Re: [PHP] OT (maybe not): Drupal vs WordPress
I suggest Wordpress only for blogs or brochureware or basic page based sites. It has security flaws often and I've had many sites hacked and servers compromised because of it. Out of the box it is very easy to use and polished and has a lot of themes available and is pretty easy to theme. I recommend Drupal for anything else. Out of the box it doesn't do anything very well it provides the building blocks to do a lot of things well with modules. It rarely has security issues compared to Wordpress. It is much more extensible than Wordpress. Anything using Wordpress for forums, shopping carts or anything else is a gross misuse of the original intention for Wordpress. Drupal however was designed to be more content agnostic and can be extended way more elegantly than Wordpress can ever be. Drupal is definitely for a more functional site. But if you just need something basic and simple Wordpress can meet your needs. Just keep it up to date :) On Aug 19, 2012, at 12:52 PM, l...@afan.net wrote: Hi to everyone, I was trying to figure this out for the last week or two. I have read tons of articles that compare Drupal and WordPress, but I still wasn't swayed to either side. I know that they are both good, both do the job well, and both have advantages and disadvantages. For example, Drupal has a steeper learning curve, but you get more control over the website. Most of Drupal vs WordPress articles are emotionally driven and it reminds me of the PC vs Apple flame war. I was trying to exclude these as much as I could but it's hard. Is there any website/article/benchmark/test/experiment/whatever I can trust to be unbiased? I need a website that measures the CMS' through facts, not heated, emotional arguments. In which cases is it better to use Drupal over WordPress (and vice-versa)? I know the first two words are going to be it depends, but let's talk about it in general (for small basic websites, more complex websites, easy customization, etc). I found this on one page: ... Drupal was built as a fine-grained multi-role system where you can assign different permissions to different roles to do different things (e.g. content editor, content reviewer, member, etc.) and assign users to these roles... Does that mean that WordPress can't do that? Maybe it can, and the quotation is true, but it is kind of misleading to say that one of the programs does something, and then not mention the other product at all. Special points for me are (not a must, though) - multiple websites with single core (both CMSs have the capability but I got impression Drupal does it better?) because of maintenance - compatibility with CiviCRM Once I decide what to use, I have to stick with it for a while. Thanks for any help. LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT (maybe not): Drupal vs WordPress
If you are going to use something like joomla, use Drupal. Why bother. Drupal is trending up and is used by large companies and governments. Joomla is hokey. Yes this is going to spawn a religious debate. But joomla sucks. Sorry folks. On Aug 19, 2012, at 2:31 PM, Curtis Maurand cur...@maurand.com wrote: Joomla. Michael Shadle wrote: I suggest Wordpress only for blogs or brochureware or basic page based sites. It has security flaws often and I've had many sites hacked and servers compromised because of it. Out of the box it is very easy to use and polished and has a lot of themes available and is pretty easy to theme. I recommend Drupal for anything else. Out of the box it doesn't do anything very well it provides the building blocks to do a lot of things well with modules. It rarely has security issues compared to Wordpress. It is much more extensible than Wordpress. Anything using Wordpress for forums, shopping carts or anything else is a gross misuse of the original intention for Wordpress. Drupal however was designed to be more content agnostic and can be extended way more elegantly than Wordpress can ever be. Drupal is definitely for a more functional site. But if you just need something basic and simple Wordpress can meet your needs. Just keep it up to date :) On Aug 19, 2012, at 12:52 PM, l...@afan.net wrote: Hi to everyone, I was trying to figure this out for the last week or two. I have read tons of articles that compare Drupal and WordPress, but I still wasn't swayed to either side. I know that they are both good, both do the job well, and both have advantages and disadvantages. For example, Drupal has a steeper learning curve, but you get more control over the website. Most of Drupal vs WordPress articles are emotionally driven and it reminds me of the PC vs Apple flame war. I was trying to exclude these as much as I could but it's hard. Is there any website/article/benchmark/test/experiment/whatever I can trust to be unbiased? I need a website that measures the CMS' through facts, not heated, emotional arguments. In which cases is it better to use Drupal over WordPress (and vice-versa)? I know the first two words are going to be it depends, but let's talk about it in general (for small basic websites, more complex websites, easy customization, etc). I found this on one page: ... Drupal was built as a fine-grained multi-role system where you can assign different permissions to different roles to do different things (e.g. content editor, content reviewer, member, etc.) and assign users to these roles... Does that mean that WordPress can't do that? Maybe it can, and the quotation is true, but it is kind of misleading to say that one of the programs does something, and then not mention the other product at all. Special points for me are (not a must, though) - multiple websites with single core (both CMSs have the capability but I got impression Drupal does it better?) because of maintenance - compatibility with CiviCRM Once I decide what to use, I have to stick with it for a while. Thanks for any help. LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Going crazy with include require not working
On Mon, Jun 6, 2011 at 5:50 PM, Brian Dunning br...@briandunning.com wrote:
Here's my code:
error_reporting(E_ALL);
require_once('/var/www/mysite/includes/fpdi.php');
require_once('/var/www/mysite/includes/fpdf.php');
try adding this too:
ini_set('display_errors', 1);
I've realized I've had to do that before on many systems because it's
not enabled
random note: you don't need parens on require / include stuff since
they're not actually functions
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the best 1 book for php
http://www.php.net/ On Wed, Apr 6, 2011 at 9:15 PM, Kirk Bailey kbai...@howlermonkey.net wrote: If I only had 1 book on php, what would it be? -- end Very Truly yours, - Kirk Bailey, Largo Florida kniht +-+ | BOX | +-+ think -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array Symbol Suggestion
On Wed, Jan 12, 2011 at 12:37 PM, Daniel Brown danbr...@php.net wrote: The @ is an error control operator, used to buffer the output and store it in a variable - $php_errormsg. There's no way that would be changed to become an array designator (though that doesn't mean your idea itself is a bad one). @ squelches error messages. AFAIK $php_errormsg is the last error that PHP incurred. not based on @ @ just silences the errors from being reported, which is a bad thing as error collection is done even if error_reporting is off, it is still built internally as a string, that's why developing with E_ALL and E_STRICT even on is the best practice. even notices wind up adding to the internal error/etc. string stack. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP extension for equivalen of getent?
On Fri, Jan 7, 2011 at 12:30 AM, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Does someone know, whether there is a PHP extension like getenv or something which give the passwd fields back? http://php.net/posix -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File-Upload per Drag-N-Drop?
On Wed, Dec 29, 2010 at 10:30 AM, Daniel P. Brown daniel.br...@parasane.net wrote: That's more of a frontend question to which you and your six-million-line signature should check Google to find the answer. Don't get me wrong, Michelle, we've always tried to help out even with off-topic questions, but this is really pushing it a bit too far with all of the non-PHP questions you've been asking lately. a) +1 - this isn't php-general anymore this feels like michelle-development-requests (with a horribly long signature) - but I don't mean to be harsh. b) HTML5 should be what you want, at some point very soon. Silverlight isn't fully cross platform Java is your most universal applet language fFash has odd issues, but would be second best but HTML5, that's going to address it all. Google for plupload it has all the different upload applet types and tries to determine which one will be best for you. has the client side and server side pieces included. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need code like megaupload.com
Try google. This is getting a bit insane now. Sorry. On Dec 27, 2010, at 1:19 PM, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Hi *, after I got my pastebin runing, I need a second tool for binary uploads. Any hints? (Must work easy like the pastebin script) Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Warning when calling session_start()
On Tue, Dec 21, 2010 at 9:27 PM, web...@blaettner.com wrote: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /./sess.php:3) in /./sess.php on line 5 first - this is probably your culprit: don't output empty lines before you do anything (just a general good practice) also i'd turn on output buffering. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] range header in curl?
Is range the right header to be sending? I thought it was something else.
Also I believe there is a curl_setopt option for range... Look at php.net's
predefined constants for the curl modul
On Nov 21, 2010, at 3:05 PM, Tontonq Tontonq root...@gmail.com wrote:
hi im downloading files from h0tf1le as a premium user by curl i want to do
something like streaming i want it resend to user what it got from server
i couldnt find any resource about curl and streaming the executed source
so i did by the Range header but sometimes i see files are corrupted i check
the logs
GET
http://s137.hotfile.com/get/7006d266367d7975861e5f7200b604ad478674fc/4ce9a4ff/1/f37a0969e2e26077/332dfdf/2137758/pimp.rarHTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2)
Gecko/20100115 Firefox/3.6
Host: s137.hotfile.com
Pragma: no-cache
Accept: */*
Connection: Keep-Alive
Range: bytes=1-2
i only get 1 byte for learn length
Content-Disposition: attachment; filename=pimp.rar
Content-Transfer-Encoding: binary
Content-Range: bytes 1-2/5781810
i see the range
request:Range: bytes=0-2097152
response:
Content-Disposition: attachment; filename=pimp.rar
Content-Transfer-Encoding: binary
Content-Range: bytes 0-2097152/5781810
Connection: close
request:Range: bytes=2097152-4194304
response:
Content-Disposition: attachment; filename=pimp.rar
Content-Transfer-Encoding: binary
Content-Range: bytes 2097152-4194304/5781810
Connection: close
request:Range: bytes=4194304-5781810
Content-Disposition: attachment; filename=pimp.rar
Content-Transfer-Encoding: binary
Content-Range: bytes 4194304-5781810/5781810
Connection: close
i can not see any error do you?
and this is a part of it
$kackb=arasi('Content-Range: bytes 1-2/','
',$cikti);
$bytes=(int)$kackb;
$infocuk=curl_getinfo($ch);
$sabiturl=$infocuk[url];
curl_close($ch);
$sinir*=1024;
$kackez=$bytes/$sinir;
for($i=0;$i=$kackez;$i++)
{
$bsinir=$i*$sinir;
$ssinir+=$sinir;
if($bytes$ssinir) { $ssinir=$bytes; }
$header = array(Range: bytes=$bsinir-$ssinir);
$ch = curl_init();
curl_setopt($ch , CURLOPT_URL, $sabiturl);
curl_setopt($ch , CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT
5.1; tr; rv:1.9.2) Gecko/20100115 Firefox/3.6');
curl_setopt($ch , CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookies.txt');
curl_setopt($ch , CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookies.txt');
curl_setopt($ch , CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookies.txt');
if($proxy) { curl_setopt($ch , CURLOPT_PROXY, $proxy); }
curl_setopt ( $ch , CURLOPT_HTTPHEADER, $header );
curl_setopt($ch , CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch , CURLOPT_RETURNTRANSFER , 1);
$cikti = curl_exec($ch);
echo $cikti;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Template engines
Not to discredit this long post but the media here is now calling kids who text often hypertexting teens which really irked me even more... I bet some non-technical news guy thinks he is awesome for coming up with that one. On Nov 11, 2010, at 9:54 AM, Daniel P. Brown daniel.br...@parasane.net wrote: On Thu, Nov 11, 2010 at 08:51, Robert Cummings rob...@interjinn.com wrote: Yeah, that and some Gateway with a Common Interface. My point was that there is now and never was any such PHP project known as pre-hypertext preprocessor. It originated as Personal Home Page Tools (PHP Tools) and Forms Interpreter (FI) --- the former was a series of C binaries, the latter was a CGI wrapper that actually preprocessed straight HTML by hopping in and out of !--HTML Comments-- using SSI. For a short while, if memory serves me correctly, a version of the package was also named Personal Home Page Construction Kit. Eventually the packages merged into PHP/FI, and a rewrite was done sometime during 1997, I believe, which became PHP/FI 2.0. I first started using it back in 1996 for quick and simple tasks where Perl would be a bit overkill. The part I can't remember clearly is whether PHP/FI2 was done in 1996 or 1997, though, because I do remember it was the fall of 1997 when PHP3 came out, and it blew me away. It sucked a bit having to now learn how to use the new PHP to build a page, but damned if it wasn't a trillion times easier to work with than Perl, right from the get-go. I remember being excited by the fact that I could rewrite a simple flat-file database Perl program I originally wrote in about three days in under two hours with PHP. From that point on, I was hooked on it, despite its quirky recursive-acronym name --- PHP: Hypertext Preprocessor. So when I asked if pre-hypertext preprocessor meant Perl, it could well have been Python, C/C++ on SSI, Tcl/Tk, or anything anything, that is, that came pre- PHP. That said, I have seen references to PHP being named Pre-Hypertext Preprocessor, but that would be incorrect anyway. The HTML (HyperText Markup Language) could be preprocessed, so that much is fine but pre-hypertext would be truly amusing. Any request to a web page is presently made via HTTP (HyperText Transfer Protocol), and any text displayed on any electronic device with embedded references (also known as hyperlinks). So any language that could pre-process pre-hypertext would either have the unique ability to foresee the future, the mundane ability to pre-process plain text (or request headers or anything prior to the data being classified as hypertext), or the disconcerting ability to modify reality as we know it. And why bother to do that when you could just %= go elsewhere. %? ;-P (It's felt like Friday all day.) -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Template engines
On Mon, Nov 8, 2010 at 1:41 PM, Hansen, Mike mike.han...@atmel.com wrote: I really like the idea of using a templating engine. Which one do you use? Why? For those that don't use templating engines, why don't you use them? smarty is everyone's favorite usually but i find it a bit annoying. not to mention php itself is already a templating language... the only benefit is trying to separate content and presentation. however, for that to happen people create DSLs for templating that all have their own little syntaxes and glitches and annoyances. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Template engines
i would point someone in the direction of XHP too if they really wanted to https://github.com/facebook/xhp/wiki/ On Mon, Nov 8, 2010 at 2:10 PM, Peter Lind peter.e.l...@gmail.com wrote: On 8 November 2010 22:59, Michael Shadle mike...@gmail.com wrote: On Mon, Nov 8, 2010 at 1:41 PM, Hansen, Mike mike.han...@atmel.com wrote: I really like the idea of using a templating engine. Which one do you use? Why? For those that don't use templating engines, why don't you use them? smarty is everyone's favorite usually but i find it a bit annoying. not to mention php itself is already a templating language... the only benefit is trying to separate content and presentation. however, for that to happen people create DSLs for templating that all have their own little syntaxes and glitches and annoyances. PHPTal is an alternative to smarty: http://phptal.org/ - it's got a nice syntax, I find. However, whether one should bother with a templating system like smarty or phptal very much depends upon how intricate your front-end system needs to be and what it needs to do. For smaller projects. smarty or phptal will get in the way and will likely get very annoying. For bigger projects they can be of great use. Regards Peter -- hype WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
