[PHP] Re: dynamic copyright in page footer?
David Mehler wrote:
Hello,
I am trying to use php to put a copyright notice in a page footer. I'm
using the date function with the Y value for the year. Here's the
code:
?php
echo date ('Y');
?
echo implode(,, range(2011,date(Y)));
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Flattery will get you nowhere
tedd wrote: At 4:58 PM -0400 4/27/11, Robert Cummings wrote: Tedd who? ;) Cheers, Rob. Rob what? ;-) Cheers, tedd flirting? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] JavaScript Injection ???
Stuart Dallas wrote: On Monday, 18 April 2011 at 20:50, tedd wrote: The form as-is produced a javascript alert() and now it doesn't. This is not a browser change because it's happening before the browser sees the response (try it with curl). It is the browser, chrome will prevent execution because the code was sent in the request, just check the javascript console and you'll see something like: Refused to execute a JavaScript script. Source code of script found within request. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] str_replace
Jim Lucas wrote:
On 4/24/2011 8:44 AM, Ron Piggott wrote:
I am trying to figure out a syntax that will replace each instance of % with a
different letter chosen randomly from the string $puzzle_filler. $puzzle_filler
is populated with the letters of the alphabet, roughly in the same ratio as they
are used.
This syntax replaces each instance of % with the same letter:
$puzzle[$i] = str_replace ( % , ( substr ( $puzzle_filler , rand(1,98) , 1 ) )
, $puzzle[$i] );
Turning this:
%ECARBME%TIPLUP%%%E%%
Into:
uECARBMEuTIPLUPuuuEuu
Is there a way to tweak my str_replace so it will only do 1 % at a time, so a
different replacement letter is selected?
This is the syntax specific to choosing a replacement letter at random:
substr ( $puzzle_filler , rand(1,98) , 1 );
Thanks for your help.
Ron
The Verse of the Day
“Encouragement from God’s Word”
http://www.TheVerseOfTheDay.info
How about something simple like this?
?php
$input = '%ECARBME%TIPLUP%%%E%%';
$random_chars = range('a', 'z');
echo 'Before: '.$input.PHP_EOL;
while ( ($pos = strpos($input, '%') ) !== false )
$input[$pos] = $random_chars[array_rand($random_chars)];
echo 'After: '.$input.PHP_EOL;
just for fun
$a = '%ECARBME%TIPLUP%%%E%%';
$b = 'abcdefghijklmnobqrstuvwxyz';
echo preg_replace('/%/e','substr(str_shuffle($b),-1)', $a );
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Regex for extracting quoted strings
Mark Kelly wrote: Hi. I'm hoping someone can help me extract text between double quotes from a string. $regex = 'some magic'; $r = preg_match($regex, $sentence, $phrases); So, if $sentence = 'Dave said This is it. Nope, that is the wrong colour she replied.'; I want $phrases to contain 'This is it' and 'Nope, that is the wrong colour'. Can anyone help? $regex = '/(.*)/imU'; $r = preg_match_all($regex, $sentence, $phrases); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Delaying $(document).ready() in jQuery until php script finish
Richard Sharp wrote: I have been banging my head trying to figure out how to delay $(document).ready() command until my php script finish running and load data into a csv file. Any ideas *which* PHP script? are you returning an HTML document then keeping the script going in the background, /or/ are you requesting another script (by js, clicking a link, posting a form), /or/? I know it's a jQuery question, but it might be a PHP related gotcha. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Somewhat OT - Stored Procedures
Hi Nathan, Nathan Nobbe wrote: Also, bear in mind that personally I tend to favor OO paradigms for application development so would prefer feedback that incorporates that tendency. Initial thoughts are Bad: . Not well suited for ORM, particularly procedures which return multiple result sets consisting of columns from multiple tables . Greater potential for duplicated logic, I think this comes down to a well defined set of rules for any given application, read: convention required for success . Scripting languages are vendor specific, and likely most application developers have a limited understanding thereof Good: . Better performance . Fill in blank on convincing bullets here It's a trade-off thing, and to be looked at on a case by case basis. The major factors are - closer to the iron (better performance, as you said) - information hiding and security - code portability If you have multiple clients all doing the same procedure/routine then it can be wise to used stored procedures/routines, even just for things like administration and optimization, because the routine is decoupled from the app tier, with just the interface exposed, you can optimize without having to change app tier code, delegate to db admins and suchlike. Likewise, information hiding is also a property of security, you can expose the bare minimum without letting developers, or those with access to the code, see the full database layout and structure. Similarly you can set up logging at procedure level, and ensure acidity of transactions at db level. Some of the key factors though, are design choices in the way you code applications, OO and using ORMs is a significant choice, and perhaps you're better staying with what's familiar and delegating / trusting the ORM layer + visible code which you're used to and can tweak easily. If you were developing C/++ and running on pl-sql over virtuoso or something the advice may be different. Do remember that you aren't tied to RDBMS in any way though, there's a huge world of [ http://nosql-database.org/ choices and styles ] out there that also should/could be considered, many of which suit the OO style far better ;) Best, Nathan (namesake) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Somewhat OT - Stored Procedures
Richard Quadling wrote: At a fundamental level, my PHP code isn't concerning itself with any physical data structures. As much as possible my PHP code treats the sql data source as a processor ready to supply data in a standardized form (even hierarchical) and to accept data for storage (again hierarchical). My PHP code knows next to nothing about the table structure (why should it - it isn't a database). Exactly - separation of concerns, a core principal to learn and apply wherever you can. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] something about dates in mysql
Richard Quadling wrote: On 3 March 2011 10:09, Webforlaget.dk i...@web-forlaget.dk wrote: I need help to know Why this dont work ? - $thisdate =date(Y-m-d,mktime(0,0,0,$mth, $day, $year)); $sql = SELECT id,case,startdate,enddate FROM table WHERE startdate=$thisdate AND enddate=$thisdate ORDER BY startdate; - The result should be an array whith open cases at $thisdate, but nothing appear. Is it something about dates in mysql ? Thanks for any advice. Best regards, Venlige hilsner Rolf Brejner I think that dates in SQL statements need to be in the quotes as they are strings and not integers. So, try ... $sql = SELECT id,case,startdate,enddate FROM table WHERE startdate='$thisdate' AND enddate='$thisdate' ORDER BY startdate; I'm surprised you don't get an error Ah. As it stands, the SQL is something like ... WHERE startdate = 2010 - 3 - 3 So, probably the actual test that is being executed is WHERE startdate = 2004 Which, for a date stamp will never return anything sensible. yes, and remember the DATE and FROM_UNIXTIME mysql functions too. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: using BOTH GET and POST in the same page.
Ashim Kapoor wrote: Dear All, I am reading PHP5 and MySQL Bible. Chapter 7 of the book says that PHP can use GET and POST in the SAME page! Also it says that we can use the SAME variables in GET and POST variable sets and that conflict resolution is done by variable_order option in php.ini Can some one write a small program to illustrate the previous ideas? It is not clear to me as to how to implement this. I noticed you've already received one response, so here's some more background info. It's using $_GET and $_POST in the same script, not HTTP GET and HTTP POST. $_GET in PHP correlates to the query string parameters in the URL requested, $_POST in PHP correlates to form data which is POSTed to the server inside a message, with the type application/x-www-form-urlencoded. One could say that $_GET and $_POST are named misleadingly, and that infact what you have is $_PARSED_QUERY_STRING_FROM_URL and $_POST_DATA_MAYBE . The two are quite separate and can both be used at the same time. HTML forms allow a method to be set, GET or POST, if GET then the form is treated like an URL construction template, if POST then it's treated like a message body construction template. It's worth reading up on both HTTP and HTML Forms when using PHP, since PHP is a Pre Hypertext Processor and HTTP is the Hypertext transfer protocol, and HTML is the Hypertext markup language :) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: using BOTH GET and POST in the same page.
Ashim Kapoor wrote: Dear All, I am reading PHP5 and MySQL Bible. Chapter 7 of the book says that PHP can use GET and POST in the SAME page! Also it says that we can use the SAME variables in GET and POST variable sets and that conflict resolution is done by variable_order option in php.ini Can some one write a small program to illustrate the previous ideas? It is not clear to me as to how to implement this. I noticed you've already received one response, so here's some more background info. It's using $_GET and $_POST in the same script, not HTTP GET and HTTP POST. $_GET in PHP correlates to the query string parameters in the URL requested, $_POST in PHP correlates to form data which is POSTed to the server inside a message, with the type application/x-www-form-urlencoded. One could say that $_GET and $_POST are named misleadingly, and that infact what you have is $_PARSED_QUERY_STRING_FROM_URL and $_POST_DATA_MAYBE . The two are quite separate and can both be used at the same time. HTML forms allow a method to be set, GET or POST, if GET then the form is treated like an URL construction template, if POST then it's treated like a message body construction template. It's worth reading up on both HTTP and HTML Forms when using PHP, since PHP is a Pre Hypertext Processor and HTTP is the Hypertext transfer protocol, and HTML is the Hypertext markup language :) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Simplifying MySql queries
Andre Polykanine wrote: and here goes the question: is there a way to make these four in one so strictly one random question is selected from all of the four categories? SELECT * FROM `CandidateQuestions` WHERE `Category` IN(1,2,3,4) ORDER BY RAND() LIMIT 4 note the limit 4, you'll be needing that to get back 4 rather than 1 :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: query strings and other delights
kbai...@howlermonkey.net wrote: Your turn! :-D $_GET and if you do post.. (can you guess?) $_POST usage: http://www.foo.org/item1/delivery.php?item=namecode=DATA ?php $_GET['item']; // == name $_GET['code']; // == DATA Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Rewriting string
David McGlone wrote:
Hi everyone,
I think the subject is right, or somewhere close. Anyway I am trying to
perform a little trickery here with links. In the following code you can see
where I am trying to replace the link on the current page so it's not a link
when on that page. I think I got the general idea of what I need to do as you
can see in the code I just don't know how to accomplish it, if it's possible.
$categorys = array('home', 'services', 'gallery', 'about_us', 'contact_us',
'testimonials');
foreach($categorys as $category){
$deadlink = $_GET['page'];
if ($deadlink == 'page') {
for a short answer, all you need to do is change the above line to:
if($deadlink == $category)
and as a slightly colourful variant:
$categorys = array('home', 'services', 'gallery', 'about_us',
'contact_us', 'testimonials');
foreach($categorys as $category){
$temp = str_replace(_, , $category);
$_GET['page'] != $category $temp = 'a href=index.php?page='.
$category .''.$replace.'/a';
echo li{$temp}/li . PHP_EOL;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: query strings and other delights
kbai...@howlermonkey.net wrote: ...Holy cow... nothing to extract the query string, it's automatically part of the environment. So I just do work with the $_GET string, it's in there already... yikes. yup OK, so $_GET is an array keyed to keywords; plug in the key, out comes the value. What if I just want the entire string? $_SERVER['QUERY_STRING'] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: query strings and other delights
kbai...@howlermonkey.net wrote: Your turn! :-D just in case I totally misunderstood, and you simply have the string and want to rip out the component parts of the query string, then: ?php $querystring = parse_url($url, PHP_URL_QUERY); parse_str($querystring, $data); print_r( $data ); Or similar, watch out for parse_str though as it'll swap out spaces and . for _ - which is nice. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Rewriting string
Admin wrote:
$categorys = array('home', 'services', 'gallery', 'about_us', 'contact_us',
'testimonials');
If(in_array($_GET['page'], $categories))
{
echo 'lia href=index.php?page='.$_GET['page'].''.str_replace(_,
,$_GET['page']).'/a/li';
}else{
echo 'li'.str_replace(_, ,$_GET['page']).'/li';
}
I normally never write someones code for them but you are just not getting it.
The above code works use it.
i assume you're joking - that code is simply going to give 6 list items
all with the same value - $_GET['page']
please do check you know what you're talking about before you post.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Rewriting string
Nathan Rixham wrote:
Admin wrote:
$categorys = array('home', 'services', 'gallery', 'about_us',
'contact_us', 'testimonials');
If(in_array($_GET['page'], $categories))
{
echo 'lia href=index.php?page='.$_GET['page'].''.str_replace(_,
,$_GET['page']).'/a/li';
}else{
echo 'li'.str_replace(_, ,$_GET['page']).'/li';
}
I normally never write someones code for them but you are just not
getting it.
