Re: [PHP-DB] Re: Re: Sending filing attachments using PHP
Just wanted to ^bump^ this ridiculously prolonged flame-like thread which will surely be annulled in the chronicles of PHP history ;-) Michelle Konzack wrote: Am 2006-05-12 11:58:37, schrieb JupiterHost.Net: I was referring to building PHP/Apache in general * What do you talking about? -- I have compiled Apache and php5 the standard way and ABSOLUTLY NOTHING was missing. Great, I'm talking about managing multiple servers with multi needs. Generally its a cludge. If you have to build it only one a hadnfull of servers only when updates come upt, super. listen on a port lower than 1024, which is true for all tools since it's a platform limitation. * I'm speaking in generalitites of working with PHP not specifics components of the technology. ??? Generally: PHP is more prone to have the true for all tools probelms. Yeah, you're definitely smoking somethin'. The PEAR package Mail_Mime is another example of a pure-php class. It certainly does not use anything perl related at all. I'd really like to know what makes you think it does. I never said PEAR or any specific package used Perl, I'd simply offered a better solution that happend to be done in Perl. No, it is NOT a better solution, because if I use perl I have to maintain TWO scripting languages and install I do not know how many modules from CPAN... maybe 100-200? I install about 10 generally. I think you're starting to get into a my dad can beat up your dad thing which is pointless. Good day to all, sorry if I was to ambiguouse or I've offended. Good by! Seriously, chill, I wasn't getting personal. Reckon I touched a nerve. Its too bad if you don't want to consider another idea. your loss not mine :) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.5.6/340 - Release Date: 15/05/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.5.6/340 - Release Date: 15/05/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Example of mail()
Renzo Clavijo wrote: I know it's very simple but the question is: How can I erase the values held in $_REQUEST such that when I press F5 or I click Reload there are no messages sent again? ?php if(isset($_REQUEST['send_mail'])){ mail($_REQUEST['address_mail'],$_REQUEST['subject'] $_REQUEST['message']); } benmoreassynt wrote: I would try something like this: if(isset($_REQUEST['send_mail'])) { mail($_REQUEST['address_mail'],$_REQUEST['subject'] $_REQUEST['message']); unset($_REQUEST); } That should wipe all the variables in $_REQUEST before the user clicks reload. It will not work on a global variable if you use it inside a function. There are other ways to do the same thing, but I think that should do it. No. That won't work. The variables will be sent to the server all over again when the user reloads after sending the original email. Quite right.. I use something as such Somewhere in the FORM on your page enter a hidden field element such as: INPUT TYPE=hidden NAME=chksum VALUE=?=md5(mt_rand())? Once submitted your form handling code [likely the same page] will handle the _REQUEST or _POST or _GET [depending on what FORM METHOD you specify in HTML] Firstly run through your validation rules and if everything matches your criteria and you are ready to proceed with the rest of the forward progression [ie call to mail() in this case] then also do one more check: if($_SESSION[last_chksum]!=$_POST[chksum]) { $_SESSION[last_chksum]=$_POST[chksum]; mail(); } Easy?? All you do is validate that the passed POST chksum which was embedded into form when sent to server DOESN'T match the one stored in the session variable... If so, then set the session variable to match that passed chksum and continue with mailing or database updates or whatever procedure you need to do.. When the user refreshes you see, the very same chksum will be sent back from the browser at the time of when that form was processed originally of course, therefore on the second iteration our conditional statement will not evaluate to TRUE as the SESSION var now matches the chksum in form. Easy. And you can reprint the same page as well. For example if they can enter more details in the form and press Ok again [or whatever your submit button is for example] the form will now contain a new random chksum and so it won't match the old stored one we have set and it will send the mail out, but again, once it has sent the mail once it also remembers the chksum associated. Easy trick hey? I see personally no problem with it and find its really the most effective way. Remember a few things though, this method relies on: a) sessions [and therefore HTTP Cookies] must be accepted b) do call session_start() before manipulating the superglob $_SESSION c) there is a generous but limited life to session vars by default, but you can use session set timeout directive to alter this behaviour, but on the same note, analysing the issue we are trying to resolve here, it is highly unlikely that someone would attempt to refresh and hence resubmit a previously submitted page, say 48 hours after the first submission. It just isn't a practical possibility, therefore we can safely rest of the preexisting system default timeout [24 hours or one week?? don't quote me] Anyway thats that.. enjoy.. I guess the simplest solution is to do a redirect to a confirmation page after sending the mail. That way a reload will not be reloading the post but the confirmation page. This won't prevent malicious spam. For that you will need to issue a token and track submissions by token (and/or IP address). (Also, please note: --Your form tag lacks an 'action' property. --You are not doing any validation of your input fields. --By allowing the user to input the TO address, you are essentially offering all the word an open relay for transmitting spam. This makes you evil. May you soon be cut off by your ISP. Or repent and find salvation :) ) -J -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.5.1/327 - Release Date: 28/04/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.5.1/327 - Release Date: 28/04/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MD5, MySQL, and salts
True in some form, it always comes down again to the strength and integrity of the original password. Yes, even if a salt is unknown and it is a plain text, dictionary password, then it doesn't take much for a brute force attempt at just using the first two characters of each word and salting it with the word to create the hash and seeing if it matches. But just knowing the two character salt doesn't overly help in decrypting the hash. Using a custom hash particularly using part of the key itself as the hash increases the integrity and uniqueness of the hash by an exponential factor. You have two values now that are affecting the hash output value. Something to chew on... -J B This begs the question of what would this method buy you over MD5? Some people have issue with like passwords looking the same with MD5 encryption, also a one way hash. But if you know the salt, then like passwords would also look the same, right? -B Giff Hammar wrote: For an example, look at how UNIX/Linux stores regular login passwords. In short, the salt is the first two characters in the password. When comparing passwords, you take the salt and the user supplied password, encrypt, then compare the two encrypted strings. If they match, the recently supplied password matches the original. AFAIK, that is the only way to verify passwords encrypted with a one-way algorithm. Giff -Original Message- From: chris smith [mailto:[EMAIL PROTECTED] Sent: Monday, April 17, 2006 4:36 PM To: Sean Mumford Cc: php-db@lists.php.net Subject: Re: [PHP-DB] MD5, MySQL, and salts On 4/18/06, Sean Mumford [EMAIL PROTECTED] wrote: Hi Guys, I'm working on securing user passwords in a MySQL 4 database with a PHP5 frontend. I remember being told in one of my classes (I'm currently a college junior) that the best way would be to hash a salt and the password together and then store the hash in the database instead of the plain MD5 hash. My question is, what is a good method for the server and the database to agree on a salt value to use? I know i could use a predefined variable, but I was wondering if something dynamic might be better (timestamp, current date, something like that). Any ideas? Thanks in advance! If it's a dynamic salt, how are you going to access it when you have to compare ? There was an article either on phpsec.org or shiflett.org which talks about this.. can't find the link right now :( -- Postgresql php tutorials http://www.designmagick.com/ -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.4.2/314 - Release Date: 16/04/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.4.2/314 - Release Date: 16/04/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Messenger Question!
http://www.tech-recipes.com/internet_tips1157.html Should help you out I hope Wasn't awfully difficult to source either Method: Step one: Enter google.com.au in internet browsing client of choice Step two: use msn messenger add contact html hyperlink code? as search query Was first result, could have even gone: I'm Feeling Lucky on that one ;-) good luck! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Chris [EMAIL PROTECTED] To: JeRRy [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Wednesday, April 05, 2006 9:54 AM Subject: Re: [PHP-DB] Messenger Question! JeRRy wrote: Not exactly a DB question but the storing will be done in a DB and using PHP. Anyways with the growing demand of IM's I want to add to my site easy access for people contact me. I could add my Yahoo! username for Yahoo! Messenger and MSN Messenger email address but I want to make it easier for people to add me, most people won't bother doing it the long way. So want I want to do is store my id's to a DB than run a query to fetch the id required than output a hyperlink to the user to add me. When they click the hyperlink it will automatically detect if they have got that Messenger system on their system and if logged in I will be added to the list. If not logged in or have the Messenger than it will display a error. Is there a way to DETECT if they have Yahoo! or MSN Messengter installed? You could through activex or possibly a java applet, but not with php or javascript. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.3.5/301 - Release Date: 4/04/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.3.5/301 - Release Date: 4/04/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Messenger Question!
- Original Message - From: chris smith [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Wednesday, April 05, 2006 9:54 PM Subject: Re: [PHP-DB] Messenger Question! On 4/5/06, Julien Bonastre [EMAIL PROTECTED] wrote: http://www.tech-recipes.com/internet_tips1157.html ... Missed that part... That won't tell you what a person has installed on their computer, but I guess you could put both msn yahoo links on your site and the person can click the right one... -- Yes thats what I do, as was mentioned actually detecting their client is much more of a process, involving actual interaction with client browser software/modules, therefore requiring so many conditions to be met, correct browser type/version, security controls set to allowable level, messenging client in question is actually running and installed as expected by your script, and then of course actually writing this script to check for it. All sounds like too much for as far as I am concerned, if a user can't choose between two or three possible supported messenger clients than they shouldn't have access to a digital instrument such as computer. I hate illiterate computer consumers [yes, not users, consumers, they only become users once they realise you don't NEED a mouse to operate a computer NOR do you refer to the case of a computer as a modem) Anyway, rant aside... toodles! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.3.5/301 - Release Date: 4/04/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Quiet lately....