On Thu, Oct 21, 2010 at 12:42 PM, Larry Martell la...@software-horizons.com wrote: http://idallen.com/topposting.html top posting is no big IMHO. in fact, it's easier to read on mobile devices such as an iphone. it's also easier to reply. email clients like google will hide the common lines anyway. to me this comes on the heels of a presentation i just read about there's no such thing as a 'mobile site' as in - everything on the web now is consumed by multiple devices, that should include email as well. while ascending discussion makes sense, email clients are smart enough to pick things apart for you now... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
On Thu, Oct 21, 2010 at 12:56 PM, Nathan Nobbe quickshif...@gmail.com wrote: um, right, the whole point is that the conversations are not being viewed through mail clients when people are finding them via search engines on the web. and some mail clients are dumber than others, lol. a lot of the time even the web-based list sites now even do syntax highlighting and stuff :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
On Thu, Oct 21, 2010 at 1:21 PM, Nathan Nobbe quickshif...@gmail.com wrote: what does syntax highlighting have to do w/ a mess of text that could be sorted out by folks willing to take the extra 2 seconds to put their thoughts at the bottom of a mail? i doubt there are any web-based lists that reorganize top-posted replies, but if you find one, id love to see it :P because it de-dupes or changes colors for the previous replies. and again - it doesn't take 2 seconds to clean up an email and throw a reply at the bottom on something like an iphone. that can take a while. at the end of the day, i don't give a crap how people post. i am able to read anyone's messages just fine. i don't know why anyone is complaining in the modern age. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
On Thu, Oct 21, 2010 at 3:12 PM, Nathan Nobbe quickshif...@gmail.com wrote: i've found top-posting to be useful in the corporate environment where the people i'm working with are too ignorant to understand the rationale. however, when you're working with programmers, i think the expectation is more than reasonable as well the rationale behind it being understood. top-posting is also useful for trivial communications where only 1 or 2 replies will ever be sent. however, in long running complicated threads it quickly results in replies that are difficult to follow, specifically b/c it becomes non-trivial to correlate which portion of the previous message the author was addressing; at the very least, it introduces ambiguity. and more to the topic of this thread, the degradation of the communication here is a great example of another reason i've stopped being so active. i agree, truly discussing something that is against your opinion should definitely be considered degradation there are standards established by the list, if you can't follow them, maybe you belong on the sidelines as an observer. yes, certainly people who do not have the patience to wait until they're home on a more formal PC in an increasing age of mobile do not belong in any discussions online. so while that audience is growing, their influence should be reduced. great math there. furthermore, i find this usage of the term standards is quite amusing. assigning a standard to a freeform discussion capability should be a farce, especially when you can't even consider web development RFCs standards when different browsers implement them different ways. perhaps you should just unsubscribe then, if this list is introducing so much more effort into your day to read. note, that i take the time to bottom-post and clean up emails when i have time, but if i don't, i don't. people discuss things for discussion, they don't discuss things because they care how it is placed. that's like getting a present and whining about the wrapping paper. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reminder On Mailing List Rules
On Thu, Oct 21, 2010 at 3:40 PM, Daniel Brown danbr...@php.net wrote: Unfortunately, Michael, while I appreciate your analogy (rarely is something well-balanced between wit, truth, and vivid imagery enough to make me laugh at the mental picture), I must point out that, in this case, you're incorrect. We do not operate this list for purposes of discussion; this is a support list. While it frequently [d]evolves into discussion - which is quite welcome to perpetuate the vibrancy of the community at large, our intent for this list is to be used as a means of peer support for those active on the list and reading the archives alike. In fact, the very description of the list is a high volume list for general PHP support; ask PHP questions here, Well, as you are @php.net, I will humbly bow to your word; Note that I have switched to typing with proper capitalization now. It's because I have the time. I typically delete probably 85%+ of email on the list without reading it, I read a few, and I post even rarely. I apologize for my amount of posing today being non-support related, but it has been proven that the more barriers to entry one puts up, the less people enter. The last thing I want to see is php.net mailing lists become #perl on efnet - an elitist group of folks who don't seem to be in the mood to help you and only tell you to RTFM - when a simple yes or no is actually less characters to type out to begin with. PHP is basically the only language I deal with any more - and it's the only language I -want- to deal with. I hate to see basic semantics such as top post you asshole scare off fresh blood and create a hostile or otherwise discriminatory environment. Keep PHP alive and well, at least until I retire. Don't let it die like Perl has! (ha, ha) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to handle a submitted form with no changes -- best practices sought
On Sun, Sep 12, 2010 at 2:12 PM, Tamara Temple tamouse.li...@gmail.com wrote: Ok, but how do you detect if a field changes? The specific implementation between application and data storage is probably moot until you figure that part out. +1 without talking to the server, or accessing it in the DOM somewhere, the client has no access to the data. is it done via ajax/javascript? some action onchange/onkeypress/etc. and check it against a variable that was set on pageload? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to handle a submitted form with no changes -- best practices sought
On Sun, Sep 12, 2010 at 3:04 PM, Tamara Temple tamouse.li...@gmail.com wrote: Actually, even the client-side aspect isn't good enough -- they could simply retype the same value in the field. Also, I'd like to not rely on JavaScript alone to indicate that there's been a change, since, as Ashley points out, someone could simply send up a form without bothering with JavaScript. I'm talking about checking whether the field has changed on the server-side of things, specifically. Correct, javascript is simply useful for a nice user experience. Always enforce on the server side, period. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Looking for open source Learning Management System suggestions
Yes, there is Moodle. However, upon installing it, I found the admin UI to be extremely gaudy, counter-intuitive, and requires it's own learning system just to get it right (ha ha) Does anyone know of any other options out there? Obviously, open source is best, I'd even take some reasonably priced options though that allow for some extensibility. There should be the following capabilities: - Learning tracks - groups of courses/modules - Modules or courses - pages of content, videos, whatever, with or without quizzes and related test-like activities - Reporting / metrics - scores for individuals, groups - User authentication (obviously) - bonus if external authentication or some way to hook into external user auth - Not extremely hard to theme or customize the look - Users should be able to resume where they left off in courses - Mobile support (or some way it can be themed or made very usable for mobile devices, mainly iDevices) - Questions and answers can be randomized, allow for $x retakes, explain why their answer is wrong (or at least a reference to a URL) - Questions can be multiple choice, single choice, short answer, etc. It should be easy for an end user to take tests and move through courses, the course could just be a test - it doesn't necessarily need to be pages of content and such. It should be easy for teachers or course editors to be able to modify content and test questions and such. I develop web apps for a living (and have taken hundreds of online tests), and Moodle took me a few trial and errors before I figured out how to associate an answer to a question and then a question to a module, etc. - it also has so many options, it's hard to predict how your course will actually come out in the end. I'm open to suggestions about decently developed/supported modules for systems like Drupal as well. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Looking for open source Learning Management System suggestions
On Aug 31, 2010, at 7:53 PM, Bastien Koert phps...@gmail.com wrote: Our company built one on top of wordpress. You can easily build most of it with stock plugins and it has UIs for idevices...worth considering Yeah - obviously anything can be built and a lot of things can be extended... But were on a tight deadline for the first pass and would like something a little more out of the box (ideally) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XML with PHP
On Thu, Aug 26, 2010 at 2:54 AM, u...@domain.invalid wrote: Hi I am trying to read XML files (invoices) from a directory and display them to the visitor. Each XML file contains several invoices. The visitor then clicks on the XML file (invoices). My PHP snippet should open the xml file and locate the appropriate invoice and display the content. a) first, your email address isn't correct b) second, it looks like you intend on applying a stylesheet to get your results. if you don't require XSL, you could look at just using PHP's simplexml and/or XML DOM functions. it looks like you might just be using the XSL to transform the XML anwyay; so from what it looks like you -do not- need XSL in the mix. c) you can put the PHP in any file you want d) i believe xpath should work without any problems. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] XML with PHP
On Thu, Aug 26, 2010 at 3:10 AM, Sridhar Pandurangiah sridharpa...@gmail.com wrote: Mike Thanks a ton for the quick response. I have updated the mail id on my email client (using Mozilla TB) and I did repost but your reply was quicker! Will try this out and post the results on this thread. Just waiting for someone to throw light on how to capture the filename that the user clicked. Should I display the directory listing as a form? honestly, that's a little bit too i'm writing code and solving all your problems for you for me... it's hard to concentrate, i have to actually do the code, not read about it and try to figure it out from a description :) feel free to pastebin it, if i don't help you quick maybe someone else will. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes vs. Single Quote
On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson simples...@gmail.com wrote: I would suggest that saying tag attribute='bar' / is the wrong way is a rather strong assessment. Whether you're talking about SGML (the grandparent), XML (the parent), or XHTML, the use of a single quote is perfectly valid, and has served a purpose since inception. If I'm crafting markup and embedding something that has a double quote within an attribute (often times an alt attribute on an image), I don't hesitate to use the single quote as the attribute delimiter. That said, it's often easier if you standardize on one, and most choose to use double quotes the default delimiter. That said, if there are some sources to point to that make a case for the deprecation of single quotes in (X)HTML attributes, please let me know. Well, most people use htmlspecialchars() to encode text for safe display to a browser. By default, it only encodes double quotes: http://php.net/htmlspecialchars The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. We've run into issues where we thought our forms were fairly secure, but some people decided to echo input type='string' value='$foo' / type stuff, which works fine if you encapsulate attributes in double quotes, but in single quotes, we found out that anyone who had a single quote in that value would break the page. Now, I typically use a central wrapper function for encoding and decoding, and if it was in use there, sure, I could have thrown in ENT_QUOTES and solved that issue. However, the vast majority of everything uses double quotes, and there is not really a reason to NOT use them. Of course, I put it out there like that to simply push it because it should be appropriate for everyone. You are right though - it WILL work with single quotes (as we can see), but I recommend a single way of doing things to keep things consistent, and it has been the unspoken standard everywhere I've ever looked for markup... (Funny enough, that page has an example with a single quoted attribute) Leave the single quotes for parameters, indexes, code, not attributes - $.02 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quotes vs. Single Quote
On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson simples...@gmail.com wrote:
Tim Bray, who knows a little bit about XML dialects (tongue in cheek),
appears to default to the single quote as his delimiter of choice:
http://www.tbray.org/ongoing/
Side note, looks like his stuff is auto-generated by something, so
it's defined once and replicated many times for templating... but also
I do see some attributes with double quotes mixed in, i.e.:
div class=employI work for Google, but the opinions expressed here
are my own, and no other party necessarily
agrees with them.br/
A full disclosure of my professional interests is on the a
href='/ongoing/misc/Tim'author/a page.
/div
h2 id='comments'Contributions/h2
div class=commentspComment feed for span
class=oongoing/span:a href=/ongoing/comments.atomimg
src=/ongoing/Feed.png alt=Comments feed//a/p
a href=/ongoing/
onclick=setActiveStyleSheet('serif'); return false;
onkeypress = setActiveStyleSheet('serif'); return false;
accesskey=p id=serifSerif/a #xb7;
a href=/ongoing/
onclick=setActiveStyleSheet('sans'); return false;
onkeypress = setActiveStyleSheet('sans'); return false;
accesskey=p id=sansSans-Serif/a
I should say also - double quotes helps when using inline JavaScript
in attributes too :) add that to my reasons. I just default to double
quotes because of history developing things, it just works easier.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] enabling domdocument
Makes sense. Core would be more stripped down if it has modules available as separate packages. On Jul 19, 2010, at 4:19 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2010-07-19 at 12:09 +0100, Ashley Sheridan wrote: Hi all, I'm having a bit of a problem here with getting DomDocument on PHP. I've got a Fedora 11 system and have used the package manager to install PHP and its various modules, at no point have I compiled PHP myself (which has never worked when I've tried it, ever, but that's another issue) I've made sure the xml module was installed through packagekit, but i find no listing for any php-dom type module. I checked the line that PHP was configured and built with as shown in a phpinfo() call, and --disable-dom is showing, however, I believe that's actually a red herring, as a virtual machine running CentOS also has -disable-dom showing as a config option, and yet DOM is also clearly listed as working further down the phpinfo() page. Is there some sort of issue with Fedora and DOM, as I read online that it wasn't included in the default repos. What can I do to enable domdocument that doesn't involve compiling PHP manually (like I said, every time I try it there's a failure because of some missing symbols or other, but this could again be a Fedora issue) Is there maybe an RPM somewhere that anyone knows about and has used before, or is it simply that I need to copy or make a symlink to a .so library? Full specs are as follows: Fedora 11 Apache 2.2.15 PHP 5.2.13 Thanks, Ash http://www.ashleysheridan.co.uk OK, I seem to have answered my own question! It seems that even though PHP had the XML module enabled, I still needed to run 'yum update php-xml' in order for it to load in the DOM module. It's now working fine, and for those of you interested, the ./configure line in phpinfo() still says --disable-dom! Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] validating form input
On Jul 8, 2010, at 12:38 PM, David Mehler dave.meh...@gmail.com wrote: Hello, Got a form that takes in data to enter in to a database. I want to make it as secure and as invulnerable to sql injection and other attacks as possible. I'm wondering if mysqli_real_escape_string or stripslashes should be used or if the former does the latter. For example, I have a name variable: $name = mysqli_real_escape_string($DatabaseLink, trim($_POST['name'])); This would work. Escaping the string should be all you need. As long as you use single quotes for wrapping the column values. Double quotes not sure but shouldn't be using those anyway. or should I do: $name = stripslashes(mysqli_real_escape_string($dbc, trim($_POST['name']))); No... You'd be adding slashes and then removing them here :p Thanks. Dave. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to store encrypted data and how to store the key?