The above code works use it.
i assume you're joking - that code is simply going to give 6 list items
all with the same value - $_GET['page']
please do check you know what you're talking about before you post.
and ironically, that's wrong - it's only going to show it once, with or
without a link, but isn't going to do what the OP wanted.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Craigslist Jobs
Ethan Rosenberg wrote: Dear List - I am a NEWBIE, so . How do I handle Craigslist postings? Is there anything special I should do? Any advice for other web sites? At this point I am talking about small jobs. 1] My payment. Should I ask for something up front? If so how much? depends on the amount, how comfortable you are, and how comfortable they are, escrow is safer for larger amounts. 2] How do I protect myself so that I do not deliver code and not get paid. pretty much the same way you protect yourself from not getting run over or robbed. 3] What is a reasonable hourly rate? multiple factors here, a good starting point is to figure out how much you need to make an hour, add 20-40% on, then figure out how many hours it'll take you, multiply it all up and add on another 20-40% All this depends on your skill level, if you can do the job, if the customer has the budget and so forth - just agree something you're both comfortable with. 4] Any other information that I should know? Yes, you will get burned a few times, and have both good and bad experiences when you least expect them - the main thing is just to remember the clients are people, with a problem to solve, you're there to solve that problem in a cost effective manner, and ultimately your work has two values, the first is what you require to put food on the table, and the second is what the project is worth to the the client. If you land anywhere between the two of those, then you're doing well :) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Docs update
To whoever did it, it being http://docs.php.net/ - congrats, v nice, and v quick! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Tamara Temple wrote: On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: Specifically: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. I'm sorry, but this is just bloody stupid. I keep my usernames and randomly generated, very long passwords in a password keeper. If you're not going to let me copy paste them into a web page, i'm just not going to ever use your application. Copy/pasting is something that happens on the *local* machine -- it never goes out to the net. By forcing people to type in their user names and passwords you are going to cause them to enter easily-remembered, and typically easily-crackable combinations. What is the possible logic for disallowing someone to paste in their usernames/passwords??? Tamara, you're missing half the context, the whole point was don't send username and password combo's in plaintext via email to users (thus forcing them to copy and paste from email) - this point was made but then that context has been stripped from the above email, obviously copy+pasting from a password keeper and such like is totally fine.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Tamara Temple wrote: Sorry, I was mislead by your use of the phrase Users should not be copy-pasting passwords or usernames above. I'd love to hear what you think is an alternative to identifying with web app that keeps track of information about someone that is more secure. client side ssl certificates, they force http+tls (thus encryption over the wire and no chance of middleman attacks) and no usernames or passwords need to be passed, as you identify people by the public key held in their certificate, the TLS process ensures they have the private key. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
Ethan Rosenberg wrote: FYI [to all the list] -- I thank all for their input. I only needed US phones, and I am forcing the user of the form to conform to xxx-xxx- as the input format. out of interest, why are you forcing you're users to conform to that input format? you could simply strip all non-numeric chars then format how you like to save, thus giving users a looser, more friendly, experience. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
Ethan Rosenberg wrote: At 07:11 AM 12/31/2010, Nathan Rixham wrote: Ethan Rosenberg wrote: FYI [to all the list] -- I thank all for their input. I only needed US phones, and I am forcing the user of the form to conform to xxx-xxx- as the input format. out of interest, why are you forcing you're users to conform to that input format? you could simply strip all non-numeric chars then format how you like to save, thus giving users a looser, more friendly, experience. + Nathan - This expression will be used to search a database which will contain patient data resulting from medical research. At the initial visit a medical record number will be assigned to the patient. Other information will be collected at that point; eg, the telephone number. At subsequent visits, the patient will be referenced by his/hers medical record number. If the patient either forgot their clinic card, or cannot remember their medical record number, a search will be performed. One of the many parameters that can be used in the search is the phone number. It is easier if all the data has a fixed format. The form for the initial visit will use a regex that will validate the phone number. As the research will be performed in the US, only US numbers have to be validated. Ethan, I think you misunderstand, I'm saying that regardless of which format you use within the system, users could enter phone numbers as 1231231234 123 123 1234 123-123 1234 or any variant they like, that's completely orthogonal to how you validate and save the data, in all of those cases all you need to do string non-numeric chars to validate, you may also find your indexes work that bit quicker storing numbers rather than specially (and needlessly) formatted string. Likewise on the way back out, when presenting the numbers to users, all you need to do is string format them. Follow? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Hot Topics
Pretty sad day when you have to apologise for being a human on an open list to which you've contributed heavily for many many years. apology not accepted from me Dan, you've nothing to apologise for, and anybody who doesn't like to read a bit of banter between people on a list can just avert their eyes - it was hardly 4chan grade trolling! Best happy new year to you, Nathan Daniel Brown wrote: First, I have to admit that what I did was wrong. I had assumed (ASS-umed) that the other party in a discussion under a different thread would understand and appreciate the irony of my email in reply to his inappropriate message. Those of you who were barraged with the fallout know what I mean. Unfortunately, it was not well-received by the other person, which led to even further flaming and trolling. While I had tried both on- and off-list to urge the other party to move the discussion from the public forum to a private, one-on-one conversation, it was ignored and actually seemed to exacerbate the situation. For my part in that, I just wanted to send my general apologies to those bombarded with an unnecessary and somewhat illogical series of emails. If being married has taught me anything, it's that it's better to just apologize and move on, regardless of who's right or wrong. And if being married has taught me anything else, it's that, at least in this house, I'm always wrong. So sorry for the unnecessary banter. Moving on, those of you who have been on the list for several years may recall when I was running the ListWatch and PostTrack system, which would send a weekly summary of the list's activities at the time. Before stopping it (it was on a server that burned out, and I just never put it back online), I had added a topic tracker as well, which would give the percentage of activity for a given topic, as well as the ratio of its discussion versus all messages to the list. Several people have asked if/when it would be coming back online, so I'm contemplating bringing it back beginning with the first week of January (next week). Does anyone have any thoughts on that, or any ideas for other interesting metrics they'd like to see? I'm particularly interested in the opinions of folks who recall the old system, but any opinions and ideas are more than welcome. If you'd rather send it to me directly instead of on the list, feel free. Happy early New Year, all. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Do you trim() usernames and passwords?
Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Don't trim or limit the range of input characters, but far more importantly /don't send passwords in clear text/, indeed don't generate passwords at all, let users enter there desired password, then they won't be copy and pasting them ;) ps: if unavoidable, then give some advice on login failure like passwords are case sensitive, check you don't have caps lock on and that you haven't included any additional spaces. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Joshua Kehn wrote: Trim usernames but not passwords. agree. nice catch, I was thinking about passwords specifically and forgot usernames was in the topic too! On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote: Dotan Cohen wrote: I seem to have an issue with users who copy-paste their usernames and passwords coping and pasting leading and trailing space characters. Don't trim or limit the range of input characters, but far more importantly /don't send passwords in clear text/, indeed don't generate passwords at all, let users enter there desired password, then they won't be copy and pasting them ;) ps: if unavoidable, then give some advice on login failure like passwords are case sensitive, check you don't have caps lock on and that you haven't included any additional spaces. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Do you trim() usernames and passwords?
Dotan Cohen wrote: On Tue, Dec 28, 2010 at 21:57, Nathan Rixham nrix...@gmail.com wrote: Don't trim or limit the range of input characters, but far more importantly /don't send passwords in clear text/, indeed don't generate passwords at all, let users enter there desired password, then they won't be copy and pasting them ;) ps: if unavoidable, then give some advice on login failure like passwords are case sensitive, check you don't have caps lock on and that you haven't included any additional spaces. I'm toying with the idea of having the passwords hashed twice: they're already in the database hashed, and javascript hashes them on the client before sending them over, but I'm thinking about sending an additional salt to the client to hash the hashed passwords with salt, and that's what is sent back. This way, each login is done with a different hash of the password so an attacker cannot simply capture and reuse the hashed password. That would possibly address some man in the middle attacks, however it'd be much easier and more secure to simply have all logged in functionality over http+tls (https://) which will ensure encryption over the wire, and it's peer to peer thus impossible for anything to even be in the middle. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Joshua Kehn wrote: On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote: I'm toying with the idea of having the passwords hashed twice: they're already in the database hashed, and javascript hashes them on the client before sending them over, but I'm thinking about sending an additional salt to the client to hash the hashed passwords with salt, and that's what is sent back. This way, each login is done with a different hash of the password so an attacker cannot simply capture and reuse the hashed password. But before all that goes on, I have to decide what to do about leading and trailing spaces. Toy with it and discard it. Client side hashing / salting is not a good idea. A much better alternative is to use SSL. indeed, and on reflection, if you're putting this much effort in to it, and security is a worry, then forget username and passwords, and issue each user with a client side RSA v3 certificate and identify them via the public key of the cert. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Dotan Cohen wrote: On Tue, Dec 28, 2010 at 22:30, Joshua Kehn josh.k...@gmail.com wrote: indeed, and on reflection, if you're putting this much effort in to it, and security is a worry, then forget username and passwords, and issue each user with a client side RSA v3 certificate and identify them via the public key of the cert. I just realize that this would also completely solve your trim() problem! Hello, Dotan? Hi, we haven't spoken in a full week now that we don't have the trim problem. But I reinstalled Windows and wiped the drive, now I can't log in. Can you help me? that's what pkcs12 was invented for, just issue another certificate / key pair. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Scalable Vector Graphics with PHP
disclaimer: a different nathan You may also be interested in protovis, and raphael, both of which are js libraries which make, or export, svg graphics :) Best, Nathan sudarshana sampath wrote: Nathan, Thank you very much for your response, we are going to visualize network management system(topolgy view) with SVG and AJAX. We found a jQuery plugin, following are urls. http://plugins.jquery.com/project/svg http://keith-wood.name/svg.html On Thu, Dec 9, 2010 at 10:50 PM, Nathan Nobbe quickshif...@gmail.comwrote: On Thu, Dec 9, 2010 at 4:55 AM, sudarshana sampath sudarshanasamp...@gmail.com wrote: Hi, We are going add a topology view to our Network Management System. Our Network Management System is based on PHP, CakePHP, jQuery and other web related tools(middle tier written using C++). So we are going to work with Scalable Vector Graphics. We are looking for the best solution for doing that. Are there any extensions, plugins, frameworks available for SVG related things ? not sure exactly what youre trying to accomplish, but obviously you could use any number of vector programs over the cli from php. you might also have a peak at the cairo library which php allegedly supports (ive never tried it myself). http://us.php.net/manual/en/intro.cairo.php -nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Announcing New PHP Extension: FileConv
Nice one Dan, and thanks! :) Daniel Brown wrote: Happy Saturday, folks; I've finally gotten around to releasing my latest PHP extension (which was actually written about two years ago). Named FileConv, it adds native functions for converting back and forth between DOS, *NIX, and legacy MacOS file formats. It's compact, comes with a basic installer, and can convert a 1MB text file to/from any of the included formats in approximately one-tenth of one second. Unlike many versions that you could otherwise use from the command line, this library allows the file to retain its original timestamps, as well. I ran through some recursive directories of files with a test script, determining which files were text versus which were binary, detected the formatting of the text files, and converted to a different format at random (if Mac, go to DOS/*NIX, if *NIX, go to Mac/DOS, etc.). Approximately 1.5GB of files were scanned, detected, and translated, with a cost of 1 minute 24 seconds. You can read more about the library and download it yourself at http://links.parasane.net/n4c4 . After doing some code cleanup when I have time, the next step will be continuing with the process of getting it into PECL, as was initially planned two years ago. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ORM doctrine
Hi All, Apologies for wading in to this discussion, however I must point out that caching at every level is very very important. As Peter says, caching is not an optimization to be thought of later, it is not the icing on the cake, rather, caching is one of the most critical design factors, to be considered on every component, layer and tier in an application, at every edge. Our end goal as developers, is not to create big ol fancy systems, it's to create systems which answer questions as quickly as possible, every time a request comes in to one of our applications, our job is to have created code which can respond as quickly as possible. The ultimate level of optimization in any system, is to have the answer ready before the question has been asked, to have the response ready before the request has been made. Every time any part of your application runs more than once and produces the same result, you've failed a little bit. Every time your entire application runs and produces the same response as the last time it ran, you've failed a lot. These failures soon mount up to a fail of epic proportions. We're talking about applications which are not just 10% more performant across the network, but several thousand times more. The difference between a server handling 10 concurrent requests per second and 1 concurrent requests per second. Caching is not a minor optimization to be thought of later, it's not something to take lightly, it's pretty much the most important design principal there is, period. As a web developer, the most important interface you need to introduce caching on, is HTTP - a static or published HTML document which leverages HTTP caching using Last-Modified / ETag headers will give circa 100 times better performance (or more) than a dynamically generated each time doc. Not only that, but transparent proxies on the network can come in to effect and reduce weight on the server to zero, and further, web browsers will serve repeat requests to the document straight from RAM, again leading to zero weight. When you include those two factors it doesn't take long to see that the performance difference over the network is so good that it's nigh on unmeasurable. In your application itself, caching can be introduced at every level, you've already got filesystem io caches provided by the operating system, a well tuned db server cache can make a big difference as well, then on to opcode caches in languages like PHP since it's interpreted rather than compiled, and then on to code optimizations such as using static class cache's behind getByID methods and similar, and finally down to micro optimizations, static code analysis and dead code elimination, replacing (4*10) with (40), inlining static class members / constants and such like. Finally, language specific nuances and micro optimizations. Again, I stress, caching is not an optimization, an application which is designed to not repeat itself (via caching), is a good, scalable, ultra performant application, and that's what we, as developers, are paid to create. Best, and thanks for taking the effort to point this out to the list thus far Peter, Nathan Peter Lind wrote: On Sunday, 12 December 2010, Tommy Pham tommy...@gmail.com wrote: Peter Lind wrote: Your posts seem to indicate that caches are only useful when other parts of the app have been done wrong. My point was that this is a fairly fundamental misunderstanding of caches - regardless of what you are or aren't capable of optimizing. CHACHES are only useful when there are static views of the information available. Only static elements can be cached with any real chance of performance improvement, so part of what Tommy is saying is correct. Although the way he has worded that is perhaps a little misleading? Possibly. However, thinking that a cache is something you apply at the end of development means you may well bar yourself from better uses of one. Ie. thinking that a cache is icing on the cake prohibits you from mixing it into the cake (to further abuse a metaphor) which could give you a better recipe. I may have misunderstood the topic, but a cache to me is more than just storing views. It's also the db cache, memcache, apc, etc. You have to think about how you use these - some of them can't just be slapped on to your app after development. Data caching SHOULD always be the domain of the database, so duplicating that in PHP is pintless. So you're saying one should never use memcache for storing data from the db? Regards Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ORM doctrine
Tommy Pham wrote: -Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Sunday, December 12, 2010 5:27 AM To: Lester Caine Cc: php-general@lists.php.net Subject: Re: [PHP] ORM doctrine snip The reason for 'caching' needs to be understood before it is applied in order to avoid the black holes that random caching is causing nowadays already. How often do you hear wipe the xxx browser cache? And I know if I am changing theme elements in bitweaver or phpgedview then I HAVE to wipe the cache to ensure that smarty rebuilds the relevant pages. Which underlines my point: caching is not icing on the cake but should be thought of sooner in the process, contrary to Tommys point. If the app is well designed, then you still could implement it later w/o major rewrite. It's only well designed if caching is considered from the start - thus, as Peter says, caching is not the icing on the cake, but should, must, be thought of in the initial design process - if it's not, then the app isn't well designed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ORM doctrine
Lester Caine wrote: Nathan Rixham wrote: In your application itself, caching can be introduced at every level, you've already got filesystem io caches provided by the operating system, a well tuned db server cache can make a big difference as well, then on to opcode caches in languages like PHP since it's interpreted rather than compiled, and then on to code optimizations such as using static class cache's behind getByID methods and similar, and finally down to micro optimizations, static code analysis and dead code elimination, replacing (4*10) with (40), inlining static class members / constants and such like. Finally, language specific nuances and micro optimizations. Actually THAT probably sums things up nicely. An approach suitable for MySQL WILL probably be wrong for Postgres or Firebird. Certainly the optimised SQL I use for my own applications is much improved if I simply ignore compatibility with the databases other developers are using. Libraries like doctrine and even PDO are probably not using the best approach that a database specific approch may take. Firebird will maintain the 'results' of previous searches in cache and give results sets a lot faster, such as being ready to return the next page of results BEFORE the web page asks for it ;) But a database agnostic approach is not as efficient. Yes, but you snipped a key paragraph there, because all the forms of caching and optimization listed above, including db cache optimization will only increase performance of the app by small percentages, whereas moving to a publishing model and producing static output will increase performance by several factors: [[[ As a web developer, the most important interface you need to introduce caching on, is HTTP - a static or published HTML document which leverages HTTP caching using Last-Modified / ETag headers will give circa 100 times better performance (or more) than a dynamically generated each time doc. Not only that, but transparent proxies on the network can come in to effect and reduce weight on the server to zero, and further, web browsers will serve repeat requests to the document straight from RAM, again leading to zero weight. When you include those two factors it doesn't take long to see that the performance difference over the network is so good that it's nigh on unmeasurable. ]]] Feel free to ignore this yourself, but please don't promote a bit of SQL and db server optimization as being the most important factor in optimizing PHP applications, it is important, but the net result is minimal in comparison to leveraging HTTP caching and static publishing of components or entire documents. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ORM doctrine
Lester Caine wrote: For fixed pages this is the best way of handling the information. And handling those fixed pages is ... from my point of view ... not a problem since they can be cached at that level, or even stored locally in the browser cache. I've just been hitting re-load every time for a few updates I've just been processing! In order to actually see the result. But for the majority of my work, the data to be displayed is being rebuilt with every browser hit. In that case generating dynamic pages fast becomes the bottleneck. If you've got an example, and you'd like to know how to approach these problems, I'd be happy to go through the process of making these always dynamic pages HTTP friendly with you :) (and on the list or in private) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] ORM doctrine
Tommy Pham wrote:
-Original Message-
From: Nathan Rixham [mailto:nrix...@gmail.com]
Sent: Sunday, December 12, 2010 8:23 AM
To: Tommy Pham
Cc: 'Peter Lind'; php-general@lists.php.net; 'Lester Caine'
Subject: Re: [PHP] ORM doctrine
Tommy Pham wrote:
-Original Message-
From: Peter Lind [mailto:peter.e.l...@gmail.com]
Sent: Sunday, December 12, 2010 5:27 AM
To: Lester Caine
Cc: php-general@lists.php.net
Subject: Re: [PHP] ORM doctrine
snip
The reason for 'caching' needs to be understood before it is applied
in
order to avoid the black holes that random caching is causing
nowadays already. How often do you hear wipe the xxx browser cache?
