[PHP] Image Conversion...
I need to convert (resize, and store as blob's in a mysql db) images my users can upload. I'm wondering what the best conversion tool is... I'm considering ImageMagick... Is this the best? Is their anything that is integrated with PHP itself? td
[PHP] Which CAPTCHA is the besta?
I need a CAPTCHA script Which one is the best? (I dont mind if its somewhat difficult).
[PHP] Recursion and threaded message boards...
I have to write some PHP backend code for a threaded message board. The db has a message table, and each message has a parent id. Does anyone have any advice for someone whos never done this in PHP? I'm currently thinking that I write function that takes a db row as an argument, and initially, it is passed the root node of the whole tree. It is also probably passed a string variable. The first thing it will do is append the code for itself to the string. Then it will query the DB for all its children (with an order by post timestamp), and for every child, it will call itself on that child row. Am I on the right track? (I've done simmilar things in C++, just not in PHP)... td -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
[PHP] Forwarding $_POST[]...
I keep wanting to do something, and either I dont know how to do it, or I'm doing something wrong and need to rethink things. Quite often, I have a form that submits to a php script via POST and after doing some processing (or more frequently, asking the user a question), I'd like to forward those $_POST[] vars to another script (or even the same script). I could do something complicated and store the $_POST vars in $_SESSION[], but what I'd rather do is simply add a var to $_POST[] and resubmit this to the same .php. Is their any way to do this, or do I need to rethink things? td -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
Re: [PHP] A no brainer...
Wow... well, I was certainly not speaking from direct experience, only from what seemed to make sense to me. This tells me that their is some serious room for improvement in PHP de-serialization code... td Sorry Tony, I should have been more clear. I already know that storing session data in MySQL is faster than storing it in files. I know that goes against what you're saying, but there are some examples if you Google PHP MySQL session performance. One of the more interesting examples is http://shiflett.org/articles/guru-speak- jan2005. PHP session management defaults to files because it's more portable and the performance difference doesn't matter for small sites with few concurrent users. MySQL also provides better scaleability and security for session data. On Oct 14, 2006, at 2:51 PM, Larry Garfield wrote: It depends on what your data is. Is your data basic (a few elements in a linear array) or complex (a deeply nested multi-dimensional array or complex object?) Deserializing a complex data structure can get expensive. Is your data built by a single simple query against the database, a single but very complex query with lots of joins and subqueries, or a bunch of separate queries over the course of the program? A single SQL query for cached data is likely faster than lots of little queries. Is your data something that's going to change every few seconds, every few minutes, or every few days? Caching something that will change by your next page request anyway is a waste of cycles. Is your data needed on every page load? Putting a complex data structure into the session if you only need it occasionally is a waste of cycles. You're better off rebuilding it each time or implementing your own caching mechanism that only loads on demand. There is no general answer here. Good points Larry. I have to look back, but I think we were originally talking about basic user data. ie. the user logs into the site and we store their login information and access rights in a session. That seems like basic enough information that it's better to just store the user id in session data and grab the rest of their information from the db - not much of a difference in performance, plus you end up avoiding stale data. Anyway, I like your distinction between simple and complex objects. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
[PHP] A no brainer...
Is their a slick way of automatically serializing Objects to the session when a script exit()'s and de-serialize them in session_start()? It seems to me that object oriented PHP might actually be useful if I could persist an object across an entire session, and come to think of it, their really ought to be an automatic way to do this... (IE, I'd not be suprised one bit if its already a feature of PHP that I'm just not aware of)... So, is their a way to do this? -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
Re: [PHP] Re: Separate PHP Code From HTML || Pros Cons
I dont think its so bad. What I do is keep the PHP and HTML seperate, but in the same file: php on top, html in a here document at the bottom. I COULD go one step farther and have the HTML in a seperate file, but I just dont see the point. td On 10/7/06, Thiago Silva [EMAIL PROTECTED] wrote: On 10/7/06, sit1way [EMAIL PROTECTED] wrote: Hey all. This presents problems in that any updates I make to the CMS only affect the site I'm working on. So, while working on one site I may make changes to the CMS, changes that improve the app., but other older sites do not get updated -- it's OK now, but things are getting sloppy ;--) I would dearly love to have a base CMS repository that all sites would draw on, extending the base CMS in the event that a particular client has need of customization. Some combo of Linux and Apache would do the trick; e.g. PHP requests for any of my sites would point to say, /home/cms/includes/ Are you using a version control system? Using one and, maybe, reviewing your architeture for code re-use might help in this matter, I think Now, the other issue I'd like to address is separating PHP code logic from site HTML. (...) I've often heard the mantra, separate code from HTML, but it seems ridiculous at times to include tiny HTML snippets that can easily be echoed out, or stored in a variable. Smarty goes to the extreme in separating code from HTML, but looking at their templating system, I wonder what's the point? Is it the end of the world if you've got a few choice if, then, else statements in your HTML templates? Is of my understading that this mantra is about intention in the code. We have a framework written in PHP that also uses PHP as template language. I mean, we have source files that define components, where we use PHP to process the data normally (declaring classes, using DB, etc), but there are also snippet files were we have HTML + PHP. The special case here is that the snippet files have a couple of arrays with data (created and offered by the components) available and their only occupation is to process output: no DB access, no class declaration, no file inclusion, no socket connectionall they have to do is render HTML (or whatever) with the data they received. The most complex things we have in snippet files are small functions where recursions help displaying some widgets. Everything else are loops, decision strucutres and lots of print/echo. Simple source files, in the end. Thiago Silva -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
[PHP] Coding Style Question...
