Re: [PHP] Recommendation request: Use Magento or build my own eCommerce?
Use Magento. It will take you more than 6 months to build what you're talking about all by yourself. Magento is a pain to learn at first but once you get into it things start to make sense and development speeds up. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for online PHP editor please....
Here you go. This is labeled a html editor, but thinking you can edit php files with it as well. HTH, http://phphtmledit.com/ Karl On Apr 25, 2010, at 3:01 AM, Angus Mann wrote: HI all. I'm looking for a recommendation for an online PHP editor. Here's what I mean I mean a PHP program I can install on my web-server, then log in and use it to browse and edit other PHP files on the server. The idea is that I could make changes and bugfixes to a web app while I'm away from home/office. Ideally it would be more than just a text editor, but also have syntax highlighting and formatting for PHP built in. Any recommendations would be much appreciated. Thanks, Angus Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for online PHP editor please....
SSH + MC i.e http://www.midnight-commander.org, you will get syntax high lights. P:S **Any CLI program will do the job. On 04/25/2010 10:01 AM, Angus Mann wrote: HI all. I'm looking for a recommendation for an online PHP editor. Here's what I mean I mean a PHP program I can install on my web-server, then log in and use it to browse and edit other PHP files on the server. The idea is that I could make changes and bugfixes to a web app while I'm away from home/office. Ideally it would be more than just a text editor, but also have syntax highlighting and formatting for PHP built in. Any recommendations would be much appreciated. Thanks, Angus -- Extra details: OSS:Gentoo Linux profile:x86 Hardware:msi geforce 8600GT asus p5k-se location:/home/muhsin language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS Typo:40WPM url:http://www.mzalendo.net url:http://www.zanbytes.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for online PHP editor please....
On Sun, 2010-04-25 at 13:46 +0200, mrfroasty wrote: SSH + MC i.e http://www.midnight-commander.org, you will get syntax high lights. P:S **Any CLI program will do the job. On 04/25/2010 10:01 AM, Angus Mann wrote: HI all. I'm looking for a recommendation for an online PHP editor. Here's what I mean I mean a PHP program I can install on my web-server, then log in and use it to browse and edit other PHP files on the server. The idea is that I could make changes and bugfixes to a web app while I'm away from home/office. Ideally it would be more than just a text editor, but also have syntax highlighting and formatting for PHP built in. Any recommendations would be much appreciated. Thanks, Angus -- Extra details: OSS:Gentoo Linux profile:x86 Hardware:msi geforce 8600GT asus p5k-se location:/home/muhsin language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS Typo:40WPM url:http://www.mzalendo.net url:http://www.zanbytes.com I wouldn't recommend editing files actually on the server. I used to do that, until my hosting changed its cPanel setup in a way that caused havoc with the KIOslaves in KDE. I tried to save a file, got back an error that said the file couldn't save. So I closed the editor only to find that the file I was editing had just been zeroed. I lost a lot of work that day because I didn't have a backup. It's far safer to edit local files and FTP them in, even if you just use a web-based FTP system (and mosting hosting control panels will have one) Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Recommendation for online PHP editor please....
