[PHP-DB] Wait Statement... ?
Hi all, I would like to add a line of code in PHP that will execute a wait before executing the next set of code. How do i do that ? Regards, GM -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
sleep( nb of seconds ) ; _ - Original Message - From: ..: GamCo :.. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 9:44 AM Subject: [PHP-DB] Wait Statement... ? Hi all, I would like to add a line of code in PHP that will execute a wait before executing the next set of code. How do i do that ? Regards, GM -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
hhhmmm... ok, i added the sleep() function in my page. what i'm basically doing is :- i have a .php page where people log-in from. from there i send the form to another .php page that actually checks the login and registers a session with the username and password as session variables. then on the page that actually does the validation, i have something that says : validating login... sleep 1 funtion. then, i have another line that says validation successfull... sleep 1 function and then i have another line that says redirecting... with sleep 1 function and then header redirects to the actual logged-in.php file. the redirect and validation works perfectly as well as the sleep functions, but it now doesn't display the validating login... blah blah blah stuff which is done in normal html code... any idea ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
On Tuesday 20 July 2004 16:56, ..: GamCo :.. wrote: ok, i added the sleep() function in my page. what i'm basically doing is :- i have a .php page where people log-in from. from there i send the form to another .php page that actually checks the login and registers a session with the username and password as session variables. then on the page that actually does the validation, i have something that says : validating login... sleep 1 funtion. then, i have another line that says validation successfull... sleep 1 function and then i have another line that says redirecting... with sleep 1 function and then header redirects to the actual logged-in.php file. the redirect and validation works perfectly as well as the sleep functions, but it now doesn't display the validating login... blah blah blah stuff which is done in normal html code... WHy don't you just validate the login and be done with? Why wait 1 second, another second, ... ? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* There are no accidents whatsoever in the universe. -- Baba Ram Dass */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] howto get PK id after INSERT??
I think I got it correct got the most part. I am having a problem with
the urlencode function I believe.
On page CustomerAddNew1.php ( page than handles form data ) im using:
$last_id = mysql_query(SELECT LAST_INSERT_ID() from customerinfo);
$last_id = urlencode ($last_id);
header(Location: UserMain.php?custid='$last_id');
and on the UserMain.php page I am using this to return the data:
$cid = $last_id;
ini_set('display_errors', 1);
error_reporting(E_ALL ~ E_NOTICE);
$connect = mysql_connect() or die (unable to connect to database .
mysql_error() . ); $select = mysql_select_db() or die (unable to
connect to database . mysql_error() . SPDATA); $result =
mysql_query(select * from customerinfo where custid='$cid') or die
(mysql_error(Unable to query database)); while ($row =
mysql_fetch_array($result)) { $firstname = $row['firstname']; $lastname
= $row['lastname']; snip
I am not able to display the data that was just entered. If I change
select * from customerinfo where custid=3 it will display row 3 data.
Can someone point out where I went wrong?
Thanks again for the help
Re: [PHP-DB] howto get PK id after INSERT??
On Tuesday 20 July 2004 19:49, Vincent Jordan wrote: I think I got it correct got the most part. I am having a problem with the urlencode function I believe. On page CustomerAddNew1.php ( page than handles form data ) im using: $last_id = mysql_query(SELECT LAST_INSERT_ID() from customerinfo); mysql_query() returns a resource id. $last_id = urlencode ($last_id); header(Location: UserMain.php?custid='$last_id'); So the above is meaningless. Please check the previous responses where you have been pointed to a more appropriate function to use. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* It's multiple choice time... What is FORTRAN? a: Between thre and fiv tran. b: What two computers engage in before they interface. c: Ridiculous. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] MySQL '!=' ???
Hi there... I'm trying to select all records from a MySQL database, and exclude those from certain countries... I've posted a copy of an SQL statement I've got that I'm using in PHPMyADMIN. And as you can see, I've said not to pick Argentina, but there it is??? What first year mistake am I making? See image below: http://www.risk.sungard.com/sql.gif Tris... * The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. *** -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL '!=' ???
Tris, Instead of using != in your statement, try using . I looked in my copy of the MySQL Manual and it shows both != and for the not equal concept, but the examples given only show the format used. Not sure if it'll solve the problem, but it's the first thing I'd try. Rich -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 4:58 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] MySQL '!=' ??? Hi there... I'm trying to select all records from a MySQL database, and exclude those from certain countries... I've posted a copy of an SQL statement I've got that I'm using in PHPMyADMIN. And as you can see, I've said not to pick Argentina, but there it is??? What first year mistake am I making? See image below: http://www.risk.sungard.com/sql.gif Tris... * The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. ** * -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQL '!=' ???