And I know if I am changing theme elements in bitweaver or phpgedview
then I HAVE to wipe the cache to ensure that smarty rebuilds the relevant
pages.
Which underlines my point: caching is not icing on the cake but
should be thought of sooner in the process, contrary to Tommys point.
If the app is well designed, then you still could implement it later w/o
major rewrite.
It's only well designed if caching is considered from the start - thus, as Peter
says, caching is not the icing on the cake, but should, must, be thought of in
the initial design process - if it's not, then the app isn't well designed.
I'll take a crack at it ;)
Bare minimum:
- parseRequest();
- fetchData();
- output();
With auth / acl:
parseRequest()
{
// parse
// add auth/acl and redirect accordingly
}
fetchData();
output();
With auth/acl + cache:
parseRequest()
{
// parse
// add auth/acl and redirect accordingly
}
fetchData()
{
If ($useCache) getCache();
else getFromDB();
}
output();
That seems to me as a minor rewrite with lots of additional modules from bare
minimum to auth/acl+cache, as I've stated before with the points: Understand
the problem, understand the objective + possible growth/expansion, app design
(framework and what not). So whether I choose to implement cache is relevant,
IMO, because data to me is either cache or from DB depending in specific cases
(which is handle by the caching module). If from cache, that's the cache
management problem (a shortcomings).
That is only one form of relatively minor caching, and you've already
missed most of the opportunities because you're already in a dynamic
application / script environment there... try scoping out to the bigger
picture here:
3 UI instances with 2 different presentation tiers
2 Application instances
1 db instance
And here are pretty much the full entry points
GET /something HTTP/1.1
POST /processor HTTP/1.1
You're job is to respond to those calls as quickly as possible,
Here are six simple interface edges you can cache on:
1
--http---
2 | | |
UI UI UI
3 | | |
--
4| |
AppApp
5| |
--
6|
DB
You're talking about caching 5 or 6 levels down, thus already missing 4
other opportunities, which are exponentially more important.
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Parsing a phrase
Rick Dwyer wrote: Hello all. I have a page where the user can enter a search phrase and upon submitting, the search phrase is queried in MySQL. However, I need to modify is so each word in the phrase is searched for... not just the exact phrase. So, big blue hat will return results like: A big hat - blue in color Hat - blue, big SQL would look like WHERE (item_description like %big% and item_description like %blue% and item_description like %hat% ) You may be better to use full text and MATCH for this, see: http://dev.mysql.com/doc/refman/5.1/en/fulltext-boolean.html However.. So, via PHP, what is the best way to extract each word from the search phrase to it's own variable so I can place them dynamically into the SQL statement. There are many ways you can do this: http://php.net/explode http://php.net/str_split http://php.net/preg_split Many examples can be found on the above pages, and you're real solution depends on how many edge-cases you want to cover, but the above will cover most approaches :) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Updating a GET variable
Marc Guay wrote: So all you need to do, is take a look at $_SERVER['HTTP_ACCEPT_LANGUAGE'] to get a users language preferences. Hi Nathan, Yep, I'm using this var to set the default but I think it's nice to allow the user to override it. Maybe someone using their computer is more comfortable in a different language? So then surely that would be their default language? However, there is of course the case where somebody wants to see both english and german variations of the same page, so probabyl a good use-case after all - session to the rescue! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Updating a GET variable
Tamara Temple wrote: On Nov 10, 2010, at 8:58 AM, Marc Guay wrote: foreach($_GET as $k = $v) $qs[$k] = URLDecode($v); $qs['lang'] = 'en'; echo 'a href=index.php?'.http_build_query($qa).'Flip/a'; Hi Tamara, Thanks for the tips. Do you see any advantage of this method over using a small POST form besides the styling problems I'll run into trying to make the submit button look like an achor? The main advantage I see is that you're application doesn't have to become bi-modal, with looking for variables on both the query string and in the post data, then deciding which to use. All browsers send the Accept-Language header from the users locale settings, like: Accept-Language:en-GB,en-US;q=0.8,en;q=0.6 So all you need to do, is take a look at $_SERVER['HTTP_ACCEPT_LANGUAGE'] to get a users language preferences. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Chat
Dušan Novaković wrote: Hello there, I have to make chat for website that has around 10 000 users (small social network). So before I start, I would like to hear different opinions. Important thing is to have in mind that in one moment you can have over 1 000 users using chat. So, if you have time fill free to write you experience in this field, suggestions, etc. (1) flash w/ xmpp server (2) outsource to a chat server company (3) node.js serverside w/ web workers (4) avoid ajax, php and long poll if you want a server left at the end of the exercise. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Template engines
Daniel P. Brown wrote: On Mon, Nov 8, 2010 at 16:41, Hansen, Mike mike.han...@atmel.com wrote: I really like the idea of using a templating engine. Which one do you use? Why? For those that don't use templating engines, why don't you use them? I chose to write two of my own over the years: one procedural, one OOP. That said, the most common is likely still to be Smarty, and by far. I went back to using a pre hypertext processor, seemed like a really powerful templating engine that was v familiar to use :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie looking for a project
tedd wrote: At 12:34 PM -0500 11/8/10, Daniel P. Brown wrote: On Mon, Nov 8, 2010 at 06:29, Ashim Kapoor ashimkap...@gmail.com wrote: Writing apps on my own is fun but it's fruit is only for me to benefit from,but yes if nothing else I should do that. Not at all, many others can benefit from it as well. Tedd's examples have been referenced on this list many times, and you can see them yourself: http://www.php1.net/ Just because you're developing the code to learn for yourself doesn't mean you can't put it in the public domain for others to do the same. Thanks for the plug, but let me add this. When you develop a demo for yourself, you can take liberties. However, when you release a demo for public/peer review, you had better know what you are doing and that makes you a better programmer. My advice, spend your time learning and helping others -- it will educate both. That's better advice than you may ever know Ashim ^ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Implementing optional methods in a concrete class, but calling themfrom an abstract class.
Richard Quadling wrote: Hi. I have an abstract base class (call it genericServiceHandler). I have concrete classes (FaxService, EmailService). ... What would you all do? If you've got fixed logic then just add all the onStart onPause and similar methods to the abstract class, stub them to accept the correct params but simply return immediately, call them in the correct places with $this-onStart($arg0...) Then any class which extends it, like EmailService, can simply overwrite which ever methods it needs to implement. The other approach which can be nice is to decouple it and go for an event or message based system, that way you can hook in multiple different callbacks to do something when the onSomething [event/message] is dispatched. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Fwd: Mail delivery failed: returning message to sender
Ben Brentlinger wrote: it could be that you tried a cheap hosting account with a company that have a bulk mailing script meant for sending spam. I can imagine a spammer hijacking your site to send malware from it, one of the more likely possibilities especially if you have a hosting account with cpanel. Cheap webhosting companies are more likely breading grounds for those kinds of shady charachters. I'd recommend changing webhosts immediately, and I'd recommend hostgator http://secure.hostgator.com/%7Eaffiliat/cgi-bin/affiliates/clickthru.cgi?id=BenBrent. They're not 11 or Godaddy, but there one of the biggest webhosting companies that use cpanel. I would recommend any webhosting company that use cpanel because its either harder to use, not as secure or both. Did you really say all of that and then drop an affiliate link in? Awesome. Yours, Snippily, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: objects and $_SESSION access control
Lorenzo Marussi wrote:
hi List,
I have written a library of php classes to manage database objects.
So my application now access to this library instead of accessing
directly to the database.
Now, I need to add an access control to my classes, like a check to a
$_SESSION variable.
A solution can be add this lines in first rows in every method:
session_start();if(!isset($_SESSION['user'])) { return 999; }
ex:
class sysAccess{
.
function getName()
{
session_start();if(!isset($_SESSION['user'])) { return
999; }
..
}
}
In this way, I am sure that only trusted users have an access to the
methods.
But, If I forget to protect a single method, there will be a serious
vulnerability ..and this task will be long (and boring..)
Is there a better solution to protect access to publics object's methods
only to granted accounts?
I'm missing something here, how would a user (I assume a of website)
manage to run methods on classes which are part of server side code?
Regardless of your answer to the above question, this all points to
something being wrong in the architecture of the application - perhaps
if you give more details (show us the interfaces, the code, or PHP doc
the system to expose the API) we could help find where the problems are.
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
tedd wrote: At 4:30 PM +0100 10/8/10, Nathan Rixham wrote: tedd wrote: Now, back to the question at hand -- what price would you sell a line of your code for? Interesting case and question Tedd! Quite sure we all realise the answer is not black and white but various shades of grey, and I wouldn't fancy doing this for real - however, given the assumption that it was technically solid code average, and assuming it was a functional approach (as in there wasn't chunks of domain schema classes with nothing but getters and setters around / boiler plate junk), then: 35-40 cents per line The approach I've taken to working it out is to try and average out lines of code produced per 8 hour working day, allowing time for research, decision making, minor code reduction and refactoring, then adding a small offset for any time spend on documentation which would show further understanding and confidence in the code + make it more usable. Whitespace and a coding styles which produce more lines but the same amount of code not included. I've also made a small adjustment for the 'several years ago' all though I'm assuming this to be early 2000s and not the 1970s ;) Anywhere near? ps: tedd, please cc me in to the final answer as I won't have time to check the list for a while, and I'm quite interested in this one - kudos to you if you managed to do it and get both parties happy with the result though! Best, Nathan Nathan et al: I rechecked my notes and this case took place circa 1996-7. The case was settled out of court. The final agreement (partly negotiated by me) was $1.00 per line. The programmer had generated around 25,000 lines of code and the new client agreed that the programmer could keep $25,000 of the up-front money. It seemed like a clean and easy to understand arrangement. I'm actually glad to here of that outcome - in many ways I'd gone with bottom price for general web development, whereas I stated it would be £1 per line for my own code - that said I'd be reluctant to take a per line pricing model ;) Good question Tedd, I enjoyed this one - particularly as it made one consider the various elements that go in to producing code other than just lines produced. Cheers, Nathan Since that time, I have often looked to my own code to see how that figure holds up. In my most recent work, I was paid around $0.50 per line of code. Keep in mind that this is for finished and working code and *not* all the code I wrote to investigate/test/solve the various problems. My typical method of problem solving is to write small stand-alone solutions and then move them to the larger project. It is the code in the larger project that's considered in the cost determination. So for me, about $0.50 per line of code seems to hold up for projects that exceed 100 hours. For projects that are less, the cost per line increases. For example, I had one project where I wrote three lines of code and was paid $200. However, it took me several hours to figure out what to do and where to put the line. In any event, this is where one statement per line (including braces) pays off. Cheers, tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What other languages do you use?