Angus Mann wrote: HI all. I'm looking for a recommendation for an online PHP editor. Here's what I mean I mean a PHP program I can install on my web-server, then log in and use it to browse and edit other PHP files on the server. The idea is that I could make changes and bugfixes to a web app while I'm away from home/office. Ideally it would be more than just a text editor, but also have syntax highlighting and formatting for PHP built in. Any recommendations would be much appreciated. Thanks, Angus I found this one a few months ago. http://www.gerd-tentler.de/tools/filemanager/ Put it in a password protected area on your server and you have it made. It comes with syntax highlighting that has worked for me so far. -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Tue, Sep 9, 2008 at 9:51 PM, tedd [EMAIL PROTECTED] wrote: How do I get an email to you at: Shawn McKenzie [EMAIL PROTECTED] ? I was grabbing addresses for the whole mass invitation thing and noticed this too. Of course I was like I've been had. Then for some reason I just tried it and it worked. ;) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Sep 10, 2008, at 7:56 AM, Eric Butera wrote: On Tue, Sep 9, 2008 at 9:51 PM, tedd [EMAIL PROTECTED] wrote: How do I get an email to you at: Shawn McKenzie [EMAIL PROTECTED] ? I was grabbing addresses for the whole mass invitation thing and noticed this too. Of course I was like I've been had. Then for some reason I just tried it and it worked. ;) I just let you all add me before and then I didn't have to fight with bad addresses :P -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
At 10:15 AM -0500 9/2/08, Shawn McKenzie wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -Shawn: How do I get an email to you at: Shawn McKenzie [EMAIL PROTECTED] ? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
I don't understand the question. It is an email account that I check and I get mail from that address all the time. Of course it's late/much wine and there may be some humor here that is totally escaping me. -Shawn tedd wrote: At 10:15 AM -0500 9/2/08, Shawn McKenzie wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -Shawn: How do I get an email to you at: Shawn McKenzie [EMAIL PROTECTED] ? Cheers, tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Sep 2, 2008, at 3:08 PM, Jay Blanchard wrote: [snip] ... [/snip] Who is going to create the group? just a quick search of groups on linked in showed 134 groups related to php. And my profile: http://www.linkedin.com/pub/9/59a/b41 :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
Jason Pruim schreef: On Sep 2, 2008, at 3:08 PM, Jay Blanchard wrote: [snip] ... [/snip] Who is going to create the group? just a quick search of groups on linked in showed 134 groups related to php. And my profile: http://www.linkedin.com/pub/9/59a/b41 :) and the guy that started this thread just seemed to drop off the planet, very strange. -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Wed, Sep 3, 2008 at 6:29 AM, Jason Pruim [EMAIL PROTECTED] wrote: On Sep 2, 2008, at 3:08 PM, Jay Blanchard wrote: [snip] ... [/snip] Who is going to create the group? just a quick search of groups on linked in showed 134 groups related to php. And my profile: http://www.linkedin.com/pub/9/59a/b41 :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well there definitely is a lot of PHP groups. In that case, maybe someone that oversees the PHP list should create one that is associated to this one. -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Recommendation
On Sep 3, 2008, at 9:04 AM, Dan Joseph wrote: On Wed, Sep 3, 2008 at 6:29 AM, Jason Pruim [EMAIL PROTECTED] wrote: On Sep 2, 2008, at 3:08 PM, Jay Blanchard wrote: [snip] ... [/snip] Who is going to create the group? just a quick search of groups on linked in showed 134 groups related to php. And my profile: http://www.linkedin.com/pub/9/59a/b41 :) -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well there definitely is a lot of PHP groups. In that case, maybe someone that oversees the PHP list should create one that is associated to this one. there's someone that oversee's this list? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Sat, Aug 30, 2008 at 8:38 AM, tedd [EMAIL PROTECTED] wrote: Hi gang: At 1:16 PM +0100 8/30/08, Stut wrote: Now, about that recommendation for my linked in profile... ;) That's not a bad idea. Daniel and I did an exchange a while back. I think it might help to land clients if we can use our linked-in status in some way. I haven't done that yet, but there should be a way. As such, if any of the regulars to this list are in need of a recommendation, please contact me off-list. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php We have threads that go 100+, and this one dies at 3... You can view mine at http://www.linkedin.com/in/danjoseph Anyone can feel free to connect to me as well, and I'd be happy to give recommendations. -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Recommendation