I am relatively new to PHP... I have about 1.5 years of light PHP work under my belt... Over the past year or so my PHP coding style has evolved significantly and I'm curious as to how experienced programmers write PHP... Basically, here is what I have evolved to: 1) ALL php code is at the top of the file. 2) ALL html code is in a here document at the bottom. 3) php code is run before 1 character is outputed (and hence, no headers are sent, leaving redirects open for possibilities) 4) I almost always following my require_once directives with a session_start() at the top of the file. 5) Often, my forms submit to the PHP page that generated them but do so with a hidden posted variable. If that variable is set, then I process the form submission. I think the most important part of all this is #1 #2... I think I am using PHP a little like template engine this way... It seems to me that I most often see code snippets that try to intertwine HTML and PHP, but in my experience, except for trivial examples, this doesn't work so good... What do you think? -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
Re: [PHP] moving file from one server to another
How about nfs mounting a directory from the image server to a directory on the lamp server. This way, the files are never really on the LAMP server... td On 9/30/06, Nick Wilson [EMAIL PROTECTED] wrote: * and then Google Kreme declared On 30 Sep 2006, at 03:29 , Nick Wilson wrote: I need to let users upload to the regular LAMP box, but then copy the image over to the custom image server (which does not have php or any kind of cgi capability). I was considering using exec() and scp to do this, but thought i'd ask and see if anyone had any better suggestions? Ah... well, does the copy need to be interactive, or does it need to be automatic? I'd probably use rsync to copy the upload tree to the image server myself, without involving php at all. yes. i'd considered rsync but the file needs to be available on the image server immediately. scp'ing it should work, but of course imnow having fun with the apache user and try9ing to work out how to give it an ssh profile :) -- Nick Wilson http://performancing.com/user/1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Publish technical articles @ skilledwords.com and get 100% of the ad-revenue! http://www.skilledwords.com
[PHP] POST on redirects?
In a couple of my scripts, I do something like the following when I detect
an improperly submitted form:
**if( !valid_string( $_POST['firstname'] ) )
{
$return_url =
https://www.abc.com/checkout_phase1.php?error=FirstName Required;
header( location: $return_url );
exit(0);
}
Recently I changed the code so that a big variable that was being passed via
GET (IE, as a param in the URL) is instead being POST'd... (typically, via a
hidden INPUT elem in a form)...
Unfortunatley, this broke my error handling logic... Is it possible to add
POST variables to a redirect? How?
--
Free Linux Technical Articles
http://www.linuxtecharticles.com
[PHP] Sorting users geographically...
I'm helping a friend of mine build a matchmaking website, and we have a doozy of a problem to solve: What I need to do is two fold: #1 Collect whatever geographical information I need from each user to enable #2 #2 Be able to run query's to find people NEAR (geographically) another person. Does anyone know of any commercial or free implementations of this? Is it primarily a database problem or is their some way (computationally) to compute the probable proximity of two zip codes? Hopefully someone responds to this with a Pear package that does exactly what I need! :) If that can't happen, then I'd appreciate any options you can think of. td -- Free Linux Technical Articles http://www.linuxtecharticles.com
Re: [PHP] Re: Session's across Domains...
