[PHP-DB] Re: [PHP-WIN] A measre of security
- Original Message - From: Gustav Wiberg [EMAIL PROTECTED] To: 'bedul' [EMAIL PROTECTED]; php-windows@lists.php.net Cc: php-db@lists.php.net Sent: Monday, February 19, 2007 2:28 PM Subject: RE: [PHP-WIN] A measre of security -Original Message- From: bedul [mailto:[EMAIL PROTECTED] Sent: Saturday, February 17, 2007 10:26 AM To: Gustav Wiberg; php-windows@lists.php.net Cc: php-db@lists.php.net Subject: Re: [PHP-WIN] A measre of security Importance: High cmiiw - Original Message - From: Gustav Wiberg [EMAIL PROTECTED] To: php-windows@lists.php.net Sent: Wednesday, February 14, 2007 6:39 PM Subject: [PHP-WIN] A measre of security Hi! This is a kind of security-question I'm starting up a system, where several customers should be able to login with there own information. Each company I give unique identity with hard-coding and each company has its own folder... Harding-coding, something like: $company - setIDCompany(1); $company - setIDCompany(2); $company - setIDCompany(3); [bedul] you should not try hardcoding by your self.. is suffer your health.. hehehe why don't you use an id.. if you enter this using db.. every new record or company will given a new id.. like you enter new comp anda the new will have 4 and soon but if this not what you wanted.. just created a random var like this i enter new comp.. where the var given = a4s43.. this comp will have id a4s43 and have folder named a4s43 = Diffrent folders: customers/company1 customers/company2 customers/company3 and so on... This isn't complicated, but when I add a new company...I must be 200% sure that the IDCompany is set correct (There is a chance of setting the wrong ID for a new company or forgetting to change it) [bedul] to search what your id entered .. try use int mysql_insert_id ( [resource link_identifier] ) Retrieves the ID generated for an AUTO_INCREMENT column by the previous INSERT query. === The companys ARE NOT ALLOWED to see each others information. [bedul] try above suggestion.. use random var for folder.. how to get em?? $idFromTable=mysql_insert_id ($handle); $rndNum=rand(2100); $randomID=a.$idFromTable.s.$rndNum; Is there any good way of solving this with some sort of comparision-mechanism or something like that? Any thoughts? [bedul] interesting. can u explain more about 'sort of comparision-mechanism'?? Hi there! Thanx for your suggestion! What I meant with comparisaion-mechanism was that I Want to have som kind of fucntion that is almost impossible to set ID 1 - Company 2, impossible to set ID2 for company 1. The function should check Somehow that the right ID is set.. Like ID 1 = Company1, ID 2 = Company and so on... Best Regards /Gustav Wiberg [bedul] i believe u talk about random id?? cmiiw why not using random by combine ip regis date regis? read the 4 line.. i think, u might ask about cookie or session?? i believe this is more close what u describe above. if this like webhosting.. u might use share folder but if this not hosting.. i more simple. (yet less simple actualy from hard coding /omg) what u say before.. actualy i don't get it? why you have to make share folder? why not the file put on 1 folder. use database to describe the file then u probably able to share the file and make folder (it not real folder actualy.. it is just a database). fyi search for sharing data aplication. try this link http://sourceforge.net/projects/simpledirectory http://sourceforge.net/projects/phpexplorer http://sourceforge.net/projects/phpshell http://savannah.nongnu.org/projects/phpexplore/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: [PHP-WIN] A measre of security
Hi there!