tedd wrote: At 6:30 PM +0100 10/8/10, Nathan Rixham wrote: As per the subject, not what other languages have you used, but what other languages do you currently use? I guess it may also be interesting to know if: (1) there's any particular reason for you using a different language (other than work/day-job/client requires it) (2) about to jump in to another language Best, Nathan Nathan: I am assuming, perhaps wrongly, you are asking about programming languages -- is that correct? yup that's correct - you can thank Dan Brown for setting everybody off speaking in foreign tongues :p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php5 - website development - what next
Rakesh Mishra wrote: Hi All, I am PHP 4 PHP 5 developer for last 6 yrs. Last year also got Zend certification. Since now I have work on different CMS, Social Networking, telecome , horse racing domains. But now I am little bored with developing website. What other things I can do with PHP ? Even I believe my knowledge, interest, market value with PHP 5 is getting saturated. Do you guys suggest me what other thing I can learn or work which help me to keep my lust for PHP alive and also boost my career. I suggest you concentrate less on the language and more on: - interesting / challenging projects - using PHP with other new interesting technologies - applying design / programming paradigms from other languages in PHP - contributing to PHP internals Status.net, GNU Social, DISO Project, lorea.cc and elgg all occupy a rather interesting project space with small but inspiring communities of people who like to push technical boundaries and merge technologies, particularly within the social space. http://www.ushahidi.com/platform is a thriving project which combines technical excellence and forward thinking with real world large scale community needs, being critical in several major world events, even if you don't get involved, their code bases for ushahidi + related on http://github.com/ushahidi is brilliant, likewise the swiftriver project http://swift.ushahidi.com/ doesn't look much on the face of it but is really good - just check out the SwiftRiver Research at the right. There are many interesting protocol based communities who often implement in PHP, and these can be rather interesting / challenging and active spaces - ActivityStreams, Salmon-Protocol, OneSocialWeb to name just a few. On the technology side of things, you may want to consider going down the NoSQL route for a while, http://nosql-database.org/ gives a good summary of database - I'd recommend CouchDB, MongoDB and Redis for a nice well supported start that will introduce you to new design paradigms and bring many performance increases to your applications. Alternatively you may find it refreshing to try some other languages, perhaps a functional language like Scala, OCaml or Haskell, or maybe in to a very active language such as ECMAScript (server side js) via something like http://node.js/ you may just find that you don't want to use PHP any more, or you may find that you want to apply the paradigms and lessons learned to PHP using the new features in 5.3 Hope that helps a little, I'll stop here because I could list projects till the end of time! Many Regards Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: zip and mac safari
M. Reuter wrote: Hi, does anyone know how to use a php script to zip a folder (with a subfolder) so that safari can open it and not decompresses forever? if it works in other browsers, and not in safari, then it's either a big in safari, in which case report it with an offending zip file - or it's a big in PHP / your zipping process which is handled gracefully by other browsers but not by safari, in which case report it too. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
tedd wrote: Now, back to the question at hand -- what price would you sell a line of your code for? Interesting case and question Tedd! Quite sure we all realise the answer is not black and white but various shades of grey, and I wouldn't fancy doing this for real - however, given the assumption that it was technically solid code average, and assuming it was a functional approach (as in there wasn't chunks of domain schema classes with nothing but getters and setters around / boiler plate junk), then: 35-40 cents per line The approach I've taken to working it out is to try and average out lines of code produced per 8 hour working day, allowing time for research, decision making, minor code reduction and refactoring, then adding a small offset for any time spend on documentation which would show further understanding and confidence in the code + make it more usable. Whitespace and a coding styles which produce more lines but the same amount of code not included. I've also made a small adjustment for the 'several years ago' all though I'm assuming this to be early 2000s and not the 1970s ;) Anywhere near? ps: tedd, please cc me in to the final answer as I won't have time to check the list for a while, and I'm quite interested in this one - kudos to you if you managed to do it and get both parties happy with the result though! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
Nathan Rixham wrote: tedd wrote: Now, back to the question at hand -- what price would you sell a line of your code for? Just realised I responded to the wrong question - the answer was how I'd approach the original question What do you think he was paid? For myself, I wouldn't place a price on a single line of code, you can have one for free :) if you want me to do 25,000 lines of code then it'll be circa £1 GBP per line, seeing as you aren't considering any of the other factors. Unless it's open source as I cc-zero all my open source / community stuff. Interesting case and question Tedd! Quite sure we all realise the answer is not black and white but various shades of grey, and I wouldn't fancy doing this for real - however, given the assumption that it was technically solid code average, and assuming it was a functional approach (as in there wasn't chunks of domain schema classes with nothing but getters and setters around / boiler plate junk), then: 35-40 cents per line The approach I've taken to working it out is to try and average out lines of code produced per 8 hour working day, allowing time for research, decision making, minor code reduction and refactoring, then adding a small offset for any time spend on documentation which would show further understanding and confidence in the code + make it more usable. Whitespace and a coding styles which produce more lines but the same amount of code not included. I've also made a small adjustment for the 'several years ago' all though I'm assuming this to be early 2000s and not the 1970s ;) Anywhere near? ps: tedd, please cc me in to the final answer as I won't have time to check the list for a while, and I'm quite interested in this one - kudos to you if you managed to do it and get both parties happy with the result though! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] which one is faster
chris h wrote:
Saeed here's a quick (and dirty) test I ran:
$tests = 100;
$start = microtime(true);
for ($i=0; $i$tests; $i++) {
$a = md5( rand() );
$b = md5( rand() );
$c = $a.$b;
}
var_dump( By concat op:\t. (microtime(true) - $start) );
that's not a fair test because you have rand() and md5() calls in there
(something temporally varying)
Here's a quick test script which does 100 million iterations on both, 3
times to get some half measurable results
$i = $its = 1;
$tests = 3;
$a = 'foo';
$b = 'bar';
while($tests--0) {
$t = microtime(true);
while($i--0) {
$c = $a$b;
}
echo 'time .: ' . (microtime(true)-$t) . PHP_EOL;
$i = $its;
$t = microtime(true);
while($i--0) {
$c = $a.$b;
}
echo 'time : ' . (microtime(true)-$t) . PHP_EOL;
}
I also ran the tests in the opposite order just to ensure they were
fair, results are that $a.$b (concatenation) averaged 22 seconds, and
the $a$b approach was 28 seconds.
Thus, concatenation is faster - but you have to get up to circa 10
million+ uses per second to use it.
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Casting from parent class to child
David Harkness wrote: Casting does not change an object. You must copy the relevant value(s) from the object returned into a new DateTimePlus. Since DateTime's constructor takes only a string, and I assume it won't accept your format directly, unless you implement __toString I believe (not tested) you're better off converting the string into a Unix timestamp and creating a new object from that. However, I leave that optimization to you. The following code is sufficient: $plus = new DateTimePlus(); $plus.setTimestamp(parent::createFromFormat(H.i d.m.Y, $string).getTimestamp()); return $plus; David -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] What other languages do you use?
As per the subject, not what other languages have you used, but what other languages do you currently use? I guess it may also be interesting to know if: (1) there's any particular reason for you using a different language (other than work/day-job/client requires it) (2) about to jump in to another language Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What other languages do you use?
Per Jessen wrote: Nathan Rixham wrote: As per the subject, not what other languages have you used, but what other languages do you currently use? French, German, English and Danish. Forhåbentlig ikke alle zur en même temps -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What other languages do you use?
Daniel P. Brown wrote: On Fri, Oct 8, 2010 at 13:30, Nathan Rixham nrix...@gmail.com wrote: As per the subject, not what other languages have you used, but what other languages do you currently use? Spanish, Gaelic, and German, on occasion. Ahhh, but have you mastered Ambiguity yet? ps: thanks for that Dan, you've set them off now ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Friday's Post
tedd wrote: Hi gang: What do you people think of the .NET framework? Please provide your thoughts as to cost, maintenance, benefit, and whatever else you think important. .NET is loaded up with patents and pretty much Microsoft only, however that said it is rather good. Previous versions of C# (1/2) are standardized under ECMA-Script 334 and 335 which covers a lot of .NET however doesn't include asp.net, ado.net and windows forms - thus a nice open source implementation and platform is quite common now, namely Mono, this is .net compatible and has good support/development and has been used for everything from the unity game engine through to sims 3. Might be worth having a quick look at DotGNU and portable.net (as well as mod_mono for apache http - which supports as.net pages etc). Might be worth noting that Stallman (as in Richard Stallman from FSF) doesn't recommend using it because he's thinks MS will come with the patent trolls soon, however microsoft has effectively tied themselves in to a patent non assert (community promise) which would prevent this. Also worth having a look at M for something different/interesting/from microsoft, and also OData which is a nice RESTful protocol. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: libmcrypt usage
Gary wrote: Can anyone tell me what the equivalent to the following command line usage of openssl is, in php using the mcrypt_* functions, please: , | openssl enc -e -aes-256-cbc -k some key ... ` TIA. I tried , | $iv = mcrypt_create_iv(mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, | MCRYPT_MODE_CBC), |MCRYPT_DEV_RANDOM); | $encryptedData = mcrypt_cbc(MCRYPT_RIJNDAEL_256 | ,$passphrase | ,$data | ,MCRYPT_ENCRYPT | ,$iv); ` use MCRYPT_RIJNDAEL_128 use an iv that's 32 bytes long (not 16) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Sending Encrypted Email
Floyd Resler wrote: I need to send encrypted email. Can I use our server's signed certificate we use for Apache? Yes you can use the servers certificate, you can use any x509 certificate you like - however, I'd recommend checking out startssl.org who will give you a free smime certificate. note: Each certificate has codes embedded which state for what you can use said certificate, although it's technically possible to use almost any certificate for anything, it's best to use one which has the correct flags set. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: libmcrypt usage
Gary wrote: Nathan Rixham wrote: Gary wrote: Can anyone tell me what the equivalent to the following command line usage of openssl is, in php using the mcrypt_* functions, please: , | openssl enc -e -aes-256-cbc -k some key ... ` TIA. I tried , | $iv = mcrypt_create_iv(mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, | MCRYPT_MODE_CBC), |MCRYPT_DEV_RANDOM); | $encryptedData = mcrypt_cbc(MCRYPT_RIJNDAEL_256 | ,$passphrase | ,$data | ,MCRYPT_ENCRYPT | ,$iv); ` use MCRYPT_RIJNDAEL_128 Err.. why, if you don't mind me asking? because MCRYPT_RIJNDAEL_128 is the implementation of AES and if you use a 16 bit key you get AES 128, a 32 bit key and you get AES 256 :) after a quick google for php aes 256, I'd point you to this: http://www.chilkatsoft.com/p/php_aes.asp which explains all -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Dan, Mike, I can confirm this happens all the time in thunderbird, and always has for many years now, on all PHP NNTP lists. However, the problem can be worked around simply, for some reason the timeout generally only happens with the first call to view a mailing list, after X minutes of inactivity. Thus, I simply subscribe to a few different PHP lists (like .soap .test and general) then when I open thunderbird I quickly click a list I *don't* want to see, then click on .general, .general then loads nicely as expected letting the other one timeout :) It's hardly a fix, but it works - may be worth checking if this is the case with the latest thunderbird revision and then reporting it as a bug (in either thunderbird or the mailing list software that PHP is running). Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Adjusting Session Times
Floyd Resler wrote: We just got a client whose requirement is that user sessions expire after 30 minutes of inactivity. Our other clients are happy with not having their sessions expire during the work day (i.e. life is 8 hours). I am using a MySQL database to store the session data. My thought is to adjust the session expiration in the table based on the client currently logged in. Is this a good approach or would there be better ways to do it? And just to clarify: all clients use the same Web site. It may be worth storing sessions in something like redis [1] instead, which let's you expire data [2] after a given time, then you can configure however you want easily. The other benefit is that sessions will be extremely fast given that they'll all be stored in ram :) [1] http://code.google.com/p/redis/ [2] http://code.google.com/p/redis/wiki/ExpireCommand Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php cli question
Per Jessen wrote: J Ravi Menon wrote: 2) What about garbage collection? In a standard apache-mod-php setup, we rely on the end of a request-cycle to free up resources - close file descriptiors, free up memory etc.. I am assuming in the aforesaid standalone daemon case, we would have to do this manually? Yes. So 'unset($some_big_array)' or 'unset($some_big_object)' etc.. is the right way to go for non-resource based items? i.e. it needs to be explicitly done? It's not quite like C - if you reassign something, the previous contents are automagically freed. I use unset() if I know it could be a while (hours) before it'll likely be reassigned, but it won't be used in the meantime. Has anybody done a comparison of setting to null rather than unset'ing; does unset invoke the garbage collector instantly? i.e. is unset the best approach to clearing objects from memory quickly? Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Daniel Brown wrote:
On Mon, Sep 13, 2010 at 19:47, Micky Hulse mickyhulse.li...@gmail.com wrote:
Motion sensing camera connected to a mechanical pointer stick aimed to
trigger the server power button.
On his way out of the office:
Clap on/clap off Clapper connected to computer power cable.
It would be cheaper to employ the same method used on some
lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
worn by the rider. The rider falls off, the cable releases from the
vehicle, disengaging the throttle and cutting the engine. The boss
stands up, his entire infrastructure collapses, everyone's connections
are closed, and all PCs subsequently catch fire.
I fear this is the implementation needed to make boss see sense, however..
Realistically, a simple desktop-based application running in the
system tray (presuming Windows) would send a kill signal to a
predefined script to issue safe closing routines to the database
first, then any other systems he wants to close out. It could even
have simple options to poll if there's a screensaver activated, which
would initiate the process automatically, should he choose to be
extremely paranoid. The same could be automated to work in reverse,
to automatically bring the systems up, when the local desktop session
becomes active (from hibernation, logoff, or screensaver), or even
with an override (Pause Sessions) by right-clicking the systray
icon.
The main problem here is in using a stateless protocol (HTTP) in a
stateful manner (with sessions), it makes this, technically, impossible.