^bump^ its too quiet in here! Has something exciting happened in the U.S. of A. ?? [hehehehehehehe] -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.3.5/300 - Release Date: 3/04/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] [Regular expression] Format string to DD/MM/YYYY hh:mm
Balazs Hegedus ha scritto: ?php $date = '30/03/2983 12:00'; $pattern = '[0-3][0-9]/[0|1][0-9]/[1|2][0-9]{3,3}\s[0-2][0-9]:[0-5][0-9]'; I found this: ^([0-1]?\d)|(2[0-8]))\/((0?\d)|(1[0-2])))|(29\/((0?[1,3-9])|(1[0-2])))|(30\/((0?[1,3-9])|(1[0-2])))|(31\/((0?[13578])|(1[0-2]\/((19\d{2})|([2-9]\d{3}))|(29\/0?2\/[2468][048])|([3579][26]))00)|(((19)|([2-9]\d))(([2468]0)|([02468][48])|([13579][26]))\s(([01]?\d)|(2[0-3]))(:[0-5]?\d){2}$ But it accepts second too...can you help me to modify it? bye and thanks anyway, damn thats ugly.. Personally I love regex, as some of you on this list may have found out the hard way.. But in a situation like this where I'd also want to verify the integers passed I'd simply use the regex to help me split the given datetime string into a 5/6 element array which I can then perform tests with Lets not forget: bool checkdate ( int month, int day, int year ) http://php.mirrors.ilisys.com.au/manual/en/function.checkdate.php Helps to ensure the date at least is a valid date and day for the given month.. Therefore I would do something like: $dtStr = preg_replace(/^(\d{2})\/(\d{2})\/(\d{2,4}) (\d{1,2}):(\d{2})$/, $1-$2-$3-$4-$5, $date); $dtArr = split(-,$dtStr); if(checkdate($dtArr[1], $dtArr[0], $dtArr[2]) AND $dtArr[3]=23 AND $dtArr[3]=0 AND $dtArr[4]=59 AND $dtArr[4]=0) { //date and time are valid. continue processing.. } its fairly short, has room to grow [ie changing format acceptance in regex] to allow for different seperators or even addition of seconds later down the track easily without having to dive into a untidy regex pattern. Let me know how you go... Best of luck! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.3.3/298 - Release Date: 30/03/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Database abuse help needed
Oh quite right, quite right I will never put my word down in stone and say that a particular rule/pattern or for that matter, anything I say, can be held to 100% certainty Who can? Ha You are quite right Ludvig, we can only work with what we are given. I merely attempt to imagine all the possibilities. Some people strive to create them. Its a delicate balance but at what point do we draw the line at automatted user input verification and simply using actual human verification methods? A computer will have a much more difficult time recognising a word which we read as slang but has been creatively disguised by a fellow human brain, there is no doubt there. I only merely tried to slightly improve his filtering regex pattern. Its never going to be perfect, but its an workable example. Anyway, tata! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Ludvig Ericson [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Sunday, March 12, 2006 11:31 AM Subject: Re: [PHP-DB] Database abuse help needed Well, no matter how long you spend on coding a regex - no sane one would capture all misspellings possible. It's impossible. Think of these: fukc, fucck, f uck, fu ck, fuc k, f ukc, fu kc, fuk c, fu kk, fawk, faak, fak, etc. There are quite a lot A not too sober Ludvig. On 3/12/06, Julien Bonastre [EMAIL PROTECTED] wrote: Yes.. elitism ;-) That is I The indentation, yes, formatting of emails across different clients will always be an issue. Regardless though, and thankfully, my code was only a few one liners, whereby the indentation didn't play a huge role at all in representing statements and their conditional execution basis [as there wasn't one :p ] Next, my snippet was an example, as I'm certain I mentioned. A slightly modified regex could be: /(fuc?k|dic?k|wank)(e(r|d|n)|hea?d|wit|ing?)?/i that would capture many more variations of these profanities and their common derivatives and suffixes.. [aside] That I assume was where you were going with the spelling issue??? [/end of aside] What is unpredictable by the way? You seem as though you are targetting the regex patterns themselves. Remember, there is no virtually no such thing as a computer error, only humans that don't know how to use the computers. if a regex behaves differently that what you expected, there is beyond a 99.% certainty that it is due to not having formulated the regex correctly. There have been many a times when even I, yes, Supreme Commander of the entire known and even undiscovered Universe, have forged together a pattern, ran it, achieved desired results, then realised later down the track a certain word/condition it wasn't matching... Generally this is due to overlooking some small condition in the pattern or a particular situation you hadn't thought of. For example in the above regex I give I didn't rule out strings like: F|_|CK F\_/CK D|CK W/\NK which do look like the word I want to ensure doesn't exist on the site, Catch is? before I run this regex I also ensure the string firstly only contains the following char classes: /[a-z0-9_-]/i There we go.. Anyway, pick me more, please I love it!!! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Ludvig Ericson [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Cc: Chris Payne [EMAIL PROTECTED]; php-db@lists.php.net Sent: Sunday, March 12, 2006 12:18 AM Subject: Re: [PHP-DB] Database abuse help needed Erm, dude, chill out with the elitism. I think there's more then 2% knowing about regexes, and more then 5% of those 2% that can write oh-so-complex regular expressions (Either GMail mangled the indentation or you need help with that part, by the way _) Oh and you complain about it not catching spelling mistakes? Yours doesn't either - want to know why? Because they're so unpredictable. Cheers, toxik On 3/11/06, Julien Bonastre [EMAIL PROTECTED] wrote: Well this is cute, really it is. Kudos to all the in_array ideas and so forth But really this is just an example. In reality this wouldn't work how you've planned. For example take this quite realistic possibility. Lets assume
Re: [PHP-DB] Plain-text or HTML?
I have created several successful HTML and text based emails.. Its a secret called multipart MIME. The essence of email really. Just as an attachment is embedded into the same file as the images, html part and textual part. All you have to do is using 2 seperate boundaries, write out a textual [no HTML formatting, etc, use correct newlines etc] version out and then using same content write it into a HTML template version that can include formatting etc.. Ensure all images used are also encoded and added as multipart MIME segments. All this can be generally easily done via some email clients themselves. For example Microsoft's Outlook Express does multipart HTML/Text emails. If you just go and create a new email in Outlook and type out your content in HTML format [ensure you've selected Format-Rich Text HTML] Then save it and grab the message source, you will clearly see the boundaries it has defined for the alternative MIME part [the text/html] and the text/plain part. Simply reformat the text/plain part a bit if you want. Voila.. in most cases thats ready to rumble .. use it as an example of how to work it into your own email generation functions in php. Works a charm for me ;-) Good luck, let me know how you go! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Monday, March 13, 2006 2:25 PM Subject: [PHP-DB] Plain-text or HTML? Hello all, People on this list, is your email client plain-text or HTML supported? I think most email clients come with HTML support, but over the time I have done HTML emails they flop out and not display correctly. Is there a reason for this? Is there a way to send out HTML emails from a PHP script to email clients that will display correctly? Problem I tend to have is at times I write the HTML, test it on a webpage. Send it to my email clients shows well but on others like Yahoo! etc it shows crap. Than at times Yahoo! shows fine and other clients crap! Is there tag/codes needed to sort it out? Or is it just a tricky thing? Yahoo!, Hotmail is HTML based WWW clients so I guess you need to get your tables spot on that matches theirs to align correctly? Just need input on this! Thanks! J No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.384 / Virus Database: 268.2.1/279 - Release Date: 10/03/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Database abuse help needed
Yes.. elitism ;-) That is I The indentation, yes, formatting of emails across different clients will always be an issue. Regardless though, and thankfully, my code was only a few one liners, whereby the indentation didn't play a huge role at all in representing statements and their conditional execution basis [as there wasn't one :p ] Next, my snippet was an example, as I'm certain I mentioned. A slightly modified regex could be: /(fuc?k|dic?k|wank)(e(r|d|n)|hea?d|wit|ing?)?/i that would capture many more variations of these profanities and their common derivatives and suffixes.. [aside] That I assume was where you were going with the spelling issue??? [/end of aside] What is unpredictable by the way? You seem as though you are targetting the regex patterns themselves. Remember, there is no virtually no such thing as a computer error, only humans that don't know how to use the computers. if a regex behaves differently that what you expected, there is beyond a 99.% certainty that it is due to not having formulated the regex correctly. There have been many a times when even I, yes, Supreme Commander of the entire known and even undiscovered Universe, have forged together a pattern, ran it, achieved desired results, then realised later down the track a certain word/condition it wasn't matching... Generally this is due to overlooking some small condition in the pattern or a particular situation you hadn't thought of. For example in the above regex I give I didn't rule out strings like: F|_|CK F\_/CK D|CK W/\NK which do look like the word I want to ensure doesn't exist on the site, Catch is? before I run this regex I also ensure the string firstly only contains the following char classes: /[a-z0-9_-]/i There we go.. Anyway, pick me more, please I love it!!! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Ludvig Ericson [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Cc: Chris Payne [EMAIL PROTECTED]; php-db@lists.php.net Sent: Sunday, March 12, 2006 12:18 AM Subject: Re: [PHP-DB] Database abuse help needed Erm, dude, chill out with the elitism. I think there's more then 2% knowing about regexes, and more then 5% of those 2% that can write oh-so-complex regular expressions (Either GMail mangled the indentation or you need help with that part, by the way _) Oh and you complain about it not catching spelling mistakes? Yours doesn't either - want to know why? Because they're so unpredictable. Cheers, toxik On 3/11/06, Julien Bonastre [EMAIL PROTECTED] wrote: Well this is cute, really it is. Kudos to all the in_array ideas and so forth But really this is just an example. In reality this wouldn't work how you've planned. For example take this quite realistic possibility. Lets assume the word bad is in your array of bad words Now for realistic reasons I will tell you now that the word bad I am going to use as the word we all know exists as a derogatory slang form of human reproduction or cursing [its starts with an F in case you haven't figured it out yet, four letters, ends in K, got it yet? ] Now as we know this bad word can be written many ways, remember, I won't use real word, just our safe-substitute: bad, bader, bading, baden, badhead, badwit, badoff, baded, and there maybe many more I can't think of Point being? unless you do something more exotic than a precise word match then it won't get these suffixed versions, or even altered spelling versions. Now the next even larger problem? This in_array thing? Its cute, but if you have more than one word in any of your POST variables [which would be pretty safe to assume unless you have a bad habit of sending those one word subject, one word content, one word sender types of emails] then it won't work either If this is passed as say $_POST[name]=You are a bad head! your little snippet here will try to match You are a bad head to singular words such as [this is a bad word] What you need is to break up each word in your string, then do some form of processing ;-) Ok ok, so you want the secrets now don't you?? Ok try signing up at these sites with names like: root, radix, admin, or some common profanity, which is located anywhere in the username, alias, etc: http://www.befitcommunity.com www.the-spectrum.org Exactly.. Now for my implementation I ONCE AGAIN BADING rely on my regular expressions OH SUPRISE SUPRISE, maybe they were invented for a purpose??? Its ok, nevermind, its a personal joke of mine on this list, it seems 2% of the PHP dev population
Re: [PHP-DB] Tracking Site Version
Shame the URL doesn't work I'm sure its a great piece of version tracking software though! Can't say as much about the companies web development and systems administration skills .. :-) Bai! - Original Message - From: Luis Morales [EMAIL PROTECTED] To: Micah Stevens [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Friday, February 24, 2006 7:26 AM Subject: Re: [PHP-DB] Tracking Site Version Yes!! Subversion it's the best... On Thu, 2006-02-23 at 13:05 -0800, Micah Stevens wrote: Subversion: http://subversion.tigris.org On Thursday 23 February 2006 12:44 pm, Alex Major wrote: Hi there, I'm currently working on my website which is now live, and was wondering how some of you more experienced web developers record site developments if you do. I'm thinking of perhaps creating a page on the site where I record the site version, and changes made during the update. Just wondering if any of you had a similar system, or if you had any suggestions for recording site changes etc.. Many thanks, Alex. -- - Luis Morales Consultor de Tecnologia Cel: +(58)416-4242091 - Empieza por hacer lo necesario, luego lo que es posible... y de pronto estarĂ¡s haciendo lo imposible - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/02/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/02/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Tracking Site Version
