is there are many ways around running a non .php extension file in php. mod_rewrite rules in .htaccess files are interpreted for each request and CAN slow down things if your traffic is high. Having said that, mod_rewrite in httpd.conf is faster because it is compiled at server restart and it is native to the server. As a beginner, I completely agree with ash on bad practice rule of thumb. You will simply rewrite the html file later on wishing you had never did the hack to make it function. Richard L. Buskirk Sorry, here is the code. The .php extension is a requirement? Can't it b embedded on a .html file? _This_ question when asked from a beginner requires a non-confusing answer of yes. Can't it be embedded on a .html file? PHP is always embedded alongside HTML code within ?php ? tags. It's not embedded inside a .html file as the extension should indicate the file type. Adding a mod_rewrite rule (as you suggest) can lead to confusion later on in development. At the very least you'll look stupid re-asking Can't it be embedded... Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 2, 2011, at 1:17 PM, Adam Richardson wrote: I tend to disagree with Ashley on this topic. For many websites, I'll start out making all pages .php, even if they don't require PHP at the moment. That's for a couple reasons. 1) A few years back, there was certainly a significant performance advantage to keeping essentially static pages html. However, in my current benchmarking (using both siege and ab on my Ubuntu servers using apache with mod_php), if I use a cache such as APC and a well-configured apache server, PHP tends to perform just as well (or sometimes even better) than the html version. Rasmus has demonstrated similar performance results: http://talks.php.net/show/froscon08/24 2) I don't want to have to change urls site-wide and set up redirects from the old url whenever a page requires adding dynamic capabilities. By making all pages PHP right from the beginning, adding dynamic capabilities is a snap as I just add the functionality. Adam I agree starting with all .php files is good practice for basic sites. I recommend for applications and bigger then basic project using a decent framework or main routing file to handle routes for you, instead of requiring you to manually adjust them if something changes. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 2, 2011, at 5:56 PM, Adolfo Olivera wrote: Thanks for the replies. I'll just put a php on all my html containing php. A little of topic. Wich IDE are you guys using. I'm sort of in a catch twenty two here. I been alternating vim and dreamweaver. I'm trying to go 100% open source, but I really find dreamweaver easier to use so far. I use VIM and TextMate exclusively. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 1, 2011, at 7:36 PM, Adolfo Olivera wrote: Hi, I'm new for php. Just trying to get my hello world going on godaddy hosting. Can't getting to work. I think sintax it's ok. I was understanding that my shared hosting plan had php installed. Any suggestions. Thanks, Happy 2011!! PS: Please, feel free to educate me on how to address the mailing list, since again, I'm new to php and not a regular user of mailing lists, Can you post the code that you are using? It should look something like the following: ?php echo Hello World!; ? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 1, 2011, at 7:50 PM, David Robley wrote: And normally would need to be saved as a .php file so the contents will be handled by php. Cheers -- David Robley A fool and his money are my two favourite people. Today is Boomtime, the 2nd day of Chaos in the YOLD 3177. Save the code as hello.php. Copy it to your root web directory (should be the base directory or something called public_html / www when you FTP in) and access it from youdomain.com/hello.php Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 1, 2011, at 8:37 PM, Adolfo Olivera wrote: Sorry, here is the code. The .php extension is a requirement? Can't it b embedded on a .html file? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / titleUntitled Document/title /head body ?php $a = hello; $hello =Hello Everyone; echo $a; echo $hello; ? /body /html On Sat, Jan 1, 2011 at 9:55 PM, Joshua Kehn josh.k...@gmail.com wrote: On Jan 1, 2011, at 7:50 PM, David Robley wrote: And normally would need to be saved as a .php file so the contents will be handled by php. Cheers -- David Robley A fool and his money are my two favourite people. Today is Boomtime, the 2nd day of Chaos in the YOLD 3177. Save the code as hello.php. Copy it to your root web directory (should be the base directory or something called public_html / www when you FTP in) and access it from youdomain.com/hello.php Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com Yes it _can_ be embedded alongside HTML code, but it must have the .php extension otherwise it won't be picked up as a PHP file. You could add a .htaccess rule to change the processing directive (essentially make every HTML file a PHP file) but that would be wasteful if you ever serve straight HTML. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? My point has been completely missed by you. I'm not saying don't allow copy pasting usernames and passwords (though I think that this is a poor choice). I'm saying don't automatically trim the passwords. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote: On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote: On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Wrong. I use a program called pwgen to generate passwords for me, which I cannot remember. I use another program I built to store them in an encrypted file. When I have to supply a password which I've forgotten (as usual), I fire up my password vault, find the password, and paste it wherever it's needed. Users would be wise to follow a scheme like this, rather than using their dog's name or somesuch as their passwords. Paul -- Paul M. Foster http://noferblatz.com What is wrong? That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. 20? child's play. How about 250+ randomly generated passwords and username combinations? Why do you randomly generate 250+ usernames and passwords?? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 12:37 PM, tedd wrote:
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why change
it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been able to
crack this, so let's give them another chance. That doesn't sound logical.
There are things we think are right, but is this practice supported in some
way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change your
password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length of
time between password changes.
Also if they _have_ managed to crack the password changing it forces them to
crack it again, thus also limiting the time the account is compromised.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 6:52 PM, TR Shaw wrote:
On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
On Dec 29, 2010, at 12:37 PM, tedd wrote:
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why change
it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been able to
crack this, so let's give them another chance. That doesn't sound logical.
There are things we think are right, but is this practice supported in
some way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change
your password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length
of time between password changes.
Also if they _have_ managed to crack the password changing it forces them to
crack it again, thus also limiting the time the account is compromised.
Gosh. Think about it. Lets not take the your machine is compromised case
and/or your password is moronic and/or you are not passing your password
cleartext.
So the threat is external. Now there are 2 types of external: one in house
and one on the 'net.