It seems to be a tought problem (in the means of time to solve it anyway)
Here's anyway a function that might help you on the long road...
function weekRange() {
$week = 7//Set week
$year = 2007 //Set year
$first_monday = (8 - date(w, mktime(1,0,0,12,31,$year -1))) %
7;
if ($first_monday == 0) $first_monday = 7;
$fm_ts = mktime(1,0,0,1,$first_monday,$year);
$monday = strtotime('+'.($week - 1).' week', $fm_ts);
$sunday = strtotime('+6 days', $monday);
$start = date(Y-m-d, $monday);
$end= date(Y-m-d, $sunday);
return array($start, $end);
}
Best regards
/Gustav Wiberg
-Original Message-
From: bedul [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 3:26 AM
To: Gustav Wiberg; php-windows@lists.php.net
Cc: php-db@lists.php.net
Subject: Re: [PHP-WIN] A measre of security
- Original Message -
From: Gustav Wiberg [EMAIL PROTECTED]
To: 'bedul' [EMAIL PROTECTED]; php-windows@lists.php.net
Cc: php-db@lists.php.net
Sent: Monday, February 19, 2007 2:28 PM
Subject: RE: [PHP-WIN] A measre of security
-Original Message-
From: bedul [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 17, 2007 10:26 AM
To: Gustav Wiberg; php-windows@lists.php.net
Cc: php-db@lists.php.net
Subject: Re: [PHP-WIN] A measre of security
Importance: High
cmiiw
- Original Message -
From: Gustav Wiberg [EMAIL PROTECTED]
To: php-windows@lists.php.net
Sent: Wednesday, February 14, 2007 6:39 PM
Subject: [PHP-WIN] A measre of security
Hi!
This is a kind of security-question
I'm starting up a system, where several customers should be able to login
with there own information.
Each company I give unique identity with hard-coding and each company has
its own folder...
Harding-coding, something like:
$company - setIDCompany(1);
$company - setIDCompany(2);
$company - setIDCompany(3);
[bedul]
you should not try hardcoding by your self.. is suffer your health.. hehehe
why don't you use an id.. if you enter this using db.. every new record or
company will given a new id..
like you enter new comp anda the new will have 4 and soon
but if this not what you wanted.. just created a random var like this
i enter new comp.. where the var given = a4s43.. this comp will have id
a4s43 and have folder named a4s43
=
Diffrent folders:
customers/company1
customers/company2
customers/company3
and so on...
This isn't complicated, but when I add a new company...I must be
200% sure that the IDCompany is set correct (There is a chance of setting
the wrong ID for a new company or forgetting to change it)
[bedul]
to search what your id entered .. try use
int mysql_insert_id ( [resource link_identifier] )
Retrieves the ID generated for an AUTO_INCREMENT column by the previous
INSERT query.
===
The companys ARE NOT ALLOWED to see each others information.
[bedul]
try above suggestion.. use random var for folder.. how to get em??
$idFromTable=mysql_insert_id ($handle);
$rndNum=rand(2100);
$randomID=a.$idFromTable.s.$rndNum;
Is there any good way of solving this with some sort of
comparision-mechanism or something like that? Any thoughts?
[bedul]
interesting. can u explain more about 'sort of comparision-mechanism'??
Hi there!
Thanx for your suggestion! What I meant with comparisaion-mechanism was that
I
Want to have som kind of fucntion that is almost impossible to set ID 1 -
Company 2, impossible to set ID2 for company 1. The function should check
Somehow that the right ID is set.. Like ID 1 = Company1, ID 2 = Company and
so on...
Best Regards
/Gustav Wiberg
[bedul]
i believe u talk about random id?? cmiiw
why not using random by combine ip regis date regis?
read the 4 line.. i think, u might ask about cookie or session?? i believe
this is more close what u describe above. if this like webhosting.. u might
use share folder but if this not hosting.. i more simple. (yet less simple
actualy from hard coding /omg)
what u say before.. actualy i don't get it? why you have to make share
folder? why not the file put on 1 folder. use database to describe the file
then u probably able to share the file and make folder (it not real folder
actualy.. it is just a database).