I'm on there too. http://www.linkedin.com/in/ericbutera -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Tue, 2008-09-02 at 14:07 -0400, Bastien Koert wrote: On Tue, Sep 2, 2008 at 11:15 AM, Shawn McKenzie [EMAIL PROTECTED]wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php toss in mine as well http://www.linkedin.com/in/bastienkoert I may as well be another me too :) http://www.linkedin.com/in/robertcummings123 Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Tue, Sep 2, 2008 at 11:15 AM, Shawn McKenzie [EMAIL PROTECTED]wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php toss in mine as well http://www.linkedin.com/in/bastienkoert -- Bastien Cat, the other other white meat
Re: [PHP] Recommendation
What about also creating a PHP General List group? Has anyone created Groups on linkedin before? Maybe we could get quite a few people linked thru one? -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Recommendation
On Tue, Sep 2, 2008 at 2:35 PM, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2008-09-02 at 14:07 -0400, Bastien Koert wrote: On Tue, Sep 2, 2008 at 11:15 AM, Shawn McKenzie [EMAIL PROTECTED]wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php toss in mine as well http://www.linkedin.com/in/bastienkoert I may as well be another me too :) http://www.linkedin.com/in/robertcummings123 Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php 123? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation
[snip] What about also creating a PHP General List group? Has anyone created Groups on linkedin before? Maybe we could get quite a few people linked thru one? [/snip] I am on LinkedIn and having a group would be very cool. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Tue, 2008-09-02 at 14:42 -0400, Eric Butera wrote: On Tue, Sep 2, 2008 at 2:35 PM, Robert Cummings [EMAIL PROTECTED] wrote: On Tue, 2008-09-02 at 14:07 -0400, Bastien Koert wrote: On Tue, Sep 2, 2008 at 11:15 AM, Shawn McKenzie [EMAIL PROTECTED]wrote: Eric Butera wrote: I'm on there too. http://www.linkedin.com/in/ericbutera Me too... http://www.linkedin.com/in/rsmckenzie -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php toss in mine as well http://www.linkedin.com/in/bastienkoert I may as well be another me too :) http://www.linkedin.com/in/robertcummings123 123? There's more than one robertcummings and I wasn't first :( *hehe* Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation
[snip] ... [/snip] Who is going to create the group? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On Tue, Sep 2, 2008 at 3:08 PM, Jay Blanchard [EMAIL PROTECTED] wrote: [snip] ... [/snip] Who is going to create the group? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well, I guess if no one is volunteering, I can create it, but I think it should be a community chosen name. Suggestions? -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life.
Re: [PHP] Recommendation
On Tue, Sep 2, 2008 at 7:55 PM, Dan Joseph [EMAIL PROTECTED] wrote: On Tue, Sep 2, 2008 at 3:08 PM, Jay Blanchard [EMAIL PROTECTED] wrote: [snip] ... [/snip] Who is going to create the group? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Well, I guess if no one is volunteering, I can create it, but I think it should be a community chosen name. Suggestions? -- -Dan Joseph www.canishosting.com - Plans start @ $1.99/month. Build a man a fire, and he will be warm for the rest of the day. Light a man on fire, and will be warm for the rest of his life. php-general -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
Dan Joseph wrote: What about also creating a PHP General List group? Has anyone created Groups on linkedin before? Maybe we could get quite a few people linked thru one? Well, if you go to groups, groups directory here are already quite a few PHP groups. That's why I haven't joined one. I was hoping to find an official group or one that is large with most PHP coders, but there are so many already. Is the purpose for just this list? If so then by all means create a new one. -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
On 30 Aug 2008, at 13:38, tedd wrote: At 1:16 PM +0100 8/30/08, Stut wrote: Now, about that recommendation for my linked in profile... ;) That's not a bad idea. Daniel and I did an exchange a while back. I think it might help to land clients if we can use our linked-in status in some way. I haven't done that yet, but there should be a way. People should feel free to connect with me: http://www.linkedin.com/in/stuartdallas -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation
As such, if any of the regulars to this list are in need of a recommendation, please contact me off-list. Thank you very much! :-) http://www.linkedin.com/in/heyesr -- Richard Heyes HTML5 Graphing: http://www.phpguru.org/RGraph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for an XML class?
On Feb 6, 2008 3:09 PM, Brian Dunning [EMAIL PROTECTED] wrote: I see there are billions of XML classes out there. Can anyone recommend one that's good simple? My needs are quite basic, all I really need is to draw simple values out of the XML, like convert order_no123/order_no to $order_no = 123.http://www.php.net/unsub.php SimpleXML, http://www.php.net/manual/en/ref.simplexml.php -nathan
Re: [PHP] Recommendation for an XML class?
On Wed, 2008-02-06 at 15:12 -0500, Nathan Nobbe wrote: SimpleXML, http://www.php.net/manual/en/ref.simplexml.php Dude, I thought you were playing with SPL! SimpleXML _then_ use the SimpleXMLIterator to work with it! http://www.php.net/spl --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for an XML class?