This is somewhat related to the whole PCI/credit card discussion a couple weeks back. The consensus was basically leave it to other people - however, what if YOU are the other person? I wonder if anyone has some BKMs to share about encrypting data in a web application. A lot of people take the most obvious approach, but it's fundamentally flawed, that is: I take data from the user, I encrypt it (using PHP crypto, or MySQL crypto, etc.) and a key stored in my config file, and put it into the database. Then when I want to get it back, I just use decrypt + the key in my config file. The issue there? If you server is compromised and the database is accessable, they'll have the key to decrypt the data right off the server. They can pull down copies of everything or even write their own script ON the server itself to extract the data. This has been one thing that I have not really been able to figure out yet. You could separate the servers, and figure out some very hard way for them to communicate, but when it comes down to it, the webserver needs to access the data. For example, the webserver could be behind a fully firewalled setup that only allows MySQL traffic. However, the webserver has to access the data still. I assume the only solution is somehow storing the key in a third place, so the accessor has to get the key somehow before accessing the encrypted data. But again - how to automatically allow access for only the webapp? I thought of per-user keys, but that isn't an appropriate solution for something that needs to be encrypted using the same key. Has anyone had to implement anything like this? Is there a good whitepaper on something like this? Especially relating to HIPAA requirements. PCI would be nice too, but I'm sure once this major unknown in my mind is addressed, the general concepts are common, probably just differences in levels of firewalling, cryptography strength, physical access to the machines, etc. Please keep this on topic - this is about the people who DO have to address this issue, not something about just offload it to other guys - that's an obvious choice already, and not one that is allowed depending on the job. Thanks :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 12:06 AM, Rene Veerman rene7...@gmail.com wrote: unlikely. it's a apache delivered ip address.. very little chance of insert vulnerabilities, imho. still, the overhead for a db escape is better than your site being trashed. also, you could look at converting the IP to an INT(10) (at least for IPv4) and save ip in string - 123.456.789.123 - up to 15 bytes - varchar(15) ip in integer format - 4 bytes - int(10) I've done this on a variety of projects. Arjen even mentions it back in 2005: http://arjen-lentz.livejournal.com/44290.html It does make things a bit harder to read, and at one point I did get different results when calculating it in PHP vs. MySQL (I forget when and how, and haven't seen the issue again) but if you're looking for IP ranges it can come in handy too - integer math is much cleaner than IP address math :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to store encrypted data and how to store the key?
On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind peter.e.l...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would say your best bet is to keep the decryption key in memory while the app is running. Initialize it by hand whenever the server is started - don't store it on the disk. Yes, your server won't be able to start up the app on it's own but that's the security in the design, not a flaw. If you want automatic access for the web-app you've compromised security (anyone compromising the server has automatic access as well). That's something I've thought about before. Storing MySQL on an encrypted partition using cryptoloop or something. However, every time the server boots - someone has to manually unlock the partition (unless some sort of physical key is present, then another dimension is introduced) However, that would solve the data being encrypted at rest, more or less. The issue of how to use the data in the web application is still not addressed this way :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 1:01 AM, Tommy Pham tommy...@gmail.com wrote: If you're going to implement this, then it's better to implement the conversion in the backend DB (via SP or UDF). So you can always use MySQL query browser or the command line to run queries or other methods depending on your access to the DB, especially if you need to find that malicious IP address quickly ;) -1 for complicating mysql setups :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to store encrypted data and how to store the key?
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would say your best bet is to keep the decryption key in memory while the This is something I'm very interested in hearing more about since our other discussion about PHP threads and how some list members prefer the 'share nothing' approach. That said, how would you access the memory for every individual sessions that need that decrypting code/key when nothing is shared? (I'm assuming that this would be purely in PHP :) +1. each server stores it locally in APC, or you have to mess with memcached, and since it is plaintext, encrypt that too? :p I -always- design for 'shared nothing' so this is a necessary discussion too, if in memory is the idea. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_SERVER['REMOTE_ADDR'] and sql injection
On Wed, Jun 23, 2010 at 1:12 AM, Tommy Pham tommy...@gmail.com wrote: Then I presume that your firewall, servers, and application is test proven 'bulletproof'? :-P a) no such thing b) pretty damn solid, yes and the reason? because i don't overcomplicate things. a simple stack is a happy stack :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to store encrypted data and how to store the key?
I talked with a friend who actually had this implemented before and banks had signed off on it after reviewing it. load balancer (irrelevant to the security piece) web server(s) - only accepts traffic to port 80/443. can only forward requests on to the app server, one direction. app server(s) - processes the PHP/etc. has access to the encryption/decryption keys. can only send established packets back to the webserver, and traffic to the db. cannot connect outbound to the net. db server(s) - stores the data. choose how you want to encrypt. they did not encrypt data at rest in their setup, the bank would have 'preferred' it but was not willing to buy the license for the encryption plugin. however, the app tier could handle the encryption/decryption. all machines were only accessable via VPN, not the WAN. due to that, assuming physical access is not an issue: if the webserver got exploited, it could only talk to the app server using http. it has no access to the encryption key, nor the database. only one direction of communication. if the app server somehow got exploited (someone somehow got a trojan installed) it can't communicate outbound, so unless they figured some creative way to make the app server expose information through the open port only for the webserver, it's useless. and to install the trojan, typically people fetch remote files - well, the app tier can't communicate outbound. it's pretty damn secure for a web app. you could theoretically pair the app server and db server on the same box - you could probably make that work too. depends on how large you need to scale and the architecture required. anyway... anyone have any comments or holes to poke in this theory? On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote: -Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Wednesday, June 23, 2010 12:22 AM To: Michael Shadle Cc: PHP-General Subject: Re: [PHP] How to store encrypted data and how to store the key? On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote: This is somewhat related to the whole PCI/credit card discussion a couple weeks back. The consensus was basically leave it to other people - however, what if YOU are the other person? I wonder if anyone has some BKMs to share about encrypting data in a web application. A lot of people take the most obvious approach, but it's fundamentally flawed, that is: I take data from the user, I encrypt it (using PHP crypto, or MySQL crypto, etc.) and a key stored in my config file, and put it into the database. Then when I want to get it back, I just use decrypt + the key in my config file. The issue there? If you server is compromised and the database is accessable, they'll have the key to decrypt the data right off the server. They can pull down copies of everything or even write their own script ON the server itself to extract the data. This has been one thing that I have not really been able to figure out yet. You could separate the servers, and figure out some very hard way for them to communicate, but when it comes down to it, the webserver needs to access the data. For example, the webserver could be behind a fully firewalled setup that only allows MySQL traffic. However, the webserver has to access the data still. I assume the only solution is somehow storing the key in a third place, so the accessor has to get the key somehow before accessing the encrypted data. But again - how to automatically allow access for only the webapp? I thought of per-user keys, but that isn't an appropriate solution for something that needs to be encrypted using the same key. Has anyone had to implement anything like this? Is there a good whitepaper on something like this? Especially relating to HIPAA requirements. PCI would be nice too, but I'm sure once this major unknown in my mind is addressed, the general concepts are common, probably just differences in levels of firewalling, cryptography strength, physical access to the machines, etc. Please keep this on topic - this is about the people who DO have to address this issue, not something about just offload it to other guys - that's an obvious choice already, and not one that is allowed depending on the job. I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would say your best bet is to keep the decryption key in memory while the This is something I'm very interested in hearing more about since our other discussion about PHP threads and how some list members prefer the 'share nothing' approach. That said, how would you access the memory for every individual sessions that need that decrypting code/key when nothing is shared? (I'm assuming that this would be purely in PHP :) Regards, Tommy app is running. Initialize it by hand
Re: [PHP] How to store encrypted data and how to store the key?
On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind peter.e.l...@gmail.com wrote: I'm just wondering if this is a correct understanding: 1. plaintext data arrives on the web frontend. or over SSL 2. It's sent to the app server SSL or non-SSL - your choice 3. It's encrypted and sent to the DB server encrypted or not encrypted - your choice Where does the data go after step 3? Does encrypted data go back out to the app server? In which case, what's to stop me from exploiting the web-server and then sending *bad data/commands* to the app server? But maybe I'm taking this too far: are you only looking at security in terms of storage? I.e. is this merely a question of avoiding dumps of the data? It is mainly about how to stop an exploited machine (even shell access) from accessing the data by simply looking at a PHP config file. This solves that by reducing the risk with the only WAN-accessable touchpoint (web servers, or well, technically the load balancer even) which is only accessable via HTTP or HTTPS. Feeding bad commands is always a risk, no matter what - but you could figure out how to setup an IDS system or something to only accept POST/GET without exploitable characters or anything. Suhosin type things come to mind. But again - the only way to get data would be if you craft something and use SQL injection or something to get the data out. You couldn't exploit code to download a trojan or something because the application server cannot talk to the Internet. I think it is a compartmentalized setup that would solve my original question... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-WEBMASTER] Web Service Problem
Wso2 is also pretty awesome.
I wish soap would just die and be replaced with rest and json.
On Jun 15, 2010, at 6:15 AM, Richard Quadling rquadl...@gmail.com wrote:
On 15 June 2010 12:44, John john.zaka...@graphicano.com wrote:
Really i need help coz i am trying to solve this problem from 4 weeks and i
can not so please help me
I want to use a web service ( created in ASP.NEt ) in my web site using php
coz i will use the result in other php pages.
the web service link is:
http://196.218.16.133/onlinereservation/service.asmx?WSDL
function name: HotelData under HotelsSearch
Is there a tool for PHP or any other way to pass string for HotelDataand
get an XML file containing the result?
I tried to learn SOAP in the manual and I can not till now return data
from this web service
My Code is:
?
header(Content-Type: text/plain);
$client = new
SOAPClient('http://196.218.16.133/OnlineReservationTravelline/service.asmx?WSDL');
try {
$params-HotelData =
'HotelsParametersCityID388/CityIDUserNameadmin/UserNameUserPasswordadmin/UserPasswordDateFrom6/12/2010/DateFromDateTo6/13/2010/DateToNumberOfRooms2/NumberOfRoomsRoomRoomSerial1/RoomSerialAdults1/AdultsChildChildSerial1/ChildSerialChildAge5/ChildAge/Child/RoomRoomRoomSerial2/RoomSerialAdults2/AdultsChildChildSerial1/ChildSerialChildAge8/ChildAge/ChildChildChildSerial2/ChildSerialChildAge5/ChildAge/Child/RoomCurrencyID162/CurrencyID/HotelsParameters';
$result = $client-HotelsSearch($params);
//echo $result;
} catch (SOAPFault $exception) {
print $exception;
print htmlspecialchars($client-__getLastRequest());
}
var_dump($result);
?
Note: the string is '
HotelsParametersCityID388/CityIDUserNameadmin/UserNameUserPasswordadmin/UserPasswordDateFrom6/12/2010/DateFromDateTo6/13/2010/DateToNumberOfRooms2/NumberOfRoomsRoomRoomSerial1/RoomSerialAdults1/AdultsChildChildSerial1/ChildSerialChildAge5/ChildAge/Child/RoomRoomRoomSerial2/RoomSerialAdults2/AdultsChildChildSerial1/ChildSerialChildAge8/ChildAge/ChildChildChildSerial2/ChildSerialChildAge5/ChildAge/Child/RoomCurrencyID162/CurrencyID/HotelsParameters’
John Zakaria Sabry
Senior Web Developer
3 El Nasr Street, EL Nozha EL Gedida,
Heliopolis, Cairo, Egypt
Phone: +202 262 00 755 - +2 012 551 5551
Fax: +202 262 00 755
Mobile: +2 018 131 91 89
john.zaka...@graphicano.com
www.graphicano.com
http://pastebin.com/cuXnT9Fb
That contains some PHP classes which are based upon the WSDL file. The
conversion is with the sourceforge wsdl2php project (with some mods).
In YOUR code ...
?php
// Include the classes which wrap the SOAP service for you.
require_once 'service.php';
try
{
// Create a new Service (unforuntate name - maybe ReservationSystem
or something - Service is VERY generic).