The one in house is simply detected by an IDS like snort looking for very
rapid login attempts. Slow walkers are no risk at all. Further if your
password is computationally hard your GigE LAN is not fast enough to support
cracking a computationally hard password before you retire. So there is no
threat that your computationally hard password will be cracked so your
password is safe.
For a 'net threat, the bandwidth is even more constrained so you could live 9
lives and still not have your computationally hard password cracked. Further,
log checking at the firewall and on internal machines can easily detect
cracking attempts. I detect about 4 per day on our mailserver looking for
pop logons and about 25 a day against ssh where we don't even use passwords.
ftp is not used.
So an external threat against your machine as defined above, is not a risk.
So now lets look at the case where there is malware on your machine which
will try to brute force your computationally hard password and is smart
enough to use your graphics engine to increased computational power. Folks
at MIT and Carnegie Mellon have already numerically proved that a 12
character password is not crackable using brute force in any reasonable
timeframe. In fact an 8 character one has strength of years. I would contend
that using that much power will make its existence known to you and coupled
with the fact that you restart your computer every now and again and that you
run an antivirus periodically that will eventually find it even if you don't
notice the slow down.
As you can see, cracking a password on your machine is so fruitless that no
one would even try to since if you have access to the machine a keylogger,
for example, is faster and more reliable. To thwart this you might want to
run tripwire or equivalent and institute exfiltration detection.
The big problem today is that security people in IT and security wannabee's
quote cracking numbers not based in the real world but mathematically based
on quasi real preconditions. They and some crazy guys who I know at
Microsoft along with some NIST guys are pushing 12 character minimums of
upper, lower, numbers and specials, changed every 60 days and no reuse for 2
years in business settings. They say this will make the corporate machines
safe. This is utter BS. And, in fact, makes corporate networks even more
vulnerable due to the fact that people can't remember all these password so
they write them down or make them relatively easy thus increasing social
engineering break-in opportunities.
The best solution is to select a computationally hard password and then don't
change it unless you have to. I also recommend that you select another that
is different and use it for all 'net based logins with a extension
concatenated for each service.
This comment about if they _have_ managed to crack the password changing it
forces them to crack it again, thus also limiting the time the account is
compromised is ridiculous. First, I assume you really mean stealing rather
than cracking for the reasons above. Notwithstanding the fact that the site
broken into should immediately lock down all accounts. Whats to say that the
bad guys brake-in right after you have changed your password and they are not
noticed. You are still at risk until you change it maybe 30, 60 90, 120 days
later. So what is the real good of changing password routinely? Nada! The
probability that your change matches the threat is miniscule. It just make
people feel good. In fact ,if the bad guys broke in to a financial
Re: [PHP] Re: Do you trim() usernames and passwords?
Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Dec 28, 2010, at 3:07 PM, Nathan Rixham wrote: Joshua Kehn wrote: Trim usernames but not passwords. agree. nice catch, I was thinking about passwords specifically and forgot usernames was in the topic too! On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Don't trim or limit the range of input characters, but far more importantly /don't send passwords in clear text/, indeed don't generate passwords at all, let users enter there desired password, then they won't be copy and pasting them ;) ps: if unavoidable, then give some advice on login failure like passwords are case sensitive, check you don't have caps lock on and that you haven't included any additional spaces. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Trim usernames but not passwords. Some people put spaces at the beginning and end of their passwords. Double confirm and don't mess with the input otherwise they tend to get confused. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Don't trim or limit the range of input characters, but far more importantly /don't send passwords in clear text/, indeed don't generate passwords at all, let users enter there desired password, then they won't be copy and pasting them ;) ps: if unavoidable, then give some advice on login failure like passwords are case sensitive, check you don't have caps lock on and that you haven't included any additional spaces. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote: I'm toying with the idea of having the passwords hashed twice: they're already in the database hashed, and javascript hashes them on the client before sending them over, but I'm thinking about sending an additional salt to the client to hash the hashed passwords with salt, and that's what is sent back. This way, each login is done with a different hash of the password so an attacker cannot simply capture and reuse the hashed password. But before all that goes on, I have to decide what to do about leading and trailing spaces. Toy with it and discard it. Client side hashing / salting is not a good idea. A much better alternative is to use SSL. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:23 PM, Dotan Cohen wrote:
On Tue, Dec 28, 2010 at 22:02, Joshua Kehn josh.k...@gmail.com wrote:
Trim usernames but not passwords.
Some people put spaces at the beginning and end of their passwords. Double
confirm and don't mess with the input otherwise they tend to get confused.
How about:
if ($trimmedUsername != $username){
trim($password);
}
I suppose that it is reasonable to assume (ha!) that if one was
copy-pasted with spaces, so would the other. Naive, I know, too bad I
don't dare start logging raw data to determine how true this might or
might not be.