Hello. The query is false, because if you loook what an OR do this give : false OR false = false true OR false = true false OR true = true true OR true = true So when your request find Argentina It is false, but when it looks the next statement and check if country is different of Mexico this is true, so following the OR table, the statement is true, so it is printed. I think you can fix this by using a NOT stament and inverting your WHERE parameters. and changes your request to SELECT country FROM reech_leed_tool WHERE NOT(country = 'Argentina' OR country = 'Mexico' ) So if we got one of the country you did not want to be printed the statement within the NOT is true, so by inverting it it become false and so not printed; and if the country of the line that is checked did not have a country WITHIN the condition. That should fix your problem, even if I'm quite sure there is a better way. Regards, Aurelien Vandoorine -Message d'origine- De : Hutchins, Richard [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 14:20 À : [EMAIL PROTECTED] Objet : RE: [PHP-DB] MySQL '!=' ??? Tris, Instead of using != in your statement, try using . I looked in my copy of the MySQL Manual and it shows both != and for the not equal concept, but the examples given only show the format used. Not sure if it'll solve the problem, but it's the first thing I'd try. Rich -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 4:58 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] MySQL '!=' ??? Hi there... I'm trying to select all records from a MySQL database, and exclude those from certain countries... I've posted a copy of an SQL statement I've got that I'm using in PHPMyADMIN. And as you can see, I've said not to pick Argentina, but there it is??? What first year mistake am I making? See image below: http://www.risk.sungard.com/sql.gif Tris... * The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. ** * -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php === Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. === This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorized use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. === -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
..: GamCo :.. wrote: ok, i added the sleep() function in my page. what i'm basically doing is :- i have a .php page where people log-in from. from there i send the form to another .php page that actually checks the login and registers a session with the username and password as session variables. then on the page that actually does the validation, i have something that says : validating login... sleep 1 funtion. then, i have another line that says validation successfull... sleep 1 function and then i have another line that says redirecting... with sleep 1 function and then header redirects to the actual logged-in.php file. the redirect and validation works perfectly as well as the sleep functions, but it now doesn't display the validating login... blah blah blah stuff which is done in normal html code... You are very confused. Read the manual page on header(). You can't have any output before you try to redirect with a header(). If you're trying to implement some sort of brute force protection by using sleep(), you're using it in the wrong method, anyhow. Your login processing script should sleep for a second or two whether the login is correct or not and it should be the first thing that it does (i.e. before any output or redirection). If you only sleep() on failures and redirect on good logins, brute force methods can pick up on that and adjust their methods to get around the wait time. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] howto get PK id after INSERT??
Vincent Jordan wrote:
I think I got it correct got the most part. I am having a problem with
the urlencode function I believe.
On page CustomerAddNew1.php ( page than handles form data ) im using:
$last_id = mysql_query(SELECT LAST_INSERT_ID() from customerinfo);
$last_id is now a Result Resource, not the value you're after. You must
use mysql_result() or any of the mysql_fetch_*() functions to retrieve
the value...
$lastid = mysql_result($last_id,0);
$last_id = urlencode ($last_id);
No need to urlencode an integer.
header(Location: UserMain.php?custid='$last_id');
You don't put quotes around values in the URL.
and on the UserMain.php page I am using this to return the data:
$cid = $last_id;
You called it custid in the URL, not last_id. All you need here is
$cid = $cust_id although that's a waste of code. What you really want is
$cid = (int)$_GET['cust_id'];
so that now you know $cid is an integer and you're not opening yourself
wide open to SQL injection attacks later.
ini_set('display_errors', 1);
error_reporting(E_ALL ~ E_NOTICE);
$connect = mysql_connect() or die (unable to connect to database .
mysql_error() . ); $select = mysql_select_db() or die (unable to
connect to database . mysql_error() . SPDATA); $result =
mysql_query(select * from customerinfo where custid='$cid') or die
The custid column is an integer, right? Why are you passing it a
string by putting quotes around $cid?