Hmm.. Almost. If the shopping cart on site A submits to the secure CC processing page on site B, then the contextual data that describes the order (price, order number) was actually communicated from A to B via a hop at the users browser (likely via a hidden form field on site A). Thus it would need to be encrypted and urlencoded (otherwise anyone could hit View Source and see it all in plain text). Now, I suppose the shopping cart on site A could submit to itself, and then in that case, build up this encrypted data packet and then re-direct to the secure CC processing page (passing the encrypted data as a GET parameter. Is their any way to POST with a re-direct?). Ok. I think I have this all in my head now. On 11/9/05, Ben Ramsey [EMAIL PROTECTED] wrote: I'm posting this back to the list to keep the conversation there. I hope you don't mind. My comments are at the bottom . . . On 11/9/05 10:10 AM, Tony Di Croce wrote: The reason I even wanted to do this had more to do with sharing some data between two sites, and less with really maintaining a login. It occured to me that I need not share sessions at all. Instead, all of the data B needs could simply be encrypted by A and sent in a post field. Now, this does bring up the problem that someone could sniff this packet, capture this encrypted packet, and use it to authenticate themselves on B. They never had to decrypt it, just capture from A, and send to B at their leisure... Let me give some background here on exactly what I'm doing, as it may clear things up a bit. B is a secure page, with a CC info form that when submitted will process their card, charging the amount of money passed in the encrypted packet, and if the charge succeeds, redirecting back to A. A would probably need to send an order number to B, and B could pass that back to A upon success or failure. All of this is to get around the Apache limitation of allowing only one virtual host to use SSL. Anyhow, B could keep track of all of the order numbers it was sent by A, and if it was re-sent a duplicate could simply deny the whole transaction. Thus, if someone sniffed my encrypted data burrito, and attempted to re-use it to gain access to B, they would fail, since B will only allow that burrito ONCE. Perhaps these order numbers could be GUID's. How does this sound? I think someone else here could probably offer some better advice, but here's what I would do. I would definitely use SSL when dealing with CC data, but I don't think there's an Apache limitation that restricts the use of SSL to one host. There is a limitation that restricts the use of an SSL certificate to one host, so, if you had two certificates, both hosts could use SSL sockets, but I don't think that's what you need here. (You could still use the same certificate across multiple hosts, but then the user is going to be prompted in the browser whether or no to allow the certificate to be used, and this is generally not a good idea.) What you need to do is ensure that your FORM action on domain A (the unsecured domain) is POSTing to https://domain-b.org. Note the usage of HTTPS. This will ensure that the data is sent along the secure channel and not in clear text. You don't need to perform any encryption, since SSL takes care of that for you. Then, B could simply redirect back to A after processing the order and pass the order number through the query string (since it's probably not very sensitive). Does this answer your question? And, yeah, denying used order numbers would be a good idea. -- Ben Ramsey http://benramsey.com/ -- for only the most hard core geekstas... http://geekstasparadise.blogspot.com
[PHP] A question...
Are variables that are stored in the $_POST[] array ever communicated to the browser? Im using PHP sessions, and I store lots of variables in $_POST[]... If I use $_POST[] to communicate variables from 1 php script to another, is that insecure? -- for only the most hard core geekstas... http://geekstasparadise.blogspot.com
[PHP] Session's across Domains...
I have a server with a few virtual hosts. All of my scripts use session_start(), and $_SESSION[] to share data between invocations of different scripts. The problem I'm having is that if a form on site A submits to a script on site B the values stashed in $_SESSION[] appear to be lost... Should this work? If not, then what alternatives exist? I suppose I could pass the session id as a POST argument to the site B script (and theirs probably a method in PHP that given a session_id() makes available all of that sessions $_SESSION[] variables) but is that the best way? td -- for only the most hard core geekstas... http://geekstasparadise.blogspot.com
[PHP] [php] Chrooting php...
I'm trying to fully chroot my server. Right now, I have Apache running in a chroot jail, and I need to get php5 working their too... Before I dive in, I thought I'd just ask if anyone here has any experience doing this...? Are their any known issues? Also, I was going to chroot my postgres db, but now I'm not so sure. It is not running as an exposed service (IE, its ports are not open to the outside world. It's only used over the loopback interface by PHP)... Is their any point to jailing it in this case? td -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing CCN's Again...
I AM going to accept CC's on my site. I am NOT going to store them anywhere... and I DO think the original question is valid. If a hacker is able to gain root access they may be able to obtain a CCN from memory on my server... Perhaps a hacker breaks into a number of sites and harvests 1 or 2 numbers from each a day... It is not nearly as bad as having someone get full access to all the CCN's you have stored in DB (if you were dumb enough to do that), but it could still cause lots of problems... So, it doesn't seem like anyone is aware of a way to make PHP paranoid about such things... Perhaps their is a lower level way to get linux to scrub an address space when a process exits? I will google On Tue, 08 Feb 2005 10:57:16 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On 8 Feb 2005 Jochem Maas wrote: don't agree - I'd rather be cautious on a hunch, especially given that I have no means to personally verify the risk other than in terms of total financial ruin if a real problem occurs even once. besides its a moot point there is no need to handle creditcard info in 99.999% of all cases (the rest being covered by amazons,paypals,etc) Well OK, there is no urgent *need*. But accepting credit cards is a valid and useful approach for many sites. The worst-case imagined distasters do not make this less true. I cannot verify in advance that a car driven by a drunk driver will not drive down my street at the moment I walk out of the house, hit me on the sidewalk, and kill me. I do not *need* to leave my house in most cases, I could order almost everything I need to be delivered. But it still does not make sense to stay in the house all the time (and there are other dangers there anyway). The possibility of catastrophic consequences which you cannot control is not a reason to always opt for the most cautious possible approach. However I would agree it is a reason to thoughtfully assess the risks and make a choice. then again there are +-2billion people with limited/no access to running water... maybe we shouldn't blow the CCN thing out of proportion :-/ Good point. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] phpBB alternatives?