On Feb 6, 2008 4:04 PM, Paul Scott [EMAIL PROTECTED] wrote: Dude, I thought you were playing with SPL! SimpleXML _then_ use the SimpleXMLIterator to work with it! http://www.php.net/spl well of course; if you need to flatten out an xml structure in a few lines of code ;) -nathan
RE: [PHP] recommendation for a article manager
Hi, I'm looking for a recommendation for a small easy to use free article manager.It must be able to fit in with existing site and be able to include a picture.It does not need an all singing editor a simple form system will do I can control the look by css. I'm currently doing the same thing to add press releases/news archive in our existing site. Using Wordpress with a custom theme is working well at the moment. HTH, Edward -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] recommendation for a article manager
In news: [EMAIL PROTECTED] - Edward Kay wrote : Hi, I'm looking for a recommendation for a small easy to use free article manager.It must be able to fit in with existing site and be able to include a picture.It does not need an all singing editor a simple form system will do I can control the look by css. I'm currently doing the same thing to add press releases/news archive in our existing site. Using Wordpress with a custom theme is working well at the moment. HTH, Edward I did look at Wordpress but was thinking it may be a bit complex for the people that will be using it-May install and have a play around with it. Chris -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] recommendation for a article manager
Joker7 wrote: I did look at Wordpress but was thinking it may be a bit complex for the people that will be using it-May install and have a play around with it. have you looked at the postie plugin for wordpress ... ? you can even set it up to perform cronless (non cronjob) postings. using this would enable your users to stick to using a familiar email environment to write articles and post them to a designated email account, the wouldn't need to even know it was wordpress let alone figure out the interface/options. uploads are supported as well so including images is doable, provided the css is setup correctly. it supports adding articles to specific categories using prefixes to the subject as well (including multiple categories if needed). -- jammer www.jammer.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
On Sat, April 2, 2005 5:41 am, Ryan A said:
so although this is new to me, I know there are a lot of PHP gurus on the
list and i'm sure this is not new to themI was hopeing someone could
recommend a class they are using as I am starting a new project on monday
and dont have the time to test each class before picking one (honest guys,
there are a lot, you gotto browse them to belive it)
I dont need anything fancy just something that gets the job donesafely
and effectivly.
Here's the thing:
Depending on your DATA that *YOU* expect, you'll need different scrubbing
functions.
For example, if your script expects and ID (auto_increment) and a big ol'
blob of text for a bulletin board posting, you're going to scrub those two
COMPLETELY differently.
?php
$id = abs( (int) $_REQUEST['id'] );
$text = mysql_escape_string($_REQUEST['text']);
?
You could maybe find some kind of class/package that has some pre-defined
types of data and scrubbers to go through them, and you'd do something
like:
?php
$id = scrubber($id, 'int+'); //'int+' == postive integer
$text = scrubber($text, 'mysql'); //'mysql' == MySQL data
?
That ain't really gonna save you much, is it?
And keeping track of all those different kinds of possible data types to
scrub for is gonna be a real PAIN.
Plus, invariably, you'll have some kind of data where a good scrubbing is
not going to be covered by the available types in the scrubber function.
So, basically, you're probably best off really thinking about what you
*EXPECT* and *ALLOW* for each and every variable independently and just
coding that.
You can also do something like this:
?php
//This should be scrubbed, but not sure how much:
$text = $_REQUEST['text'];
//So, for now, let's see what FAILS my current test, but not actually
implement the scrubbing until we've tried it for awhile:
if (preg_match('/[^a-zA-Z0-9]/', $text)){
error_log($text would have failed . __FILE__ . . __LINE__);
}
$text = mysql_escape_string($text);
?