Ooh its back... Weird... - Original Message - From: Luis Morales [EMAIL PROTECTED] To: Micah Stevens [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Friday, February 24, 2006 7:26 AM Subject: Re: [PHP-DB] Tracking Site Version Yes!! Subversion it's the best... On Thu, 2006-02-23 at 13:05 -0800, Micah Stevens wrote: Subversion: http://subversion.tigris.org On Thursday 23 February 2006 12:44 pm, Alex Major wrote: Hi there, I'm currently working on my website which is now live, and was wondering how some of you more experienced web developers record site developments if you do. I'm thinking of perhaps creating a page on the site where I record the site version, and changes made during the update. Just wondering if any of you had a similar system, or if you had any suggestions for recording site changes etc.. Many thanks, Alex. -- - Luis Morales Consultor de Tecnologia Cel: +(58)416-4242091 - Empieza por hacer lo necesario, luego lo que es posible... y de pronto estarĂ¡s haciendo lo imposible - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/02/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/02/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] apostrophes everywhere
Firstly, I believe I speak on behalf of the other users on this list when I tell you that I do NOT need a secondary copy of your email posted on this mailing list with a different subject, I am quite capable of reading the first one. Finally, I would suggest looking into the htmlspecialchars($str) function or as the previous poster pointed out, check out the manuals in relation to string/HTML escaping routines. Next, just as I look over that snippet I spot a little anamoly, or is it just me? mysql_query(DELETE FROM `table` WHERE `id` ='3' ); is placed AFTER you have set the previous record that used to hold 2 in its 'id' field to 3. Therefore are you not deleting two records here? I would assume so.. You are deleting the oldest one, and also the second oldest. I would recommend placing the deletetion statement BEFORE you change the 2nd oldest record to the 3rd. :-) Order of operations is critical here. tata! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Stut [EMAIL PROTECTED] To: Andrew Darrow [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Sunday, February 19, 2006 9:27 AM Subject: Re: [PHP-DB] apostrophes everywhere Andrew Darrow wrote: Everything get's run except for the INSERT INTO if there is an apostrophe in the value $blog. If I replace the apostrophe with #39; it works fine. On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and publish elsewere. On my server everything works fine all the time, but on the production server I'm running PHP 4.3.11 and MySQL 4.1.12 that's where i'm having problems with the apostrophe. RTFM: http://php.net/mysql_real_escape_string and http://php.net/magic_quotes -Stut -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] data picker
there are many ways to skin a cat here are the first few suggestions or plans of attack I would look at: a) the popup window calls upon a form/page which once a value is selected sends the value back to the parent window via javascript and closes popup or something b) use a session variable. On this popup when a user takes action, selects value or whatever, it submits the form in the popup which the page handles and saves the chosen value/s to a session. then closes the window or whatever, back on the main form, you can continue processing and fetch that session var later when they submit that form I'd probably go option a.. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: r0md0n1 [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Monday, February 13, 2006 8:00 PM Subject: [PHP-DB] data picker hi all I'm trying to create a smalll application to pick data from pop-up window into a form (like when inserting email address @ yahoo-mail or date-picker :) here's some ilustration : when i click a hyperlink then comes pop-up window to browse data's, after found desired data i want to pick the data-id into the form (textbox, etc..)... anyone give me a clue pls.. rgds, d3n. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10/02/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10/02/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] First web app, ever, so please bear with me
This is my kind of gear... You've hit my nail, right ontop of my head... I have made some feature similar to this for Australia.. I am using a federal government operated index of every registered landmark, train station, suburb, river, etc that stores the geographical position [latitude and longtitude] And I use this in conjuction with an equation of Approximate Episoidal Distance to calculate to a fairly high degree of accuracy [200m to 500km] the distance between to given points. To figure out the items between said centre location and given radius though requires a bit of calculation. simply because in order to determine which 'elements' fall within given range you have to compute live the distance between requested location and each element stored in db. Somewhat painful therefore it is wise to somehow use other filters as well to choose what type of business/ etc I know this sounds somewhat inefficient, and therefore the only other way to simplify this is either to cache queries so any future queries that match the same source and range will save the processing and just display this results Again though depending on your business rollover these results may expire quickly and it isn't all that likely that given the timeframe you might set that another person might run the same range and source query anytime soon Therefore if you could conjure up sone form of indexing system to categorise quickly locations against a given reference point perhaps? For example break down locations in terms of blocks or something and then you can just perform this operation on any business that falls inside the block of the requested source location and adjacent blocks etc etc.. I have attached a library i wrote for my geolocate system on a site I am currently developing.. Its a start point to the implementation Of course you'd have to find where you can source a fairly up to date extensive postcode/zipcode/suburb database that links to geographical points to do this. Enjoy.. and Good luck! p.s. As a side note, I am not aware fully of American systems, and I do believe there are already in place some fairly comprehensive systems to do zipcode/locational distance calculations. Alot easier than I had to do in Aus. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Matty Sarro [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Sunday, February 05, 2006 8:17 PM Subject: [PHP-DB] First web app, ever, so please bear with me Greetings all! I am finally taken the plunge and started trying to develop a web application. I've got a fair amount of web design experience with straight up HTML, I've written a few scripts with perl, and I'm slightly familiar with SQL. This is to give you some background... I'm by no means experienced so please bear with me. Currently I'm using a forum to gather business reviews from subscribers to a website. Once a substantial number have been gathered, I want to use them to populate a database that can be appended to by users. The actual application (once data has been migrated) will have two uses: first, users should be able to search by geographic area for businesses based on zip code, town name, business name, distance from a given zipcode, etc. If a certain field isn't filled in, it should be assumed to be a wildcard (for instance, if a user would enter no business name, or town name, but they do enter 10 mile radius from 90210, then all businesses within 10 miles of 90210 that have reviews will be displayed). I'd like to use a similar form to allow users to submit reviews for new businesses. Most of this may seem pretty simple, but like I said, I've never worked with PHP before, or SQL, let alone both. And whats worse, I've got no idea how to do anything with the geographical code (the X mile radius from zip code Y thing). So, where would be a fair place to get started (besides the obvious php.net)? I hope this wasn't too vague - thanks again guys! Also, this is my first post, so please be gentle :) No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.2/251 - Release Date: 4/02/2006 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.2/251 - Release Date: 4/02/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] timestamp value management
Or... If one were to actually RTFM in reference to the mysql manual. Freely available at: http://dev.mysql.com/doc/refman/4.1/en/index.html [or substitute 5.0 for us hardcore mysql'ers ;-) mysql5 is swet. ] Heres an interesting, difficult to find page [joke] http://dev.mysql.com/doc/refman/4.1/en/date-and-time-functions.html Oh check this out! -- a.. UNIX_TIMESTAMP(), UNIX_TIMESTAMP(date) If called with no argument, returns a Unix timestamp (seconds since '1970-01-01 00:00:00' UTC) as an unsigned integer. If UNIX_TIMESTAMP() is called with a date argument, it returns the value of the argument as seconds since '1970-01-01 00:00:00' UTC. date may be a DATE string, a DATETIME string, a TIMESTAMP, or a number in the format YYMMDD or MMDD. The server interprets date as a value in the current time zone and converts it to an internal value in UTC. Clients can set their time zone as described in Section 5.10.8, MySQL Server Time Zone Support. mysql SELECT UNIX_TIMESTAMP(); - 882226357 mysql SELECT UNIX_TIMESTAMP('1997-10-04 22:23:00'); - 875996580 When UNIX_TIMESTAMP is used on a TIMESTAMP column, the function returns the internal timestamp value directly, with no implicit string-to-Unix-timestamp conversion. If you pass an out-of-range date to UNIX_TIMESTAMP(), it returns 0, but please note that only basic range checking is performed (year from 1970 to 2037, month from 01 to 12, day from 01 from 31). Note: If you use UNIX_TIMESTAMP() and FROM_UNIXTIME() to convert between TIMESTAMP values and Unix timestamp values, the conversion is lossy because the mapping is not one-to-one in both directions. For example, due to conventions for local time zone changes, it is possible for two UNIX_TIMESTAMP() to map two TIMESTAMP values to the same Unix timestamp value. FROM_UNIXTIME() will map that value back to only one of the original TIMESTAMP values. Here is an example, using TIMESTAMP values in the CET time zone: mysql SELECT UNIX_TIMESTAMP('2005-03-27 03:00:00'); +---+ | UNIX_TIMESTAMP('2005-03-27 03:00:00') | +---+ |885200 | +---+ mysql SELECT UNIX_TIMESTAMP('2005-03-27 02:00:00'); +---+ | UNIX_TIMESTAMP('2005-03-27 02:00:00') | +---+ |885200 | +---+ mysql SELECT FROM_UNIXTIME(885200); +---+ | FROM_UNIXTIME(885200) | +---+ | 2005-03-27 03:00:00 | +---+ If you want to subtract UNIX_TIMESTAMP() columns, you might want to cast the result to signed integers. See Section 12.8, Cast Functions and Operators. -- Couldn't have done better if I had copied it verbatim! Haha actually, I did nearly ;-) No cute extracting of substrings within a mysql datetime timestamp and calculating a Epoch timestamp.. No sirreeebob! Just one function. Returns seconds since the Unix Epoch GMT+0. Wicked? i think so too... Tell you what, just as a tip from one supreme ruler of codecutting h4x0r developer to a budding learner: If you are interested in looking up what sort of functions/algorithms are available for you to use on post-processing your data for a mysql result. I'd suggest looking at something really exotic and obscure like The MySQL manual's DATE AND TIME FUNCTIONS page.. ;-) I know I know, it seems a strange philosophy but these champions who work on the docs for these projects are the true heros of our modern world. Not Americans, nor the poor sods who are sent to the Middle East deceived in thinking they are promoting freedom but in reality are creating a strong business for the Bush administration and their oil resource driven ambitions. Its a terrible world isn't it? As I was saying, thank God/Allah/Buddah/*insert deity here* that the mySQL and PHP doc's writers are so talented and organised! Ta ta !! - Original Message - From: Gerry Danen [EMAIL PROTECTED] To: xkorakidis [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Monday, January 30, 2006 8:34 AM Subject: Re: [PHP-DB] timestamp value management I use this function: function xlate_datetime($in_field, $in_format) { // 2005-10-02 18:05:52 // 0123456789012345678 $year = substr( $in_field, 0, 4 ); $month = substr( $in_field, 5, 2 ); $day = substr( $in_field, 8, 2 ); $hour = substr( $in_field, 11, 2 ); $min = substr( $in_field, 14, 2 ); $sec = substr( $in_field, 17, 2 ); $t = mktime( $hour, $min, $sec, $month, $day, $year ); if ( $in_field == -00-00 00:00:00 ) return ; else return (date($in_format, $t)); } Gerry On 1/30/06, xkorakidis [EMAIL
Re: [PHP-DB] database for books question
Yes you're on the right track Easiest practical way is as follows: Your book listing table has a field named say: subject_id Which is just a SMALLINT UNSIGNED column or something, that allows up to 2^16 sized integers, more than I think should be sufficient for a huge list of subjects, an TINYINT UNSIGNED that allows up to 255 would possibly even be more than sufficient. And then create a table named say: subject_listing or something like that And it would simply have fields as such: subject_id SMALLINT UNSIGNED not null AUTO_INCREMENT, title varchar(24) NOT NULL and your index would be a PRIMARY KEY on subject_id or a UNIQUE constraint at least Therefore you could construct this table with this query: CREATE TABLE subject_listing (subject_id SMALLINT UNSIGNED not null AUTO_INCREMENT, title varchar(24) NOT NULL, PRIMARY KEY (subject_id)); Finally, getting a listing on a PHP page as you mentioned wouldn't take more than just running something like: ? $DB=mysql_connect(mysqlserver,user,pass); mysql_select_db(yourdb,$DB); $sql=mysql_query(SELECT sl.title AS 'title', count(book_id) as 'count' FROM subject_listing sl LEFT JOIN book_listing bl USING (subject_id) group by subject_id,$DB); if(mysql_num_rows($sql)0) { while($row=mysql_fetch_array($sql)) { echo $row[title]. (.$row[count].)BR; } } else { //safe assumption that each book must have a subject_id which exists in subject_listing echo No books were found; } ? Should work, mostly tested, the SQL will work for sure.. Have fun!! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: John Meyer [EMAIL PROTECTED] To: Flint Million [EMAIL PROTECTED]; php-db@lists.php.net Sent: Sunday, January 22, 2006 9:02 AM Subject: Re: [PHP-DB] database for books question Flint Million wrote: Now I want to be able to do a subject listing as well as a search. For example, if I asked for a lsit of all subjects, I want something like: Nonfiction (2) PHP (1) Technology (2) Computers (1) Programming (1) History (1) Linux (1) In database design, I'd almost do this as a subject table, and then link the books together through a subject-book linking table. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 20/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 20/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] database for books question