$Service = new Service();
// Let's do a tour search.
$TourSearchRequest = new TourSearch();
// Populate the TourSearchRequest.
$TourSearchRequest-date = '2010/01/01';
// Run the search.
$TourSearchResponse = $Service-TourSearch($TourSearchRequest);
// Dump the response (expecting it to be of class TourSearchResponse.
var_dump($TourSearchResponse);
}
catch(Exception $ex)
{
// Dump the exception, taking note of faultstring and faultcode as
these are SOAP Server generated errors.
var_dump($ex);
}
?
But this is generating a SOAP exception on the server, so the client
code won't help here.
[faultstring]=string(96) Server was unable to process request.
--- Object reference not set to an instance of an object.
[faultcode]=string(11) soap:Server
[detail]=string(0)
How are you building the WSDL file? By hand? If so, I would recommend
learning about using DocBlocks and a tool to auto generate the WSDL
file.
I use a modified version of Zend's SOAP, WSDL and AutoDiscovery tools
to build my WSDL files from my source code.
I then use a modified sourceforge's wsdl2php project to convert the
wsdl file to normal PHP classes which do all the wrapping of the SOAP
comms for me and let's me use normal PHP coding as if all the services
were local and not on a remote server.
Richard.
--
-
Richard Quadling
Standing on the shoulders of some very clever giants!
EE : http://www.experts-exchange.com/M_248814.html
EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-WEBMASTER] Web Service Problem
On Tue, Jun 15, 2010 at 10:14 AM, Richard Quadling rquadl...@gmail.com wrote: REST is a concept, not a protocol (as I understand it), so you cannot just create a service and supply a contract file. You have to document the service in some other way and then the users have to write all the code. I know it's a concept, but using that concept as the language or data transport and the data format being JSON. I could try to map these to OSI model or TCP/IP model levels but I can't be bothered. I just find SOAP to be too bloated and an annoyance to work with. I mean, technically, a SOAP request is RESTful too since it can use POST or GET... but I don't like to consider it RESTful :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Issue
Yes and scrubbing the input to ensure the field used for this URL
rejects certain characters or does sanity checking on it would also be
another suggestion. Turning this off would fix remote include
requests. But still need to check for people requesting local files.
Should never take user input and put it directly into include or shell
execs or anything.
On Jun 8, 2010, at 11:55 AM, David Stoltz dsto...@shh.org wrote:
allow_url_include is (or should be) disabled by default.
http://us2.php.net/manual/en/filesystem.configuration.php#ini.allow-url-
include
I can't think of one good reason to ever enable this, it would be a
security issue no matter how you slice it...
-Original Message-
From: Igor Escobar [mailto:titiolin...@gmail.com]
Sent: Tuesday, June 08, 2010 10:11 AM
To: richg...@gmail.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Security Issue
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 5:26 PM, richard gray r...@richgray.com
wrote:
On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an
external
code
that is interpreted as an inner code as if the code included was
more
a
part
of the script.
// my code...
// my code...
include ('http:///externalhackscript.txt');
//my code...
//my code..
can you not switch off remote file includes in php.ini?
This will stop include/require from a remote host..
i.e. /allow_url_include = Off in php.ini
HTH
Rich
/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Issue
Oh yeah. I do more than just intval() I make sure they didn't feed me anything BUT numeric text first. I do sanity check before type forcing :) I use garbage in garbage out. So I take what is given to me and yes I escape if before the db of course as well, and then encode on output. On Jun 7, 2010, at 10:45 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote: It's not that bad. Use filter functions and sanity checks for input. Use htmlspecialchars() basically on output. That should take care of basically everything. On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com wrote: This was my fear. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com wrote: On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote: Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Check all user input + upload: make sure that whatever comes from the user is validated. Then check all output: make sure that everythin output is escaped properly. Yes, it's an enormous task, but there's no way around it. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 /hype htmlspecialchars() is really only good for user input that you are outputting to the browser. For inserting data into a database, use mysql_real_escape_string(). I find it's good to think carefully about what sort of data I expect and sanitise it accordingly. If I want a numerical value, I use intval($_GET['var']) or floatval(). For things like small text box elements, regex's work well depending on the data. For data from select lists of checkboxes, make sure the value given is within a list of pre-determined values you have. Basically, nothing from the user should be trusted at all, ever. As soon as you let go of that trust in the good honesty of people you'll do fine ;) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Security Issue
You could do generic things to modify the $_GET and other superglobal arrays. For example if you wanted to implement magic quote yourself have a recursive function (I'd paste one but I'm on my phone) but something akin to this: $_GET = your_function_name($_GET); An idea for you might be to look for / or .. and reject or sanitize that in some fashion. Really hard to speak on what would safely work across the website globally (you could also just modify those specific array indexes of $_GET that have filenames or something the cache uses) Hope that makes sense. iPhones aren't the easiest to explain (or bottom post) On Jun 7, 2010, at 10:42 AM, Igor Escobar titiolin...@gmail.com wrote: It's not a SQL Injection or XSS problem, Michael. It's a PHP Injection problem. I know how fix that but the web site is very very huge, have lots and lots of partners and i'm have a bug difficult do identify the focus of the problem. Got it? Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:38 PM, Michael Shadle mike...@gmail.com wrote: It's not that bad. Use filter functions and sanity checks for input. Use htmlspecialchars() basically on output. That should take care of basically everything. On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com wrote: This was my fear. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com wrote: On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote: Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Check all user input + upload: make sure that whatever comes from the user is validated. Then check all output: make sure that everythin output is escaped properly. Yes, it's an enormous task, but there's no way around it. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Issue
Because that only typecasts it. It's safe but it isn't what the user actually entered. This way I can actually determine if the user put in 123abc and reject it, not accept it and keep the 123 silently for example. Same with floats. You may or may not consider a negative number acceptable, or with ints and floats 0 might not be acceptable too. So it's some analysis before intval/floatval/etc. I want to return to the user with a rejection notice so they literally get what they gave me (assuming it passes the sanity check) - it's not just simple silently typecasting and giving them something they didn't give me. And I meant to say garbage in, garbage out* * properly encoded or sanitized of course :) On Jun 7, 2010, at 10:51 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: Why waste time validating an integer value when intval() will do that for you? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Security Issue
I disagree and this kind of approach could be appropriate if you walk your input globals and apply some sanity checks and appropriate filtering you could fix the issue. On Jun 7, 2010, at 10:52 AM, Igor Escobar titiolin...@gmail.com wrote: I think we're getting off topic here folks... Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote: Oh yeah. I do more than just intval() I make sure they didn't feed me anything BUT numeric text first. I do sanity check before type forcing :) I use garbage in garbage out. So I take what is given to me and yes I escape if before the db of course as well, and then encode on output. On Jun 7, 2010, at 10:45 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote: It's not that bad. Use filter functions and sanity checks for input. Use htmlspecialchars() basically on output. That should take care of basically everything. On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com wrote: This was my fear. Regards, Igor Escobar Systems Analyst Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind peter.e.l...@gmail.com wrote: On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote: Hi Folks! The portal for which I work is suffering constant attacks that I feel that is PHP Injection. Somehow the hacker is getting to change the cache files that our system generates. Concatenating the HTML file with another that have an iframe to a malicious JAR file. Do you have any suggestions to prevent this action? The hacker has no access to our file system, he is imputing the code through some security hole. The problem is that the portal is very big and has lots and lots partners hosted on our estructure structure. We are failing to identify the focus of this attacks. Any ideas? Check all user input + upload: make sure that whatever comes from the user is validated. Then check all output: make sure that everythin output is escaped properly. Yes, it's an enormous task, but there's no way around it. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 /hype htmlspecialchars() is really only good for user input that you are outputting to the browser. For inserting data into a database, use mysql_real_escape_string(). I find it's good to think carefully about what sort of data I expect and sanitise it accordingly. If I want a numerical value, I use intval($_GET['var']) or floatval(). For things like small text box elements, regex's work well depending on the data. For data from select lists of checkboxes, make sure the value given is within a list of pre-determined values you have. Basically, nothing from the user should be trusted at all, ever. As soon as you let go of that trust in the good honesty of people you'll do fine ;) Thanks, Ash http://www.ashleysheridan.co.uk Why waste time validating an integer value when intval() will do that for you? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Credit Card encryption
Is this a joke? Better hope your merchant provider isn't lookin... On Jun 1, 2010, at 7:17 PM, Brandon Rampersad brandon.add...@gmail.com wrote: I store CC # in plain text on my custom ecommerse website script so i can compare it with others. That way it's easier to convert to different hashes when i decide to integrate an encryption system. So far i havent had any problems. On Tue, Jun 1, 2010 at 11:15 AM, Paul M Foster pa...@quillandmouse.com wrote: On Tue, Jun 01, 2010 at 10:42:11AM -0400, tedd wrote: At 9:24 PM -0400 5/31/10, Paul M Foster wrote: On Mon, May 31, 2010 at 05:06:23PM -0400, tedd wrote: At 12:36 PM -0400 5/31/10, I wrote: That's Okay, but I'm simply telling you what I KNOW to be true. You may either accept what I have to say, or reject it, but to reply that what I say is Not true is somewhat offensive and confrontational. I hope you didn't mean it that way. :-) My apologies for taking what you said as I did and my reply -- it was wrong of me. I am sure you didn't mean anything offensive. You are correct. I meant no offense. In turn, when I read your post, it appeared that you were making a blanket statement applicable under all conditions, to which I objected. However, reading back over it, you did insert qualifiers. Paul Okay, let's not get a room over this. :-) Yes, dear. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- A Brandon_R Production -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inconsistent json_decode() results
2010/5/5 Michiel Sikma mich...@thingmajig.org:
By the way, if you're stuck on 5.2.10, you could simply cast the result to
array:
var_dump((array)json_decode('{_urls: [a, b]}'));
I don't see a available starting in 5.x.x notice, so I think it's
been there for a long time...
http://www.php.net/json_decode
Second parameter of true makes it return an array instead of a class
(I just had to use this recently, that's why it popped in my mind)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Inconsistent json_decode() results
On Wed, May 5, 2010 at 1:11 PM, Michiel Sikma mich...@thingmajig.org wrote: You're right, but this is about how 5.2.10 ignores the second parameter and always returns a class, which appears to be a bug. I'm not sure which other versions have this same problem, but 5.2.11 has correct behavior, which seems to suggest they found and fixed it by then. I can't find an entry for this problem in PHP's bug database, however. My suggestion to typecast the result of json_decode() should only be followed if you need an array and are required to work with version 5.2.10. A. I gotcha now. Yeah I started using that just recently either 5.2.11 or 5.2.13 (not sure which) You can typecast an object to an array that easily? I was unaware. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to Force IE to download text file?
On Fri, Apr 30, 2010 at 9:19 AM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: I have written this code to export data to a text file and asks user to save generated file. It works with Firefox perfectly, but IE shows content of file instead of prompting the download window. How can I force IE to show the download dialog? ?php Header(Content-disposition: attachement; filename=data.txt); Header(Content-type: text/plain); echo $some_data; ? We usually do something like this. Although I am not sure about text files. header(Content-Disposition: attachment; filename=\.urldecode(basename($file)).\;); header(Content-Type: application/force-download); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to upload large file ( bigger than 1G) with PHP
On Fri, Mar 12, 2010 at 4:41 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I've noticed that large uploads over http seem to behave a little unpredictably at times, and aren't something I'd rely on. FTP is definitely the way to go, and there are plenty of Java applets that allow you to do this. FTP is not a realistic option, for a multitude of reasons. a) mapping an HTTP request and user - FTP account / pick this file up b) firewall issues c) additional services having to be enabled and routed to on the server side While I do agree FTP is FILE transfer protocol, it still isn't the right solution IMHO. Ideally, HTML5 will provide a more industry standard method (IIRC, a coworker already pointed out something in the spec for it, but I forget) A very workable solution we've came up with has been using Google Gears + PHP. Re-using the browser and HTTP conversations provides us multiple benefits: a) Cookie support - to identify the user b) supports HTTP and HTTPS c) Firewalls are not an issue - reuses the same proxy settings The difference between standard file upload using a single POST vs. our method is key - it's chunking the file. Google Gears has this support, Java can too; send up portions of the file at a time, and either glue it together on the fly on the server, or take all the chunks and merge them all at once at the end. By doing it in a chunked format, it allows us to also re-transmit failed chunks and treat files of any size in bite size chunks - with a little bit of Javascript, PHP and Gears, we can support files of any size (within filesystem and OS limits) and it does not require -any- tweaking of the webserver. It is chunks of data sent to the server using standard POSTs and small enough to fit under even small PHP and webserver memory limits (and could always be configurable) - no more suhosin.memory_limit, memory_limit, post_max_size, upload_max_filesize to fuss with. It's a shame that Google had to decide to stop developing and maintaining Gears. It was a lightweight, perfect solution. We're working on a Java-based version instead now. Lightest footprint we can possibly get in Java, but it's the only applet language that has all the support we need for chunking, cross-browser, cross-platform, etc. I believe our plan is to release it out to the public so people can enhance it, use it, do whatever... For now though, Gears works pretty awesome for us, a handful of our users have complained though Gears won't install for them (not sure why) and there is no support for Snow Leopard, I believe. So we're starting to hit the point where it isn't our magical solution anymore. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to upload large file ( bigger than 1G) with PHP
On Fri, Mar 12, 2010 at 11:51 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: It's not much trouble to map the FTP to a file and have the right permissions, and FTP is a doddle to set up on a server. I'd say a darn sight less work than rolling your own mechanism in Java. Well, mechanisms already exist. We're just trying to create a cleaner one that works with the browser's DOM so it looks native in the browser, has the chunk support, etc. FTP servers can be easy to setup but mapping who uploaded what and keeping that secure is a pain. Do you use one generic account, or one random account per user? If one generic account, how do you keep others from downloading someone else's content? etc? Lots of questions come to mind. But lunch is more important... :) Lastly, I don't think firewalls are that big an issue, as most firewalls I've seen will allow outgoing FTP connections from a users computer by default. Must not deal with that many corporate firewalls :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_GET is Mangling Base64 value
On Thu, Mar 11, 2010 at 1:57 PM, George Langley george.lang...@shaw.ca wrote:
x is a Japanese phrase, that has been encoded into Base64. So is using
the + symbol:
...OODq+OCou...
but my $_GET is replacing the + with a space:
...OODq OCou...
thus the base64_decode() is failing (displays diamonds with questions marks
on my Mac).