Educate the users, don't compromise the system. Either go full on and trim
everything (I don't recommend this) or trim nothing. Be consistent in which one
you pick.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:29 PM, Nathan Rixham wrote: Joshua Kehn wrote: On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote: I'm toying with the idea of having the passwords hashed twice: they're already in the database hashed, and javascript hashes them on the client before sending them over, but I'm thinking about sending an additional salt to the client to hash the hashed passwords with salt, and that's what is sent back. This way, each login is done with a different hash of the password so an attacker cannot simply capture and reuse the hashed password. But before all that goes on, I have to decide what to do about leading and trailing spaces. Toy with it and discard it. Client side hashing / salting is not a good idea. A much better alternative is to use SSL. indeed, and on reflection, if you're putting this much effort in to it, and security is a worry, then forget username and passwords, and issue each user with a client side RSA v3 certificate and identify them via the public key of the cert. I just realize that this would also completely solve your trim() problem! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:26 PM, Nicholas Kell wrote: If you work for a company that admins over a hundred websites, you may be inclined to copy-paste a few passwords. I don't know about you, but when we use passwords that are over 16 characters long and I don't want to get an incorrect pass, because it was a grave character versus a single apostrophe, or a capital i versus a lowercase L or a zero versus an O, etc.. There is no way I am retyping passwords for every-time I need to log in, or FTP into a site. We use apps to store all our passes, so yeah I copy and paste. But on the same note I am conscious of copying a space at the end of the password / username. Sorry, you are not going to (re)educate the public on what you think is password best practices. But I do however, think that it is the users problem, not the developers. Learn how to copy-paste. You have a good point. Both with (1) you won't stop it, and (1) learn how to copy-paste. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:32 PM, Dotan Cohen wrote: On Tue, Dec 28, 2010 at 22:30, Joshua Kehn josh.k...@gmail.com wrote: indeed, and on reflection, if you're putting this much effort in to it, and security is a worry, then forget username and passwords, and issue each user with a client side RSA v3 certificate and identify them via the public key of the cert. I just realize that this would also completely solve your trim() problem! Hello, Dotan? Hi, we haven't spoken in a full week now that we don't have the trim problem. But I reinstalled Windows and wiped the drive, now I can't log in. Can you help me? -- Dotan Cohen Hey, progress is progress! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:24 PM, Dotan Cohen wrote: On Tue, Dec 28, 2010 at 22:11, Joshua Kehn josh.k...@gmail.com wrote: Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Educate the users?!? Is that like making water flow uphill, or reversing aging? I can do a lot of things, but don't even ask me to bring back the dead! -- Dotan Cohen We're PHP programmers, we do the impossible all the time. Without automatic migrations, managed models, succinct ORM's. Other developers look at us in shock as we memorize the $haystack and $needle argument orders for explode and str* functions. Raising the dead would be easy in comparison. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Wrong. I use a program called pwgen to generate passwords for me, which I cannot remember. I use another program I built to store them in an encrypted file. When I have to supply a password which I've forgotten (as usual), I fire up my password vault, find the password, and paste it wherever it's needed. Users would be wise to follow a scheme like this, rather than using their dog's name or somesuch as their passwords. Paul -- Paul M. Foster http://noferblatz.com What is wrong? That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 11:51 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote: On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Wrong. I use a program called pwgen to generate passwords for me, which I cannot remember. I use another program I built to store them in an encrypted file. When I have to supply a password which I've forgotten (as usual), I fire up my password vault, find the password, and paste it wherever it's needed. Users would be wise to follow a scheme like this, rather than using their dog's name or somesuch as their passwords. Paul -- Paul M. Foster http://noferblatz.com What is wrong? That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. And so you assume everyone can do that? I can remember maybe 5 of the passwords I regularly need. (I rarely repeat passwords for different sites.) In addition, some passwords have been *assigned* to me and cannot readily be changed (and are usually difficult to remember). Many of the rest I so seldom use that it would be silly to try to remember them. Particularly when I do have a password-locked file I can use to record them for me. Under the circumstances I described, I have yet to hear in what way copying and pasting passwords compromises security of anything by itself. Please enlighten me. Paul I believe you misunderstood. I believe that trimming passwords to remove spaces is a compromise of the system, not the copy-paste. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] ORM doctrine
On Dec 10, 2010, at 11:20 AM, tedd wrote: At 9:53 AM -0500 12/10/10, Robert Cummings wrote: On 10-12-09 10:41 PM, Daevid Vincent wrote: Use PHP the way God intended it to be used. Could you cite a reference for where God states his intentions on PHP? Thanks, Rob. Mark:7:34 And looking up to heaven, he sighed, and saith unto him, e PHP hatha, that is, Be opened. If it was to be otherwise, he would have said Be closed. Cheers, tedd -- --- http://sperling.com/ Tedd- I guess it's time to starting being religious again if they have upgraded the Bible to suit my interests. Thanks for the laugh! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] http://www.mytrash.mail.ua spam
I get the same thing but wrote it off as someone's autoresponder. I didn't check the email address. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 13, 2010, at 2:52 PM, Ashley Sheridan wrote: I know this isn't PHP related, but every day I post to this list I get a message back from mytr...@mail.ua mytr...@mail.ua which is an auto-responder. It is rather annoying, and makes little sense for whoever is using this service to sign up to a mailing list and not make this service aware of the mailing list at all. Please could whomsoever is responsible please try to figure something out with it. It's ironic, because while it appears to be aimed at preventing spam, it is actually creating spam for me, and doubtless many others. Thanks, Ash http://www.ashleysheridan.co.uk From: mytr...@mail.ua mytr...@mail.ua Date: October 13, 2010 2:28:04 PM EDT To: Ashley Sheridan a...@ashleysheridan.co.uk Subject: Требуется подтверждение отправки Вашего письма для mytr...@mail.ua Reply-To: mytr...@mail.ua mytr...@mail.ua (see english version below) (дивіться українську версію нижче) Я использую антиспам-систему, которая не позволяет принимать письма от незнакомых отправителей, не внесенных в мою адресную книгу (белый список), поэтому ваше письмо было помещено в папку Спам. Для того чтобы переместить ваше письмо в папку Входящие сообщения, перейдите по этой ссылке: http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua После этого ваш адрес будет автоматически добавлен в мою адресную книгу, и вы сможете отправлять мне письма с адреса Ashley Sheridan a...@ashleysheridan.co.uk без дополнительных проверок. Вы также можете отправлять мне сообщения в любой момент с моей персональной страницы: http://www.mytrash.mail.ua Спасибо за понимание, sender owner mytr...@mail.ua -- english --- Confirmation is required to send your message to mytr...@mail.ua My antispam system detected your message as possible SPAM, because your address is not listed in my address book (white list). To confirm that your message is not a spam, please open the following link: http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua After that your address will be automatically added into my address book and you will be able to send me messages from Ashley Sheridan a...@ashleysheridan.co.uk without any additional checks. You can also use my personal webpage and send me a message anytime: http://www.mytrash.mail.ua. Thank you, sender owner mytr...@mail.ua -- українська --- Потрібне підтвердження відправки Вашого листа для mytr...@mail.ua Я використовую антиспам-систему, яка не дозволяє приймати листи від незнайомих відправників, не внесених у мою адресну книгу (білий список), тому ваш лист був поміщений у папку Спам. Для того, щоб перенести ваш лист до Вхідних повідомлень, перейдіть по цьому посиланню: http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua Після цього ваша адреса буде автоматично додана в мою адресну книгу, і ви зможете відправляти мені листи з вашої адреси Ashley Sheridan a...@ashleysheridan.co.uk без жодних додаткових перевірок. Ви також можете відправляти мені повідомлення в будь-який момент з моєї персональної сторінки: http://www.mytrash.mail.ua. Дякую вам за розуміння, sender owner mytr...@mail.ua -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] break out of ?php... midway thru' an if { } statement ?