That said, you could do this in a stateless manner quite easily by
giving the boss full control of granting and denying access, that way he
is always accountable (with his described nature, it might be good for
the buck to stop with him, rather than your code). I'd suggest having a
simple boolean flag, usersCanAccess and giving him a button to toggle
the flags state from true to false. Real life implementation could be an
empty file which is `touch`ed and `unlink`ed, php implementation being
an if(file_exists('boss_man_say_okay') ){ // let monkeys work } type
solution.
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
Nisse Engström wrote: On Thu, 19 Aug 2010 17:47:01 -0600, Tristan wrote: A rewrite of the entire site would be needed in order to fix. So, I guess you are saying as best options for workaround are - use the ob_ functions to work around. - stick output buffer on or high so best case scenario using ob_ functions as a cleaner method aside from rewriting the code? seems silly btw that you can't output html and just have it redirect whenever you want it to at any point in the page. Actually, the HTTP spec. allows most headers to be sent after the content. The feature just wasn't implemented by too many HTTP agents (W3's HTML validator and link checker, and Opera). can you send a link to where it says that in the spec, or in HTTPBis please -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Dear Lazy Web: Pseudo Randomisation Strategies on Listing Websites
Colin Guthrie wrote: Hi, OK, this is really just a sounding board for a couple ideas I'm mulling over regarding a pseudo-randomisation system for some websites I'm doing. Any thoughts on the subject greatly appreciated! Back Story: We have a system that lists things. The things are broken down by category, but you can still end up at the leaf of the category with a couple hundred things to list, which is done via a pagination system (lets say 50 per page). Now, the people who own the things pay to have their things on the site. Lets say there are three levels of option for listing: gold, silver, bronze. The default order is gold things, silver things then bronze things. Within each level, the things are listed alphabetically (again this is just the default). Now if 100 things in one category have a gold level listing, those in the second half of the alphabet will be on page two by default. They don't like this and they question why they are paying for gold at all. My client would like to present things in a more random way to give all gold level things a chance to be on the first page of results in a fairer way than just what they happen to be named. Right that's the back story. It's more complex than that, but the above is a nice and simple abstraction. Problems: There are numerous problems to randomised listings: you can't actually truly randomise results otherwise pagination breaks. Server-side caching/denationalisation is affected as there is no longer one listing but many random listings. Discussing a link with a friend over IM or email and saying things like the third one down looks best is obviously broken too, but this is something my client accepts and can live with. Also, if the intention is to reassure the thing owners that their listing will appear further up the listings at times, the fact that a simple refresh will not reorder things for a given session will make that point harder to get across to less web-educated clients (that's a nice way of saying it!). Caching proxies and other similar things after the webserver will also come into play. So to me there are only really two options: 1. Random-per user (or session): Each user session gets some kind of randomisation key and a fresh set of random numbers is generated for each thing. They can then be reliably randomised for a given user. The fact that each user has their own unique randomisation is good, but it doesn't help things like server side full page caching and thus more work needs to be done to support this approach. 2. Random-bank + user/session assignment: So with this approach we have a simple table of numbers. First column is an id and is sequential form 1 to very big number. This table has lots of columns: say 32. These columns will store a random number. Once generated, this table acts as an orderer. It can be joined into our thing lookup query and the results can be ordered by one of the columns. Which column to use for ordering is picked by a cookie stored on the users machine. That way the user will always get the same random result, even if they revisit the site some time later (users not accepting cookies is not a huge deal, but I would suggest the pick a random column algorithm (used to set the cookie initially) is actually based on source IP address. That way even cookieless folks should get a consistent listing unless their change their IP). I'm obviously leaning towards the second approach. If I have 32 pre-randomised columns, this would get a pretty good end result I think. If we re-randomise periodically (i.e. once a week or month) then this can be extended further (or simply more columns can be added). I think it's the lowest impact but there are sill some concerns: Server side caching is still problematic. Instead of storing one page per result I now have to store 32. This will lower significantly the cache hits and perhaps make full result caching somewhat redundant. If that is the case, then so be it, but load will have to be managed. So my question for the lazy-web: Are there any other approaches I've missed? Is there some cunning, cleverness that eludes me? Are there any problems with the above approach? Would a caching proxy ultimately cause problems for some users (i.e. storing a cache for page 1 and page 2 of the same listing but with different randomisations)? And if so can this be mitigated? Thanks for reading and any insights you may have! if you use mysql you can seed rand() with a number to get the same random results out each time (for that seed number) SELECT * from table ORDER BY RAND(234) Then just use limit and offset as normal. Thus, assign each user / session a simple random int, and use it in the query. on a semi related note, if you need real random data, then you'll be wanting random.org Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How safe is a .htaccess file?
tedd wrote: Hi gang: The subject line says it all. How secure is a .htaccess file to store passwords and other sensitive stuff? Can a .htaccess file be viewed remotely? Semi-safe, .htaccess is prevented from being served by configuration options (which come as default), however these can be overwritten so best to check by doing a GET on the resource URI. This doesn't prevent them from being exposed via other processes though, for instance a poorly coded 'download.php?path=/path/to/.htaccess' could still expose the file. Typically, its obviously better to store only a hash of a password rather than the pass in plain text, choosing the strongest algorithm you can; password security is of course relative though, a sha-512 of 'password1' is far from secure. A good way to approach encryption for files is to openssl_seal them using a public key which is only available to your application - this doesn't negate insecure code, but it at least ensures the raw files are encrypted securely enough to negate any of these worries. (just keep your private key safe, preferably in a pkcs12 w/a strong 64char+ pass) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How safe is a .htaccess file?
tedd wrote:
tedd wrote:
Hi gang:
The subject line says it all.
How secure is a .htaccess file to store passwords and other sensitive
stuff?
Can a .htaccess file be viewed remotely?
Semi-safe,
.htaccess is prevented from being served by configuration options
(which come as default), however these can be overwritten so best to
check by doing a GET on the resource URI.
This doesn't prevent them from being exposed via other processes
though, for instance a poorly coded
'download.php?path=/path/to/.htaccess' could still expose the file.
Typically, its obviously better to store only a hash of a password
rather than the pass in plain text, choosing the strongest algorithm
you can; password security is of course relative though, a sha-512 of
'password1' is far from secure.
A good way to approach encryption for files is to openssl_seal them
using a public key which is only available to your application - this
doesn't negate insecure code, but it at least ensures the raw files
are encrypted securely enough to negate any of these worries. (just
keep your private key safe, preferably in a pkcs12 w/a strong 64char+
pass)
Best,
Nathan
Nathan:
I keep in running in circles because I keep getting differing
recommendations as to how to keep data secure.
If you read Chris Shiflett's book on Essential PHP Security -- he says
to keep everything in a database. This means keeping both encrypted data
AND the keys for decryption in the database.
I contacted Chris specifically and told him of what I was doing (all the
steps) and he approved. However, he said the main weakness in all
security practices is how one protects access to the database.
So that is my quest. How can I protect the username and password for the
database? Keep in mind that my scripts must also be able to read and use
them in accessing the database. So they must be accessible to scripts.
I figure using SetEnv to set the user and password in a .htaccess file
is about as secure as I can make it, but now you say even that could be
exposed.
So specifically, how would you hide the username and password for access
to a database WITHOUT using an out of root solution? Please be specific.
Hi Tedd,
Firstly, advising to keep the keys to your car in the ignition at all
times is pretty bad advise - I'll let you relate that to Chris's advice
yourself :-)
If your stuck in an environment where third parties have access to the
files on the file system and you need to put your username/password
(real keys to the data) on that filesystem, then I have to point out
that no file extension is more secure than another, there's no
difference between doing `cat .htaccess` and `cat config.php` you'll
still see the output - there's is a measure of difference however
between putting it in a web source-viewable file and non-source-viewable
file, but again your only a config setting away from being exposed to
the world.
Given the aforementioned and that the data is sensitive, I'd strongly
recommend moving to a different hosting environment:
- which is secure filesystem wise and only you have access to your files
- where the db server (or data tier) is on a private lan (preventing the
db server from public web attacks)
- where access to the db server (or data tier) is via a secured
connection [1] (encrypting data across the wire to prevent man in the
middle attacks and packet inspection)
In addition to application specific security measures such as encrypting
all sensitive data *before* sending to the database and storing the
encryption keys in a secure lockbox far away from the db or at least in
a pcks12 password protected file outside of the web root.
Now, to answer your specific question, specifically :p
If available I would use ioncube or suchlike to encrypt the source of my
PHP files (with the username pass in a php file as standard), and if I
still didn't feel like that was secure enough then I would:
create an pcks12 wrapped x509 certificate for my application:
http://pastebin.com/THW00RHt
(fill in lines 34+36 stick on web server, view in browser cert will dl)
Then I'd store the produced certificate.p12 on the file system
(preferably outside of web root, or with access restricted by .htaccess
config)
I'd then create a crypto class which provided methods to seal and open
(encrypt/decrypt) data using the keys from the x509 certificate, and
which could read the .p12 wrapped x509, like this:
http://pastebin.com/4FSx1XDa
I'd then instantiate the crypto class in my application as such:
$crypto = ApplicationCrypto::instantiate(
file_get_contents('certificate.p12'),
'PASSWORD-FOR-PKCS-HERE'
);
Then I'd load my database settings in to an object, serialize it,
encrypt the serialization and save it to a file on the filesystem as such:
$dbSettings = (object)array(
'username' = 'dbuser',
'password' = 'dbpass',
'host' = 'dbhost',
'database' = 'dbname'
);
$sealed = $crypto-seal(
[PHP] Re: openssl_pkey_new question
tedd wrote:
Hi gang:
I'm trying to keep my questions simple.
Does the function openssl_pkey_new use 40, 56, 128, 256, or what bit
encryption?
Higher, and configurable, typically 512,1024,2048,4096
example:
$privkey = openssl_pkey_new( array('private_key_bits' = 2048 ) );
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: cast changes value
Martín Marqués wrote: I have values with 2 decimals that I multiple by 100 to make them integers, but to be sure I do a cast using (int). The thing is that (int) is changing the value of the integer. Here is a var_dump of the original value, the value * 100, and the value after casting to int. string(5) 34.80 float(3480) int(3479) Using floor() those the exact same thing. Why is this? echo serialize(34.80 * 100); 3479.54525264911353588104248046875 int simply chops it, hence 3479 :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
Tristan wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Hi Tristan, Really it's a nudge from your code that it needs refactored - however to answer your question.. - there is no way to do an HTTP redirect once headers are sent - you can use an html meta refresh, or javascript redirect - if the output is going to be HTML viewed in a browser. caveat, obviously robots and the like will still see the incorrect output - it's a hack not a fix. The other approach is to use ob_start() and related functions to capture all the code generated without any output being sent to the browser, this should allow you to send the header down when needed. Certainly wouldn't just knock output buffering right up high to work around it if I was you. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [OUTPUT BUFFER] - problems with redirects
you can if you use a javascript redirect or an html meta refresh ~ish. not really that silly tbh if you think about an HTTP message is like this: Headers ... MessageBody . the redirect is a header, so it get's sent through *before* the body, and the headers tell the client how to process the messagebody (or indeed whether to process it or just do something else). consider an html page the same as a gif or a zip, it's just a chunk of computer data that gets sent in one, you wouldn't expect to be able to redirect somebody whilst they're halfway through downloading a big zip would you? but yeah ob_** functions, this way you're catching the entire MessageBody (your html) before sending anything to the client, which then let's you send headers followed by body in your own time. Best, nathan Tristan wrote: A rewrite of the entire site would be needed in order to fix. So, I guess you are saying as best options for workaround are - use the ob_ functions to work around. - stick output buffer on or high so best case scenario using ob_ functions as a cleaner method aside from rewriting the code? seems silly btw that you can't output html and just have it redirect whenever you want it to at any point in the page. Thanks, T On Thu, Aug 19, 2010 at 4:22 PM, Nathan Rixham nrix...@gmail.com wrote: Tristan wrote: So, I'm have this site where all this code was developed and the logic sits in different plugins throughout a template. So, html is output and then hits one of these plugins. Plugins do some processing and then hit a header(location...) redirect. So, problem is they developed code with these header redirects and now we there's too much html being output so we get the buffer errors Cannot modify header information - headers already sent by (output started at /home/carma/templates_c/carma^0^31^811^%%E2^E22^E22E607D%%carma%3Amenu.php:138) to fix we have to up the buffer ouput in the php to something really high. So, as far as I know this is not good coding practice and upping the output buffer is really masking the problem. Is there another way to work around this like another way to do redirects that won't cause these buffer probs? Hi Tristan, Really it's a nudge from your code that it needs refactored - however to answer your question.. - there is no way to do an HTTP redirect once headers are sent - you can use an html meta refresh, or javascript redirect - if the output is going to be HTML viewed in a browser. caveat, obviously robots and the like will still see the incorrect output - it's a hack not a fix. The other approach is to use ob_start() and related functions to capture all the code generated without any output being sent to the browser, this should allow you to send the header down when needed. Certainly wouldn't just knock output buffering right up high to work around it if I was you. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP 5.3 as a requirement for a library?