Do some testing first with users you know and trust NOT to intentionally
sabotage you, then try to find some nasty things that you SHOULD be
catching, and play with the characters you *ACCEPT* until you're happy.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
On Sat, Apr 02, 2005 at 01:08:30PM +0200, Marek Kilimajer wrote.. If anybody (with more experience) than I thinks I am wrong...please tell me so and most prolly go with PEARs solution, another one high on my list is the ADODB as I remember someone else talking about it on the list some time back. You can pack PEAR classes with your project and set up include_path accordingly. Like Ryan (original post), I too am about to embark on a new website project and have the opportunity to do it differently. In the past I did the basic php/mysql connects, etc. But since reading this post, have looked into adodb and pear. Pear looks very interesting and I've given it a go. I like the looks of DB_Table, and how it integrates with HTML_QuickForm. I also like how pear has the commandline interface to search, install and update. But this makes me wonder ... are newer releases of classes always compatible with pages/scripts that I might have written earlier? If I update a class package, might it break my existing pages? And finally, does the pear project have enough momentum, and contributors, such that I can feel comfortable that it will be around for a while? I guess I'm asking these questions because the whole pear package repository seems very dynamic (in a good way). I'm just wondering if it does make sense to 'pack' up the pear classes, with versions related to my webpages, rather than assume the classes that get updated will always work with my stuff. Kind of a long winded question. Apologies. Kevin -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
Hey Dan, Even if you did have something to do with these companies/softwares/classes I would still take your advise as you have given me some real helpful advise in the past, and a lot of others too, you're one of the helpful guys on the list. Thanks, I'll chech these out, the thing is i didnt want to use any of the pear classes as not all hosts have them installed, and if these guys switch hosts later onthey may have a problem which means i will have a problem. If anybody (with more experience) than I thinks I am wrong...please tell me so and most prolly go with PEARs solution, another one high on my list is the ADODB as I remember someone else talking about it on the list some time back. Thanks, Ryan On 4/1/2005 9:01:32 PM, Dan Rossi ([EMAIL PROTECTED]) wrote: I have nothing to do with these but I would check out PEAR DB, MDB,MDB2 and ADODB. On 02/04/2005, at 10:41 PM, Ryan A wrote: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
Ryan A wrote: Hey Dan, Even if you did have something to do with these companies/softwares/classes I would still take your advise as you have given me some real helpful advise in the past, and a lot of others too, you're one of the helpful guys on the list. Thanks, I'll chech these out, the thing is i didnt want to use any of the pear classes as not all hosts have them installed, and if these guys switch hosts later onthey may have a problem which means i will have a problem. If anybody (with more experience) than I thinks I am wrong...please tell me so and most prolly go with PEARs solution, another one high on my list is the ADODB as I remember someone else talking about it on the list some time back. You can pack PEAR classes with your project and set up include_path accordingly. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
On 4/2/2005 3:08:30 AM, Marek Kilimajer ([EMAIL PROTECTED]) wrote: You can pack PEAR classes with your project and set up include_path accordingly. Hey, Thanks for replying. Good idea, have never done it but that should be a reason to start anyway :-) Cheers, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for a MySql wrapper class
I have nothing to do with these but I would check out PEAR DB, MDB,MDB2 and ADODB. On 02/04/2005, at 10:41 PM, Ryan A wrote: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
On 04/02/2004 at 09:35 Chris W wrote: Hi, my company's looking to buy a PHP encoder to secure the source code. The encoded scripts should be able to run on Solaris platform (Apache webserver), and should only require minimum changes to the server. I'm sorry I can't help you but I am curious as to what the point of this is. If you are running your php scripts on your servers, who are you trying to prevent from seeing your code? It doesn't get sent to the client, only the output of the script gets sent. So what is the point? We have a server that need to be as secure as possible, since it's containing some very sensitive personal data. We have hardened the box, setup very restrictive firewall rules to it, keeping up to date with the security patches, and so on. But just in case that a cracker still manage to break in, we'd like to make it a real hassle for him/her to read the content in the server. So I was tasked to create a PHP application which will enable the following scenario: # Webteam will still create contents in Dreamweaver # Once done, upload the contents to the server using the upload script. # The upload script will put and encrypt the contents in the server using the strongest encryption available # Users will access the content using the second script, which will decrypt the content on-the-fly; so the URL will be something like this: https://www.mydomain.com/view.php?file=/mydata/index.html As you can see, the content will be secured, but the script is now becoming the weak point since it'll store the encryption key needed to decrypt the content. So double-encoding it (using a PHP encoder) will make life finally very hard for said cracker. by the way, if anyone's interested on such application, I'm planning to release it as an open-source application, so you'll be able to utilise it as well. cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
Hi Larry, many thanks for the recommendation. That will be just perfect. I've informed my manager about it, and I imagine he'd be happy for the fact that we'll be saving quite a lot of money as well. Also thanks for the other recommendations - but unfortunately, we need Solaris compatibility now. Thanks again! Harry On 04/02/2004 at 09:39 Larry Brown wrote: Check out ioncube.com. I use them and it was very easy to install and run. The best thing about it is that a problem with apache or apache configuration won't end up displaying the script contents by accident. (mysql log/pass info etc) It can be used to encode .inc files as well. Their site states compatability with Solaris. Have fun. Larry -Original Message- From: Harry Sufehmi [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: [PHP] Recommendation on PHP encoder please Hi, my company's looking to buy a PHP encoder to secure the source code. The encoded scripts should be able to run on Solaris platform (Apache webserver), and should only require minimum changes to the server. I looked on Zend Encoder and was ready to suggest it when I realise that the US$ 960 tag is only for a year's license. And I don't think we have the budget to buy the perpetual license. Could anyone recommend other PHP encoder for us? Many thanks, Harry -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
On 05 February 2004 11:30, Harry Sufehmi wrote:
...SNIP...