If I'm understanding the question right, yes you can.
if($AlertUser2success != 0)
{
?
div class=pg_DIVmainText
img class=divBGgradient style= src=images/BehindBox01.png alt=
/
div
?php include(); ?
/div
/div
?php
}
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Oct 11, 2010, at 7:05 PM, Govinda wrote:
Hi everyone,
- newbie preface
-
I finally got some time to come back to learning a little more PHP... and I
am looking forward to lots more in coming months, with any luck. Anyway, as
I was working towards the last deadline with the PHP project I was working
on, I uncovered several issues I did not know the answer to.. and I just
hacked around them to avoid taking more time while I was under the
clock/meter. Now on my own time, I want to ask, so I learn more deeply what
was more ideal understanding/technique.
- /newbie preface
-
Here's one of those Q's:
I was working on a system (MoveableType, A.K.A. MT) that writes db data
to static text files (web pages) whenever the CMS admin tells it to
publish. That system writes out the PHP code that I tell it to, in each
page of the site. There was one place in my PHP code (marked with ***MT***,
below) where I needed to include a chunk of data that would not be known (or
written out) until the admin next published the page (i.e. I could not
include the code inline). I needed to display it only in case of a PHP
comparison evaluating to true. I was tempted to break out of PHP at that
point, and then go back into PHP within that ***MT*** block itself, _only_
when/where in the few places that block needs PHP.. in order to reduce the
head pressure (of the less-technical admin using the MT CMS) having to wade
through so many PHP print/echo statements (I could not get heredoc to work
right, but that is another topic/post ;-). But despite the temptation, I did
not attempt that because I thought it might break the logic of the if { } .
On the other hand, I vaguely remember reading something that made me think
something like that is possible.. but I don't know where I saw it.
To better summarize my Q:
could the below mt:Var name=PageMoreNoCRLF (which contains a long block
of HTML sprinkled with a little PHP whose contents are known only at
runtime) be *broken out of* of the ?php ... ? wrapper that surrounds the if
{ } statement, and have it still only get displayed on the final webpage when
the if { } statement evaluates to true? The reason I want that is so that I
can just keep the HTML straight and simple in that MT block, instead of using
PHP string-printing statements to spit out it's mostly-pure-HTML contents.
The admin using the system is using a WYSIWYG HTML editable textarea
interface, kind of like FCKEditor.
if($AlertUser2success != 0) {
echo 'div class=pg_DIVmainText'.\n;
echo 'img class=divBGgradient style=
src=images/BehindBox01.png alt= /'.\n;
echo 'div'.\n;
/*--- here is the ***MT***
block/include --- ---*/ mt:Var name=PageMoreNoCRLF
echo '/div'.\n;
echo '/div'.\n;
} else {
...
Govinda
govinda(DOT)webdnatalk(AT)gmail(DOT)com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
I'm not sure this is even worth answering. The question isn't how many lines of code were written but percentage of the project completed. If he estimated 8 months, worked for 4 months, and was 50% done, he should get half his estimate. Hourly rates wouldn't come into it unless the client thought it would be cheaper to simply pay him for his time rather then the bid. Subject the following to my poor legal knowledge: I would also guess that if he was under contract with a company to provide a product for a set dollar amount then wouldn't the company be forced to complete it's half so to speak? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 1:20 PM, tedd wrote: Hi gang: Several years ago I was involved in a court case where a programmers work was being evaluated to establish a dollar amount for the work done. The case was a dispute where the client wanted money back from a programmer for a discontinued project. The programmer simply wanted to be paid for the work he had done. This wasn't a case where anyone had done anything wrong, but rather a circumstance where two parties were trying to figure out who was due what. You see, the original client had been taken over by another company who put a halt to the project the programmer was working on. The new company claimed that because the project wasn't finished, then the programmer should pay back all the money he was paid up-front to start the project. However, while the project had not been finished, the programmer had indeed worked on the project for several months. The programmer stated he wanted to paid his hourly rate. But the new client stated that the up-front money paid had been based upon a bid and not an hourly rate. So, they were at odds as to what to do. The solution in this case was to place a dollar amount on the actual lines of code the programmer wrote. In other words, they took all of programmers code and actually counted the lines of code he wrote and then agreed to a specific dollar amount to each line. In this case, the programmer had written over 25,000 lines of code. What do you think he was paid? And with all of that said, what dollar amount would you place on your line of code? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
In the case payment does come down to lines of code written I'm already covered.
if( count 5)
{
/* Bracing Style
}
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Oct 7, 2010, at 1:50 PM, a...@ashleysheridan.co.uk wrote:
Surely it would have been a bit more sensible to work out the time the
programmer had spent on the project and then calculate it as a percentage of
the total time that programmer would spend on it to complete it (which might
not be the whole duration of the project)
Also, counting code lines seems unfair. I know it used to be this way, but
its a bit like paying firemen based on the number of fires they put out;
don't be surprised if arson figures go up!
I would guess though that this fellow likely had to pay some of that initial
outlay of cash back though, and would further assume the total price
attributed to each line was no more than 3 or 4 cents (damb English androids
don't have the cent character)
Thanks,
Ash
http://www.ashleysheridan.co.uk
- Reply message -
From: tedd tedd.sperl...@gmail.com
Date: Thu, Oct 7, 2010 18:20
Subject: [PHP] tedd's Friday Post ($ per line)
To: php-general@lists.php.net
Hi gang:
Several years ago I was involved in a court case where a programmers
work was being evaluated to establish a dollar amount for the work
done.