David Harkness wrote: I'm working on the Hamcrest matching library and have been considering the switch to using namespaces (\Hamcrest\Type\IsInteger) instead of class-names-as-namespaces (Hamcrest_Type_IsInteger). Coming from the Java world I'm used to being forced to deploy my applications on versions one or two behind the latest stable release. It was common to run on 1.2 when 1.4 was available and 1.3 when 1.5 was available for over a year. Managers are fearful of new versions. Is this same pattern repeated in PHP? My current company just switched to 5.3 after running 5.2 for some time. Are we average in that regard or the exception to the rule? Most people are on 5.2 afaik, certainly most shared hosts are either 5.1.x and 5.2.x, and most os's still have the 5.2.x when you install from the packages. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: socket multithreading problem
Ümit CAN wrote: Hi All; I use PHP socket programming and I wish multithreading operation of the socket . When I have many requests on this socket , before the first one request is anwered , the second request is not aswered till the first one is finished. How can both requests work together without waiting each other ? 1: you can't multi thread PHP 2: you can 'fork' PHP processes using the pcntl_ functions to achieve what you are looking for by making a cli based php deamon. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the state of the PHP community
Hi Josh, Thanks for taking the time - comments in-line from here :) Josh Kehn wrote: On Jul 29, 2010, at 1:36 AM, Nathan Rixham wrote: Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. Java, JS (in the form of Node and MongoDB, +raw client / jQuery stuff) and PHP get used regularly. Python / Ruby infrequently. With true confirmation bias - great to see you mentioning node.js, have a universal language / syntax for programming is critical moving forwards. I've been 'playing' with node for a while now myself, added an upgrade to handle client side ssl certificates properly and expose needed values recently, and currently working on making tabulator's rdflib work on both client and server (i.e., porting it to node amongst other things). MongoDB I managed to bypass somewhere, I quickly migrated past NoSQL and on to triple/quad store(s) - again for universality reasons, on the path to a full embrace of N3. This said, I should probably give some more weight to MongoDB, certainly with it's json friendly-ness I can see how it could fit in to my preferred tech stack. What's your previous language/tech trail? Started with QBasic and realized it was crap. Moved on to Java, realized object rock but J2EE doesn't. Moved to PHP / Java. QBasic was crap lol, that was my first language after playing with .bat files! Are you considering any new languages or techs, and if so which? - names / links http://www.mongodb.org/ http://nodejs.org/ See http://joshuakehn.com/blog/index.php/blog/view/28/MongoDB-Node-js/ Nice blog, subscribed - used to do my braces the same as you then reverted back to putting them EOL, will comment on your blog with reasons why. Also, golf-code! that had escaped my radar somehow, looks like I can waste a few hours with that one - love it. Is PHP your hobby/interest, primary development language, just learning or? Primary dev, hobby, interest, all of the above? How many years have you been using PHP regularly? More then five, but it's really hard to say when it stopped being just a language and the primary. How many years have you been working with web technologies? More then eight, though I remember HTML when tables were used for everything and spacer gifs were *the* thing. Did you come from a non-web programming background? Yes, primarily Java. Is your primary role web developer or designer? Developer. I couldn't design if you paid me my weight in gold. In your developer life, are you an employer, and employee, contractor, freelancer, part of a team of equal standing members? Contractor / freelancer / employee / employer. Currently teaming up with a friend. Do you tend to work on jobs for geo-local clients, clients in the same country, or do you work internationally 'on the web'? I like to work in person, but sometimes that doesn't work. I have done international work before. How do you get your projects? do they come to you, word of mouth, do you hunt and bid for projects, code call, visit clients, target clients individually you think you can help, or? - not looking for trade secrets, just to get enough for an overall picture. Word of mouth mostly. Do you have any frustrations with the PHP community, do you find you want to talk shop but can't, or find people to work with but can't, have projects in mind you want to do but can't find people to do them with etc? Not particularly. Do you network with other PHP'ers in real life - meetups etc, do you tend to shy away, or do you find you circulate in other web related but non PHP focussed communities? I haven't gotten flashed on any PHP meetups, but I wouldn't shy away from them. Here in Scotland I read that as I haven't had anybody flash their genitals at me on any PHP meetups, but I wouldn't shy away from them - thus, lol! Are you a member or any other web tech communities, opensource efforts, or standardization bodies - again, if so which? None that I recall. Are there any efforts, projects or initiatives which are floating your boat right now and that your watching eagerly (or getting involved with)? Node, Mongo. I'm also watching a couple git repos, memcached and scribe to name two. Some stuff I just can't be involved in (C / C++ dev
Re: [PHP] the state of the PHP community
Larry Garfield wrote: On Thursday 29 July 2010 02:07:58 am you wrote: Hi Larry, Thanks for taking the time to reply, a solid insightful one at that - kudos +1 for your opensource drupal efforts! Good of you to mention, and indeed to see, Palinter grasping opensource with two hands, this is certainly a very credible approach to business which deservedly reaps good rewards; testament to this is Day Software (including of course Roy T. Fielding) which it seems is just about to be bought by Adobe, a big +1 for this approach; and one I hope to see more of. With regards drupal development, there is a rather interesting chap called Stéphane Corlosquet [ http://drupal.org/user/52142 ] who does a fair bit of committing and really pushes the semantic web / linked data side of drupal - definitely worth keeping tabs on. Oh I'm familiar with Scor. I've talked with him before about a project I'm working on that is using the amorphous, ill-defined beast known as RDF. :-) --Larry Garfield Great re scor! RDF's trouble is RDF/XML - it frankly sucks. N3 or Turtle makes everything much clearer to grasp and indeed read, it's really simple at heart yet universally powerful. I'd recommend this little presentation [1] which covers the web from inception through future from TimBL and shows where all the semantic technologies fit in, and the benefits gained. 'tis a very good overall picture imho, recommended on it's own merits not just because it includes rdf in a few slides. [1] http://www.w3.org/2007/Talks/1211-whit-tbl/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the state of the PHP community
Larry Garfield wrote: On Thursday 29 July 2010 12:36:13 am Nathan Rixham wrote: Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. PHP, MySQL, and Javascript make up the vast majority of my code these days. What's your previous language/tech trail? I started with Fortran back in high school, then C, then Java, then C++. In college I added PHP, Perl, and VB (in mostly that order), then more C++ and Java. PHP is the one I really stuck with, obviously, although I did spend time doing Palm OS development in C. Are you considering any new languages or techs, and if so which? - names / links One of these days I want to learn more about Erlang, because functional programming is brain-breaking but nifty. Is PHP your hobby/interest, primary development language, just learning or? Day job and hobby. How many years have you been using PHP regularly? Full time professionally about 6 years, but have been working with it as my main language since 2000 or so. How many years have you been working with web technologies? I did my first website in 1996-ish, somewhere between Fortran and C. :-) My first paid project was for my then-state representative in 2000 in home-grown PHP 3. (I am very glad that site is no longer in existence.) Did you come from a non-web programming background? I was a CS major, but my college's web program was way way behind what I was learning on my own. By graduate school I was correcting the professors on web technology in the middle of class. (Yes, I was one of those students.) Is your primary role web developer or designer? PHP programmer, software architect, and technical site architect. In your developer life, are you an employer, and employee, contractor, freelancer, part of a team of equal standing members? I work for a ~20 person consulting shop (http://www.palantir.net/) consisting of designers, project managers, front-end developers/themers, and engineers/PHP gurus. Our company is at this point all Drupal-based and business is quite good. :-) Do you tend to work on jobs for geo-local clients, clients in the same country, or do you work internationally 'on the web'? I think all of our clients are in the US, but all around the country. How do you get your projects? do they come to you, word of mouth, do you hunt and bid for projects, code call, visit clients, target clients individually you think you can help, or? - not looking for trade secrets, just to get enough for an overall picture. Our CEO is disturbingly good at shaking the money tree, and after 14 years in the business our reputation is high enough that we get cold-called to bid on RFPs, many of them really good projects. We employ several leading Drupal developers so our collective reputation and project history is all the marketing we need. Being good open source community citizens (sharing as much knowledge as we can about how we do what we do) helps as well. Do you have any frustrations with the PHP community, do you find you want to talk shop but can't, or find people to work with but can't, have projects in mind you want to do but can't find people to do them with etc? Oh god, where do I start... - Why is there no good iCal library? Seriously. My company is looking for sponsorship to write one, because everything we could find sucks. - Those driving PHP development itself (vis, writing the engine) don't seem to comprehend the idea of someone running a web site who isn't also a C developer, sysadmin, and performance specialist. If you don't have root then we don't care about you is the prevailing attitude I see. I'm sure most of PHP-DEV will disagree with that assessment but I've been reading the list for 3 years now and that sense is very clear. That's quite unfortunate given that the vast majority of PHP scripts are still on shared hosting where you have no control over the environment at all. - Organization? Collaboration? Standards? Process? What are those? I really feel for Lukas Smith, as he tried really hard to bring some sort of sanity to the PHP dev process before finally giving up in despair. I really do respect what he was doing and wish he'd been more successful. - If I still remembered enough C to do so
Re: [PHP] the state of the PHP community
Adam Richardson wrote: On Thu, Jul 29, 2010 at 1:36 AM, Nathan Rixham nrix...@gmail.com wrote: Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. CSS, Javascript (Jquery, mostly), SVG, F#, C#, Java, Clojure, Scala, C, Objective C, Groovy On the JS side, just for a radar check, assuming you know of extjs, jqueryui and commonjs? - also have you looked in to node on the server side? Good to see you branching out to other languages - somebody once said a programmer with one language is akin to a joiner with only a hacksaw in his toolbox (though I may have made that up in a spout of subjective validation!). I'm quite interested to know, which of [F#,C#,Scala,Clojure] you'd recommend one learned/invested some time in to - I've been debating for some time internally about which *# language to dive in to, and the Scala vs Clojure decision I find impossible to take! Out of interested, have you seen or tried M or haskell? What's your previous language/tech trail? Started with C++ (I hate it!), then moved on to Java and then to PHP and then to the others. interesting how often Java and PHP get mentioned together, it seems most PHP devs have touched Java at some point recently. Are you considering any new languages or techs, and if so which? - names / links Clojure is beautiful. Google Go is intriguing. Scala is sooo powerful (but worries me in terms of Perl's syntactic obfuscation.) However, PHP is practical and sufficient for most of my needs. Likewise I find the same re PHP, Go slipped past in a flight of fancy, ECMAScript-262 has my main attention whilst scala vs clojure, see afore mentioned I can't decide reference, any pointers welcome. I've moved away from Object Oriented Programming practices, and only use typical OOP practices/patterns when the conventions of a project dictate its use. As a programmer, I've fully embraced functional programming (and Aspect Oriented programming is neat, but I've not used it in a project, yet.) Interesting, I tend to sway between functional, class based OO and prototype OO (with some lessons learned from AOP) - I love functional, but also value the separation of cross cutting concerns one can achieve with full OO - increasingly liking js style prototype OO which is a great mix of the two. Is PHP your hobby/interest, primary development language, just learning or? I use PHP in a plurality of web projects I'm involved with. How many years have you been using PHP regularly? 6 How many years have you been working with web technologies? 7 Did you come from a non-web programming background? Grad school for cognitive psychology (long story) Is your primary role web developer or designer? Both (I'm a one-man shop) How do you find it? especially given you work with local clients, do you find 'maintenance' is a killer or does an appropriate 'cms' alleviate much of that? - how many years as a one-man shop if you don't mind me asking? Do you tend to work on jobs for geo-local clients, clients in the same country, or do you work internationally 'on the web'? Local clients. How do you get your projects? do they come to you, word of mouth, do you hunt and bid for projects, code call, visit clients, target clients individually you think you can help, or? - not looking for trade secrets, just to get enough for an overall picture. Word of mouth most often. Do you have any frustrations with the PHP community, do you find you want to talk shop but can't, or find people to work with but can't, have projects in mind you want to do but can't find people to do them with etc? I very much enjoy working with PHP, and I hope it's able to keep pace with the other language eco-systems out there. Like it or not, PHP is in stiff competition with many other languages, and while I thoroughly appreciate the community, I'm worried that the hype of other languages (Scala, etc.), the slow adoption of PHP 5.3, and the limited tools (at least relative to the other langauges) for using the NoSQL data persistence solutions (MongoDB, Cassandra, etc.) are restricting PHP's potential growth among the new crop of developers. I have no data to substantiate this worry, however, and the beautiful simplicity of PHP could
Re: [PHP] the state of the PHP community
have you sent an email to php-general-unsubscr...@lists.php.net ? Mike Roberts wrote: Hello All. I have been given advice on how to remove myself from this list, and taken it. I have tried on my own to discover how to remove myself from this list. I have even ( something I am not proud of) hinted that I might start irrelevant threads of conversation so you will ban me. Unfortunately a look in my 'deleted items' folder shows all the daily messages just thrown in there. Isn't there somebody who is responsible who instead of giving advice ( that never seems to work) can simply remove me from the distribution list, delete me or whatever? Yes I signed up intentionally so I could understand a technology that I was recruiting for, and yes it was helpful, but that was 2007 and I think it is time for us to break up. So IF YOU HAVE THE CAPABILITY TO REMOVE ME Make it so number one!. Thanks Sincerely, Michael Roberts Executive Recruiter Corporate Staffing Services 150 Monument Road, Suite 510 Bala Cynwyd, PA 19004 P 610-771-1084 F 610-771-0390 E mrobe...@jobscss.com Check out my recent feature article in Professional Surveyor 12/09 edition. http://www.profsurv.com/magazine/article.aspx?i=70379 -Original Message- From: Nathan Rixham [mailto:nrix...@gmail.com] Sent: Thursday, July 29, 2010 1:36 AM To: PHP-General Subject: [PHP] the state of the PHP community Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. What's your previous language/tech trail? Are you considering any new languages or techs, and if so which? - names / links Is PHP your hobby/interest, primary development language, just learning or? How many years have you been using PHP regularly? How many years have you been working with web technologies? Did you come from a non-web programming background? Is your primary role web developer or designer? In your developer life, are you an employer, and employee, contractor, freelancer, part of a team of equal standing members? Do you tend to work on jobs for geo-local clients, clients in the same country, or do you work internationally 'on the web'? How do you get your projects? do they come to you, word of mouth, do you hunt and bid for projects, code call, visit clients, target clients individually you think you can help, or? - not looking for trade secrets, just to get enough for an overall picture. Do you have any frustrations with the PHP community, do you find you want to talk shop but can't, or find people to work with but can't, have projects in mind you want to do but can't find people to do them with etc? Do you network with other PHP'ers in real life - meetups etc, do you tend to shy away, or do you find you circulate in other web related but non PHP focussed communities? Are you a member or any other web tech communities, opensource efforts, or standardization bodies - again, if so which? Are there any efforts, projects or initiatives which are floating your boat right now and that your watching eagerly (or getting involved with)? ps: please *do not* flame anybodies answers, that really wouldn't be fair. Best Regards, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the state of the PHP community