You could always pre-parse it with
$_GET['foo'] = str_replace(' ', '+', $_GET['foo']);
and inject them back in... I have had to do something like that in the
past because of the same issue (I either needed to add or remove the +
I forget)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 12:55 PM, Joseph Thayne webad...@thaynefam.org wrote: I am not sure what the security issues are you are referring to as the $_REQUEST superglobal contains both $_GET and $_POST values. Could you expound on that? Thanks. $_REQUEST opens you up to POST/GET values overriding cookie values or vice versa. It's best to choose your source of data specifically. I unset($_REQUEST) wherever I can to enforce stricter coding practices. To me it's lazy. If you really need to mix POST and GET, then you can always array_merge($_POST, $_GET) Use quoted strings - either single or double quotes. Eg: $myArray['myKey'] $myArray[myKey] single quotes are better (by a marginal fraction) as it won't look for interpolated strings :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 1:30 PM, David Murphy da...@icewatermedia.com wrote: Richard, The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, they should ALL be treats as bad data until normalized and sanitized. The claim that it opens a security hole is just false, that’s like saying PHP is insecure, its not it just allows for lazy coding such as $_REQUEST. It represents a way for people to exploit coders who don't know any better. Expecting a cookie value to come through in $_REQUEST but you could override using a query string parameter makes for easy exploitation. Probably not catastrophic but much easier to brute force things if you don't have to bother with cookies, or can fake a user identity easier; things of that nature. If you coded your app well, in theory it won't make much difference, however, why keep something out there that makes it easier for people to mess with your site, period? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
On Mon, Feb 22, 2010 at 2:07 PM, John Black s...@network-technologies.org wrote: And how is this more secure? I can create a cookie, send post or get on my client machine and send anything I want to the server. Just because you are getting a cookie does not mean that you created it :) So you might as well use request because the data can not be trusted either way. Kind of like saying why bother exercising and keeping healthy - we're going to die anyway Secure might be the wrong term here. As you can easily change GET to POST and vice-versa and send any cookies you like, this is why I tried to revise my statement and quantify it better... in a properly coded app it doesn't present much issue. However, it encourages laziness and PHP's barrier to entry is so easy that there is a lot of people who consider a cookie to be trusted, and overriding it with a simple GET parameter is too easy of an attack vector. At least make it difficult. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST vs $_REQUEST
The difference here is you can at least have some control over the data and expect it in a certain fashion. Also the behavior of cookies vs. get vs. post are different (cookies have length and expiration limits, get has length limits, post has server confgured limits) Like I said a properly coded app won't really suffer much but why allow for lazy coding practices and non properly coded apps to be exploited as easy? The great deal of apps out there are not properly coded. Again I reference my metaphor about dying. At least try to put effort into something. On Feb 22, 2010, at 2:26 PM, John Black s...@network- technologies.org wrote: On 02/22/2010 11:17 PM, Michael Shadle wrote: Secure might be the wrong term here. As you can easily change GET to POST and vice-versa and send any cookies you like, this is why I tried to revise my statement and quantify it better... in a properly coded app it doesn't present much issue. However, it encourages laziness and PHP's barrier to entry is so easy that there is a lot of people who consider a cookie to be trusted, and overriding it with a simple GET parameter is too easy of an attack vector. At least make it difficult. Just because someone believes that a cookie is something that can be trusted does not make it so. A properly coded app should not care how the client sends the information, only that the information is it valid and expected. A cookie is the same thing as $_POST or $_GET data but it can be stored for a period of time, what happens to the stored data is out of our control. Treating one any different from the other is just wrong and will create apps with security holes. For anybody who would like to try the GUI version of tampering with data sent to the server checkout TamperData for FireFox. -- John Klarmachen zum Ändern! http://www.youtube.com/v/AYM-_qfytfA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP MS Sequel Server
I use PHP with MSSQL right now. PHP is on Linux, MSSQL is on Windows. Just use the FreeTDS libraries to connect. On Sun, Jan 17, 2010 at 10:47 AM, dealtek deal...@gmail.com wrote: http://www.aspfree.com/c/a/MS-SQL-Server/Using-PHP-with-MS-SQL-Server/ This article seems to sate that PHP can interface with MS Sequel Server ? If so, is it about the same level of complexity as working with PHP MySQL? If one was to choose php one DB over the other in a general comparison (not cost): any preferences? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Server-side encryption to prevent form hacking: new idea?
you don't necessarily need encryption, you could use digests instead and issue a use-once ticket as well. On Fri, Dec 11, 2009 at 12:29 PM, Mattias Thorslund matt...@thorslund.us wrote: Kelly Jones wrote: If you have an HTML form select field xyz with possible values apple, banana, and cucumber, anyone can easily set xyz to an arbitrary value. To prevent this, I create a hidden field code[xyz] with value: base64_encode(mcrypt_ecb( MCRYPT_RIJNDAEL_256,$salt,apple,banana,cucumber,MCRYPT_ENCRYPT)); where $salt is stored in a file outside my webroot. The script receiving the POST data uses: mcrypt_ecb(MCRYPT_RIJNDAEL_256,$salt, base64_decode($_REQUEST[code][xyz]), MCRYPT_DECRYPT); and confirms xyz is really one of apple, banana, or cucumber. Obviously, this can be extended to other types of form fields, and the check value can be a regular expression or even a function call. Is this a new idea, or have people done this before? If the server-side script knows which values are expected, then there is no need to send that to the client (browser) and back. If this is not simply hard-coded in your script, you can keep it in a different file, in a database, or in the session, depending on your particular situation. For most of the fields, the number of acceptable values aren't limited to a small set, so it's more practical to check for expected length, data type, and escape the data before saving it. Cheers, Mattias -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Emergency! Performance downloading big files
Ah I didn't pay attention to the first part. Just gave my typical don't spoonfeed bytes from php rant :) Sent from my iPhone On Dec 2, 2009, at 1:42 AM, Colin Guthrie gm...@colin.guthr.ie wrote: 'Twas brillig, and Michael Shadle at 01/12/09 23:51 did gyre and gimble: On Tue, Dec 1, 2009 at 3:21 PM, James McLean james.mcl...@gmail.com wrote: The suggestion from other users of off-loading the PDF downloading to Apache (or another webserver) is a good idea also. ^ I never allow PHP to be [ab]used and kept open to spoonfeed clients with fopen/readfile/etc. I think there has been some confusion The OP wanted a way to *download* the files *from* somewhere, not dish them up to his clients. I think some or the replies were assuming he wanted to have a PHP script as a guardian to protect content from unauthorised users but that is not what he actually said! in apache there is a mod_sendfile module I think. never used it. The above said, I didn't know about this module and it looks rather useful, so thanks for pointing it out :D Here is the first Google result I found on this issue which explains it a bit. http://codeutopia.net/blog/2009/03/06/sending-files-better-apache-mod_xsendfile-and-php/ Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free tech talk by Percona tonight in Palo Alto, CA
On Tue, Nov 3, 2009 at 10:17 AM, Sam Ghods s...@box.net wrote: Hi all, I would like to invite everyone to a Box.net sponsored free tech talk (and free dinner!) in Palo Alto tonight on Goal Oriented Performance Optimization, given by Peter Zaitsev of Percona, the leading MySQL/LAMP performance consulting firm. Learn more about the event from our blog post http://blog.box.net/?p=1363 and RSVP here: got any slides? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Issues with MySQL connectivity ... on only one machine, and for a while now
Oct 25 22:00:01 sql02 php: PHP Warning: mysqli_connect(): (HY000/2013): Lost connection to MySQL server at 'sending authentication information', system error: 32 in /home/foo/web/foo.com/core.php on line 2394 It's either this or one or two others. What is odd is I have switched to making it sockets only - doesn't seem to help. I think it was anyway, it's all over localhost. It wasn't always like this either. Can't seem to find any reason for it. Scripts are able to connect at near lightning speed, do 20+ queries a page load and disconnect without an issue before it even shows up in a show processlist but I'm seeing issues with disconnections on localhost. I wanted to upgrade to PHP 5.3.x to use the mysqli.reconnect option, but I don't think the code will work 100% - does anyone else have any ideas? I have a second server, same specs, being beaten (not as hard, but decently) that exhibits none of these behaviors. mysql 5.0.75 on ubuntu jaunty 64-bit php 5.2.11 (but has been showing this issue since 5.2.9 if not earlier, I didn't start tracking it then) I don't understand why it would be having issues during the authentication phase especially over localhost or socket!?! I think this might be more of a question for the PHP community than the MySQL one; I've tried some additional MySQL tuning and it doesn't seem to help, and the error comes from PHP, I can't reproduce it any other way. Any ideas? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Issues with MySQL connectivity ... on only one machine, and for a while now
Yep the only connectivity issues are coming from the server itself. I have 3 webservers talking to this server and never get a failed read - the batch jobs running on the server itself have issues once in a while. I even FORCED sockets just in case it was using TCP via localhost... On Mon, Oct 26, 2009 at 12:24 AM, Kim Madsen php@emax.dk wrote: Michael Shadle wrote on 2009-10-26 06:48: Oct 25 22:00:01 sql02 php: PHP Warning: mysqli_connect(): (HY000/2013): Lost connection to MySQL server at 'sending authentication information', system error: 32 in /home/foo/web/foo.com/core.php on line 2394 It's either this or one or two others. What is odd is I have switched to making it sockets only - doesn't seem to help. I think it was anyway, it's all over localhost. It wasn't always like this either. I think it's related to network flaws, at least that was the understanding I had from the same problem, which occured some months ago at an ISP i'm using, but you're writing all over localhost? -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ip-to-country
http://pecl.php.net/package/geoip however i tried a few IPs once and it was unknowns On Sun, Oct 18, 2009 at 12:03 PM, SED s...@sed.is wrote: Hi, How can I access an index for IP to a country (or a more detailed location)? I have not yet found a function for that in PHP nor a free to use website that offers a remote search. Perhaps, there is another solution - any ideas? Regards, Summi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Converting print_r() output to an array
first off, if you pass print_r($var, true) it will return it instead of printing it. if you go that route. have you looked at var_export() ? On Wed, Sep 30, 2009 at 8:07 PM, James Colannino ja...@colannino.org wrote: Hey everyone, I was pretty sure there was an easy built-in solution for what I want to do, but I've been googling around with no luck. Basically, I just want to take a string containing the output of print_r() and convert it back into an array again. That is possible, right? If so, how do I go about it? If not, what's a quick and easy way to parse a string and turn it into an array (I don't necessarily need the string to be in the format print_r returns). Thanks! James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Host that allows edit of php.ini
Someone who adopts php 5.3.0 or uses htscanner might allow for it. I'm too lazy to check if memory limit is allowed on an htscanner/htaccess level or not On Wed, Jul 8, 2009 at 1:27 AM, Matthew Croudm...@obviousdigital.com wrote: Apologies if this type of question is frowned upon in the mailing list, however I would like to pop the question to those in the know. Can anyone recommend a UK host that allows you to edit ( or a copy of ) the php.ini file, allowing me to increase the file upload size to 100mb for clients PDF artwork files. I wish to create an upload site for my print firm. Your recommendations are greatly appreciated. Matt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best way to properly build an include path *regardless* from where I am calling the include?
On Mon, Jul 6, 2009 at 8:24 AM, Daniel Brownparas...@gmail.com wrote: Conversely, using the code example from above (and building upon it), we know that __FILE__ remains static regardless of the point of the call. Thus, it's a better and more reliable method, and is usable even if $_SERVER data is not available to the script. +1 - i use dirname(__FILE__) everywhere. Rasmus said you can just use ./includes/foo.php, why have an extra function call (the dirname) but i tried that on one of my setups and what is odd is it couldn't find the files from the forced relative paths which should work just fine. there could have been other weird voodoo going on too, but i know for a fact dirname(__FILE__) has been reliable and the best part is it does not require $_SERVER. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Does something like this exist?
On Mon, Jun 29, 2009 at 1:16 PM, Dotan Cohendotanco...@gmail.com wrote: * What files are include in which scripts pecl.php.net/package/inclued - an awesome tool, will show you includes/require calls to other ones, show you any redundancy (dotted lines) etc. helps you clean up any nested and unnecessary includes or requires. Rasmus approved(tm) use it with graphviz and you've got visual maps of your entire include/require structure. * The relationships between defined classes (eg A extends B) * What other classes are utilized by which classes (eg, instantiation) doesn't phpdoc or something do this stuff? might need comments before each function/method to make it really work well. not sure. i think there's also something called phpxref as well that might work... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Does anyone know how gettext works under the hood?