The case was a dispute where the client wanted money back from a
programmer for a discontinued project. The programmer simply wanted
to be paid for the work he had done. This wasn't a case where anyone
had done anything wrong, but rather a circumstance where two parties
were trying to figure out who was due what.
You see, the original client had been taken over by another company
who put a halt to the project the programmer was working on. The new
company claimed that because the project wasn't finished, then the
programmer should pay back all the money he was paid up-front to
start the project. However, while the project had not been finished,
the programmer had indeed worked on the project for several months.
The programmer stated he wanted to paid his hourly rate. But the new
client stated that the up-front money paid had been based upon a bid
and not an hourly rate. So, they were at odds as to what to do.
The solution in this case was to place a dollar amount on the actual
lines of code the programmer wrote. In other words, they took all
of programmers code and actually counted the lines of code he wrote
and then agreed to a specific dollar amount to each line. In this
case, the programmer had written over 25,000 lines of code. What do
you think he was paid?
And with all of that said, what dollar amount would you place on your
line of code?
Cheers,
tedd
--
---
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
I guess that's what I get for spending the last four weeks developing with
JavaScript and Node.js.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Oct 7, 2010, at 2:09 PM, Daniel P. Brown wrote:
On Thu, Oct 7, 2010 at 14:04, Joshua Kehn josh.k...@gmail.com wrote:
In the case payment does come down to lines of code written I'm already
covered.
if( count 5)
{
/* Bracing Style
}
PHP Notice: Use of undefined constant count - assumed 'count' on line 1
PHP Warning: Unterminated comment starting line 3 on line 3
PHP Parse error: syntax error, unexpected $end on line 4
--
/Daniel P. Brown
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
$100 a line. If you want more then one line let's meet and go over the project. I might give a significant discount. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 4:51 PM, tedd wrote: At 6:50 PM +0100 10/7/10, a...@ashleysheridan.co.uk wrote: Surely it would have been a bit more sensible to work out the time the programmer had spent on the project and then calculate it as a percentage of the total time that programmer would spend on it to complete it (which might not be the whole duration of the project) Also, counting code lines seems unfair. I know it used to be this way, but its a bit like paying firemen based on the number of fires they put out; don't be surprised if arson figures go up! I would guess though that this fellow likely had to pay some of that initial outlay of cash back though, and would further assume the total price attributed to each line was no more than 3 or 4 cents (damb English androids don't have the cent character) Thanks, Ash As I said, this was a case that I worked on several years ago (20+). I was not the programmer, but rather a consultant for an attorney. The programmer wanted to have his payment based upon the hours he put it, but the client wanted proof of the programmers effort. Both were understandable positions. Considering that the programmers effort did not work, and there were no time clocks showing the actual hours the programmer worked, the solution centered on an evaluation of the end-product. That evaluation reduced to the amount of code written, which boiled down to lines of code. Granted, as Rob said, some lines are worth more than others, but overall a case was made to pay a certain amount per line. Now, back to the question at hand -- what price would you sell a line of your code for? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Tedd- Would he consider access to another database? I.e. a separate, say memcached db which stores the boss status? An issue with the temporary file would also be session length, if the session expires without the user explicitly logging off, the file wouldn't be removed. A way to bypass this would be to add some sort of session expiration header to the file and update that. And couldn't you make a simple check if the boss is logged in or not by the ability to access the database? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 12, 2010, at 12:32 PM, tedd wrote: Hi gang: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! Normally, I would just set up a field in the database and have that set to yes or no as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the yes or no thing, but if the boss did not log off properly then the file would remain in the yes state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sep 12, 2010, at 1:33 PM, tedd wrote: At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash Ash: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tedd- What do you mean without ever being connected to the internet? That statement throws me a bit because if it isn't connected to the public net the only alternative would be to run hard lines between hosts. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Bob-
Yes, yes I did.
And note that my Java code is incorrect, that should simply be public static
void, no function.
This is what I get for taking a week to code everything in Node.js.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:32 PM, Bob McConnell wrote:
Did you mean to say That is a method call.?
Bob McConnell
-
From: Joshua Kehn
That is a function call. In Java:
class Code
{
public static void function do_command(){ }
}
Code.do_command();
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:27 PM, Adam Williams wrote:
I'm looking at someone's code to learn and I'm relatively new to
programming. In the code I see commands like:
$code-do_command();
I'm not really sure what that means. How would that look in
procedural style programming? do_command($code); or something else?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Ash-
Correct, hence my typo and nomenclature slip. ;)
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:48 PM, a...@ashleysheridan.co.uk wrote:
Node.js, wouldn't that be javascript rather than java? :P
Thanks,
Ash
http://www.ashleysheridan.co.uk
- Reply message -
From: Joshua Kehn josh.k...@gmail.com
Date: Fri, Sep 10, 2010 19:32
Subject: [PHP] newbie question about code
To: Bob McConnell r...@cbord.com
Cc: Adam Williams adam_willi...@bellsouth.net, PHP General list
php-general@lists.php.net
Bob-
Yes, yes I did.
And note that my Java code is incorrect, that should simply be public static
void, no function.
This is what I get for taking a week to code everything in Node.js.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:32 PM, Bob McConnell wrote:
Did you mean to say That is a method call.?