(mysql_error(Unable to query database)); while ($row =
mysql_fetch_array($result)) { $firstname = $row['firstname']; $lastname
= $row['lastname']; snip
This whole process of $var = $row['var'], $var2 = $row['var2'] is a
waste of resources. Why do you need to rename the variable? You already
have $row['firstname'] as a variable, just use it. If you don't
understand how to use an array when printing a string, then check the
manual.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP-DB] DB table creation question
Have you made sure that the parent table(s) is type INNODB as well? Also, in my experience, it is best to let the database be in charge of as many database functions as possible as it helps maintain the data's integrity. In other words, use foreign keys, indexing for speeding up searching, 'on delete cascade' to keep the database clean, etc. --Nicole --- Nicole Swan Web Programming Specialist Carroll College CCIT (406)447-4310 -Original Message- From: Vincent Jordan [mailto:[EMAIL PROTECTED] Sent: Monday, July 19, 2004 5:19 PM To: 'Matthew McNicol' Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] DB table creation question I think I may have gone over my head. I am fairly new to mysql and php. My host only allows access to mysql via phpmysql. I am used to using mysqlcc to connect to the db's and make changes. By default all tables created are MYISAM, when I try to input a INNODB table with foreign keys I either get syntax error or I believe it is errno(150). Anyhow, is there a piece of software or a webpage out there where I can input how I want the database to be made and it will spit out a .sql file that can be uploaded to phpmyadmin or would someone be kind enough to hold my hand as I attempt to create this with proper syntax myself. Another note, instead of using indexes and keys can I have tables relate to each other by php script or am I asking for trouble as it grows. This database will be small at first however I expect it to grow to over 5k of customer records after the third month and in stages of about 200 records monthly after that. Thanks for all the help everyone has provided thusfar. -Original Message- From: Matthew McNicol [mailto:[EMAIL PROTECTED] Sent: Monday, July 19, 2004 3:08 AM To: Vincent Jordan Cc: [EMAIL PROTECTED] Subject: [SPAM] Re: [PHP-DB] RE: [SPAM] Re: [PHP-DB] DB table creation question at the moment if a value is say inserted into the 'warranty_info' table you are just checking that the 'product_id' or 'cust_id' already exists in 'product_info' and 'customer_info'. you still have to populate them first, otherwise the referential integrity will return an error when you insert into 'warranty_info'. similarly if you delete a record from 'warranty_info' you might actually delete the associated customer record. is this what you want? at the moment it looks like the 'rma_info' table is not linked to any other table? personally, I would not go so far as to specify 'FOREIGN KEY ... REFERENCES' or 'ON UPDATE CASCADE ON DELETE RESTRICT' in the create table code. I would use the application code to make sure a customer exists before referencing them in the 'product_info' or 'warranty_info' tables. similarly I would use the application code to delete table record out of each appropriate table. I would use the primary and secondary index assuming you are working with more than 100 records in each table. Vincent Jordan wrote: Does this seem to be correct? With this if value was inserted into a table will the tables with the FK's automatically be updated? Here is the DB design as I have it now. Let me know if all is correct please. CREATE TABLE customer_info ( cust_id int (6) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, first_name varchar (50) NOT NULL, last_name varchar (50) NOT NULL, address varchar (50) NOT NULL, address2 varchar (50) NULL, city varchar (50) NOT NULL, state varchar (50) NOT NULL, zip varchar (50) NOT NULL, home_phone varchar (15) NOT NULL, work_phone varchar (15) NULL, other_phone varchar (15) NULL, email varchar (50) NOT NULL, ); CREATE TABLE product_info ( product_id int (6) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, cust_id int (6) NOT NULL, model varchar (50) NOT NULL, serial varchar (20) NULL, FOREIGN KEY (customer_info_cust_id), REFERENCES customer_info(cust_id), ON UPDATE CASCADE ON DELETE RESTRICT, INDEX (cust_id), FOREIGN KEY (cust_id), REFERENCES customer_info(cust_id), ); CREATE TABLE warranty_info ( warranty_id int (6) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, product_id int (6) NOT NULL, cust_id (6) NOT NULL, mfg_warranty tinyint (1) NOT NULL default '1', gold_warranty tinyint (1) NOT NULL default '0', gold_warranty_id int (16) NULL, FOREIGN KEY (customer_info_cust_id), REFERENCES customer_info(cust_id), ON UPDATE CASCADE ON DELETE RESTRICT, INDEX (cust_id), FOREIGN KEY (cust_id), REFERENCES customer_info(cust_id), FOREIGN KEY (product_info_product_id), REFRENCES product_info(product_id), ON UPDATE CASCADE ON DELETE RESTRICT, INDEX (product_id), FOREIGN KEY (prod_id), REFRENCES product_info (product_id), ); CREATE TABLE
[PHP-DB] pg_end_copy error using PHP with PostgreSQL
Using PHP 4.3.7 and PGSQL 7.4.3, I am trying to structure data and use
COPY to import into a table using PHP. If I run my script, I receive
this error:
Warning: pg_end_copy(): Query failed: in
/home/sites/site9/web/importxrf.php on line 100
I view source of the page where I have echo'd the copy data and paste it
into my psql prompt and it copies into the table fine. Can anyone see
any obvious problems with my script?