I'm wondering if there is a way to save some processing time, and I could totally be off my rocker, or violating the pre-mature optimization rule... But my assumption is when you ask gettext in PHP to load up a .po file, it has to convert that into bytecode. That takes some overhead, especially on a busy website. Could it be possible then to take the APC approach and only process it once, keeping the output in shared memory and only destroy the cache then the .po file is changed? I haven't profiled the portion of my code using gettext yet but it would be interesting to see how much % of each request it takes to load the file. I also assume as the file gets larger it will take up more resources as well... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I've some doubts if I should go with 5.2 or go already with 5.3 (for a course)
On Tue, Jun 23, 2009 at 2:34 AM, Robert Cummings rob...@interjinn.com wrote: Revolutionary, no. Major changes for PHP, yes! Major shifts in development practices for PHP... it depends on who you are or where you work, but certainly some of these will mark changes in development for many people. +1 http://cvs.php.net/viewvc.cgi/php-src/UPGRADING?revision=PHP_5_3 Depending on your output you may start getting a lot of errors, warnings and deprecation messages. Not to mention, every error thrown is overhead in the system, regardless if it is being displayed or logged. (as Rasmus says, write error free code) Behavior changes that can affect people's code from either the I assume this is defaulted this way, behavior changes or deprecation changes from what I can grok from that - quite a few that people should probably be looking for ahead of time, and writing 5.3 safe versions of their code, and ensuring they have the ini variables defined to what they want that will be changing their defaults too... - **namespace** and **goto** are now reserved keywords. - **Closure** is now a reserved class. (Used by lambda and closure.) - The array functions natsort(), natcasesort(), usort(), uasort(), uksort(), array_flip() and array_unique(), no longer accept objects passed as arguments. If you need to access their properties using an object, you will need to cast the objects to arrays first. - The behaviour of functions with by-reference parameters called by value has changed. Where previously the function would accept the by-value argument, a warning is now emitted and all by-ref parameters are set to NULL. - The magic methods __get(), __set(), __isset(), __unset() and __call() should always be public and can no longer be static. Method signatures are enforced. - The __toString() magic method can no longer accept arguments. - count() vs count_elements() handler resolution rules have changed. (This could potentially break custom PHP extensions.) - The trailing / has been removed from SplFileInfo and other related directory classes. - The new mysqlnd library necessitates using MySQL's newer 41 byte password format. Continued use of the old 16 byte passwords will cause mysql_connect() to produce the following error message: mysqlnd cannot connect to MySQL 4.1+ using old authentication (perhaps an E_WARNING ?) - define_syslog_variables() is deprecated.(not sure if this will throw any E_DEPRECATED or anything) - All ereg functions are deprecated and emit E_DEPRECATED errors. Use PCRE (preg_*()) instead. - The following ini directives will now emit an E_DEPRECATED warning upon startup if they are activated: - define_syslog_variables - register_globals - register_long_arrays - safe_mode - magic_quotes_gpc - magic_quotes_runtime - magic_quotes_sybase Extensions moved out to PECL and actively maintained there - fdf - ming - ncurses c. with changed behaviour - datetime: date/timefunctions will no longer use the TZ environment variable to guess which timezone should be used. - hash: The SHA-224 hash algorithm is now supported. - oci8: Calling oci_close() on a persistent connection, or on a variable that references a persistent connection going out of scope, will now roll back any uncommitted transaction. You should explicitly commit or rollback as needed. Setting oci8.old_oci_close_semantics=On in php.ini gives the old behaviour. - session: Sessions will no longer store session-files in /tmp where open_basedir restrictions apply, unless /tmp is explicitly added to the list of allowed paths. - zend_extension_debug and zend_extension_ts have been removed. Instead use the zend_extension directive to load all Zend Extensions. - zend.ze1_compatibility_mode has been removed. If this ini directive is set to on, then an E_ERROR is emitted at startup. - The default value of session.use_only_cookies has changed to 1 Windows has some changes too, but I think only if you're running pre Windows 2000 will it make a difference. Sorry for re-hashing the entire thing but I think I picked out everything that may conflict with existing code or assumptions on existing code. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Search/Replace in entire database?
You can always cheat. Use information_schema or just show databases and show tables and loop through it. Just using information_schema is perfect though i think then you can know or query on column type and save some work. Sent from my iPhone On Jun 15, 2009, at 1:10 AM, Peter Ford p...@justcroft.com wrote: Chris Payne wrote: Hi everyone, I am in the middle of creating an editor where you can search and replace on an individual column in a single table then I came across something I need to be able to do but not sure how. Is it posible (And if so please how :-) to search an entire database and all tables within a database and do a find/replace on keywords without having to specify each table/column within that table? The people I am working for have made some big changes and one of them is changing the names of one of their products, but this product name appears EVERYWHERE in many tables and in lots of different column names, and it would save so much time if I could do a single query that would just search EVERYTHING within the database. Thanks for any advice you can give me. Regards Chris Payne Chris, This is not really a PHP question, is it? More like a question for the support group that corresponds to your database software... However, in my experience databases don't allow a cross-table update in a single query - you won't be able to do it in one query. You will either have to 1. work out which columns and tables contain the name 2. script a query to make the changes for each separately 3. test it on a backup version of the database 4. fix the bugs 5 run the script on the live database. OR (possibly) 1. block access to the database (to prevent any changes while you are processing) 2. dump the whole DB to an SQL script 3. do a search and replace on the text of the SQL script 4. Drop the existing data and reload the database from your SQL dump 5. enable access again so that the users can find the (inevitable) mistakes. These are both pretty time-consuming - sorry! Then make a business case for the project of normalising the database, at least with respect to the product names... -- Peter Ford phone: 01580 89 Developer fax: 01580 893399 Justcroft International Ltd., Staplehurst, Kent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Converting MP3 to FLV On-The-Fly
I would also batch it. Keeping a user waiting (unless you have a please wait... screen, which still can take some time and be a bad user experience) in my experience hasn't been ideal and won't scale very well. On Sun, Jun 7, 2009 at 11:04 AM, Nitsan Bin-Nunnit...@binnun.co.il wrote: I thought of using FFMPEG but I have a bit of experience with it. Any links or more specific directions would be great. On Sun, Jun 7, 2009 at 7:48 PM, hessi...@hessiess.com wrote: Hi Lista I'm trying to figure how I can turn MP3 files into FLV files on the fly using PHP. I'm having a server and I can install 3rd party software in order to accomplish this conversion. I have never dealt before with music file comression or anything similar so I don't know what I should look after or where I should look. Any idea would be very appreciated! Thanks! Nitsan You may want to use some sort of caching, converting media formats is very computationally demanding. You could use FFMPEG to do the conversion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best Encryption Algorithm
+1 for AES 256-bit On Wed, Jun 3, 2009 at 11:43 AM, Eddie Drapkin oorza...@gmail.com wrote: Another camper on the AES / Rijndael bandwagon. I don't think there's even been a theoretical attack point for anything 128 bit, but I could be wrong. And re: sha1, sha1 isn't an encryption algorithm... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: SQL Injection - Solution
On Thu, May 7, 2009 at 4:28 PM, Shawn McKenzie nos...@mckenzies.net wrote: RTFP! ;-) He has no idea what DB will be used. Wouldn't that be a better argument -for- using PDO? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Injection - Solution
mysql_escape_string can be used instead. You just lose the ability to
have it match coallation. I still think there should be the
mysql_escape_string or real one and allow it to pass the coallation
without a database handle -or- just make a unicode/utf8 one and be
done with it.
On May 6, 2009, at 9:40 AM, Igor Escobar titiolin...@gmail.com wrote:
I know that use the mysql_real_escape_string to do de job is better
but you
should consider that the this function don't have any access to the
data
base, to objective of this function is sanitize the string.
And please, see my second answer, i make some updates in the
function that
possibly is relevant.
Regards,
Igor Escobar
Systems Analyst Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
On Wed, May 6, 2009 at 1:14 PM, Andrew Ballard aball...@gmail.com
wrote:
On Wed, May 6, 2009 at 12:06 PM, Bruno Fajardo bsfaja...@gmail.com
wrote:
Hi there!
2009/5/6 Igor Escobar titiolin...@gmail.com
Hi folks,
Someone know how i can improve this function to protect my
envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is
not
enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP
TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key = $value):
if(is_array($value)): $arraSanitized[$key] =
_antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,,
$value;
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
What if someone posts, in any form of your app, a message containing
or, from or where? Those are very common words, and eliminate
them is not the best solution, IMO.
Use mysql_real_escape_string() like Shawn said, possibly something
like this would do the trick (from
http://br2.php.net/manual/en/function.mysql-query.php):
$query = sprintf(SELECT firstname, lastname, address, age FROM
friends WHERE firstname='%s' AND lastname='%s',
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
Cheers,
Bruno.
+1
I would stick with parameterized queries if available, or just use
mysql_real_escape_string() for these and a few more reasons:
1) You'll find lots of posts in the archives explaining why
mysql_real_escape_string() is preferred over addslashes() for this
purpose.
2) strip_tags has absolutely nothing to do with SQL injection.
Neither
does trim(). There are cases where you would not want to use either
of
those functions on input, but you would still need to guard against
injection.
3) DROP TABLE will work no matter how many white-space characters
appeared between the words. For that matter, I am pretty sure that
'DROP /* some bogus SQL comment to make it past your filter */ TABLE'
will work also.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need ideas for things to code -- Roach vs Bugzilla
On Mon, Apr 27, 2009 at 2:47 PM, Daevid Vincent dae...@daevid.com wrote: I got that one done for you: http://www.daevid.com/content/examples/roach.php p.s. the PHP code is absolute crap by the way. I inherited the start of this and just had to keep building on top of it, so i never got time to re-write it properly, only fix as I went. It's a dead project at this point, so someone is free to pick up where I left off as Lockdown is no more. Well, thanks for that; it seems like it's got a lot of features. A big one to examine would be looking at its integration with svn. But I like the triage assignment by default. It's a little disappointing though if you're selling it with the note of the code is crap ... :) I'll toss it over to my boss who is the one messing around with trac/redmine/etc and see what he has to say. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need ideas for things to code -- Roach vs Bugzilla
On Mon, Apr 27, 2009 at 3:27 PM, Daevid Vincent dae...@daevid.com wrote: I just didn't want someone to think this was the caliber of code I wrote! ;-) totally understood. i don't like people getting the wrong idea of my code too :) I am using Trac personally, but I'm not a fan of Trac's ticket system. Roach is way more powerful in that respect, but the overall Wiki/SVN/Ticket/Plugin integration outweighs the lacking Ticket system. Me too. The whole wiki style is a bit funky for ticketing. I think bugzilla is nasty and I hate supporting old CGI programs. It just seems like they never change design-wise, definately UI but also conceptually for the most part. The hooks with SVN are also great. For example someone couldn't commit to SVN without the corresponding CR in Roach in the commit message. I thought I had the SVN pre-commit and post-commit hooks in the tarball, but apparently not. They were written in Ruby, so maybe not so useful to you anyways. I'm sure i have them somewhere if you really wanted them. Sure, you should include them in the package. Worst case if we wind up doing something with hooks I can use them as a cue on how to reject without including a ticket ID for example, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need ideas for things to code -- Roach vs Bugzilla
On Mon, Apr 27, 2009 at 5:46 PM, Shawn McKenzie nos...@mckenzies.net wrote: #1 Which one are we talking about? Tickets/trackers (Bugzilla, Mantis, Roach, you name it) and SCM integration tools (Redmine, Trac) #2 Having rarely used either, what are the main (must have) features? For general purpose ticketing engine, it would need custom field support. For specifically designed solutions it depends. For us we only need a few fields, really. I've hacked together bits and pieces in only a few minutes, we're using a custom one right now, but one with active development would be nice - APIs and plugins for extensibility, XML/RSS feeds, etc. Those aren't required but should come standard nowadays... #3 What are the needed features that other OSS solutions don't offer? Clean interface, easy reporting, integration with SCM (i.e. svn) - various apps do various combinations of these. If it was done in PHP it would be perfect as we could bolt on our custom authentication into it. Trac is written in Python and Redmine in Ruby; we'd have to re-code our authentication integration into one of those languages for it. Oh, and multiple project support. Trac does not support this. Redmine claims to. (as in, multiple svn repositories as well) #4 What are the great features missing from free and commercial apps? I am not sure I've seen a commercial PHP app that does this. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need ideas for things to code -- Roach vs Bugzilla
On Mon, Apr 27, 2009 at 6:09 PM, Shawn McKenzie nos...@mckenzies.net wrote: OK, so geared towards software bugs I assume (I haven't used any)? Web site development, a little system administration. But yes, basically software bugs. OK, so I am not familiar with the bug tracking software or anything that it needs to do, but I find it hard to believe that at the top of the list would be APIs, plugins, RSS. These don't sound like main features of a bug tracking app. APIs for bug insertion, deletion, reporting, etc. is not far off from a core product. Especially in web 2.0 land nowadays. We have multiple installations of bugzilla and other tracking mechanisms in and outside of the company feeding off each other, with no clean interfaces. Of course there are hundreds of generic bug tracking programs out there. Anyone with a PHP book can make one. We'd like to align with an industry standard type one, or one with an active community, but there is no real big one I am aware of other than Bugzilla (if not factoring in language) or Mantis (for PHP), or with SCM interaction Redmine and Trac. Trac won't work for us because we have multiple repositories/projects. We'd have to hack together some sort of solution to manage all of them from one, or install a bunch of instances, and then we'd have bugs in multiple systems to track. Each developer on our team handles code for at least one project, just FYI. Redmine may work, but we need more time to determine if we can hack our own auth layer on top of it. Even then I am not sure if it will meet our needs 100% or not. We have not evaluated it enough yet. Doesn't matter PHP or other. What is not available in any other product that would be awesome to have (wish list)? Most products are bloated. Part of my wish list would be that it is written in PHP, so our team can extend it without writing beginner insert language here code to try to customize the couple things we'd need to tweak (like the auth layer) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] I need ideas for things to code
how about: a replacement for mailman in php a trac/redmine written in php a better bugzilla replacement in php On Fri, Apr 24, 2009 at 4:25 PM, Nathan Rixham nrix...@gmail.com wrote: Andrew Hucks wrote: I've been coding PHP for about a year, and I'm running out of things to code that force me to learn new things. If you have any suggestions, I'd greatly appreciate it. a: get paid to do it; pick up work on freelance sites and they'll give you the ideas + you'll get paid to do it b: see a -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Suggestions of some good, simple file upload 'in progress' code?