Flint Million wrote: Good idea. OK so I'll create a new database with subject ID's. Now, back in the primary database, how can I have multiple subjects assigned to one book? Let's say I repeat my above example and we assign Nonfiction to 1, Technology to 4, and Linux to 5. I know I might be getting off PHP topic here, but what's the best way then to have the database be able to reference multiple subjects per record? Or, would I have to do like subject0 subject1 subject2 etc. fields considering the maximum number of subjects per book? I still want to be ao search by subject and any book that has that particualr subject assigned to it would be returned. ??? Sorry I didn't seem to get this email? Was it posted to the list? In that case you WILL need an intermediatery table then as John proposed. My method works similiar but its a one-to-one relationship per subject Apart from that the rest should follow suite the same.. tata ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: John Meyer [EMAIL PROTECTED] To: Flint Million [EMAIL PROTECTED]; php-db@lists.php.net Sent: Sunday, January 22, 2006 10:14 AM Subject: Re: [PHP-DB] database for books question -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Flint Million wrote: Good idea. OK so I'll create a new database with subject ID's. Now, back in the primary database, how can I have multiple subjects assigned to one book? Let's say I repeat my above example and we assign Nonfiction to 1, Technology to 4, and Linux to 5. I know I might be getting off PHP topic here, but what's the best way then to have the database be able to reference multiple subjects per record? Or, would I have to do like subject0 subject1 subject2 etc. fields considering the maximum number of subjects per book? I still want to be ao search by subject and any book that has that particualr subject assigned to it would be returned. Here's how Table: BOOKS BOOK_ID BOOK_NAME PK: BOOK_ID SUBJECTS SUBJECT_ID SUBJECT_NAME PK: SUBJECT_ID BOOK_SUBJECT BOOK_ID (references BOOKS) SUBJECT_ID (references SUBJECTS) PK: (BOOK_ID,SUBJECT_ID) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD0s5Hj60GAoLuoDkRAlu2AJ4wqmitcKOpSwxiosJIrxHRr4swEACfUy4N biTma4v6Kw5ZWps879Xa9Jg= =D0Nk -END PGP SIGNATURE- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 20/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 20/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] new guy with stupid question
In reference to Jeffrey's comment about the performance of mysql_fetch_row vs mysql_fetch_array, which I always have used the _array implementation: From the horses mouth: Performance: An important thing to note is that using mysql_fetch_array() is not significantly slower than using mysql_fetch_row(), while it provides a significant added value [source: www.php.net/manual/en/function.mysql-fetch-array.php ] tata! - Original Message - From: Jeffrey [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Friday, January 20, 2006 7:19 PM Subject: Re: [PHP-DB] new guy with stupid question Lonny wrote: OK, sorry for the long winded info. For today I will ask for a script that will gather emails from the email field of a table in a database and send a news letter to those emails. How do I compose the email formatted with html for a professional look and send it to everyone in the database. If I haven't got myself kicked of this list yet, here is another basic question. I want users to be able to select a date for their schedule. I do not want them to have to follow the format of -mm-dd I just want them to select a month from a pulldown, then a day, and then a year. (I have all this set up all ready) What is confusing me is the part where I need to think out of the box a bit and combine there three selection into a date field. Like $month + $day + $year INSERT $month$day$year into $date; and come up with something that looks like 2006-08-13 I hope you know what I am trying to do here. Have I made any friends yet? Lonny Lonny: Don't slag yourself off so much. That's what this list is for ;o) First question... $subject=Email subject line; $body=htmlNewsletter content/html; $return_address=From: [EMAIL PROTECTED]; $query=SELECT $email_address FROM some_table; $result=mysql_query($query) or die(Something went wrong, sweetheart: . mysql_error()); while($row=mysql_fetch_array($result)){ extract($row); mail($email,$subject,$body,$return_address); } Untested, but should work. And I know some of the people on the list will say that the mysql_fetch_array() is not the best approach - but you can fiddle with mysql_fetch_row() if you'd prefer. It would probably be a bit more efficient. As to HTML content for your newsletter, I would test first. Create a newsletter, send it to yourself and, if possible a couple of other people. Try various layouts until it looks right. But bear in mind that different e-mail clients are not consistent with the display of html content. So try as many different clients as you can, especially Outlook, Lotus Notes (if there are a lot of busness users), Thunderbird, Gmail, hotmail, etc. For what it's worth, I do a popular and highly regarded newsletter entirely in ASCII text. Of the over 2000 subscribers, only one person every complained about the appearance - and his complaints were such that it was clear he wasn't remotely interested in the actual content of the newsletter. For the last question, get the date info from your drop down menus, then in php... $date_for_db=$year.-.$month.-.$day; ...and insert $date_for_db into your table. Good luck, Jeffrey -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/235 - Release Date: 19/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/236 - Release Date: 20/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Add or Subtract
Thats not even a docs question.. Thats a have you ever even sat down at a single teaching of SQL principles or read ANY basic SQL material at all question. Really man. UPDATE is one of the four most common SQL standard functions you will and should know quite well. SELECT, INSERT, UPDATE, DELETE I'm not having a go here, but maybe you should checkout like a basics of mysql e-book or something, I've landed on some goodies in the past and they're just fantastic, I've ended up mastering SQL query construction like spelling my name now. All shapes sizes, constraints of queries and where and how to use certain functions, where to use what, aggregate functions, stats, subqueries, multiple tables,transactional locking, etc etc etc its so exciting, really. Enjoy!! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: David Robley [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Thursday, January 19, 2006 10:36 PM Subject: Re: [PHP-DB] Add or Subtract On Thu, 19 Jan 2006 22:55, Ed wrote: I've been considering doing a little project for my community site which allow people to sell and buy players ... They would have a limit of 2,000,000 upon sign up .. However i'm not sure how i'd update this figure Say player sells for example Alan Shearer for £300,000 he'd then have 2,300,000 how would i make it add to whats in the db already? same goes for if he was sold and it went down to 1,700,000. Ed You haven't read the mysql docs much, I guess. Assuming you are storing your limit as an integer: UPDATE table SET value = value + $newamount WHERE [something to identify the record to be updated] where $newamount is the positive or negative value of the increase passed in from wherever. Cheers -- David Robley Press any key to continue or any other key to quit... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/234 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How can I solve this?
Thank you, In fact, its called busy-ness, and I tend to believe I have quite a prowess in the was of Regular Expressions. Reason I have the character class? You betchya! So I could do exactly what your friend did. Reason I completely forgot? I'm an idiot and was too busy replying to 3 emails at once whilst on a phone call. My fault? Completely ;-) Yes, see its called impulsive reasoning, hence the reason I added the character class without needing it, embedding a character class predicate such as \w inside a character class enclosure alone is well.. Stupid and reduntant at best.. Therefore there was some sub-concious reasoning to my madness I can presume. And yes, I also know that that \w class wouldn't cover all the characters I needed in a possible filename, again, I was careless and quick As for the compatibility of the \w character class within sed and awk: I am well aware that this implementation works on Perl-Compatible Regular Expression patterns, and is not a necessarily supported by all regular expression standards BUT WHO GIVES A FLYING FUCK? But this is a PHP-DB list, he is asking a PHP related question and I even specifically stated in my response: preg_replace() which is a PCRE function using the PCRE pattern modifiers. And finally this is a mailing list, not a kindergarten room. We're here to help, assist, and suggest advice. Not to wipe their bottoms. I posted a suggestive solution to a problem. Thats all SURE theres going to be different methods of approaching it, SURE it could not be the most perfect pattern, but its a suggestion where to head for the correct solution. HELL it wouldn't work with .asp files either. Or if your files were named .php4 or .phtml Do I give a damn about that? No. Are you a tech support officer Jeremy? Do you need to help them digest their baby jelly food? Actually, enough of the hostility, I am honoured actually to think you went to the effort of sending off my 10 second quick drafted suggestive PCRE pattern off to Eric Pement of MBI.. Wow, touched. Imagine if I gave you guys some REAL PCRE patterns that I use!!! Now that you'd honour me for wouldn't you! I can just picture you two drooling at the mouth now. So is this Eric friend of yours some RegEx guru? I respect him if so, no harm intended, but I do think my suggestive help posting to this list was 'fit for purpose' He never asked anyone to spoon feed him, and if you want to be a real world developer you better learn to use your resources and reference manuals. I've had enough now. Adios and cya later mate! P.S. You (Jeremy) and Eric are Americans right?? :-) Just curious. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Jeremy Peterson [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Friday, January 20, 2006 8:09 AM Subject: Re: [PHP-DB] How can I solve this? A friend of mine updated your regular expression... Check it out if your interested. Jeremy Dear Jeremy, Thanks for writing! I saw this regular expression and thought you might like it... :) preg_replace(/^\/?(.*)\/[\w]+\.php$/,$1,$PHP_SELF) that strips that leading forward slash too ;-) \w is a PCRE (Perl-Compatible Regular Expression) that matches any word character: a-z, A-Z, 0-9 and the underscore _. sed and awk do not support \w, although ssed (super-sed) supports \w if an -R switch is added on the command line. Back to PHP and \w : Putting \w by itself inside a character class [...] does absolutely nothing, just as [a] and [9] does nothing special. It could be more efficiently written as: /^\/?(.*)\/\w+\.php$/ One additional problem is that the characters defined by \w does not include the hyphen, the pound sign, or other punctuation marks that sometimes find their way into filenames, like: four-to-go.php page#10.php convert$toDM.php so in this case, a character set should be used: /^\/?(.*)\/[EMAIL PROTECTED]*+=-]+\.php$/ Keep 'em coming! -- Eric Pement - [EMAIL PROTECTED] Educational Technical Services, MBI Jeremy Peterson, MACS Automation Systems Administrator Crowell Library Moody Bible Institute 820 N. LaSalle Drive Chicago, IL, 60610 Email: [EMAIL PROTECTED] Phone: 312.329.8081 Fax:312.329.8959 No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/235 - Release Date: 19/01/2006 -- No virus found in this outgoing
Re: [PHP-DB] Getting PHP 5 w/mysqli to communicate with MySQL 5
Without some good information I'm going to take a stab in the dark here.. You are using the mysqli functions right? Not the older mysql ones for mysql4.x and older?? If you only compiled php with the mysqli libraries then you need to use them You can connect in some fashions to mysql5 db's with mysql_ functions and the older libmysql4 libraries but the authentication method needs to be worked into it [newer mysql password function is different to mysql4 and older password function] otherwise though I compiled both libraries mysql and mysqli into my php: http://aries.the-spectrum.org/phpinfo.php and use a mySQL 5 engine but only using mysql_ functions currently due to backwards compatibility of old sites and old code. What exactly are you have troubles with? A code snippet or version examples would be good. Also is your database mysql5 engine I take it? Regards, Julien Bonastre [aside] I'll try and be VERY precise from now on in this list so people don't interrogate my help and advice and construe it as definitive BIBLE like answers. I'm only trying to help. I am barely 21 and I am non-qualified academically. Doesn't mean I don't know what I'm talking about. Fear my wrath, or my wife, equally dangerous I assure you haha. [/aside] - Original Message - From: Allen Schultz [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Friday, January 20, 2006 10:16 AM Subject: [PHP-DB] Getting PHP 5 w/mysqli to communicate with MySQL 5 Hi, all: I having trouble getting my php to communicate with my MySQL database. I have it where I can connect, but afterwards, it sees nothing for information after being connected. Any suggestions will help. Thanks, Allen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/235 - Release Date: 19/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.21/235 - Release Date: 19/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Refreshing text question!