Bob McConnell
-
From: Joshua Kehn
That is a function call. In Java:
class Code
{
public static void function do_command(){ }
}
Code.do_command();
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 10, 2010, at 2:27 PM, Adam Williams wrote:
I'm looking at someone's code to learn and I'm relatively new to
programming. In the code I see commands like:
$code-do_command();
I'm not really sure what that means. How would that look in
procedural style programming? do_command($code); or something else?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Adam- It is unique. I'm writing code that really can't be done any other way. How it handles events, sockets, etc is exceptional. The best part is everything now is JavaScript. The server (Node.js) is written in JavaScript. MongoDB is JavaScript. The frontend used to manage the WebSocket is entirely JavaScript. I have essentially replaced J2EE as the backend with Node and I couldn't be happier. Of course standard JavaScript woes apply. Debugging is a royal pain in the ass. Your code can and will suddenly fail due to odd strange errors. There are stability concerns with Node, it is version 0.2 after all. It won't replace PHP or Java as an enterprise level solution, but it does fill in the gaps very nicely. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 10, 2010, at 2:53 PM, Adam Richardson wrote: This is what I get for taking a week to code everything in Node.js. It is a Friday, so I'll let my curiosity get the best of me and ask a follow-up on something non-PHP. What insights/impressions do you have regarding Node.js after a week of working with it? Thanks, Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend framework
Chris- While I find Zend to be more of a wonderful set of libraries then a framework, it does do both and is a good introduction. I do most of my framework coding on CodeIgniter though. Regards, -JOsh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 9, 2010, at 9:33 PM, chris h wrote: Hello all, I'm starting a new project and I'm thinking about building it on Zend framework and possibly Zend server. I've only used the framework slightly and I've never really used Zend server. That being said I hear that the framework is pretty decent to work with. I want something that is strict and uses OOP MVC well, and I hear it does; though I also have the impression that it's slow and bloated... Anyways, I was curious if any of you have some general advice / good things / horror stories on the Zend framework? Thanks, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Question about translating assoc. arrays to C
I'm working on creating a compiled extension for some code I've written. Mostly
it's manipulating a very large multi-demensional array of values. This is some
pseudo code for the array.
// Imagine this but much much bigger
$big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' =
array('4' = 3, '5' = 10'));
Currently I'm traversing this with
foreach($array as $key1 = $value)
{
foreach($value as $key2 = $value)
{
// Use $key1, $key2, and $value here
}
}
My question is how does this translate into the C code I will have to write?
If anyone has a decent extension building tutorial that would be great too.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Jim-
Yes, that was a typo. The issues was I didn't cut / paste and instead retyped
it. Should be
foreach($array as $key1 = $list)
{
foreach($list as $key2 = $value)
I will check those links out, I had the first one not the second.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 5, 2010, at 12:32 AM, Jim Lucas wrote:
Joshua Kehn wrote:
I'm working on creating a compiled extension for some code I've written.
Mostly it's manipulating a very large multi-demensional array of values.
This is some pseudo code for the array.
// Imagine this but much much bigger
$big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' =
array('4' = 3, '5' = 10')); Currently I'm traversing this with
foreach($array as $key1 = $value)
{
foreach($value as $key2 = $value)
{
Well, I hope you are not using it this way.
The above will overwrite your $value variable set by the first foreach
Maybe you had a cut/paste error with the $value1 $value2 portion...
// Use $key1, $key2, and $value here
}
}
My question is how does this translate into the C code I will have to write?
My suggestion would be to download the source code and find a comparable
array function and see how they do it.
If anyone has a decent extension building tutorial that would be great too.
First google result for php extension tutorial
http://devzone.zend.com/article/1021
http://www.talkphp.com/vbarticles.php?do=articlearticleid=49title=creating-custom-php-extensions
http://www.php.net/~wez/extending-php.pdf
Just to list a few...
Jim
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
Re: [PHP] a quick question about array keys
Quickest way I can think of would be to do something like
$tmp = array();
foreach($old_array as $key = $value)
{
$tmp[$value] = $key;
}
But knowing PHP there is probably some array_reverse_keys() function.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Aug 31, 2010, at 11:43 AM, Tontonq Tontonq wrote:
a quick question
lets say i have an array like that
Array
(
[300] = 300
[301] = 301
[302] = 302
[303] = 303
[304] = 304
[305] = 305
[306] = 306
[307] = 307
[308] = 308
...
how can i change keys to 0,1,2,3,.. by faster way
(it should like that)
Array
(
[0] = 300
[1] = 301
[2] = 302
[3] = 303
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a quick question about array keys
On Aug 31, 2010, at 11:46 AM, Ashley Sheridan wrote:
On Tue, 2010-08-31 at 11:46 -0400, Joshua Kehn wrote:
Quickest way I can think of would be to do something like
$tmp = array();
foreach($old_array as $key = $value)
{
$tmp[$value] = $key;
}
But knowing PHP there is probably some array_reverse_keys() function.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Aug 31, 2010, at 11:43 AM, Tontonq Tontonq wrote:
a quick question
lets say i have an array like that
Array
(
[300] = 300
[301] = 301
[302] = 302
[303] = 303
[304] = 304
[305] = 305
[306] = 306
[307] = 307
[308] = 308
...
how can i change keys to 0,1,2,3,.. by faster way
(it should like that)
Array
(
[0] = 300
[1] = 301
[2] = 302
[3] = 303
That doesn't actually answer the question, it just changes the key/value
pairs around. There is a built-in function for this in PHP, but it's not what
the OP asked for.