On Wed, Apr 22, 2009 at 6:20 AM, haliphax halip...@gmail.com wrote: Michael, Given the fact that Gears requires a client-side installation, has an awful penetration percentage, and his original solution is all server-side (though it does require APC and YUI-JS), I wouldn't say this is a very good suggestion. Compared to what he has already found, the Gears solution is not clean by any stretch of the imagination. a) the native solution that requires APC is not multi-webserver capable b) i was just sharing a different approach to an idea. who knows. it might be something to explore. gears is pretty lightweight, and for the ease of this and the functionality it brings (not to mention cross-browser+platform) i see a compelling reason to give it a shot. c) the APC method -still- requires webserver tweaks and post max size etc. this is sending small chunks of data, is proxy-safe, and requires nothing on the server; all that is required is gears, which is a library to extend your browser's capabilities and i have not heard any issues with it or security holes thus far. penetration is an issue but when more sites push it and say hey, you should install it the penetration will grow. not to mention youtube for example is using roughly the same method and picking up a lot of browser installs off that. flash started out as a baby too. even java did (inside of browsers) ... i completely disagree it is not clean - it is literally one browser addon that a lot of people do have, comes from a reputable company, and creates basically limitless upload capabilities - i can do 300 meg files without blinking - it's not one long single POST that can fail anytime, it's lots of small POST requests; it takes basic PHP on the server and then some javascript for the UI (all the pieces to get a basic functional install i sent links to) how is that not cleaner than requiring the right version of apc, hoping that one single long POST doesn't fail, etc? our next version will include re-transmission on any chunk failure and some other stuff, too. we're talking about literally any file size, and even multiple file support, with the capability to retry on failure so you -know- your file will get there, no matter if you're on fast broadband or third world connectivity. we've dealt with issues for years with people in geos having to send us links to files and have us upload them for them... not anymore. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Suggestions of some good, simple file upload 'in progress' code?
On Wed, Apr 22, 2009 at 2:41 PM, haliphax halip...@gmail.com wrote: On Wed, Apr 22, 2009 at 11:25 AM, Michael Shadle mike...@gmail.com wrote: On Wed, Apr 22, 2009 at 6:20 AM, haliphax halip...@gmail.com wrote: Michael, Given the fact that Gears requires a client-side installation, has an awful penetration percentage, and his original solution is all server-side (though it does require APC and YUI-JS), I wouldn't say this is a very good suggestion. Compared to what he has already found, the Gears solution is not clean by any stretch of the imagination. a) the native solution that requires APC is not multi-webserver capable b) i was just sharing a different approach to an idea. who knows. it might be something to explore. gears is pretty lightweight, and for the ease of this and the functionality it brings (not to mention cross-browser+platform) i see a compelling reason to give it a shot. c) the APC method -still- requires webserver tweaks and post max size etc. this is sending small chunks of data, is proxy-safe, and requires nothing on the server; all that is required is gears, which is a library to extend your browser's capabilities and i have not heard any issues with it or security holes thus far. penetration is an issue but when more sites push it and say hey, you should install it the penetration will grow. not to mention youtube for example is using roughly the same method and picking up a lot of browser installs off that. i completely disagree it is not clean - it is literally one browser addon that a lot of people do have, comes from a reputable company, and creates basically limitless upload capabilities - i can do 300 meg files without blinking - it's not one long single POST that can fail anytime, it's lots of small POST requests; it takes basic PHP on the server and then some javascript for the UI (all the pieces to get a basic functional install i sent links to) Unless you are in a corporate environment where you control what is installed on your visitors' machines, then just about any server-side hell you have to put yourself through is cleaner to the client than them needing to install ANYTHING. I'm sorry if my opinion seems a little too black and white, but those are the breaks. I can definitely say that, coming from a higher education institution standpoint, the site I work on would ALWAYS do something server-side and exhaust all of those possibilities before forcing prospective students, applicants, etc. to download additional software for their web browser. It depends on the clientele, really. It also depends on the servers. If you're behind load balanced webservers, the APC solution is out. If you're on a shared hosting solution, it most likely is out (due to some config tweaking) You're limited to the POST size limits and other file upload limitations inside of php.ini on the server etc. If your clientele find it useful enough, they will download it. People are stupid enough to click on viruses, why would they not click on something that comes from a reputable source as well, and promises them large file uploads, looks like it is part of the website (and not some hokey looking UI from an applet) and is SSL-friendly, proxy-friendly, etc, etc... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Suggestions of some good, simple file upload 'in progress' code?
On Tue, Apr 21, 2009 at 9:02 PM, scubak1w1 sk...@spamcop.net wrote: scubak1w1 sk...@spamcop.net wrote in message news:cf.13.21597.2ee8e...@pb1.pair.com... Hello, Can someone pass on some suggestions of some good, simple file upload 'in progress' code? Maybe as simple as changing the cursor icon for the duration? [self snip!] http://www.johnboy.com/about-us/news/a-useful-php-file-upload-progress-meter seems to be the cleanest example I can find - would this be fair to say? Google Gears makes it very easy and can make it very simple (no webserver configuration required) to basically slice the file up and send chunks via POST - I need to publish all the code and a howto, and Valery has written some code for nginx that might make it alleviate the need for PHP to be involved at all - I have still not tested that though, but the PHP code required is only like 10 lines or so, the Gears stuff is pretty basic Javascript and since it's Javascript you can make it match your UI perfectly by filling in div tags or whatever else you want (works great with jQuery) Actually I have a demo, not the cleanest code if you view the source but you get the idea. It also works over NFS with multiple webservers writing to the same file (I have 3 webservers behind LVS so technically your request could be going to any of them) http://mikehost.com/~mike/tmp/u/ - frontend and view source to see gears + js http://mikehost.com/~mike/tmp/u/temp.php.txt - server side piece I can't find the latest/cleanest code, but it gives you an idea. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
I use XHTML 1.0 transitional and I've yet to have anyone tell me my
sites don't work. Mobile and desktop browsers too. So I'm not sure
that's an issue at all (?)
On Apr 15, 2009, at 6:31 PM, Raymond Irving xwis...@yahoo.com wrote:
Thanks for the feedback.
I too like xhtml but I think I like the option of serving both. My
only concern is that a proxy server might cache an xhtml page and
then serve it to a non-xhtml browser.
Do you think it's possible that a proxy might serve the xhtml source
to the wrong browser?
__
Raymond Irving
--- On Tue, 4/14/09, Michael Shadle mike...@gmail.com wrote:
From: Michael Shadle mike...@gmail.com
Subject: Re: [PHP] Generate XHTML (HTML compatible) Code using
DOMDocument
To: Raymond Irving xwis...@yahoo.com
Cc: php-general@lists.php.net php-general@lists.php.net
Date: Tuesday, April 14, 2009, 8:26 PM
As michael said my main reason is strictness. It's much easier to
parse a document when an XML parser can read it. I like the idea of
closing tags etc.
On Apr 14, 2009, at 4:38 PM, Raymond Irving xwis...@yahoo.com wrote:
Hi,
I'm thinking about using the html5 doctype for all html documents
since it's supported by all the popular browsers available today.
Two Quick questions...
Why do we need to send XHTML code to a web browser when standard
html code (with html 5 doctype) will do just fine?
Is there any advantage of using xhtml in the web browser over html
for normal web application development?
__
Raymond Irving
--- On Tue, 4/14/09, Peter Ford p...@justcroft.com wrote:
From: Peter Ford p...@justcroft.com
Subject: Re: [PHP] Generate XHTML (HTML compatible) Code using
DOMDocument
To: php-general@lists.php.net
Date: Tuesday, April 14, 2009, 5:05 AM
Michael Shadle wrote:
On Mon, Apr 13, 2009 at 2:19 AM, Michael A. Peters
mpet...@mac.com
wrote:
The problem is that validating xhtml does not
necessarily render properly in
some browsers *cough*IE*cough*
I've never had problems and my work is primarily
around IE6 / our
corporate standards. Hell, even without a script type
it still works
:)
Would this function work for sending html and
solve the utf8 problem?
function makeHTML($document) {
$buffer =
$document-saveHTML();
$output =
html_entity_decode($buffer,ENT_QUOTES,UTF-8);
return $output;
}
I'll try it and see what it does.
this was the only workaround I received for the
moment, and I was a
bit afraid it would not process the full range of
utf-8; it appeared
on a quick check to work but I wanted to run it on our
entire database
and then ask the native geo folks to examine it for
correctness.
I find that IE7 (at least) is pretty reliable as long as I
use strict XHTML and
send a DOCTYPE header to that effect at the top - that
seems to trigger a
standard-compliant mode in IE7.
At least then I only have to worry about the JavaScript
incompatibilities, and
the table model, and the event model, and
--Peter Ford
phone: 01580 89
Developer
fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
As michael said my main reason is strictness. It's much easier to
parse a document when an XML parser can read it. I like the idea of
closing tags etc.
On Apr 14, 2009, at 4:38 PM, Raymond Irving xwis...@yahoo.com wrote:
Hi,
I'm thinking about using the html5 doctype for all html documents
since it's supported by all the popular browsers available today.
Two Quick questions...
Why do we need to send XHTML code to a web browser when standard
html code (with html 5 doctype) will do just fine?
Is there any advantage of using xhtml in the web browser over html
for normal web application development?
__
Raymond Irving
--- On Tue, 4/14/09, Peter Ford p...@justcroft.com wrote:
From: Peter Ford p...@justcroft.com
Subject: Re: [PHP] Generate XHTML (HTML compatible) Code using
DOMDocument
To: php-general@lists.php.net
Date: Tuesday, April 14, 2009, 5:05 AM
Michael Shadle wrote:
On Mon, Apr 13, 2009 at 2:19 AM, Michael A. Peters
mpet...@mac.com
wrote:
The problem is that validating xhtml does not
necessarily render properly in
some browsers *cough*IE*cough*
I've never had problems and my work is primarily
around IE6 / our
corporate standards. Hell, even without a script type
it still works
:)
Would this function work for sending html and
solve the utf8 problem?
function makeHTML($document) {
$buffer =
$document-saveHTML();
$output =
html_entity_decode($buffer,ENT_QUOTES,UTF-8);
return $output;
}
I'll try it and see what it does.
this was the only workaround I received for the
moment, and I was a
bit afraid it would not process the full range of
utf-8; it appeared
on a quick check to work but I wanted to run it on our
entire database
and then ask the native geo folks to examine it for
correctness.
I find that IE7 (at least) is pretty reliable as long as I
use strict XHTML and
send a DOCTYPE header to that effect at the top - that
seems to trigger a
standard-compliant mode in IE7.
At least then I only have to worry about the JavaScript
incompatibilities, and
the table model, and the event model, and
--
Peter Ford
phone: 01580 89
Developer
fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
On Sun, Apr 12, 2009 at 8:07 AM, Raymond Irving xwis...@yahoo.com wrote:
$html =
preg_replace('/\!\[CDATA\[(.*)\]\]\/script/s','//![CDATA[\1//]]/script',$html);
question -
the output of this would be
script type=text/javascript![CDATAjs code ... ]]/script right?
is the cdata truly necessary? I typically use XHTML 1.0 transitional
and I don't have problems validating.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
Well this is an interesting turn of events :)
We should now run over to the libxml folks and see if there is
anything that can be done.
There *are* encoding options when you setup the domdocument so it
seems like the options are there but not working properly for one
reason or another.
On Apr 13, 2009, at 8:01 AM, Raymond Irving xwis...@yahoo.com wrote:
Michael,
You are absolutely right! It's loadHTML() that's causing the problems.
Best regards,
__
Raymond Irving
--- On Mon, 4/13/09, Michael A. Peters mpet...@mac.com wrote:
From: Michael A. Peters mpet...@mac.com
Subject: Re: [PHP] Generate XHTML (HTML compatible) Code using
DOMDocument
To: Michael Shadle mike...@gmail.com
Cc: Raymond Irving xwis...@yahoo.com, php-
gene...@lists.php.net php-general@lists.php.net
Date: Monday, April 13, 2009, 5:36 AM
Michael A. Peters wrote:
function makeHTML($document) {
$buffer = $document-saveHTML();
$output =
html_entity_decode($buffer,ENT_QUOTES,UTF-8);
return $output;
}
I'll try it and see what it does.