Sorry I had misinterpreted your question Jerry.. I thought you were trying to refresh the page, missed that keyword :-) Therefore in context the page refresh would be quite annoying, I was only introducing its concept in order to reload the page at a different location. Again, my apologies for this.. Kind Regards, Julien Bonastre - Original Message - From: Aaron Koning [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Wednesday, January 18, 2006 5:47 PM Subject: Re: [PHP-DB] Refreshing text question! I think that refreshing the web page with META Refresh every 5 or 10 seconds would surly P.O. anyone actually trying to read your web pages. Anyways: http://www.webreference.com/js/column3/ Or try googling the topic... Aaron On 1/17/06, Julien Bonastre [EMAIL PROTECTED] wrote: Yes I can help you there.. There is a technique you can use which is actually more browser friendly then the Javascript alternative you mentioned.. You can use the META tags in your page as such: META HTTP-EQUIV=refresh CONTENT=10 will refresh page in 10 seconds META HTTP-EQUIV=refresh CONTENT=10;url=http://www.operation-scifi.com; will reload page in 10 seconds and direct browser to one of my first highschool webpages.. For a quick reference I found this via the I'm Feeling Lucky of Google: http://webdesign.about.com/cs/metatags/a/aa080300a.htm Otherwise the good ole' W3C at www.w3c.org will have some great doco's on it too enjoy ;-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Wednesday, January 18, 2006 11:51 AM Subject: [PHP-DB] Refreshing text question! Hi, I did a little bit of script that refreshes a text slogan every 5 or so seconds with a new slogans and wraps to each slogan, I had about 5, and loops over and over again. This was done WITHOUT the need of refreshing the page. I think I used JavaScript but not 100% sure of this. Has anyone seen this before I seen a site use it? I can't recall the site I did it for, I know I have done it before. I need the code again without needing to re-do it all again as it took me a while to configure it last time. The site is written in PHP and uses MySQL. Any help would be mostly appreciated. J - Do you Yahoo!? Messenger 7.0: Free worldwide PC to PC calls Incoming mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.148 / Virus Database: 267.14.20 - Release Date: 17/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Refreshing text question!
And in response, i was sort of heading there with my response.. Checkout my sexy 'quotes' engine on www.operation-scifi.com At bottom of page, there's a link HOVER ON THIS LINK (Click to change quote) click it to see the wowness effect Implementing this with a timeout function of JS is quite easy too.. Anyway, back to work for me.. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Julien Bonastre [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Wednesday, January 18, 2006 8:08 PM Subject: Re: [PHP-DB] Refreshing text question! Sorry I had misinterpreted your question Jerry.. I thought you were trying to refresh the page, missed that keyword :-) Therefore in context the page refresh would be quite annoying, I was only introducing its concept in order to reload the page at a different location. Again, my apologies for this.. Kind Regards, Julien Bonastre - Original Message - From: Aaron Koning [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Wednesday, January 18, 2006 5:47 PM Subject: Re: [PHP-DB] Refreshing text question! I think that refreshing the web page with META Refresh every 5 or 10 seconds would surly P.O. anyone actually trying to read your web pages. Anyways: http://www.webreference.com/js/column3/ Or try googling the topic... Aaron On 1/17/06, Julien Bonastre [EMAIL PROTECTED] wrote: Yes I can help you there.. There is a technique you can use which is actually more browser friendly then the Javascript alternative you mentioned.. You can use the META tags in your page as such: META HTTP-EQUIV=refresh CONTENT=10 will refresh page in 10 seconds META HTTP-EQUIV=refresh CONTENT=10;url=http://www.operation-scifi.com; will reload page in 10 seconds and direct browser to one of my first highschool webpages.. For a quick reference I found this via the I'm Feeling Lucky of Google: http://webdesign.about.com/cs/metatags/a/aa080300a.htm Otherwise the good ole' W3C at www.w3c.org will have some great doco's on it too enjoy ;-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: JeRRy [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Wednesday, January 18, 2006 11:51 AM Subject: [PHP-DB] Refreshing text question! Hi, I did a little bit of script that refreshes a text slogan every 5 or so seconds with a new slogans and wraps to each slogan, I had about 5, and loops over and over again. This was done WITHOUT the need of refreshing the page. I think I used JavaScript but not 100% sure of this. Has anyone seen this before I seen a site use it? I can't recall the site I did it for, I know I have done it before. I need the code again without needing to re-do it all again as it took me a while to configure it last time. The site is written in PHP and uses MySQL. Any help would be mostly appreciated. J - Do you Yahoo!? Messenger 7.0: Free worldwide PC to PC calls Incoming mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.148 / Virus Database: 267.14.20 - Release Date: 17/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375
Re: [PHP-DB] How can I solve this?
Two alternatives.. dirname(); returns basically just the path, same string as using pathinfo[dirname] but saves that array step.. or back to the love of my life [well, the non-human one]: preg_replace(/^\/?(.*)\/[\w]+\.php$/,$1,$PHP_SELF) that strips that leading forward slash too ;-) by love of my life I mean, Regular Expressions, not that particular one :P ciao - Original Message - From: Chris Payne [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Thursday, January 19, 2006 3:58 AM Subject: RE: [PHP-DB] How can I solve this? Wonderful thank you, it displays a single / before the dir name but I can remove that without too much trouble :-) Thank you. Chris try $x =pathinfo($_SERVER['PHP_SELF']); echo $x['dirname']; =C= | | Cal Evans | http://blog.calevans.com | | Chris Payne wrote: Hi everyone, I am using PHP_SELF in order to get the current path on a dynamically created webpage. This gives me the following: /my_website/index.php My problem is, ALL I NEED is the directory name - no / or no index.php, how can I strip these out to leave JUST the folder name the file is located in? I need this because the page is dynamically created, and it gets templated information from a database and needs to use the foldername as the identifier between the DB entry to use for grabbing the information and the pages inside the directory. Any help would be really appreciated and I'm certain it's something REALLY obvious. Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/233 - Release Date: 18/01/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.20/234 - Release Date: 18/01/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Storing Credit Cards, Passwords, Securely,two-way encryption
Yes yes, lawsuits, scary, etc. I'm glad you're so blase about this and the threat of your business going under due to exposure to extortion. When you've got the site running, let me know the address, so I can advise my friends and colleagues to avoid it at any cost. Public key encryption, with additional either secret word padding or using the users account password to pad/encrypt the card number (preventing a brute force attack, even if access to the DB is given). Prevents nothing. If somebody compromises your application server, then own your secret word padding and can reverse the process to extract some or all of the credit cards. Do not underestimate the resourcefulness of bored people. Do not underestimate the resourcefulness of bored people. These people aren't necessarily bored. Just more intelligent than yourself and on a higher income :-) Have you ever done any cryptanalysis? Have you ever succeeded if so? Do you know some people are employed to actually experiment and test on known modern cyptographic methods in order to ascertain their effectiveness? Rather than to live in your little world where everything is cherry and pretty, most people of our profession are aware to the reality that we can't all hide under 2048bit/2KB key length encryption utilities.. I am somewhat disappointed at the approach you are taking towards people who are in the business and field of security and discovering and in turn rectifying or improving existing security systems. I guess its true then, ignorance IS bliss... Pretend the system IS safe, and it must be! Don't ever let any of those bored people test the limits of the system. Hell why benchmark cars, computers, military weapons, athletes or anything for that matter!! As long as they think they're the best, they MUST be! Wake up mate! OK now to the candy : I've had this book a while, and it's one of the most insightful and well researched (from experience) books on security I've ever read. In fact - so good I'm going to go to the trouble to retype an excerpt of a section called One-Way Credit Card Data Path for Top Security ISBN 0-13-0281870-5 [Prentice-Hall publishers] Bob Toxen : Real World Linux Security [Now in 2nd edition] For many sites the most confidential information a customer can tell the site is the customers credit card number and expiry date. Several e-com sites (including some large ones) have had thousands of their customers cc data stolen by crackers and have then had to respond to extortion threats. Most e-com sites keep the database of customer information on the same system as the web server and CGI programs. This is begging for trouble. Simply putting the database on a separate system is not enough, because if CGI programs can attach to the database across the e-com sites LAN, security has not been improved. (Bob Toxen) have come up with the concept of a one-way credit card data path. By this I mean that the credit card data flows only one way, and that way is into the credit card server but data never flows out of the credit card server (my emphasis) except over a hardware path to the bank or service that is processing charge requests. The cc system would be a (linux) system dedicated to this one application. It would have NO other applications on it, because each application would be a potential security hole. It would be hardened for the highest security. It would have a separate private LAN to the web server, and the web server would have a separate dedicated NIC to this private LAN to prevent sniffing (snipped section about spot welded steel pipes encasing LAN cable !) There would be no request implemented that would allow another system to query for a complete CC number under any circumstance. Thus neither a cracker hacking your web server, nor a disgruntled employee could get the CC data from it. So long as there are no buffer overflow vulns, this should be very secure, since there are no services to crack, no passwords to crack, and spoofing would not work because the system doesn't trust any other system at all. When a customer establishes an account and specifies a CC, the CGI sends the following message to the CC server : ADD user name account number cc type, number, expiry date, CCV# When the customer wants to make a purchase, this is sent to the CC server CHARGE user name account number amount The CC server then contacts the processing bank through the private network to charge the amt, store the authorisastion number if successful and returns either Success or an appropriate error message Note that the comms link to the bank would be on a separate hardware to the rest of the network, so if a cracker broke into the web or order DB server, he could not sniff the network for these requests, because they wouldn't be on that
Re: [PHP-DB] Storing Credit Cards, Passwords, Securely, two-way encryption