Thanks,
Ash
http://www.ashleysheridan.co.uk
I misread the question as flipping array keys, my mistake.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
Re: [PHP] Storing Social Security Number WAS: Encryption/Decryption Question
On Aug 12, 2010, at 11:32 AM, tedd wrote: At 10:56 AM -0400 8/12/10, Bastien Koert wrote: However, the data must be stored in an encrypted format and it must be transmitted via SSL. We do it that way (taking both a hash for searching for the ssn and the encrypted form) and haven't had any issues as yet. The data will be encrypted and only accessible behind an SSL via an authorization process -- that's given. I have given some thought about searching the database for encrypted SS#'s and have been perplexed as how to do that. For searching standard fields, it's a piece of cake to use %LIKE%. For example, let's say the investigator has a piece of paper that has the number 393 on it and want's to search the database for all phone numbers that contain 393 -- he could use %LIKE% and that would produce 517-393-, 393-123-4567, 818-122-4393 and so on. That's neat! However, if the field is encrypted, then how do you preform a partial search on that? You can't encrypt the search string and use that because you need the entire string. So, how do you solve that problem? If you hash the number of store the hash, then you can create a hashed search string and use that. But again it doesn't work for partial %LIKE% searches. For example, I couldn't search for 393 in a SS# -- I would have to search for the complete SS#. So, how do you solve the %LIKE% problem with encryption and hashes? The other thing to consider is that more and more states are looking to encrypt PII data (name, dob, ssn etc) for more security. I'm considering that as well, but that also raises more searching problems as described above. You could consider storing just the encrypted ssn and link data in a separate database, that would require a different logon to access when the data is required. Interesting -- I might also hash the foreign link. But I have to think about that. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Would one option be to have a table of unencrypted SSN's with an encrypted id for the user. So you could search the SSN's and then connect them, however if the table was dumped you wouldn't be able to link it directly to the person (as it would just have a SSN and an id). Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Storing Social Security Number WAS: Encryption/Decryption Question
On Aug 12, 2010, at 11:55 AM, tedd wrote: At 11:39 AM -0400 8/12/10, Joshua Kehn wrote: Would one option be to have a table of unencrypted SSN's with an encrypted id for the user. So you could search the SSN's and then connect them, however if the table was dumped you wouldn't be able to link it directly to the person (as it would just have a SSN and an id). Regards, -Josh No, the problem here is to keep the database from containing any raw SS#. It is absolutely necessary to encrypt the data. The question is: 1. Is it legal? 2. How to do it? Cheers, tedd -- --- http://sperling.com/ Tedd- In my mind if you have a table of raw SSN's it's fine as long as they can't be readily linked to a person without decrypting the id. Again, I don't know the legalities of it so I defer. If you have to encrypt them then I'm not sure how you would run any %LIKE% query unless you went through and decrypted them OTF when running the query. This (I don't believe) can be done in MySQL (or any other RDB) so it would have to be done in memory. Depending on the table size that gets annoyingly slow. If the SSN's must be encrypted, and you aren't encrypting the parts separately ( enc - enc - enc) I don't think you will be able to run a %LIKE% query simply. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting PHP scripts called via AJAX from evil
On Aug 6, 2010, at 9:41 AM, Marc Guay wrote: Hi folks, I'm looking for a straightforward way to protect PHP files which are called via AJAX from being called from outside my application. Currently, someone could forseeably open the console and watch the javascript post variables to a public file (actions/delete_thing.php) and then use this knowledge to trash the place. I found this thread at stackoverflow which seems to cover the issue I'm looking at, but it's pretty intense and I figure there's an easier way but I'm not sure how. http://stackoverflow.com/questions/2486327/jquery-post-and-php-prevent-the-ability-to-use-script-outside-of-main-website It seems unlikely that this is the method everyone uses, but maybe not. Advice is nice. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Marc- The best way (and what I currently use) is to add a nonce style value to the form with a random name and then also add that to the session. $nonce = sha1(microtime(true)); $name = sha1(rand(0,10)); $_SESSION['nonce'] = array($name = $nonce); ?input type=hidden value=?php echo $nonce; ? name=?php echo $name; ? /?php Then in the processing code check the nonce value to ensure (a) it exists, and (b) it matches the current session. You can also log all events in a table, filtering out user who make too many requests per minute / second / etc, depending on what you are using the AJAX bit for. Thanks, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP The Anthem
On Aug 6, 2010, at 7:27 AM, tedd wrote: At 4:57 PM -0700 8/5/10, Daevid Vincent wrote: http://www.youtube.com/watch?v=S8zhmiS-1kw http://shiflett.org/blog/2010/aug/php-anthem ...some people have way too much time. ;-) I agree. I don't have time to do nonsense and don't understand how people who are successful can waste time like this. Besides IMO, this is another example of hip-flop. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php There is something wrong with having a little fun? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP The Anthem
On Aug 6, 2010, at 11:12 AM, tedd wrote: At 10:30 AM -0400 8/6/10, Joshua Kehn wrote: On Aug 6, 2010, at 7:27 AM, tedd wrote: There is something wrong with having a little fun? Regards, -Josh Yes, it's a waste of time -- humbug! Cheers, tedd -- --- http://sperling.com/ Tedd- I guess that quarters game was a complete waste of time as well? :) Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help.
On Jul 30, 2010, at 2:36 PM, Paul Halliday wrote:
I have a query that may not always return a result for a value, I need
to reflect this with a 0. I am trying to overcome this by doing this
(the keys are ID's):
while ($row = mysql_fetch_row($statusQuery)) {
$cat =
array(0=0,1=0,11=0,12=0,13=0,14=0,15=0,16=0,17=0,19=0);
switch ($row[1]) {
case 0: $cat[0] = $row[0]; break;
case 1: $cat[1] = $row[0]; break;
case 11: $cat[11] = $row[0]; break;
case 12: $cat[12] = $row[0]; break;
case 13: $cat[13] = $row[0]; break;
case 14: $cat[14] = $row[0]; break;
case 15: $cat[15] = $row[0]; break;
case 16: $cat[16] = $row[0]; break;
case 17: $cat[17] = $row[0]; break;
case 19: $cat[19] = $row[0]; break;
}
print_r($cat);
}
Which gives me this:
Array ( [0] = 15547 [1] = 0 [11] = 0 [12] = 0 [13] = 0 [14] = 0
[15] = 0 [16] = 0 [17] = 0 [19] = 0 )
Array ( [0] = 0 [1] = 0 [11] = 0 [12] = 0 [13] = 0 [14] = 0 [15]s
= 30 [16] = 0 [17] = 0 [19] = 0 )
The query only return 2 rows:
15 | 30
0 | 15547
What am I doing wrong? Is there a more elegant way to achieve what I want?
Thanks.