Huh - not tried above yet - but with
$test = $myxhtml-createElement('p','שלום');
$xmlBody-appendChild($test);
both saveXML() and saveHTML() do the right thing.
However if I have the string
pשלום/p
and load it into a DOM -
With loadHTML() the utf8 is lost regardless of whether I
use saveXML() or saveHTML()
With loadXML() the utf8 is preserved regardless of whether
or not I use saveXML() or saveHTML()
php 5.2.9
libxml2 2.6.26-2.1.2.7 (CentOS 5.3)
I wonder if the real utf8 problem people experience is
really with loadHTML() and not with saveHTML() ??
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
I will say though this negates the reason I chose to use domdocument
to begin with. I am feeding it snippets of HTML that usually do not
validate and I am not sure I want to run it through tidy first to
convert from HTML to XHTML to run the domdocument and then convert it
back... I am essentially using this to traverse the DOM and process
all a href and img src attributes for a link remapping job. (also
realizing the power of php's DOM for other things I used to try tidy
and then use simplexml when doing HTML scraping ...) but php's dom
allows me to give it absolutely crappy HTML and it still works.
However if someone has a nice regular expression or chunk of code that
allows you to scan a doc for a href and then replaces them in the
proper context (not just globally) that would work too. I can't just
blindly find urls and then replace them (although the reason for this
escapes me right now)
On Apr 13, 2009, at 8:01 AM, Raymond Irving xwis...@yahoo.com wrote:
Michael,
You are absolutely right! It's loadHTML() that's causing the problems.
Best regards,
__
Raymond Irving
--- On Mon, 4/13/09, Michael A. Peters mpet...@mac.com wrote:
From: Michael A. Peters mpet...@mac.com
Subject: Re: [PHP] Generate XHTML (HTML compatible) Code using
DOMDocument
To: Michael Shadle mike...@gmail.com
Cc: Raymond Irving xwis...@yahoo.com, php-
gene...@lists.php.net php-general@lists.php.net
Date: Monday, April 13, 2009, 5:36 AM
Michael A. Peters wrote:
function makeHTML($document) {
$buffer = $document-saveHTML();
$output =
html_entity_decode($buffer,ENT_QUOTES,UTF-8);
return $output;
}
I'll try it and see what it does.
Huh - not tried above yet - but with
$test = $myxhtml-createElement('p','שלום');
$xmlBody-appendChild($test);
both saveXML() and saveHTML() do the right thing.
However if I have the string
pשלום/p
and load it into a DOM -
With loadHTML() the utf8 is lost regardless of whether I
use saveXML() or saveHTML()
With loadXML() the utf8 is preserved regardless of whether
or not I use saveXML() or saveHTML()
php 5.2.9
libxml2 2.6.26-2.1.2.7 (CentOS 5.3)
I wonder if the real utf8 problem people experience is
really with loadHTML() and not with saveHTML() ??
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
On Mon, Apr 13, 2009 at 2:19 AM, Michael A. Peters mpet...@mac.com wrote:
The problem is that validating xhtml does not necessarily render properly in
some browsers *cough*IE*cough*
I've never had problems and my work is primarily around IE6 / our
corporate standards. Hell, even without a script type it still works
:)
Would this function work for sending html and solve the utf8 problem?
function makeHTML($document) {
$buffer = $document-saveHTML();
$output = html_entity_decode($buffer,ENT_QUOTES,UTF-8);
return $output;
}
I'll try it and see what it does.
this was the only workaround I received for the moment, and I was a
bit afraid it would not process the full range of utf-8; it appeared
on a quick check to work but I wanted to run it on our entire database
and then ask the native geo folks to examine it for correctness.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Generate XHTML (HTML compatible) Code using DOMDocument
On Sun, Apr 12, 2009 at 8:07 AM, Raymond Irving xwis...@yahoo.com wrote:
Hello,
After talking with Michael about how to generate XHTML code using the DOM I
came up with this little function that I'm thinking of using to generate
XHTML code that's HTML compatible:
function saveXHTML($dom) {
$html = $dom-saveXML(null,LIBXML_NOEMPTYTAG);
$html = str_replace('
','',$html);
$html = preg_replace('/\?xml[^]*\n/','',$html,1);
$html =
preg_replace('/\!\[CDATA\[(.*)\]\]\/script/s','//![CDATA[\1//]]/script',$html);
$html =
preg_replace('/\/(meta|link|base|basefont|param|img|br|hr|area|input)/','
/',$html);
return $html;
}
What do you think?
If this will maintain utf-8 I might be able to use it :) which
according to the last thread, saveHTML munges utf-8 stuff due to
libxml...
Hopefully this week I can give it a go.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert video files to FLV
On Fri, Apr 10, 2009 at 4:31 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I know of no way you can do this. Not only would any potential solution be too slow, but it would affect other users of the server, and more than likely result in an email from you hosting provider! Have you considered using YouTube for videos? Just upload them there, and you can embed their player in your pages. Some people have private videos, and that would require Youtube to have an API, otherwise he would have to say hey, go here and upload your videos and then paste your link! What do you mean I know of no way you can do this ? I've got two different styles of installation doing video conversions on two platforms with cronjobs controlling them using system() calls through PHP to ffmpeg. One of them uses ffmpeg-php to identify the source file ahead of time to try to get basic info like the dimensions and aspect ratio and such so when it does it's long ffmpeg command line it puts in some extra parameters to make the conversion work well... I have a 3 webserver cluster that does nginx+php-fpm+up to one convert job at a time and there is no noticable impact to my end users. In fact, I'm looking to replace them with slightly beefier machines so the convert jobs can move faster and I have more resources available in general... What I had meant is I am not sure ffmpeg-php has enough of the API and functions available to do a proper conversion, which is why I recommended using system() for now. It would be major brownie points for someone to beef up ffmpeg-php and add in things like mp4box, neroAacEnc and other conversion tools all into PHP API calls with appropriate return values, I try to stay away from system() calls if I can; also, the imagick PECL extension dumps core files too often (on an unrelated note) and that could use some additional help too. I would love to pool some money together to sponsor some stuff like that. I dislike having to use system() for my imagemagick calls as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert video files to FLV
On Fri, Apr 10, 2009 at 9:12 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: If you'll note, the original question was to find a way which did not require ffmpeg. I should really have rephrased that to say I know of no way you can do this without ffmpeg. I've used ffmpeg and mencoder myself to transcode videos to flv, but in environments where I had full control over the server. Short of moving servers (or at least moving this part of the work to another server) I see no clear way to do it. I think in the original question (I have it deleted now) he didn't say he didn't have access to it, but later he did. Then I kinda just veered off into general discussion about it. There -are- API-based services for video transcoding. They're all PPV (pay-per-view) so you pay for how much you use... - Softlayer offers it to customers (http://www.softlayer.com) - it would be a very fast transfer too as you'd be on the same network as the conversion servers - http://www.gomediaplug.com/ appears to leverage EC2 itself - http://www.multicastmedia.com/solutions/eat.php Transcoding as a service Also, the OP could leverage Amazon's EC2 and make an encoding farm (all depending on budget) - again it is PPV too, so it will only charge for how much he actually needs. Isn't utility computing great? (Or just install Ubuntu/some OS yourself and setup ffmpeg on your EC2 boxes yourself) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How about a saveXHTML for the DOM?
On Thu, Apr 9, 2009 at 12:25 AM, Michael A. Peters mpet...@mac.com wrote: I did a little reading on the issue and I don't think php 6 will fix it. The issue is with libxml2 - it mutilates utf8 when exporting to html and php function wraps the libxml2 function. The solution? I don't know - but perhaps using saveXML() and then using a translation tool (maybe xslt?) to convert to HTML. I actually had a function I wrote using preg_replace (started out as a wordpress plugin someone else wrote) but it could not properly handle cdata blocks - I'll see if I can find it. I don't use it anymore as I use saveHTML() now for html output. Maybe running iconv on the output would fix it? I tried to the best of my abilities. it looks like it was reported as a bug years ago, but classified as not a bug or something. I tried iconv, I am not the best hacker when it comes to encoding manipulation. At the moment this was the best workaround someone had posted, and I have not sanity checked that this gets into MySQL then back out on the webpage properly as UTF-8, but it -appears- to work html_entity_decode($dom-saveHTML(),ENT_QUOTES,UTF-8); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How about a saveXHTML for the DOM?
On Thu, Apr 9, 2009 at 12:25 AM, Michael A. Peters mpet...@mac.com wrote: I did a little reading on the issue and I don't think php 6 will fix it. The issue is with libxml2 - it mutilates utf8 when exporting to html and php function wraps the libxml2 function. not to mention i swore i tried saveXML and it didn't work either. but maybe it was because the output was unusable... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How about a saveXHTML for the DOM?
i think it should also be fully utf-8 capable. saveHTML is not for me right now, and i have to run some preg_replace to remove the html etc chunks, and the output is not utf-8, even though the input is. i got a workaround using html_decode_entities() or something like that but i haven't ran it to see really how well that works... but i would expect if you give the dom functions utf-8, and even specify utf-8, it should operate as utf-8 the entire time, including during save() ... On Wed, Apr 8, 2009 at 7:01 PM, Raymond Irving xwis...@yahoo.com wrote: Hello, I'm thinking that it's about time a saveXHTML() method be added to the DOM objects. XHTML is supported by all major browsers and libxml2 so I can't see why we should be stuck with saveHTML() and saveXML(). While it's true that some developers are using saveXML(), it does not always comply with the XHTML standards. Another problem with saveXML() is the lack of support for HTML entities. There are many tricks out there to cleanup the output of saveXML() but I think having a native function would be much more efficient and faster. What do you think? __ Raymond Irving -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How about a saveXHTML for the DOM?
On Wed, Apr 8, 2009 at 8:58 PM, Michael A. Peters mpet...@mac.com wrote: Yes it should - I believe php 6 is suppose to be much better at native UTF8. At least according to some blog I read somewhere (IE don't believe me without reservation, it's third hand knowledge at best) afaik you're right, it's supposed to be fully unicode. or at least -was- however, how long until it is production stable... when i am sure someone can hack together a patch to make saveHTML unicode capable :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert video files to FLV
On Wed, Apr 8, 2009 at 10:30 PM, Gevorg Harutyunyan gevorg...@gmail.com wrote: Hi, I need to convert video files to FLV using php. The only solution that I found is to use ffmpeg, but because I am using shared hosting I am not allowed to install it on server. Do you know any other ways to convert any video file types to flv using PHP. use ffmpeg. there is an ffmpeg-php extension but it's kinda buggy and i am not sure it supports enough for what you want. but using ffmpeg for it is pretty simple. just system() the calls to it. google for it -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert video files to FLV
On Wed, Apr 8, 2009 at 10:33 PM, Adrian adr...@planetcoding.net wrote: Don't waste CPU power of shared servers for video recoding. If you need that, get a dedicated server without other customers who would probably be affected by you using lots of cpu power. Besides that, if you cannot install own (compiled) software on it, you'd have to use a pure php solution which would be HORRIBLY slow. i use php-fpm + nginx + have one allowed job per server for each of my webservers. dual core with 2 gigs of ram and normal sata disk. no real problems to complain about sharing the two. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] convert video files to FLV
there's some third party encoding services out there, and if you host with softlayer, they have media transcoding services they offer for their hosting customers (not sure the cost, but it's pay for what you use) On Wed, Apr 8, 2009 at 10:45 PM, Gevorg Harutyunyan gevorg...@gmail.com wrote: Thanks guys, but as I understood that extension also requires ffmpeg on server, correct me if I am wrong. So anyway I need ffmpeg on server. Some day, when I will have dedicated server I will use ffmpeg for sure, but now I need other solution. On Thu, Apr 9, 2009 at 10:33 AM, Adrian adr...@planetcoding.net wrote: Don't waste CPU power of shared servers for video recoding. If you need that, get a dedicated server without other customers who would probably be affected by you using lots of cpu power. Besides that, if you cannot install own (compiled) software on it, you'd have to use a pure php solution which would be HORRIBLY slow. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Best Regards, Gevorg Harutyunyan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Exporting text with chinese characters in CSV
The php script language has no bearing on the output unless you have characters In the php file itself. We had some issue like this at work. They found a way using iconv to to it but had to change because redhats iconv isn't updated. They do something with saving the output to a utf8 encoded page and then sending it out or something. I assume you're trying to have this be used in excel? On Mar 27, 2009, at 2:59 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Fri, 2009-03-27 at 17:40 +0800, Ai Leen wrote: Hi Everyone, I need to export data from database with UTF-8 encoding to an csv file. I am outputing html tables with the Content Type set to msexcel. The chinese texts came out as symbols. I tried using mb_convert_encoding the text from UTF-8 to UTF-16LE iconv from UTF8 to gb2312 iconv from UTF-8 to cp1252 Can anyone who has successfully export english text with chinese characters mixed in to CSV help? Thank you very much, Ai Leen Strictly speaking, a csv file won't contain HTML markup, so you should probably just stick to delimited value lines in your file. Have you tried changing the Content Type to text/plain and then save your PHP script as utf-8. It's this last one that sometimes causes problems, as I believe it is needed for PHP to correctly output utf-8. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