Bastien Koert wrote: On Thu, Jul 29, 2010 at 1:36 AM, Nathan Rixham nrix...@gmail.com wrote: Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. Classic ASP (ugh!) I'll reply in full shortly when I get a chance, but for now - condolences, sincerely - and thanks to the nice dates we currently have I can say: wow i remember using classic asp as my primary language a decade ago or: omg I wrote my first news admin system in classic asp at the turn of the century or even: omg I remember being stuck with classic asp in the last millenium! In all seriousness though: 1: how'd you manage to get stuck on classic asp still? maintaining old systems that won't shift? 2: has it changed much, if any? (last i used was chillisoft on cobalt raq4's!) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] the state of the PHP community
Hi All, I find myself wondering about the state of the PHP community (and related community with a PHP focus), so, here's a bunch of questions - feel free to answer none to all of them, on list or off, or add more of your own - this isn't for anything specific, just out of interest and sure I (and everybody who reads the replies) will learn something + doors/options/contacts may come of it. The only thing I can guarantee is that I'm genuinely interested in every reply and will read every one of them + lookup every tech and link mentioned. in no particular order: What other languages and web techs do you currently use other than PHP? - if you include html or css please include version, if js then preferred libs, and whether client or server side. What's your previous language/tech trail? Are you considering any new languages or techs, and if so which? - names / links Is PHP your hobby/interest, primary development language, just learning or? How many years have you been using PHP regularly? How many years have you been working with web technologies? Did you come from a non-web programming background? Is your primary role web developer or designer? In your developer life, are you an employer, and employee, contractor, freelancer, part of a team of equal standing members? Do you tend to work on jobs for geo-local clients, clients in the same country, or do you work internationally 'on the web'? How do you get your projects? do they come to you, word of mouth, do you hunt and bid for projects, code call, visit clients, target clients individually you think you can help, or? - not looking for trade secrets, just to get enough for an overall picture. Do you have any frustrations with the PHP community, do you find you want to talk shop but can't, or find people to work with but can't, have projects in mind you want to do but can't find people to do them with etc? Do you network with other PHP'ers in real life - meetups etc, do you tend to shy away, or do you find you circulate in other web related but non PHP focussed communities? Are you a member or any other web tech communities, opensource efforts, or standardization bodies - again, if so which? Are there any efforts, projects or initiatives which are floating your boat right now and that your watching eagerly (or getting involved with)? ps: please *do not* flame anybodies answers, that really wouldn't be fair. Best Regards, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Does class length slow down performance
Sebastian Ewert wrote: Hi, I'm developing an joomla component and my helper an user classes are crowing bigger and bigger. The helper class is for static use only. Does class size decrease performance of my php scripts, even for static usage? Is there a general rule when to split a class to keep performance up? If you think about it, each class, function, method, line of code all gets interpreted in to opcodes and executed - so, no matter how you split it up, it's still going to produce roughly equivalent opcodes. Thus, no. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP app Server Load
Dan Joseph wrote: Hi, This is slightly OT... We're wrapping up a new PHP/MySQL driven web site built on the Zend Framework. We're anticipating a couple hundred thousand members with several thousand of them coming to the site at once. I'm trying to figure out how to determine how many servers we need to support the load. I've done initial testing on a Xeon 3220 server, but we're looking at an i7 cpu based server now. Anyone know a good way to estimate load based on actually numbers compared to benchmark results from intel on a faster server? Hammer a single instance of the server with ab, get some figures on how many requests per second you can handle then divide by how much traffic you expect :) Before investing in the servers, it may an idea to cache as much as you can and let apache serve static files where ever possible, even if the cache'd files are updated once every 10 seconds it's still a huge weight off the server in high traffic sites. Simple web server config tweaks can make a huge difference too, such as dropping the keep alive right down so requests are served and workers freed quicker, likewise with mysql query cache settings and zend optimizer for PHP (+similar). Personally I tend to split setups for high traffic sites in to 3 tiers, static files on one server, dynamic + app code on another, and db on the final 3rd server - then scale up each tier adding servers as needed. In all honesty, there is no way for anybody to tell you how many servers of what spec you'll need, because the biggest factor here your PHP code and MySQL queries, if you were purely serving static files though then circa 2000 requests per second is a good guestimate. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: can't be done I'm afraid, no matter how hard you look - there is *always* a way around it. only thing you can do is in certain situations ensure that whatever important 'act' is carried out is limited to a fixed person with some personally identifiable data; for instance requiring an address and passport / driving license number for airplane ticket deliver and so forth. To illustrate, before me now on my 'single' machine, I have the primary OS, and two more running in virtual box's; each one has several browsers; and to compound matters I'm hooked up to 2 different networks; and on one of those I can change IP whenever I want. Perhaps only deep packet inspection shared between the different ISPs I use and some kind of knowledge on their part between who in the household is using which machine to do what @ each certain time. Good luck though :) Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Is there a good way to extract the embed/object content in HTML with/without closing tag?
Chian Hsieh wrote:
Hi,
I want to extract all contents started with embed and object
with/without closing tags.
My solution is using a regular expression to get it work, but there is some
exception I could not handle out.
The REGEXs I used are:
// With closing tag
if (preg_match_all(#((object|embed)[^]+.*?/\\2)#is, $str,
$matchObjs)) {
// blahblah
// Without closing tag
} else if (preg_match_all(#((?:object|embed)[^]+)#,$str,$matchObjs)){
// blahblah
}
But it might be failed if the $str are mixed with/without closing tags:
$str ='divdivobject type=application/x-shockwave-flashparam
name=zz value=xx/object/divdivembed src=http://sample.com;
//div'
In this situation, it will only get the
object type=application/x-shockwave-flashparam name=zz
value=xx/object
but I want to get the two results which are
object type=application/x-shockwave-flashparam name=zz
value=xx/object
embed src=http://sample.com; /
So, is there a good way to use one REGEX to process this issue?
If you're open to using methods other than regex; then one way to get
pretty good results is to run the document through HTML Tidy, then parse
it in to a DOM and query it using xpath/xquery - basically mimic the
base way in which the browsers do it (and the way recommended by the
HTML specs)
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
quick confirm: flash won't help you here (nor java, ajax, virtualisation, client side programs, ip filtering, browser detection) - it's not possible I'm afraid; best you can do is limit with personally identifiable information and trust that users won't be sharing an account which has sensitive data in it. I seem to have missed it; but why exactly don't you want a client 'logged in' multiple times (at the same time)? perhaps if you give us the root of the problem instead of how to do the solution you've chosen, we can be of more help :) Best, Nathan Robert Cummings wrote: See comment on virtual machine :) But even without a virtual machine, is this SharedObject saved in a browser determined location, or does the flash app get a say on where it wants to go. Is it shared between flash apps in same browser, or shared across all browsers on same machine. Karl DeSaulniers wrote: Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. Not sure on how this is done. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Robert Cummings wrote: tedd wrote: At 1:02 PM -0400 5/22/10, Robert Cummings wrote: tedd wrote: If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: It's not broken according to my given, which was If that is all (i.e., removing double linefeeds), then this will do it: My code does exactly what was stated. Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :) I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. Also, the solution you provided works better this way: :-) $input = preg_replace( #[\r\n]+[[:space:]]+[\r\n]+#, \n, $input ); $input = preg_replace( #[\r\n]+#, PHP_EOL, $input ); $input = trim( $input ); preg_replace( /(\s)\s+/im, '\\1', $input ); :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Nathan Rixham wrote: Robert Cummings wrote: tedd wrote: At 1:02 PM -0400 5/22/10, Robert Cummings wrote: tedd wrote: If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: It's not broken according to my given, which was If that is all (i.e., removing double linefeeds), then this will do it: My code does exactly what was stated. Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :) I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. Also, the solution you provided works better this way: :-) $input = preg_replace( #[\r\n]+[[:space:]]+[\r\n]+#, \n, $input ); $input = preg_replace( #[\r\n]+#, PHP_EOL, $input ); $input = trim( $input ); preg_replace( /(\s)\s+/im, '\\1', $input ); :) ahh just read the rest of this thread.. icnase it gets a bit pedantic then here's a horizontal white space only one: preg_replace( /(\h)\h+/im, '\\1', $input ); and vertical only: preg_replace( /(\v)\v+/im, '\\1', $input ); (spot a pattern?) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Robert Cummings wrote: Nathan Rixham wrote: Nathan Rixham wrote: Robert Cummings wrote: tedd wrote: At 1:02 PM -0400 5/22/10, Robert Cummings wrote: tedd wrote: If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: It's not broken according to my given, which was If that is all (i.e., removing double linefeeds), then this will do it: My code does exactly what was stated. Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :) I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. Also, the solution you provided works better this way: :-) $input = preg_replace( #[\r\n]+[[:space:]]+[\r\n]+#, \n, $input ); $input = preg_replace( #[\r\n]+#, PHP_EOL, $input ); $input = trim( $input ); preg_replace( /(\s)\s+/im, '\\1', $input ); :) ahh just read the rest of this thread.. icnase it gets a bit pedantic then here's a horizontal white space only one: preg_replace( /(\h)\h+/im, '\\1', $input ); and vertical only: preg_replace( /(\v)\v+/im, '\\1', $input ); (spot a pattern?) Hi Nathan, You may want to start testing your solutions. None have worked yet. Not even close :) filed under 'works for me' ?php $input = 'blah b asd as d asd a sd da asd d asd da'; echo preg_replace( /(\s)\s+/im, '\\1', $input ); on PHP/5.2.8 produces: blah b asd as d asd a sd da asd d asd da unless I'm completely missing the elephant in the room here! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Multiple Login in a single PC should not be possible
Karl DeSaulniers wrote: Hi Nathan, The problem is not mine to speak of necessarily. I was trying to help find a solution for another. But from what I understand, they have a online lesson that they dont want people to be able to log in as another user and get the answers to. Here is the their post. On May 14, 2010, at 2:18 AM, Jagdeep Singh wrote: Hi All! I am looking for a solution, I want a user to do a single Login only on a PC . E.g. If a User has logged on my website website.com in Internet explorer, then he cant login on same website in another browser like Firefox etc with same loginid or another. Can I trace MAC address of a single machine to solve this issue? Or is there a concept of GLOBAL COOKIE / Cross Browser Cookie which will work for all browsers in a single machine.. I hope You will help me out cool; only effective way i can see is to produce a unique (one time) hash in response to every request, and submit that with the answer; that way it's unique to every interaction. And only allow the test to be taken by a specific login once (ie if they've started it, they can't start again) But doesn't effectively stop anything because they could have 2 user accounts, and all the previous matters. you can make it more difficult, can't prevent it. as far as I know anyway! Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Robert Cummings wrote: Nathan Rixham wrote: Robert Cummings wrote: Nathan Rixham wrote: Nathan Rixham wrote: Robert Cummings wrote: tedd wrote: At 1:02 PM -0400 5/22/10, Robert Cummings wrote: tedd wrote: If that is all (i.e., removing double linefeeds), then this will do it: $text_array = array(); $text_array = explode(\n\n, $input_text); $output_text = implode(\n,$text_array); Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: ?php $data = preg_replace( #[\r\n]+#, PHP_EOL, $input ); ? Cheers, Rob. Rob: It's not broken according to my given, which was If that is all (i.e., removing double linefeeds), then this will do it: My code does exactly what was stated. Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :) I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. Also, the solution you provided works better this way: :-) $input = preg_replace( #[\r\n]+[[:space:]]+[\r\n]+#, \n, $input ); $input = preg_replace( #[\r\n]+#, PHP_EOL, $input ); $input = trim( $input ); preg_replace( /(\s)\s+/im, '\\1', $input ); :) ahh just read the rest of this thread.. icnase it gets a bit pedantic then here's a horizontal white space only one: preg_replace( /(\h)\h+/im, '\\1', $input ); and vertical only: preg_replace( /(\v)\v+/im, '\\1', $input ); (spot a pattern?) Hi Nathan, You may want to start testing your solutions. None have worked yet. Not even close :) filed under 'works for me' ?php $input = 'blah b asd as d asd a sd da asd d asd da'; echo preg_replace( /(\s)\s+/im, '\\1', $input ); on PHP/5.2.8 produces: blah b asd as d asd a sd da asd d asd da unless I'm completely missing the elephant in the room here! Doesn't appear to work on the following: $input = ' 1 2 3 4 5 6'; Additionally, your solution modifies lines that weren't asked to be modified :) I realize it potentially makes for a more succinct solution (if you ever get it to work properly in the general case) but it is not a valid solution for the requested functionality-- The OP did not ask for trimming of lines with content ;) quote: So in the file it would look like (from the original file the user uploads that is) 1 2 3 4 5 6 but when the file is saved to the server it must look like 1 2 3 4 5 6 /quote the above produces what's required; and hence the vertical whitespace only solution included too /(\h)\h+/im what version are you on btw? not being an ass and actually am interested in where it doesn't work (as I use the code on some important sites in some apps that are open sourced) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Robert Cummings wrote: Nathan Rixham wrote: Robert Cummings wrote: You may want to start testing your solutions. None have worked yet. Not even close :) filed under 'works for me' ?php $input = 'blah b asd as d asd a sd da asd d asd da'; echo preg_replace( /(\s)\s+/im, '\\1', $input ); on PHP/5.2.8 produces: blah b asd as d asd a sd da asd d asd da unless I'm completely missing the elephant in the room here! Doesn't appear to work on the following: $input = ' 1 2 3 4 5 6'; Additionally, your solution modifies lines that weren't asked to be modified :) I realize it potentially makes for a more succinct solution (if you ever get it to work properly in the general case) but it is not a valid solution for the requested functionality-- The OP did not ask for trimming of lines with content ;) quote: So in the file it would look like (from the original file the user uploads that is) 1 2 3 4 5 6 but when the file is saved to the server it must look like 1 2 3 4 5 6 /quote the above produces what's required; and hence the vertical whitespace only solution included too /(\h)\h+/im what version are you on btw? not being an ass and actually am interested in where it doesn't work (as I use the code on some important sites in some apps that are open sourced) I think I see an issue... either my client, your client, both, or the PHP list is trimming email lines. I have spaces at the end of some of the lines in my example. Let's see if a text file attachment works for this. FYI my command-line is currently running 5.2.11 Yes it was client stripping out extra whitespace! thanks Rob, replicated your results: 1 2 3 4 5 6 and then 'fixed' to give what's needed: preg_replace( /(((\r|)\n)(\h*|))+/im, '\\1' , $input ); the above keeps line termination the same as in the source file; can you give it a quick check your side to ensure it works (if you don't mind)? modified one that 'cleans' the new lines: preg_replace( /((\r|)\n(\h*|))+/im, PHP_EOL , $input ); Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remove blank lines from a file
Robert Cummings wrote: Nathan Rixham wrote: Yes it was client stripping out extra whitespace! thanks Rob, replicated your results: 1 2 3 4 5 6 and then 'fixed' to give what's needed: preg_replace( /(((\r|)\n)(\h*|))+/im, '\\1' , $input ); the above keeps line termination the same as in the source file; can you give it a quick check your side to ensure it works (if you don't mind)? No, no, you missed my meaning... I don't care about line ending... I care about trailing whitespace on non-empty lines. modified one that 'cleans' the new lines: preg_replace( /((\r|)\n(\h*|))+/im, PHP_EOL , $input ); Yes, this is preferred with respect to line ending IMHO. But it still strips trailing whitesapce. Almost there... but you've also got that first blank line still hanging around which is supposed to be removed :D lol ahh hell yeah; trim() it ;) I'm done for the night best, nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to prevent duplicate record insertion after refreshing php page
Deva wrote:
Hi,
If I do refresh after submission of a form, records are getting stored
multiple times.