Due to the recent vulnerabilities discovered in phpBB and the content of this page: http://www.phpbb.com/ I have decided to consider other options for my forum needs... Does anyone have any reccomendations for a PHP based forum software? -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Storing CCN's Again...
First I should say that I have NO plans to store CCN's on my site, but I do have a related question: Right now I accept CC info from a posted form and then from a PHP script submit that to authorize.net... Is their any way to get PHP to clean up any remnants of any variables that might be in memory after a script is run? IE, is their a way to get PHP to overwrite the memory used by variables at the termination of a script? I wasn't worried about this before but I think the paranoia regarding CCN's on this site has gotten to me... Better safe than sorry! -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Connecting To Multiple MySQL Databases
OK... Here's a slightly different, but related question... Can database connection resources be serialiazed and re-used in a different script invocation? For example, can I open a DB connection, assign it to a $_SESSION[] variable and then later use it on a different page? Somehow, I doubt it... On Sat, 5 Feb 2005 11:34:01 -0600, NathanielGuy#21 [EMAIL PROTECTED] wrote: Worked like a charm, thanks! --nathan On Thu, 03 Feb 2005 20:33:17 -0700, Dan Trainor [EMAIL PROTECTED] wrote: NathanielGuy#21 wrote: I know this may be slightly off topic for a PHP listserv but I cant find my answer anywhere else. I start off generating a page connected to one database as a certain user and I call a script that requires a connection to a second database as a different user. Is there any way I could open that connection while maintaining the current one aswell? The connection of the script is opend and closed before any more of the other page is generated. Im not sure how to go about solving this problem other than rewriting my script. Any ideas? --nathan I'm a bit new myself, but why not call the resources seperate names? $sql1 = mysql_connect($host1, $user1, $pass1); $sql2 = mysql_connect($host2, $user2, $pass2); Hope that helps -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- http://www.blacknute.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Send REAL USPS letters from the Web! http://www.quickymail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Is this even possible?
Is it even possible to connect to a postgres server (thats running on linux) from a windows CLI php script? I'm seeing a pg_connect() error... FATAL: no pg_hba.conf entry for host 192.168.1.100 Any ideas? -- td -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to argue with ASP people...
I am fairly new to PHP, but I am loving it... I have recently gotten involved in a business venture and I have been using PHP so far... Recently I have taken on a partner, and he is a big ASP guy... I am not totally against ASP, but it would have to be pretty good to get me to switch at this point (PHP seems to do everything I need)... But I will need to convince him of this... What points can I bring up in PHP's favor? In what areas does PHP trounce ASP? -- td -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP]
I am relatively new to web development, but I have been a C/C++ programmer now for about 9 years... So far, I really love PHP... It just makes web development so much more convenient... But I sometimes wonder why so much server side work is done with intrpreted scripting languages... Why haven't languages been created that when compiled result in C code, which could then itself be compiled and run natively? It should be possible to create a reintrepreter capable of translating code written in a language like PHP into C code, which could then be compiled and executed natively... (IE, Faster)... If it was desired, it could even copy the syntax of the PHP language exactly... You would get the rapid development of PHP combined with the execution speed of C... Their must be a good reason this has never been done (or has it?). -- td -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session newbyness...
I just started using PHP a week or so ago... And everything is coming along great... But I have some general question about sessions... Actually, about PHP's built in session support. Do I need to call session_start() in every script that needs access to $_SESSION[]? Would it cause any problems if I do? If not, am I supposed to just call it once on the login page for my website and then thats it? I think I would like to store a user id in my $_SESSION[] global. If this variable is set, I will consider this session logged in. Is their a secure way to do this? I would like to have at least an outline of how this works in my head, so tell me if I am wrong in any of this: When session_start() is called, this function sets a cookie in this browser with a unique value that is bound to a set of globals (IE, the contents of $_SESSION[]). When subsequent HTTP requests have this cookie attached, the correct set of $_SESSION[] variables is loaded... Everything right? -- td -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