$connOHC = dbname=ohc user= password=x host=example.com;
$dbh = pg_connect($connOHC);
if ($dbh) {echo Connection to database established...br;}
$stat = pg_exec($dbh, SELECT MAX(public.tblxrf.xrf_id) AS units_max_id
FROM public.tblxrf);
if ($stat) {
$data = pg_fetch_row($stat,0);
$next_id = $data[0]+1;
} else {
$next_id = 1;
}
echo Starting process...br;
echo Begin: .date('Y-m-d H:i:s').br\n;
$result = pg_exec($dbh, COPY tblxrf FROM stdin);
$handle = fopen(xrf/.$recNo.__xln, r) or die(Can't open file);
$lineno = 0;
$success = true;
while ($csv_line = fgetcsv($handle,1024)) {
$lineno++;
chop($csv_line);
switch ($lineno) {
case (($lineno 2) ($lineno 6)):
break;
case 8:
break;
case 1:
if (!preg_match(/^Serial/,$csv_line[0])) {
echo Not a valid XRF file, no Serial number
found\n;
$success = false;
break 2;
} else { $serialno = $csv_line[0]; };
break;
case 2:
if (!preg_match(/^PAINT/,$csv_line[0])) {
echo Not a valid XRF paint file, PAINT not
found\n;
$success = false;
break 2;
}
break;
break 2;
case ($lineno = 10):
$copydata = $next_id.,;
for ($i = 0, $j = count($csv_line); $i $j; $i++) {
$trimdata = trim($csv_line[$i]);
if ($i = 25) {
if (($trimdata == ) || ($trimdata ==
NA)) {
switch ($i) {
case 25:
$copydata .= \\N;
break;
default:
$copydata .= \\N,;
break;
}
} elseif ($trimdata == 5.0) {
$copydata .= \\N,;
} else {
$copydata .= $trimdata.,;
}
}
}
$copydata .= \n;
$stat = pg_put_line($dbh, $copydata);
if (!$stat) {
echo An error has occuredbr\n;
exit;
}
echo $copydata;
$next_id++;
break;
} // end switch
} // end while
pg_put_line($dbh, \\.\n);
pg_end_copy($dbh);
echo End: .date('Y-m-d H:i:s').br\n;
pg_close($dbh);
echo ending process...br\n;
fclose($handle);
--
Robert
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Wait Statement... ?
Similarly, I could adjust my brute force attack to sleep() a pre-determined amount of time too ;-) The whole 'sleep()' idea just seems silly. I agree with Jason. Just validate and be done. A better way to stop attacks is to have a tally of failed logins if you really are that worried someone is going to brute-force you. Then after 3 fails, just don't let that IP connect or add other intelligent handling. Maybe add them to a 'ban list' after x amount of failed tries. You can get the $_SERVER['REMOTE_ADDR'] or use the session id or whatever. -Original Message- From: John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 7:10 AM To: ..: GamCo :.. Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Wait Statement... ? ..: GamCo :.. wrote: ok, i added the sleep() function in my page. what i'm basically doing is :- i have a .php page where people log-in from. from there i send the form to another .php page that actually checks the login and registers a session with the username and password as session variables. then on the page that actually does the validation, i have something that says : validating login... sleep 1 funtion. then, i have another line that says validation successfull... sleep 1 function and then i have another line that says redirecting... with sleep 1 function and then header redirects to the actual logged-in.php file. the redirect and validation works perfectly as well as the sleep functions, but it now doesn't display the validating login... blah blah blah stuff which is done in normal html code... You are very confused. Read the manual page on header(). You can't have any output before you try to redirect with a header(). If you're trying to implement some sort of brute force protection by using sleep(), you're using it in the wrong method, anyhow. Your login processing script should sleep for a second or two whether the login is correct or not and it should be the first thing that it does (i.e. before any output or redirection). If you only sleep() on failures and redirect on good logins, brute force methods can pick up on that and adjust their methods to get around the wait time. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
Daevid Vincent wrote: Similarly, I could adjust my brute force attack to sleep() a pre-determined amount of time too ;-) Uhmmm.. how effective is a brute force attack where you can only try one combination per second? It's going to take you a while to get through that dictionary. The whole 'sleep()' idea just seems silly. I agree with Jason. Just validate and be done. A better way to stop attacks is to have a tally of failed logins if you really are that worried someone is going to brute-force you. Then after 3 fails, just don't let that IP connect or add other intelligent handling. Maybe add them to a 'ban list' after x amount of failed tries. You can get the $_SERVER['REMOTE_ADDR'] or use the session id or whatever. You can still do this on top of the sleep() method. A one second wait is n't going to affect you when you log in to an application. The problem with reacting after three failed logins is that it can then be easy to lock other people out of their account. You just have to figure out their username, which usually isn't that hard. Since IP addresses can be spoofed or shared among users of certain ISPs, relying on them isn't adequate, either. I'm not saying using sleep is the solution to security problems, but it can be one layer of your defense. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