I have two pages. /submission-form/ and /thank-you/
I was trying header('Location: /thank-you/'); on submission-form page after
successful validation and insertion into db. Still if I do refresh on
thank-you page it adds one more record in database.
How to prevent it without token?
if you use POST for the form then the user agent should pop up a nice
do you want to send the data again type dialogue box.
if you add a unique key over a few of the columns then this will prevent
duplicates at the table level (regardless of the scenario).
to handle POST data, well no point me repeating it, see the spec:
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-09#section-7.5
Best,
Nathan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Application Structre
Nathan Nobbe wrote:
On Mon, May 10, 2010 at 9:19 PM, David McGlone da...@dmcentral.net wrote:
On Monday 10 May 2010 22:15:44 Paul M Foster wrote:
On Mon, May 10, 2010 at 06:09:00PM -0400, David McGlone wrote:
On Monday 10 May 2010 13:04:36 richard gray wrote:
On 10/05/2010 18:17, Ashley Sheridan wrote:
It makes sense sometimes to have different files for different
sections of a website. For example, blog.php, gallery.php, cart.php
could deal with the blog, gallery and shopping cart sections for an
artists website. Yes, it could all be achieved with one script
handling everything, but sometimes when the areas of the site
differ
greatly, it results in a lot of extra code to deal with pulling in
the right template and content parts. I've always favoured only
including the code a page needs rather than a huge amount of stuff
that it doesn't.
this isn't necessarily true - the architecture I've developed uses a
single dispatch script (works fine with the mod rewrite option 2
scenario as well) - this script does general checks/security/filters
etc then simply determines what page/function the user wants from the
request ($_GET/$_POST parameter) and passes control to the specific
handler via including the relevant controller module. The controller
module is responsible for which template is required and loads up
specific classes needed to process the request etc so each module
just
loads its own stuff and nothing else so there's no overhead.
This method also has a small extra benefit that the web server
document
root just has a very simple 2 liner script instead a myriad of php
scripts... if the webserver is misconfigured then someone who sees
the
source code doesn't get to see much..
This thread makes me wonder if using Smarty is smart. Does anyone here
use a templeting system such as smarty or am I the only one?
Lots of people use templating systems and particularly Smarty. Here's
the difference between a templating system and just hand-coding:
Hand coding--
input type=text name=flavor size=20 value=?php echo $flavor;
?/
Templating system:
input type=text name=flavor size=20 value={flavor}/
(Okay, I'm not familiar with Smarty syntax, but in essence template
systems allow you to type less when you want PHP values to show up on
the page.)
Advantage: It *may* be easier for non-programmers to read the page
with templating systems. I'm not sure this is really true. They're still
liable to say, What the heck is {flavor}? Besides, my inclination is
to tell designers to make everything look pretty, turn the resulting
HTML over the the coders, who will then mark it up for PHP. After that,
the designers can stay away from it.
Disadvantage: You're adding another layer (and a LOT of code) just to
save yourself some typing. With straight PHP, the server reads the code,
interprets the PHP, substitutes values and shoves the page down to the
browser. With a templating system, the system must load and call the
templating engine, which must then substitute the proper values, and
then output the built page to the browser.
I don't know how everyone else does things, but I get a feeling of being
very
well organized when using smarty.
I have to say that by using smarty, it has also helped me understand PHP
more
in depth. Maybe it's because of the strict organization, or maybe it's
because
I've been practicing a whole lot more. dunno.
if theres one thing i tend to stay away from, or start deleting the second i
inherit a new codebase, its smarty.
ive never seen anything more bloated ridiculous. hey, lets all learn
*another* set of conventions syntax on top of what we've already learned,
drop *another* url in our bookmarks and slow down the entire universe in the
process...
imo smarty and most any 'template engine' on top of php can be summarized in
one line of code:
include($someScript); // :P
i did gander at robs template system in interjinn once, but never got my
head wrapped round it; honestly i only gave it a day or so. i prefer to go
the typical route as per above, and omit the bloat that systems like smarty,
savant etc bring to the table.
nothing personal david, just an anti-smarty rant :)
yeah I went down the smarty path a few years ago, through xslt, custom
templates etc.. then one day i realised that Pre Hypertext Processor
basically meant that PHP is a rather fancy template engine, so I use it
instead now :p
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Connection error expected but ...
Al Mangkok wrote: Code below from the manual. I changed $ldaphost to some fictitious name. When I ran the script, I always get the message Connection was successful ! Why didn't the script bomb and give the could not connect message? ?php // LDAP variables $ldaphost = ldap.noname.com; // your ldap servers $ldapport = 389; // your ldap server's port number // Connecting to LDAP $ldapconn = ldap_connect($ldaphost, $ldapport) or die(Could not connect to $ldaphost); print Connection was successful !; http://php.net/ldap_connect ldap_connect() will always return a resource as *it does not actually connect but just initializes the connecting parameters.* The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind(). :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Really impressive work
tedd wrote: Hi gang: I found something that really impressed me -- please review this: http://palomarjewelry.com/product/id/19/collectionId/1/typeId/3 Try changing the number and type of stones and watch the main image change (i.e., the basket). If one calculates the number of permutations required to show this single piece of jewelry with 12 different stone types located in 15 different stone positions, you will arrive at a very large number. The specific math escapes me at the moment but something in the order of 15 factorial -- a very large number. Now, I realize that this company did not take 15 factorial pictures of this single piece of jewelry to present all these different combinations but instead placed smaller images of each of the stones at specific coordinates on the larger image of the jewelry. I imagine that each piece of jewelry must have the coordinates of each setting in a database so that they can on-the-fly assemble the finished product as per user's direction. For example, let's take the image of the basket pendant showing three stones. Each of the stone locations would have a specific pixel placement (i.e., x,y). As such, the database would have a field for the image and three location fields for stones 1, 2, and 3. Now, we also have smaller images of 12 different stones (in heads) that are all the same size. Thus, as the user picks the stones and positions they want and the image is assembled on the fly. Is that the way you see this? Or is there a better way? Better way, no. Alternative ways, yes. SVG Canvas + JS HTML4 + CSS + JS (optional transparent pngs) Flash Any number of java plugins (although perhaps overkill). Personally though, I'd go for SVG or the way it is currently implemented with server side gd or suchlike. The reason for saying this is to ensure that the results were identical on as many platforms as possible - the one addition I would make would be an update image button which displayed on noscript, which resubmitted the page / form and showed the image - for those without (or with non compliant) js implementations. I tend to agree that it's impressive, personally I don't think the code behind it rocket science; however the idea to peice what is essentially how many numbers do you want, what are those numbers together in such a user pleasing and useful way, is definately something to applaud :) Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to check for bandwidth limitations when uploading files?
Jim Lucas wrote: Robert P. J. Day wrote: probably not really a PHP question but i'll take a chance, anyway. i want to examine the network throughput i can get when continually uploading files from a PHP script via a POST request using the HTTP_Request2 class. i have a client-side script that simply takes files, creates a short POST request, and submits it to a server-side PHP script that takes the uploaded file and saves it. no big deal. as a test, i created a random 5M file, then looped 100 times submitting the same file, and timed it. while the system and user time was only a few seconds total, real (clock on the wall) time was 2.5 minutes. this suggests that the bottleneck is simply network transfer speed. while i'm doing these uploads, is there a way to monitor network throughput? if this is truly the bottleneck, the only real solution will be to pay a premium for faster network access, i suppose. but i'd just like to be able to produce some numbers or evidence that that's the actual problem. thoughts? rday What web server are you using? Is it Apache, lighttpd, php daemon, etc? If it is anything but directly talking to a php daemon, you must take into consideration that the parent web server does not hand off processing to PHP until it has received the entire file. At this point is when your timer script starts working. So, what is receiving the file? I'd call the script via ab [1] from localhost, the computer you're testing and then another server with a good connection - that way you'll get solid numbers and be able to pinpoint the bottleneck in a snap. [1] http://httpd.apache.org/docs/2.0/programs/ab.html Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] In need of CVS/SVN checkout script for Production servers [solved]
Daevid Vincent wrote: -Original Message- From: tedd [mailto:tedd.sperl...@gmail.com] Sent: Wednesday, May 05, 2010 8:19 AM To: Daevid Vincent; php-general@lists.php.net Subject: RE: [PHP] In need of CVS/SVN checkout script for Production servers [solved] At 1:10 PM -0700 5/4/10, Daevid Vincent wrote: Well, here is the one I'm using. I ended up just writing one (again!) http://www.daevid.com/content/examples/snippets.php :: Production Deployment Script What?!? Advanced features?? I know you don't mean it, but you certainly know how to piss people off. You are not going to like what I have to say, but please accept the following as constructive criticism with no personal intent meant. The site fails W3C CSS validation with 96 errors. The site fails W3C HTML validation with 92 errors and 9 warnings. I have not run into a site like this since before the turn of this century where we had browser wars. The problem isn't just with my browser, but many more as you can see here: http://www.browsercam.com/public.aspx?proj_id=516739 The page (not addressing the entire site) is riddled with embedded javascript and embedded styling both of which are considered bad from. I haven't even addressed accessibility, graceful degradation, or separation of content from presentation from behavior all of which are the goals of best practices sites -- and all of which this site fails miserably. My advice, which I realize that you didn't ask for, is if you want to provide something of substance, then do so for all and not just the privileged elite who think they are the leading edge with this type of gimmick nonsense. This site is a step backward into the old browser wars. Of course, I could tell you what I really think, but I don't want to be too abrasive. :-) Cheers, tedd *sigh* once again you people focus on something S off topic compared to the meat of the thread -- which is a production repository checkout script. As for my site. [*] I wrote it like 4 years ago or more when there were TWO browsers worth mentioning: IE and FF. [*] I used a 3rd party JS library from www.ceiton.com -- who are pretty much dormant. [*] The cieton code is not only compressed and impossible to debug, but often written in German! [*] I've looked at it a few times over the years to try and remove the limitation, because I also agree that most modern browsers should be able to handle the JS at this point. [*] I really don't care about the fringe browsers of Chrome, Opera, Konquerer, Blackberry, whatever (for my PERSONAL HOME PAGE) [*] http://www.w3schools.com/browsers/browsers_stats.asp [*] http://marketshare.hitslink.com/report.aspx?qprid=0 [*] I'm sorry your using a browser that falls under the top 25%. In fact ALL the browsers besides IE and FF don't even add up to 16% of the ENTIRE market. Give me a break man. I've got more important things to do. [*] If you don't have Firefox, well then let me tell you where to go download it for free: http://www.mozilla.com They make it for all major OS's in case you didn't know. [*] Honestly, I also dislike Apple. I think it's stupid for them to make a browser. I think they make crappy products. I HATE my iPod. I am a Linux guy (or was until I realized my time was too valuable to keep wasting on Linux as a Desktop), and WANTED to LOVE OSX. I sold the damn notebook after a month of owning it. OSX blows. It's too dumbed down IMHO (as is Windows7, but that's another topic). In light of recent events where they fired a guy for showing that even more stupid iPad (great, a big iPhone that can't even call) to Wozniak and then going after Gizmodo, I have even more distain for them. So I really have no care to support them in any way shape or form. If the site works for Safari, fine. If not, oh well, change your USER_AGENT string or get Firefox/IE. As for CSS, inline styles, separation of logic, and all that other stuff you ASSUME I don't use -- you are very wrong. I just happen to use a lot of PHP to dynamically create various parts. In some cases I inline styles where they are used one time or used in a PHP function. I freely admit that there is some archaic code there too. Code that I'm not about to go back and re-factor at this stage. I know much more now than I did then. I would certainly do things differently, and the next time I get a wild-hair up my ass and a few days of that elusive commodity known as free time to code up a new design I will. Again, this is my personal site that's only purpose is to show some pictures and other random shit. And with all due respect Tedd -- as I know you're an icon here and I've learned many things from you myself. If I had to choose between my daevid.com site and one of the three you (presumably) illustrate as beacons of the way to do it (http://sperling.com http://ancientstones.com http://earthstones.com), then I would take my site any day of the week. These three sites harkon back to the