On Fri, 6 Jan 2006, Julien Bonastre wrote: Any reason why you need to have reversible encryption on the password value?? No... I just prefer to assume that if someone gets my DB, they might try using user/pass pairs on banking sites, or paypal, or other ways, and if I can reversible encrypt the password, I can send them an email with their password, rather than changing it to something obscure and force them to change it again... Though at this point, I just decided to md5 the password and call it good enough. I'll just force them to change it if need be. Generally I simply create some hash from the password, using something akin to a MD5 or SHA1 hash of the password string. Or in my paranoid case I use the password string, plus all sorts of replicatable combinations of values such as length of password, username, registration date/time etc plus weird other fixed values I find around the place and environment variables etc, then I hash them.. A good idea; are you just careful then that you don't accidentally update the data without re-hasing your passwords? I am completely psychotic so don't mind me, when I was 15 I wrote my Perl driven website http://operation-scifi.com [still Perl driven member system and file-system based forum] and I had a real mangler function whereby I would extract each character of the password and hash it, then hash the hash with the other characters, plus the hash of them with said fixed values from server/user account details [age, location etc..] ... It was something in the vicinity of a O(6^n+1)th generation hash by the time I had finished where n is the length of the original password.. *laugh* Awesome! Maybe a bit overkill for password, but still very cool. Unfortunately that leaves things unreversable, and if someone got a hold of your data AND your code, they could reverse-engineer... It seems security is only as good as your weakest link -- obscure code, private key, etc... Well, I still consider it irreversable due to the fact that it is an MD5 hash therefore generating the plainttext from a given ciphertext is fairly slim unless as I mentioned certain dictionary plainttext words are kept catalogued somewhere they can match too. But with the sheer randomness of the plainttext this would never have been hashed before. So even if someone knows my algorithm and has somehow obtained not only the end result but also has the plainttext password and all the data I use intermediate to creating my final hash value AND they can recompute using all this the same final value. This still does not help them figure out HOW to reverse just a stored hash value which they do not know any of the values that were used in its encryption, ie the password or user details. Put simply: how do you reverse a hash? Its designed to be a one way function: I give you: fc3ff98e8c6a0d3087d515c0473f8677 86fb269d190d2c85f6e0468ceca42a20 First MD5 hash is the plainttext of hello world! the second is Hello world! One character difference, and if you do have an understanding of the inner workings of the MD5 function you will already know the implications a checksum works on and thereby it only requires a single one bit of difference [no pun intended] to create a vastly different checksum hash.. I am happy to place the security of my users within this field of near impossibility and believe I have done everything in my power to ensure even with the most simplest dictionary word password to start with, they end up with a far more complex end hash therefore avoiding the largest and by far easiest hash cracking method which is brute force dictionary matching. Meh, whats it all at the end of the day anyway.. Good questions about the credit card stuff though. I've encountered similiar issues but decided to simply delegate paypal.com.au's services to handling subscriptions, credit card payments etc... Their global, safe, established and it works. Its not perfect, but it'll do. For example a big problem is you can't really have variable monthly payments, say your site provides a service where you are sort of billed every month for what features you've accessed, premium services you've used, how long you used them for etc, much like your electricity bill or phone bill, well the only feature paypal provides is its fixed rate subscription system. Even with the API you can only really retrieve details and transaction records, you can really edit the rate behind the scenes. The only method is rather primitive and involves generating a link or form your user will be displayed on your site which they follow, linking to a subscription modification page on paypal with the new required values all entered in. Sure thats great but now thats the new rate per month. Not good if its a very variable or fluctuating sort of service you provide with extras or whatever.. The advantage? Paypal keeps all payment
[PHP-DB] Fw: for help
This guy is starting to get to me, I am a busy guy, I did give him some pointers, but I just DO not have the time to help and I DO not have the heart to say no.. He just wants a basic tutorial site for php beginners etc.. He comes from a VB/C++ background.. Thanks a million - Original Message - From: Rajendra Babu dhakal To: [EMAIL PROTECTED] Sent: Thursday, January 05, 2006 3:50 PM Subject: for help HI ! I'm Raaz from Chitwan-Districit,NEPAL. I've already sent you two mail. In these mail you've promise to help me as a result i want to be a also php programmer for official, funny etc expects. I'm able to connect by use php making dsn and also able to present data store in database. but i don't know about how to response 1,form 2,set cookies,expires it and others please help me for more informations sincerely yours Raaz Sharma Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
Re: [PHP-DB] Encrypting DB content
Easily... As some people have already pointed out, one of the interesting aspects of 2 way or reversible encryption systems is they provide some form of a key, that is a unique or variable input which is combined into the encryption process to create a truly unique encypted string. For example in your situation I would use perhaps a password field. You could even store this password as a hash in your db for login purposes and still use the password as the 'salt' for your encryption For example a user may have stored in a DB table their username and a MD5 hash of their password, which you use when they login in order to compare the MD5 of the password they entered in the login form to the one stored already in DB. You can do the same process for their wages. When they choose to access their wages they can be prompted for their password and during generation of their wages/salary page you can use their 'plaintext' password as the 'salt' for your encryption function I'd personally use the mcrypt extension of php: http://www.php.net/manual/en/ref.mcrypt.php Tata and good luck! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Kosala Atapattu [EMAIL PROTECTED] To: Micah Stevens [EMAIL PROTECTED]; php-db@lists.php.net Sent: Monday, January 02, 2006 5:20 PM Subject: RE: [PHP-DB] Encrypting DB content This is bit off the topic...but is there a way to encrypt with a key and decrypt it back to the same value I want to store. My requirement is something like I want to store salaries of the executives of the organization in a table, but not even the DBA should be able to see that except the person who saved it. Is this possible, through a DB level or using application level components. Kosala -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Saturday, December 31, 2005 12:13 To: php-db@lists.php.net Subject: Re: [PHP-DB] Encrypting DB content You can store an MD5, or SHA hash of the password, and then compare.. This is not an encrypted version of the password, rather a calculated hash of it. You can't (well, not without a bit of effort) decrypt this back into the password. The idea is when you store the password, you create the hash. Store the hash in the database. When the user logs in, take their password entry, generate a hash in the same way, and compare the two values. SHA2 is the most secure method to use of these two, I'd use that. The advantage is, the hash could be freely accessable to anyone, and it doesn't cause a security issue, where as all a hacker needs is the key to an encrypted database of passwords to reveal them all. That's the route I take anyhow.. This will likely start a huge conversation about how to secure your system up super tight, but remember the most secure server is one that isn't turned on. :) A realistic solution is somewhere in-between this and no security at all. -Micah On Friday 30 December 2005 8:15 pm, Chris Payne wrote: Hi there everyone, I am about to launch the website for my complex where the homeowners can login and check their billing status etc .. what is the best way, with PHP and MySQL, to store an ENCRYPTED password into the database so that if someone got into the DB they couldn't read the password but if they enter it into the form on the site it still works? I'm not sure on the best way to do this and any help would be really appreciated. Happy New Year everyone. Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Compiling PHP with IMAP and OpenSSL
I find this might be more related to the php-install list than the DB but nevertheless I am a kind hearted guy So, first up I'd say: RTFM http://www.php.net/imap Its pretty clear as it states: -- This extension requires the c-client library to be installed. Grab the latest version from ftp://ftp.cac.washington.edu/imap/ and compile it -- Sorry to be rude.. The requirements do clearly state what actions and steps must be taken to ensure this module will work though. -- It's important that you do not copy the IMAP source files directly into the system include directory as there may be conflicts. Instead, create a new directory inside the system include directory, such as /usr/local/imap-2000b/ (location and name depend on your setup and IMAP version), and inside this new directory create additional directories named lib/ and include/. From the c-client directory from your IMAP source tree, copy all the *.h files into include/ and all the *.c files into lib/. Additionally when you compiled IMAP, a file named c-client.a was created. Also put this in the lib/ directory but rename it as libc-client.a. -- Again, I am only a young, never been educated, probably never will, 20 year old, electrical apprentice [it brings a good income] who is passionately in love with web development, tech and computers in general, and I managed without ANY help whatsoever to get a Unix openbsd box, up, installed, customised, running non in the box network daemons and utilities, building my own source code, not using ports/packs as I wanted very latest gear and now I have http://aries.the-spectrum.org it runs SCP with ssl and PKS authentication, public chrooted ftp, toying currently with some chrooted apache configuration, mysql5,php5 and apache2, ssl everything ha, bittorrent client mldonkey, a variety of networking utils and scripts for syncing my other machines data, the list goes on. All I used was free information from the net. I do corporate/enterprise level database integrated web systems using PHP and mySQL on Apache, and I've never gone to single web development lecture or seminar in my life I don't want some medal, I just want to show that just putting at least a little bit of effort into a question or a problem before always reaching for the red button would take people a lot further. I learnt something about university.. You don't go to university to learn all about the topic at hand. You learn HOW to learn about the topic. You learn how to refer to material, where to look when you want to know something, how to remember sequencing of learning and resources. You have a handful of great FREE search engines at your disposal. I just tried the query string: php imap in Google.com guess what the number one result was? www.php.net/imap You could have I'm feeling lucky guessed that query! Have fun.. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Jonathan Chong [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Sunday, December 25, 2005 3:49 AM Subject: [PHP-DB] Compiling PHP with IMAP and OpenSSL Hi I'm trying to compile PHP with OpenSSL and IMAP support, but I get these errors: cannot locate evp.h configure: error: Cannot find imap library (libc-client.a). Please check your c-client installation. Both files exist. I'm using this configure syntax: './configure' '--with-mysql' '--with-apxs=/www/bin/apxs' '--with-xml' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--with-zlib' '--with-openssl=/usr/include/openssl' '--with-imap=/usr/lib/courier-imap' '--with-imap-ssl=/usr' '-enable-memcache=/usr/local/lib/memcache' -- Jonathan Chong http://www.arsenal-now.com/ http://www.arsenal-mania.com/ http://www.ashburrn.com/ http://www.jonathan-chong.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Inserting a php file into a mysql database
Yes.. Odd to say the least :-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: John Meyer [EMAIL PROTECTED] To: php-db@lists.php.net Sent: Monday, December 26, 2005 8:07 AM Subject: Re: [PHP-DB] Inserting a php file into a mysql database On Sunday 25 December 2005 3:01 pm, Thomas Bonham wrote: Hello, I am trying to insert a php page into a database. I need to know if there is something that I need to do when setting up the table, also is there something to do with the code. Thank You for your help Thomas Well, you could use fopen() to open the file, get a pointer, then insert the contents into the database. I'm wondering why you need to insert a php page into a database, though. -- Dr. Joseph Dolan: Isn't there a children's book about an elephant named Babar? Fletch: I don't know. I don't have any. Dr. Joseph Dolan: No children? Fletch: No, elephant books. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Fw: [PHP-DB] Dynamic Navigation Bar
From: Julien Bonastre [EMAIL PROTECTED] To: Bastien Koert [EMAIL PROTECTED] Sent: Friday, December 23, 2005 11:01 PM Subject: Re: [PHP-DB] Dynamic Navigation Bar I would suggest using the GET method.. Unless you have some reason you don't want the data passed via GET.. In which case I suggest just storing all that in a session.. So for example, I wouldn't want to pass a big ugly html-encoded query string via the GET URI, as it would look awful Instead, set a session variable holding that query and any related details you are also processing [ie user selected sorting of results [ascending/descending] etc, fields to sort by, whatever options you have] and just pass a 'pg' value via get such as ./search.php?pg=2 or something.. As as alternative to the javascript form POSTing method.. Its up to you, I'm just providing an alternative to using Javascript which as someone else outlined is CLIENT side, hence you are relying on correct operation by the browser for it to work.. I don't like relying on the clients browser, I like relying on my code.. Enjoy ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Bastien Koert [EMAIL PROTECTED] To: [EMAIL PROTECTED]; php-db@lists.php.net Sent: Friday, December 23, 2005 1:39 AM Subject: RE: [PHP-DB] Dynamic Navigation Bar javascript Bastien From: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: RE: [PHP-DB] Dynamic Navigation Bar Date: Thu, 22 Dec 2005 09:38:01 -0600 Thanks for the quick response, Bastien. I was thinking that using hidden fields may be another way to go. But how would I assign a value to a form variable via clicking on a link? No, you could try keeping that data in sessions or in hidded form fields in the page...note that the latter requires that you do a page submit with the onclick of the link / button Bastien From: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Dynamic Navigation Bar Date: Thu, 22 Dec 2005 09:27:33 -0600 Results from full-text searches on a documents database are returning sometimes 300-400 hits, so I'm gonna need to implement a dynamic navigation bar. Perhaps this a stupid question, but it seems from a brief googling that navigation bars - dynamic or not - operate by appending variables and values to the URL within the A href=...link/, which are then grabbed from the $_GET array. Can someone shed some light on whether this the only method used? And, yes, I know that there is a Pear package that does this, but I'm more inclined to implement my own at present. Thanks very much. David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Fw: [PHP-DB] Dynamic Navigation Bar