As you can see, the content will be secured, but the script
is now becoming the weak point since it'll store the
encryption key needed to decrypt the content.
I hope you don't mean that literally. If you're really being security conscious, the
encryption keys should be in an include file that lives *outside* the Web document
tree. If your include path is given relative to the including script, a hacker also
has to know the local pathname to the script in order to deduce the location of the
included file containing the keys.
On my site, the *only* PHP scripts visible to the Web server look like this:
?php
ini_set('include_path', '../../relative/path/to/includes/');
require 'real_script.php';
?
... and the only reason that the include_path is set there and not in php.ini or
equivalent is that I'm not the admin of the server and don't have access to
configuration files!
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
So double-encoding it (using a PHP encoder) will make life finally very hard for said cracker. No its not ... if I would badly need to get this encrypted page and have access to files ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: On 05 February 2004 11:30, Harry Sufehmi wrote: As you can see, the content will be secured, but the script is now becoming the weak point since it'll store the encryption key needed to decrypt the content. I hope you don't mean that literally. If you're really being security conscious, the encryption keys should be in an include file that lives *outside* the Web document tree. Of course we'll do it like that. And anyway I was talking about if the cracker has actually gained (root) access to that server itself - which makes putting the keys outside the web directory irrelevant. cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
On 05/02/2004 at 14:07 Andrei Reinus wrote: So double-encoding it (using a PHP encoder) will make life finally very hard for said cracker. No its not ... if I would badly need to get this encrypted page and have access to files ... So there's a reasonably easy way to decrypt those encoded files then ? (despite those vendors' claim...) cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
On 05 February 2004 13:10, Harry Sufehmi wrote: On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: On 05 February 2004 11:30, Harry Sufehmi wrote: As you can see, the content will be secured, but the script is now becoming the weak point since it'll store the encryption key needed to decrypt the content. I hope you don't mean that literally. If you're really being security conscious, the encryption keys should be in an include file that lives *outside* the Web document tree. Of course we'll do it like that. And anyway I was talking about if the cracker has actually gained (root) access to that server itself - which makes putting the keys outside the web directory irrelevant. OK, good -- I kind of assumed so, given your other precautions, but just thought I'd clarify for any novices coming upon this thread in the archives... ;) Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
On 05/02/2004 at 13:17 Ford, Mike [LSS] wrote: On 05 February 2004 13:10, Harry Sufehmi wrote: On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: On 05 February 2004 11:30, Harry Sufehmi wrote: As you can see, the content will be secured, but the script is now becoming the weak point since it'll store the encryption key needed to decrypt the content. I hope you don't mean that literally. If you're really being security conscious, the encryption keys should be in an include file that lives *outside* the Web document tree. Of course we'll do it like that. And anyway I was talking about if the cracker has actually gained (root) access to that server itself - which makes putting the keys outside the web directory irrelevant. OK, good -- I kind of assumed so, given your other precautions, but just thought I'd clarify for any novices coming upon this thread in the archives... ;) It's always a good idea indeed :) cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
On Thu, 2004-02-05 at 08:13, Harry Sufehmi wrote: So there's a reasonably easy way to decrypt those encoded files then ? (despite those vendors' claim...) There isn't a program to revert encoded files to their original state, but there is a disassembler[1]. However, assuming your encryption key is a string all one would need is to do strings filename on the encoded php file to get your encryption key. The real problem you are facing here is security through obscurity is not security. First of all, your method of encrypting these files and decrypting them before serving up pages is just going to slow down your web server. The key is stored in a file somewhere and therefore easily accessible if someone gained access comparable to the web server. Since the key is readily available the data is not really encrypted, just obfuscated. I assume you are not transmitting these pages over the Internet and even within your intranet are using SSL? If not then that is a much bigger security hole. If you are really dedicated to encrypting these files I have a possible suggestion (see below for big caveats!). Continue with your encryption, however do not store the password anywhere on the server. You could either require the password be typed by users to view the pages (and *don't* cache it in any way anywhere!) or write an extension to apache (or whichever web server you use) to request the password when apache starts. It would then securely store it in ram and use it to decrypt pages, similar to how encrypted SSL certificates are handled. This would not be a php based solution, if php were to have access to the password then all that would be required to retrieve it would be the ability to execute custom php on the system by the hacker. You could try writing a php extension that would handle this however you may have a few problems: 1.) Depending on the web server used the php library's lifetime in memory may be shorter than the web server, or there may be multiple copies of the php library in ram. This would require typing the password more than once per web server restart. 