Why silly?? it just makes you wait one second on the login page BEFORE the validation process, not on other pages. I use it everywhere. Ignatius _ - Original Message - From: Daevid Vincent [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: '..: GamCo :..' [EMAIL PROTECTED]; 'John W. Holmes' [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 9:47 PM Subject: RE: [PHP-DB] Wait Statement... ? Similarly, I could adjust my brute force attack to sleep() a pre-determined amount of time too ;-) The whole 'sleep()' idea just seems silly. I agree with Jason. Just validate and be done. A better way to stop attacks is to have a tally of failed logins if you really are that worried someone is going to brute-force you. Then after 3 fails, just don't let that IP connect or add other intelligent handling. Maybe add them to a 'ban list' after x amount of failed tries. You can get the $_SERVER['REMOTE_ADDR'] or use the session id or whatever. -Original Message- From: John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 7:10 AM To: ..: GamCo :.. Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Wait Statement... ? ..: GamCo :.. wrote: ok, i added the sleep() function in my page. what i'm basically doing is :- i have a .php page where people log-in from. from there i send the form to another .php page that actually checks the login and registers a session with the username and password as session variables. then on the page that actually does the validation, i have something that says : validating login... sleep 1 funtion. then, i have another line that says validation successfull... sleep 1 function and then i have another line that says redirecting... with sleep 1 function and then header redirects to the actual logged-in.php file. the redirect and validation works perfectly as well as the sleep functions, but it now doesn't display the validating login... blah blah blah stuff which is done in normal html code... You are very confused. Read the manual page on header(). You can't have any output before you try to redirect with a header(). If you're trying to implement some sort of brute force protection by using sleep(), you're using it in the wrong method, anyhow. Your login processing script should sleep for a second or two whether the login is correct or not and it should be the first thing that it does (i.e. before any output or redirection). If you only sleep() on failures and redirect on good logins, brute force methods can pick up on that and adjust their methods to get around the wait time. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP-DB] Wait Statement... ?
Hello John, sleep() is the brute deffense of the brute force attack... You can make a script that opens simultaneous attacks JWH I'm not saying using sleep is the solution to security problems, but JWH it can be one layer of your defense. -- Best regards, Pablo -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
In article [EMAIL PROTECTED], John W. Holmes wrote: Daevid Vincent wrote: Similarly, I could adjust my brute force attack to sleep() a pre-determined amount of time too ;-) Uhmmm.. how effective is a brute force attack where you can only try one combination per second? It's going to take you a while to get through that dictionary. You're mistaken here. Every kiddie knows he has to fork 50 concurrent threads that try to authenticate... I'd suggest to have 2 queues for failed authentication attempts. One containing (ip - timestamp) pairs, the other containing (username - timestamp) pairs. Every time someone tries to authenticate, you count the number of failures in both queues. The larger the number, the longer the sleep will take. (removing old entries once in a while might speed up things) -- Tim Van Wassenhove http://home.mysth.be/~timvw -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP-DB] Wait Statement... ?
On Wednesday 21 July 2004 05:00, Pablo M. Rivas wrote: sleep() is the brute deffense of the brute force attack... You can make a script that opens simultaneous attacks One thing to bear in mind is that sleep() will hog resources and can lead to DOS. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* He's dead, Jim. -- McCoy, The Devil in the Dark, stardate 3196.1 */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Concurrent rutines
Hello,
Does any know how run many procedures concurrently over php. For example:
$init = current_time;
While (($t $timeout ) and ($allresult == 0 ) ){
$t = current_time - $init;
launch{
$r[1] = app1;
$r[2] = app2;
$r[n] = appn;
}
$allresult = $r[1] $r[2] ... $r[n];
}
Regards,
LM
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Wait Statement... ?