--
Paul Halliday
Ideation | Individualization | Learner | Achiever | Analytical
http://www.pintumbler.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Paul-
Why not say:
$cat = array();
if(isset($row[1])
{
$cat[$row[1]] = $row[0];
}
print_r($cat);
Regards,
-Josh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help.
On Jul 30, 2010, at 3:03 PM, Paul Halliday wrote: Paul- Why are those values not defaulted to 0 in the database? Regards, -Josh They are defaulted, the query is grouping: select count(status) as count, status from table group by status order by status desc; Paul- Correct, so stuff with a status of 0 will still show up unless I'm missing something. Regards, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the state of the PHP community
On Jul 29, 2010, at 3:32 AM, Nathan Rixham wrote: Hi Josh, Thanks for taking the time - comments in-line from here :) Josh Kehn wrote: Java, JS (in the form of Node and MongoDB, +raw client / jQuery stuff) and PHP get used regularly. Python / Ruby infrequently. With true confirmation bias - great to see you mentioning node.js, have a universal language / syntax for programming is critical moving forwards. I've been 'playing' with node for a while now myself, added an upgrade to handle client side ssl certificates properly and expose needed values recently, and currently working on making tabulator's rdflib work on both client and server (i.e., porting it to node amongst other things). I haven't gone that far with Node yet, someone is writing an email server though. I hated JS for many (I believe good) reasons for a long time. I felt it was a client side showy gimmick. I do server side development. Why should I know the eight or nine different DOM structures? Leave that to designers I said! Once you get past the syntax it is an incredibly powerful language. There are faults (come on, it fails silently!) but proper understanding negates these for the most part. Another thing to note is how incredibly flexible it is. Node / Mongo both make use of JS syntax (albeit with their own unique flavor) but it all boils down to a very simple, elegant, system. MongoDB I managed to bypass somewhere, I quickly migrated past NoSQL and on to triple/quad store(s) - again for universality reasons, on the path to a full embrace of N3. This said, I should probably give some more weight to MongoDB, certainly with it's json friendly-ness I can see how it could fit in to my preferred tech stack. MongoDB is a bit unique. I've only been working with it for a few months now but it really is something to keep an eye out for. If you prefer traditional SQL also take a look at VoltDB. Started with QBasic and realized it was crap. Moved on to Java, realized object rock but J2EE doesn't. Moved to PHP / Java. QBasic was crap lol, that was my first language after playing with .bat files! I'm not sure if I did bat files first, but I do remember playing with Win95 assembler. It's a miracle I'm not scarred for life. http://www.mongodb.org/ http://nodejs.org/ See http://joshuakehn.com/blog/index.php/blog/view/28/MongoDB-Node-js/ Nice blog, subscribed - used to do my braces the same as you then reverted back to putting them EOL, will comment on your blog with reasons why. If the comments don't work let me know. That's a basic blogging engine I wrote with CI, it's in desperate need of some help. Also, golf-code! that had escaped my radar somehow, looks like I can waste a few hours with that one - love it. I haven't gotten flashed on any PHP meetups, but I wouldn't shy away from them. Here in Scotland I read that as I haven't had anybody flash their genitals at me on any PHP meetups, but I wouldn't shy away from them - thus, lol! LOL would be the correct reaction to that! Are you a member or any other web tech communities, opensource efforts, or standardization bodies - again, if so which? None that I recall. Are there any efforts, projects or initiatives which are floating your boat right now and that your watching eagerly (or getting involved with)? Node, Mongo. I'm also watching a couple git repos, memcached and scribe to name two. Some stuff I just can't be involved in (C / C++ dev is tricky when you work with Java / PHP). another +1 for git, makes life easier, will hunt you down and see what you're all following (other than memcached and scribe). If you go to my root site I believe I have a link. on the c/c++ side, I thought the same thing (being Java/PHP for the past while pretty solidly) but as mentioned earlier, recently hacked out some c++ for node and it was easier than I thought once I 'just did it', I guess I'm saying don't let that feeling phase you, if you want to do it - just do it, you're a programmer not a specific languager. :) ps: please *do not* flame anybodies answers, that really wouldn't be fair. Best Regards, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Regards, -Josh Likewise, Nathan Regards, -Josh
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
On Jul 29, 2010, at 12:50 PM, Don Wieland wrote: I am trying to create an UPLOAD form and need to figure a way to only allow PDF files to be selected. Something like: html body form enctype=multipart/form-data action=upload.php method=post input type=hidden name=MAX_FILE_SIZE value=100 accept=application/pdf / Choose a file to upload: input name=uploaded_file type=file / input type=submit value=Upload / /form /body /html It is documented online that I can pass a parameter ACCEPT=applaction/pdf, BUT it is not recognized in most browsers. It was suggested by someone that I could trap for this using a JAVASCRIPT. Can someone assist with a snippet of javascript code to trap for this for me? This is the end result I need: If the user selects a file that IS NOT a PDF file, display an javascript alert You can only upload PDF files. Please try again. If the user selects a PDF file greater than 1MB, display an javascript alert File uploads may not exceed 1M in file size. Please try again. I appreciate any help that can be offered. Thanks in advanced! Don Wieland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Don- Remember that anything submitted by the client can be spoofed or faked. Ensure that your PHP script accounts for Javascript being disabled. Past that, I'm sure you can get results from somewhere like Stackoverflow.com instead of a PHP mailing list. Thanks, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] Do you have some standard for defined the variable in program language?
Tedd-
Java has classes listed with an Uppercase. It could be JS you're thinking of
but I'm not sure. Functions (except constructors) and variables have the
lowerUpperCamelCase notation.
Regards,
-Josh
On Jul 27, 2010, at 12:55 PM, tedd wrote:
At 1:38 PM +0300 7/27/10, Andre Polykanine wrote:
Hello viraj,
As for classes, it's suggested to start a class name with a capital:
class MyBestClass {
...
}
In some languages (I can't remember if it is Java, or Javascript, or both)
the first letter should be lowercase, such as:
myBestClass
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