2.) You need to make sure it is not possible to access arbitrary parts of php's memory using documented or undocumented php functions, etc. If so a cracker could write a php script to obtain the password. 3.) You would need to disable the dl() function so a custom extension could not be loaded to grab the password, though php.ini could be modified and the web server restarted. Then all the cracker would need to do would be to wait for you to re-type the password. Additionally make sure core dumps are disabled on the server, otherwise forcing the web server to crash could put the password in the core file. You know, after writing all that I realized something else: these are web pages being served. If the attacker has root access to the system what would prevent him from just using lynx to view the pages directly form the web server? SSL won't stop him/her and usernames and passwords will most likely be available if you use web based authentication. Your best method would be to require the password be typed every time a page is viewed, which has its own set of problems. Hopefully this gives you something to think about. Regards, Adam [1] http://www.derickrethans.nl/vld.php -- Adam Bregenzer [EMAIL PROTECTED] http://adam.bregenzer.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
On 05/02/2004 at 10:46 Adam Bregenzer wrote: On Thu, 2004-02-05 at 08:13, Harry Sufehmi wrote: So there's a reasonably easy way to decrypt those encoded files then ? (despite those vendors' claim...) There isn't a program to revert encoded files to their original state, but there is a disassembler[1]. However, assuming your encryption key is a string all one would need is to do strings filename on the encoded php file to get your encryption key. [1] http://www.derickrethans.nl/vld.php Interesting :-) much thanks. The real problem you are facing here is security through obscurity is not security. First of all, your method of encrypting these files and decrypting them before serving up pages is just going to slow down your web server. My manager reckons that it's worth it. And it's causing very little traffic anyway. The key is stored in a file somewhere and therefore easily accessible if someone gained access comparable to the web server. Since the key is readily available the data is not really encrypted, just obfuscated. The key should be contained within the script itself, so it'll be scrambled by the encoder. I assume you are not transmitting these pages over the Internet and even within your intranet are using SSL? If not then that is a much bigger security hole. It's transmitted over the Internet using SSL. If you are really dedicated to encrypting these files I have a possible suggestion (see below for big caveats!). Continue with your encryption, however do not store the password anywhere on the server. You could either require the password be typed by users to view the pages (and *don't* cache it in any way anywhere!) Hmm... the users shouldn't know the password to the key really, they have problems already remembering just one password :-) more than that and they'll start writing it down on post-it notes... hehe or write an extension to apache (or whichever web server you use) to request the password when apache starts. It would then securely store it in ram and use it to decrypt pages, similar to how encrypted SSL certificates are handled. This would not be a php based solution, if php were to have access to the password then all that would be required to retrieve it would be the ability to execute custom php on the system by the hacker. This is the best solution I think, but unfortunately I don't think we have the resources to develop this. You could try writing a php extension that would handle this however you may have a few problems: 1.) Depending on the web server used the php library's lifetime in memory may be shorter than the web server, or there may be multiple copies of the php library in ram. This would require typing the password more than once per web server restart. That's why I'm planned to store it in the encoded script instead. 2.) You need to make sure it is not possible to access arbitrary parts of php's memory using documented or undocumented php functions, etc. If so a cracker could write a php script to obtain the password. 