Tim Van Wassenhove wrote: In article [EMAIL PROTECTED], John W. Holmes wrote: Daevid Vincent wrote: Similarly, I could adjust my brute force attack to sleep() a pre-determined amount of time too ;-) Uhmmm.. how effective is a brute force attack where you can only try one combination per second? It's going to take you a while to get through that dictionary. You're mistaken here. Every kiddie knows he has to fork 50 concurrent threads that try to authenticate... That's still only 50 guesses a second compared to thousands when your server gives an immediate good or bad response. Like I said, this is just another layer you can add in addition to what you have below. It doesn't hurt anything if implemented correctly and it only serves to hassle those abusing the system. Defense in depth. :) I'd suggest to have 2 queues for failed authentication attempts. One containing (ip - timestamp) pairs, the other containing (username - timestamp) pairs. Every time someone tries to authenticate, you count the number of failures in both queues. The larger the number, the longer the sleep will take. (removing old entries once in a while might speed up things) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: MySQL '!=' ???
Whenever you are trying to exclude a list, you should use AND, not OR. This is a logic
issue. However, to make it more exact, streamlined and simpler use the NOT IN clause.
SELECT ... FROM ... WHERE country NOT IN ('Argentina', 'USA', 'Mexico', etc.)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tue 7/20/2004 4:40 PM
To: [EMAIL PROTECTED]
Cc:
Subject:[BULK] - php-db Digest 20 Jul 2004 23:40:15 - Issue 2503
php-db Digest 20 Jul 2004 23:40:15 - Issue 2503
Topics (messages 35403 through 35420):
Re: howto get PK id after INSERT??
35403 by: Vincent Jordan
35404 by: Jason Wong
35405 by: jeffrey_n_Dyke.Keane.com
35410 by: John W. Holmes
MySQL '!=' ???
35406 by: Tristan.Pretty.risk.sungard.com
35407 by: Hutchins, Richard
35408 by: VANDOORINE A RsrhCppRfaRva
Re: Wait Statement... ?
35409 by: John W. Holmes
35413 by: Daevid Vincent
35414 by: John W. Holmes
35415 by: Ignatius Reilly
35416 by: Pablo M. Rivas
35417 by: Tim Van Wassenhove
35418 by: Jason Wong
35420 by: John W. Holmes
Re: DB table creation question
35411 by: Swan, Nicole
pg_end_copy error using PHP with PostgreSQL
35412 by: Robert Fitzpatrick
Concurrent rutines
35419 by: Luis Morales
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
--
Re: [PHP-DB] DB table creation question
In addition to making sure both tables are type InnoDB, also make sure you have indexed both the foreign key and its corresponding reference first (this will fix the obtuse errno(150) message). One suggestion I have is to take a bootcamp style class, even online, to solidify the grasp of database concepts. I created my first site without completely understanding data modelling, other than the lip service paid in the reference books - sure we can all list the five norms but to apply that knowledge is another thing. and I cringe at some of the hacks I then employed. I'm sure you're under a tight deadline, but take it from someone who learned the hard (and hardheaded) way, it's worth your time to take a class first. Or, it may be time to hire a consultant to work with you one on one. There are plenty of developers who would love to break down everything for you, so long as they are compensated for their time.
Re: [PHP-DB] Concurrent rutines
You have started a new thread by taking an existing posting and replying to it while you changed the subject. That is bad, because it breaks threading. Whenever you reply to a message, your mail client generates a References: header that tells all recipients which posting(s) your posting refers to. A mail client uses this information to build a threaded view (tree view) of the postings. With your posting style you successfully torpedoed this useful feature; your posting shows up within an existing thread it has nothing to do with. Always do a fresh post when you want to start a new thread. To achieve this, click on New message instead of Reply within your mail client, and enter the list address as the recipient. You can save the list address in your address book for convenience. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Using pg_exec during a copy transaction
Is it possible when using PostgreSQL to copy data with 'pg_exec($dbh, COPY tbl FROM stdin);' to issue another pg_exec transaction before 'pg_end_copy($dbh);' is called? My script is hanging after issuing the COPY to read data and then issuing a pg_exec SELECT statement to lookup that data for validity. -- Robert -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