yes its definitely quite an interesting piece I can't comment on its origins either, but I'm sure even before it was placed into practice you could always use the event handling routines of the HTML anchor element which of course would be: ONCLICK=myFunction(parameters,...); return true; and/or the many others: ONMOUSEDOWN, ONMOUSEUP, ONKEYPRESS, etc etc http://www.w3.org/TR/REC-html40/sgml/dtd.html#events Anyway, enjoy ;-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: [EMAIL PROTECTED] To: php-db@lists.php.net; [EMAIL PROTECTED] Sent: Saturday, December 24, 2005 1:03 AM Subject: Re: Fw: [PHP-DB] Dynamic Navigation Bar Thanks for weighing in on the question, Julien. It's an intranet application, and I have some influence with the users' browser settings, so I used Javascript. I have to admit though that I was unaware you could pass a function from an anchor href tag (a href=javascipt:myFunction(paramenters,...);link/a, for those similarly in the dark). Dynamically creating the links with their associated offset for use with MySQL's limit syntax works very well. I'm curious if anybody knows how long Javascript has supported this syntax? I found example scripts using it beginning in chapter 15 of Danny Goodman's JavaScript Bible (5th Edition) 2004, so I'm guessing it's part of the Document Object Model specification, but I didn't explore it's origins. Thanks Bastien and Julien. David From: Julien Bonastre [EMAIL PROTECTED] To: Bastien Koert [EMAIL PROTECTED] Sent: Friday, December 23, 2005 11:01 PM Subject: Re: [PHP-DB] Dynamic Navigation Bar I would suggest using the GET method.. Unless you have some reason you don't want the data passed via GET.. In which case I suggest just storing all that in a session.. So for example, I wouldn't want to pass a big ugly html-encoded query string via the GET URI, as it would look awful Instead, set a session variable holding that query and any related details you are also processing [ie user selected sorting of results [ascending/descending] etc, fields to sort by, whatever options you have] and just pass a 'pg' value via get such as ./search.php?pg=2 or something.. As as alternative to the javascript form POSTing method.. Its up to you, I'm just providing an alternative to using Javascript which as someone else outlined is CLIENT side, hence you are relying on correct operation by the browser for it to work.. I don't like relying on the clients browser, I like relying on my code.. Enjoy ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Bastien Koert [EMAIL PROTECTED] To: [EMAIL PROTECTED]; php-db@lists.php.net Sent: Friday, December 23, 2005 1:39 AM Subject: RE: [PHP-DB] Dynamic Navigation Bar javascript Bastien From: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: RE: [PHP-DB] Dynamic Navigation Bar Date: Thu, 22 Dec 2005 09:38:01 -0600 Thanks for the quick response, Bastien. I was thinking that using hidden fields may be another way to go. But how would I assign a value to a form variable via clicking on a link? No, you could try keeping that data in sessions or in hidded form fields in the page...note that the latter requires that you do a page submit with the onclick of the link / button Bastien From: [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Dynamic Navigation Bar Date: Thu, 22 Dec 2005 09:27:33 -0600 Results from full-text searches on a documents database are returning sometimes 300-400 hits, so I'm gonna need to implement a dynamic navigation bar. Perhaps this a stupid question, but it seems from a brief googling that navigation bars - dynamic or not - operate by appending variables and values to the URL within the A href=...link/, which are then grabbed from the $_GET array. Can someone shed some light on whether this the only method used? And, yes, I know that there is a Pear package that does this, but I'm more inclined to implement my own at present. Thanks very much. David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net
Re: [PHP-DB] Google Style Search Results
Sure, Firstly, thank you for the credit, that was only my second mid-scale project, coded ground up in Textpad 4 ;-) enough patting my own back, onto business.. http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=sufficient%2Blargest=postsb%5B%5D=*maxres=25ob=datetimeot=DESC Notice some changes?? You've just sparked a interest in me to revise and rewrite some of the code for that page this lovely 33 degree celcius summer Friday afternoon here in Australia.. :-) Previously, it was only really just pumping out the first sentence or so of text from the matched query.. Now though it is actually going through each query word and matching a set number of words surrounding it [in this case I've made it five] and throwing that out in the extraction field... with each of these said matches being seperated by a ellipsis [...] All I did was conjure up a regular expression that basically just matches words :-) haha ironically.. Here it is: $extract_result=; preg_match_all(/((?:[\w]+ ?){0,5})[\w \.\,\-\;]((?:.join(|,$q_arr).))([\w]*)[\w \.\,\-\;]((?:[\w]+ ?){0,5})/i,$row[content],$ext_matches,PREG_SET_ORDER); foreach($ext_matches as $ext_arr) { $extract_result .= $ext_arr[1]. B.$ext_arr[2]./B.$ext_arr[3]. .$ext_arr[4]. ... ; } Are you familiar with regex? It really shouldn't be hard to implement a similiar concept with whatever your current search system does.. My system as can be seen from this above code actually breaks up the query string sent via the form on search page into each word.. therefore you have an array [$q_arr] that looks like Array( sufficient, large) .. Hence in that regex above i just did a join using the | pipe symbol.. I use this so when it joins all the words together they come out as: word1|word2|word3 meaning regex will match 5 or less words before and after any of the given words. the | symbol means bitwise OR, for example: run(ning|ner) will match running or runner but not runs Sorry if you already know some of this I am just trying to make sure I explain myself fully as I am unawares as to your experience level. Anyway, so yes I simply use the handy preg_match_all function which will run this regex statement upon the entire $row[content] which in my case is just the entire content of the post which it found to match words in.. and from that it simply matches these certain given keywords and their surrounding word/s.. I then use a foreach structure to simply iterate over each of the matches and create the lovely string you see before you, it does this simply by reprinting the original matched string, creating a B/B bold effect on the given search word and adding an ellipsis at the end for simple athestic reasons.. If you want any more examples or clarification please feel free to ask.. Enjoy ;-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Sent: Friday, December 09, 2005 12:42 AM Subject: Re: [PHP-DB] Google Style Search Results Great site, Julien! Probably more involved than we need for our project, but very, very impressive. I really like the CSS styling in particular. If you could tell me how you are displaying the content within the extract field, that would be very helpful. Regards, David David P. Giragosian, Psy.D. Database and Software Developer 713-798-7898 |-+-- | | | | | | | | Julien Bonastre| | | [EMAIL PROTECTED]| | | | | | | | | | | | 12/08/2005 05:23 AM| | | Please respond to Julien| | | Bonastre
Re: [PHP-DB] Manipulating text
Quite right.. BU: and I quote: $variable = play_time; how may I remove play_ from $variable and just have $variable equal to time? To me, that is asking to strip or remove the string play_ from the string play_time Am I wrong? Especially when reinforced with and just have the $variable equal to 'time'? Sorry, I wasn't aiming to create a problem or disorder, but I was merely stating the way I thought most effective to get the end result it seemed that at the time you wanted from that question. Sure an array is ONE possibility, while we're on the same track I could also convert the string to binary and let you manipulate it that way.. Hey same result, just different method. Glad to know you've found a way to get around it anyway, thats what these lists are for.. ;-) Regards ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Ron Piggott (PHP) [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Sent: Friday, December 09, 2005 8:43 PM Subject: Re: [PHP-DB] Manipulating text There may some merit in an array for a response --- I didn't say what I was going to do with this once I had my single word. Ron On Fri, 2005-12-09 at 18:33 +1000, Julien Bonastre wrote: Alternatively you may again use a regex statement [Aside] Is it just me? Or does nobody know how to use or of the existence of Regular Expressions?? Why does nobody suggest them??? I find them not only a God send, but more of a primitive form of God[or Allah/Buddah/insert deity here]'s very first most useful creation ever. I find water less important than that of Regular Expressions.. Ok so I have exaggerated as usual, but do you get my point?? blah! [/Aside] $str = this_word; $clean_str = preg_replace(/.*_([\w]+)$/i,$1,$str); That would work as well... Plus the advantage is that you don't return with an array, not that arrays are all that bad, my first child will be named Arrarius.. Ok.. more bullcrap.. haha, nevertheless, depending on the situation, you may WANT to have an array returned in which will simply be exploding, or spliting the elements of the string seperated by the _ underscore character in an array.. If you are simply wanting to strip any word before and including the underscore character and return with a clean string, then my method is great for that. I just seem to have read your question and obviously intepreted it differently than the others?? Let me know what you prefer. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Ron Piggott (PHP) [EMAIL PROTECTED] To: [EMAIL PROTECTED]; PHP DB php-db@lists.php.net Sent: Friday, December 09, 2005 2:13 PM Subject: Re: [PHP-DB] Manipulating text Thanks for telling me the 'explode' command. Ron On Fri, 2005-12-09 at 08:07 +0530, Amol Hatwar wrote: On Thu, 2005-12-08 at 21:25 -0500, Ron Piggott (PHP) wrote: If I have $variable = play_time; how may I remove play_ from $variable and just have $variable equal to time? If you are hinting at '_' as a delimitter, you can use explode(). Learn more about it here: http://php.net/explode Regards, ah -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Google Style Search Results
Yay, Questionnaire time I love this part of the game a) I'm not very familiar with regex at all and was wondering if you could tell me how your regex would handle two matched search strings that exist within a few words of each other in the text. For example A larger server would be sufficient I think. Answer: As I think I may have mentioned All I did was conjure up a regular expression True, I didn't imply I wrote that regex in under 32 seconds...But I'm sure I was trying to come across with the fact that with improvement it could be much more powerful. Like this example: http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=were%2Baddst=postsb%5B%5D=*maxres=25ob=datetimeot=DESC Is that better?? multiple words within the same piece of string.. Again, much much much more work can be done, this was a very quick stub example to show the flexibility of regex.. Now a new issue that has been presented is if you DO have multiple words close together it will only grab x amount of words to the before and after that central word, including perhaps another keyword.. as you can see on above link.. Again, give me another 3 minutes in the code and I'm sure I'll work that one too.. b)Also in the link you provided (reproduced below) the first matched word is surrounded by 4 words and the second by 5 words, is there a reason for this? Answer: Ooh this is my favourite :-) Yes, great reason why when you conduct a search such as this: http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=sufficient%2Blargest=postsb%5B%5D=*maxres=25ob=datetimeot=DESC You received the 4 word and 5 word output.. Why don't you head over to the link that is generated on that search result entry?? Look around at the actual content of that forum entry and you will soon see that the first match occurs on a line that physically only has 9 words, therefore it can only really match what exists. Good point though, for a split second I actually thought to myself there might be something wrong, but as usual and until I'm proved wrong; I'm right again. PHP and REGEX have never failed me. I'm sure you all are well aware already of the saying that describes how there is no such thing as computer errors, only stupid humans. And that is precisely it, I have been and still am a stupid human, and I will usually sit there for quite a while reloading and running a regex in my head to ensure it runs and parses as it should. Simple ones like this don't take too much planning, but they can get hairy :-) Hopefully that answers your queries Graham.. Kindest Regards to everybody! Julien Bonastre ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Graham Cossey [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED]; php-db@lists.php.net Sent: Friday, December 09, 2005 7:10 PM Subject: Re: [PHP-DB] Google Style Search Results On 12/9/05, Julien Bonastre [EMAIL PROTECTED] wrote: snip http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=sufficient%2Blargest=postsb%5B%5D=*maxres=25ob=datetimeot=DESC snip All I did was conjure up a regular expression that basically just matches words :-) haha ironically.. Here it is: $extract_result=; preg_match_all(/((?:[\w]+ ?){0,5})[\w \.\,\-\;]((?:.join(|,$q_arr).))([\w]*)[\w \.\,\-\;]((?:[\w]+ ?){0,5})/i,$row[content],$ext_matches,PREG_SET_ORDER); foreach($ext_matches as $ext_arr) { $extract_result .= $ext_arr[1]. B.$ext_arr[2]./B.$ext_arr[3]. .$ext_arr[4]. ... ; } Are you familiar with regex? snip I'm not very familiar with regex at all and was wondering if you could tell me how your regex would handle two matched search strings that exist within a few words of each other in the text. For example A larger server would be sufficient I think. Also in the link you provided (reproduced below) the first matched word is surrounded by 4 words and the second by 5 words, is there a reason for this? An example of a larger post can be found ... we were to add a sufficient amount of text than we ... Thank you. -- Graham -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Google Style Search Results