3.) You would need to disable the dl() function so a custom extension could not be loaded to grab the password, though php.ini could be modified and the web server restarted. Then all the cracker would need to do would be to wait for you to re-type the password. Additionally make sure core dumps are disabled on the server, otherwise forcing the web server to crash could put the password in the core file. You know, after writing all that I realized something else: these are web pages being served. If the attacker has root access to the system what would prevent him from just using lynx to view the pages directly form the web server? SSL won't stop him/her and usernames and passwords will most likely be available if you use web based authentication. Your best method would be to require the password be typed every time a page is viewed, which has its own set of problems. Bingo ! :-) Nice one Adam, you've found the hole in this scheme. Hopefully this gives you something to think about. Indeed... so for now looks like there's no elegant solution to this problem. I'll have to rethink everything now - well better now than later after the server's been cracked open :-) Thanks, it's been a very interesting discussion. cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation on PHP encoder please
Harry Sufehmi wrote: Hi, my company's looking to buy a PHP encoder to secure the source code. The encoded scripts should be able to run on Solaris platform (Apache webserver), and should only require minimum changes to the server. I looked on Zend Encoder and was ready to suggest it when I realise that the US$ 960 tag is only for a year's license. And I don't think we have the budget to buy the perpetual license. Could anyone recommend other PHP encoder for us? I'm sorry I can't help you but I am curious as to what the point of this is. If you are running your php scripts on your servers, who are you trying to prevent from seeing your code? It doesn't get sent to the client, only the output of the script gets sent. So what is the point? Chris W -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Recommendation on PHP encoder please
Chris, quite a few people sell their scripts online or they may wish to install legacy code that they have sweated over for years onto a clients machine - encoding them helps for piece of mind :) Ade I'm sorry I can't help you but I am curious as to what the point of this is. If you are running your php scripts on your servers, who are you trying to prevent from seeing your code? It doesn't get sent to the client, only the output of the script gets sent. So what is the point? Chris W -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] recommendation needed for dedicated server hosting
For server colocation or dedicated leased servers I would recommend Hurricane Electric, they have an excellent backbone, excellent technical support and friendly sales staff. Their website is at http://www.he.net. For shared hosting I recommend pair networks ( http://www.pair.com ) or Fidelity Hosting. I have personally used all of these providers and have found them to be excellent and worth recommending. Jason On Wed, 2002-12-18 at 21:30, Taek Kwon wrote: Hi, I recently went through a horrendous experience with two different hosting providers. I'd like some recommendations on excellent hosting providers if anybody has some. My key priorities in order are: 1) around-the-clock, technically competent TELEPHONE support (webchat support, message boards, email based support etc. will not do!) 2) reasonable hosting fees (no more than 300/month) for a dedicated server 3) services for the following - backup, OS upgrades/patching, security If anybody has been with a company that they're happy with for at least a year please leave some feedback. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] recommendation needed for dedicated server hosting
Hi, Thursday, December 19, 2002, 2:30:44 PM, you wrote: TK Hi, TK I recently went through a horrendous experience with two different hosting TK providers. I'd like some recommendations on excellent hosting providers if TK anybody has some. TK My key priorities in order are: TK 1) around-the-clock, technically competent TELEPHONE support (webchat TK support, message boards, email based support etc. will not do!) TK 2) reasonable hosting fees (no more than 300/month) for a dedicated server TK 3) services for the following - backup, OS upgrades/patching, security TK If anybody has been with a company that they're happy with for at least a TK year please leave some feedback. Thanks! I have been using http://candidhosting.com They are very helpful, even installing my favourite linux distro (crux) and the pricing and bandwidth are good value. They have 24h telephone support but I have always got a good response on ICQ which is a lot cheaper for me than a call to the US :) -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for PHP Shopping Cart
look at www.hotscripts.com they are a pretty good resource of scripts. Jason - Original Message - From: jeremy spielmann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 01, 2002 9:13 AM Subject: [PHP] Recommendation for PHP Shopping Cart I'm looking for an off the shelf shopping cart that has been developed in PHP. Please send me the link and the cost of the software. I would develop my own, but time is an issue. Thanks! Jeremy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Recommendation for PHP Shopping Cart
Take a look at OSCommerce at http://www.oscommerce.org. /dkm - Original Message - From: jeremy spielmann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 01, 2002 11:13 AM Subject: [PHP] Recommendation for PHP Shopping Cart I'm looking for an off the shelf shopping cart that has been developed in PHP. Please send me the link and the cost of the software. I would develop my own, but time is an issue. Thanks! Jeremy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