fyi search for sharing data aplication. try this link
http://sourceforge.net/projects/simpledirectory
http://sourceforge.net/projects/phpexplorer
http://sourceforge.net/projects/phpshell
http://savannah.nongnu.org/projects/phpexplore/
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: [PHP-WIN] A measre of security
-Original Message- From: bedul [mailto:[EMAIL PROTECTED] Sent: Saturday, February 17, 2007 10:26 AM To: Gustav Wiberg; php-windows@lists.php.net Cc: php-db@lists.php.net Subject: Re: [PHP-WIN] A measre of security Importance: High cmiiw - Original Message - From: Gustav Wiberg [EMAIL PROTECTED] To: php-windows@lists.php.net Sent: Wednesday, February 14, 2007 6:39 PM Subject: [PHP-WIN] A measre of security Hi! This is a kind of security-question I'm starting up a system, where several customers should be able to login with there own information. Each company I give unique identity with hard-coding and each company has its own folder... Harding-coding, something like: $company - setIDCompany(1); $company - setIDCompany(2); $company - setIDCompany(3); [bedul] you should not try hardcoding by your self.. is suffer your health.. hehehe why don't you use an id.. if you enter this using db.. every new record or company will given a new id.. like you enter new comp anda the new will have 4 and soon but if this not what you wanted.. just created a random var like this i enter new comp.. where the var given = a4s43.. this comp will have id a4s43 and have folder named a4s43 = Diffrent folders: customers/company1 customers/company2 customers/company3 and so on... This isn't complicated, but when I add a new company...I must be 200% sure that the IDCompany is set correct (There is a chance of setting the wrong ID for a new company or forgetting to change it) [bedul] to search what your id entered .. try use int mysql_insert_id ( [resource link_identifier] ) Retrieves the ID generated for an AUTO_INCREMENT column by the previous INSERT query. === The companys ARE NOT ALLOWED to see each others information. [bedul] try above suggestion.. use random var for folder.. how to get em?? $idFromTable=mysql_insert_id ($handle); $rndNum=rand(2100); $randomID=a.$idFromTable.s.$rndNum; Is there any good way of solving this with some sort of comparision-mechanism or something like that? Any thoughts? [bedul] interesting. can u explain more about 'sort of comparision-mechanism'?? Hi there! Thanx for your suggestion! What I meant with comparisaion-mechanism was that I Want to have som kind of fucntion that is almost impossible to set ID 1 - Company 2, impossible to set ID2 for company 1. The function should check Somehow that the right ID is set.. Like ID 1 = Company1, ID 2 = Company and so on... Best Regards /Gustav Wiberg -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: [PHP-WIN] A measre of security
cmiiw - Original Message - From: Gustav Wiberg [EMAIL PROTECTED] To: php-windows@lists.php.net Sent: Wednesday, February 14, 2007 6:39 PM Subject: [PHP-WIN] A measre of security Hi! This is a kind of security-question I'm starting up a system, where several customers should be able to login with there own information. Each company I give unique identity with hard-coding and each company has its own folder... Harding-coding, something like: $company - setIDCompany(1); $company - setIDCompany(2); $company - setIDCompany(3); [bedul] you should not try hardcoding by your self.. is suffer your health.. hehehe why don't you use an id.. if you enter this using db.. every new record or company will given a new id.. like you enter new comp anda the new will have 4 and soon but if this not what you wanted.. just created a random var like this i enter new comp.. where the var given = a4s43.. this comp will have id a4s43 and have folder named a4s43 = Diffrent folders: customers/company1 customers/company2 customers/company3 and so on... This isn't complicated, but when I add a new company...I must be 200% sure that the IDCompany is set correct (There is a chance of setting the wrong ID for a new company or forgetting to change it) [bedul] to search what your id entered .. try use int mysql_insert_id ( [resource link_identifier] ) Retrieves the ID generated for an AUTO_INCREMENT column by the previous INSERT query. === The companys ARE NOT ALLOWED to see each others information. [bedul] try above suggestion.. use random var for folder.. how to get em?? $idFromTable=mysql_insert_id ($handle); $rndNum=rand(2100); $randomID=a.$idFromTable.s.$rndNum; Is there any good way of solving this with some sort of comparision-mechanism or something like that? Any thoughts? [bedul] interesting. can u explain more about 'sort of comparision-mechanism'?? === -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