Thats ok, sorry to have come across a bit 'narky' in that response by the way I was just under some pressure at the time, I should really compose myself more before trying to lend a hand or some advice and head to the deep end in my ramblings.. haha There really isn't much to Regex to be honest, whilst some patterns can look awfully complicated, and I will admit, generally you can't really neaten up long patterns as it just looks unreadable after wards.. For example: // Parse input string via forum URL substitution method.. $parsedBodyStr = preg_replace(/\[URL(?:\=*([^\]]*))\]([^\[]*)\[\/URL\]/sie,'A HREF=\'.forumFormatPostURL(\$2\).'\ TARGET=_BLANK'.(strlen(\$1\) 0 ? \$1\ : \$2\).'/A',$parsedBodyStr); It is simply a line that is designed to convert custom forum embedded hyperlink anchors into functional HTML standard anchors.. Whilst somewhat ugly to look at, it works 100% everytime. see my forum, like many other similiar class PHP forums, only allows url's to be entered via some custom structure: [url]http://the-spectrum.org[/url] and as a small feature I also add the title parameter, [url=The Religion of Gurus!]http://php.net[/url] These would be respectively entered in the code when someone views that forum page and its messages as: http://the-spectrum.org and The Religion of Gurus! Now, trying to neaten that: // Parse input string via forum URL substitution method.. $parsedBodyStr = preg_replace( /\[URL(?:\=*([^\]]*))\]([^\[]*)\[\/URL\]/sie, 'A HREF=\'.forumFormatPostURL(\$2\).'\ TARGET=_BLANK'.(strlen(\$1\) 0 ? \$1\ : \$2\).'/A', $parsedBodyStr ); Not much of an improvement.. Unfortunately you can't really go about entering spaces and so forth in your patterns otherwise it will render them unfunctional. You can go around it different ways.. I neaten my code and enhance reusability by simply conquering a particular pattern, and then that is just placed in a global $SYSTEM[REGEX_FILTER] array which I can access later on in a shorthand version, keeps code legible Particular if you are going to be using either a lot of patterns or even using one single pattern very often, Remember this does nothing for perfomance, purely asthetics only.. The easiest way to learn, just as I learnt mastering php, mysql, apache2 and picking up unix/bsd, c++, object pascal, and the list goes on.. Is to teach yourself.. I never paid a cent to learn php/mysql, never went to a single tutor/lecture/seminar etc.. Just hop on the net, you'll find tonnes of resources if you want examples, or better yet, invent a problem you want to solve with some kind of manipulation with a string, and try to code a pattern for it.. I guarantee you there will be a pattern for virtually any problem you could imagine needing a fix for.. I have never encountered a problem yet where a regex pattern can't pull me out of trouble Believe this or not, but I learnt the basics of regex patterns in Perl, but it wasn't till I hit the PHP PCRE [Perl-Compliant Reg Exp] references which refer to the pattern modifiers and syntax that I really picked up on it.. That syntax guide along with the modifier page are excellent to start working off.. Very specific, short examples given for many different aspects.. I personally love it anyway.. Well, enjoy.. ta ta for now! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Graham Cossey [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Saturday, December 10, 2005 12:42 AM Subject: Re: [PHP-DB] Google Style Search Results On 12/9/05, Julien Bonastre [EMAIL PROTECTED] wrote: Yay, Questionnaire time I love this part of the game a) I'm not very familiar with regex at all and was wondering if you could tell me how your regex would handle two matched search strings that exist within a few words of each other in the text. For example A larger server would be sufficient I think. Answer: As I think I may have mentioned All I did was conjure up a regular expression True, I didn't imply I wrote that regex in under 32 seconds...But I'm sure I was trying to come across with the fact that with improvement it could be much more powerful. Like this example: http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=were%2Baddst=postsb%5B%5D=*maxres=25ob=datetimeot=DESC Is that better?? multiple words within the same piece of string.. Again, much much much more work can be done, this was a very quick stub example to show the flexibility of regex.. Now a new issue that has been
Fw: [PHP-DB] Google Style Search Results
- Original Message - From: Ming Xiao To: Julien Bonastre Sent: Friday, December 09, 2005 7:04 PM Subject: Re: [PHP-DB] Google Style Search Results hello everybody who knows ajax , I want to make a website use ajax technolgy. thanks,everybody! 2005/12/9, Julien Bonastre [EMAIL PROTECTED]: Sure, Firstly, thank you for the credit, that was only my second mid-scale project, coded ground up in Textpad 4 ;-) enough patting my own back, onto business.. http://aries.the-spectrum.org/webdev/wawd/forums/search.php?q=sufficient%2Blargest=postsb%5B%5D=*maxres=25ob=datetimeot=DESC Notice some changes?? You've just sparked a interest in me to revise and rewrite some of the code for that page this lovely 33 degree celcius summer Friday afternoon here in Australia.. :-) Previously, it was only really just pumping out the first sentence or so of text from the matched query.. Now though it is actually going through each query word and matching a set number of words surrounding it [in this case I've made it five] and throwing that out in the extraction field... with each of these said matches being seperated by a ellipsis [...] All I did was conjure up a regular expression that basically just matches words :-) haha ironically.. Here it is: $extract_result=; preg_match_all(/((?:[\w]+ ?){0,5})[\w \.\,\-\;]((?:.join(|,$q_arr).))([\w]*)[\w \.\,\-\;]((?:[\w]+ ?){0,5})/i,$row[content],$ext_matches,PREG_SET_ORDER); foreach($ext_matches as $ext_arr) { $extract_result .= $ext_arr[1]. B.$ext_arr[2]./B.$ext_arr[3]. .$ext_arr[4]. ... ; } Are you familiar with regex? It really shouldn't be hard to implement a similiar concept with whatever your current search system does.. My system as can be seen from this above code actually breaks up the query string sent via the form on search page into each word.. therefore you have an array [$q_arr] that looks like Array( sufficient, large) .. Hence in that regex above i just did a join using the | pipe symbol.. I use this so when it joins all the words together they come out as: word1|word2|word3 meaning regex will match 5 or less words before and after any of the given words. the | symbol means bitwise OR, for example: run(ning|ner) will match running or runner but not runs Sorry if you already know some of this I am just trying to make sure I explain myself fully as I am unawares as to your experience level. Anyway, so yes I simply use the handy preg_match_all function which will run this regex statement upon the entire $row[content] which in my case is just the entire content of the post which it found to match words in.. and from that it simply matches these certain given keywords and their surrounding word/s.. I then use a foreach structure to simply iterate over each of the matches and create the lovely string you see before you, it does this simply by reprinting the original matched string, creating a B/B bold effect on the given search word and adding an ellipsis at the end for simple athestic reasons.. If you want any more examples or clarification please feel free to ask.. Enjoy ;-) ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: [EMAIL PROTECTED] To: Julien Bonastre [EMAIL PROTECTED] Sent: Friday, December 09, 2005 12:42 AM Subject: Re: [PHP-DB] Google Style Search Results Great site, Julien! Probably more involved than we need for our project, but very, very impressive. I really like the CSS styling in particular. If you could tell me how you are displaying the content within the extract field, that would be very helpful. Regards, David David P. Giragosian, Psy.D. Database and Software Developer 713-798-7898 |-+-- | | | | | | | | Julien Bonastre| | | [EMAIL PROTECTED]| | | | | | | | | | | | 12/08/2005 05:23 AM| | | Please respond to Julien| | | Bonastre
Re: [PHP-DB] Ending session
Wow Miles You certainly want to kill that session !! Well done ;-) Well I must admit I use a similiar tactic for user-leech session cookies: function sessionKill() { global $SYSTEM,$DB; mysql_query(delete from sys_activity where user_name='.$MEMBER[user_name].',$DB); session_unset(); } I used to do all that seperate unset'ing of session var's, but then learnt it's useless and redundant. Unset()'ing the session unregisters all attached variables.. hence what I want it to do. The mysql element is a system I use to track users logged into site.. Every page that they request on the system will insert a row into a table listing their user_name, page they are on and time they last hit that request. That way I can display in their profile a list of last viewed pages, and also I can run a timeout cron like php job which purges out these activity entries after a set period [mine is 10 mins] which removes that entry from the table, that way the table only holds the most recent pages you have visited or been too.. In addition to this, I can also display when the user was last 'active' on the system by using the most recent timestamp in these entries.. As for the logout principle, I actually use that function above, with just a simple few lines in header source as follows: if(isset($_GET[logout])) { sessionKill(); header(Location: http://.$_SERVER[HTTP_HOST].$SYSTEM[WWW_ROOT;]); exit(); //Purely a safe-guard, there is no reason the header function wouldn't work, but we don't want them to continue on regardless.. } I use a fairly high integration of header and library files to generate content, and there is no non-dynamic page on the site, all of them refer to the headers, and various dozen or more include libraries so therefore they all parse a session.lib.php library that runs that above code and functions for handling, manipulating sessions etc.. Therefore any page you goto on the site regardless of existing GET or POST requests, as soon as a logout variable is set in the request URI then my system will pick it up before any further processing [my session handling lib is of course positioned fairly close to the start of the header initialisation as session functions obviously require sending HTTP header statements before content is generated to the HTTP client.] and simply kill the session and redirect them to a front page.. I use this in conjunction with a simple button on the login form [once you are logged in] or even a simple html anchor such as: [ A HREF=?=$_SERVER[PHP_SELF]??logout=1Logout/A ] provides an easy escape. One click they're out.. And as I mentioned above, because the session will be unset all variables freed BEFORE any further processing, the header can continue initialising and when it reaches the content generation and layout formatting it will try accessing the now unset variables and draw up the default layouts [ie login form instead of post-login form, etc] So smooth and elegant ;-) Enjoy.. ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Miles Thompson [EMAIL PROTECTED] To: PHP DB php-db@lists.php.net Sent: Saturday, December 10, 2005 8:44 AM Subject: Re: [PHP-DB] Ending session At 05:30 PM 12/9/2005, Ron Piggott (PHP) wrote: How do you actually end $_session variables so the session actually ends? I found the session_write_close() command. I am not sure if this is the correct command or not. One prime example I am using is a $_session variable to track which user account is active. I want to have a log off button which closes the session off. Ron Ron, This may be overkill, but on a failed login I did not want the ckval variable hanging around in any form, hence: session_unregister( ckval ); unset($_SESSION[ckval]); unset( $ckval ); session_destroy(); Hope this helps - Miles -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Emails Bouncing
I have the same issue :-) And I recently noticed another email address popped up in the error too.. Should we really be getting these mail daemon errors? or should the list bot?? Has this always been the case? I'm only new to this list... Ciao! ---oOo--- Allowing users to execute CGI scripts in any directory should only be considered if: ... a.. You have no users, and nobody ever visits your server. ... Extracted Quote: Security Tips - Apache HTTP Server ---oOo--- --oOo---oOo-- Julien Bonastre [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 [EMAIL PROTECTED] www.the-spectrum.org --oOo---oOo-- - Original Message - From: Joseph Crawford [EMAIL PROTECTED] To: [PHP-DB] Mailing List php-db@lists.php.net Sent: Friday, December 09, 2005 7:13 AM Subject: [PHP-DB] Emails Bouncing I keep getting the following, can someone from the staff rectify this please Your message To: Subject: Re: [PHP-DB] Restricting What's Retreived Sent: Thu Dec 08 09:56:44 2005 did not reach the following recipient(s): [EMAIL PROTECTED] on Thu Dec 08 09:56:44 2005 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. grisu.itxnet.local #5.1.1 Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php