php-general Digest 20 Jan 2008 11:03:47 -0000 Issue 5246
php-general Digest 20 Jan 2008 11:03:47 - Issue 5246 Topics (messages 267678 through 267700): Re: Posting Summary for Week Ending 18 January, 2008: [EMAIL PROTECTED] 267678 by: Daniel Brown 267679 by: David Powers 267680 by: Jochem Maas 267681 by: David Powers 267682 by: Jochem Maas 267684 by: Andrés Robinet 267686 by: Wolf 267687 by: Daniel Brown 267688 by: Daniel Brown 267689 by: Wolf 267691 by: Ashley M. Kirchner 267693 by: Nathan Nobbe 267699 by: Per Jessen Re: password hashing and crypt() 267683 by: Jochem Maas 267690 by: Eric Butera 267694 by: Andrés Robinet 267695 by: Nathan Nobbe Re: avoid server folder reading 267685 by: Jochem Maas 267692 by: Nathan Nobbe 267697 by: Casey 267700 by: Alain Roger Re: Expand variable in comparison 267696 by: Casey Re: FPDF 267698 by: Brady Mitchell Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- On Jan 19, 2008 5:25 PM, David Powers [EMAIL PROTECTED] wrote: Daniel Brown wrote: Finally, I don't want you to think that I'm personally-attacking you in the same way you did to me Sorry, Dan, you just don't get it, do you? You published the name and email address of every single person who contributed to this mailing list in the past week. I didn't give you permission to publish my details, and I'm pretty sure the same goes for just about everyone else. Instead of apologizing to everyone here, you have sought to ridicule my position. Notice, if you will and are able, that all other posts to this thread are responses of interest, not the ramblings of a crybaby. I told you I would remove you from future reports, and I have. I don't know exactly who you think you are to crusade and demand my apologies to everyone here when not only have I done nothing wrong, but I've created something that is useful and stimulating to those who Actually Matter[TM]. Thankfully, I don't feel as though I either have to justify myself to you, or continue speaking with you about it. So with that /discussion -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. ---End Message--- ---BeginMessage--- Daniel Brown wrote: Notice, if you will and are able, that all other posts to this thread are responses of interest, not the ramblings of a crybaby. I have also noticed that many of the responses come from #1 Rated Year's Coolest Guy By Self. A little humility might be in order. I done nothing wrong, but I've created something that is useful and stimulating to those who Actually Matter[TM]. Just to remind everyone what this useful and stimulating exercise was for, in your own words, it was 'For bragging rights, to keep track of how much time you've spent doing community service or whatever else.' By publishing everyone's email address, you screwed up, but don't have the decency to admit it. And at no time have I stooped to calling you names. __ David Powers ---End Message--- ---BeginMessage--- David Powers schreef: Daniel Brown wrote: Finally, I don't want you to think that I'm personally-attacking you in the same way you did to me Sorry, Dan, you just don't get it, do you? good mantra - please repeat to yourself 20 times every morning whilst you brush your teeth. actually I might do that might self, I'm sure I don't get 'it' either most days and besides it has something strangely zen about it there is an adage along the lines of we tend to accuse others of things we despise most in ourselves ... I know I'm guilty of that on many an occasion. how about you? if I am correct you are or were a journalist. forgive if I have mistaken you for another, but if that is correct then how often have you trodden on someone's privacy for the sake of a story? it's just a thought not an accusation. but hopefully you get the gist that maybe things are not so cut and dried as we sometimes like to think? You published the name and email address of every single person who contributed to this mailing list in the past week. I didn't give you permission to publish my details you already did that by posting so the info is already in the public domain and as Dan pointed out he's not actually in violation of anything - having explained to you the actually status quo with regard to british/european privacy law. , and I'm pretty sure the same goes for just about everyone else. he doesn't need my permission. but if he did he just got it, and that probably goes for most other people on this list. I have a feeling you pretty much on your own here. Instead
php-general Digest 20 Jan 2008 23:28:23 -0000 Issue 5247
php-general Digest 20 Jan 2008 23:28:23 - Issue 5247 Topics (messages 267701 through 267722): Re: avoid server folder reading 267701 by: Richard Heyes 267702 by: Anup Shukla 267703 by: Richard Heyes New website dedicated to debugging PHP. 267704 by: Keith Roberts Re: Posting Summary for Week Ending 18 January, 2008: [EMAIL PROTECTED] 267705 by: Daniel Brown 267706 by: Jason Pruim 267707 by: David Powers 267708 by: Paul Scott 267709 by: Stut 267710 by: David Powers 267711 by: Stut 267712 by: Robert Cummings 267713 by: David Powers 267715 by: Børge Holen 267716 by: Nathan Nobbe 267717 by: Børge Holen 267718 by: Nathan Nobbe 267719 by: Robert Cummings 267720 by: Nathan Nobbe 267721 by: Børge Holen Digital Downloads and Scale 267714 by: dg general time question 267722 by: jekillen Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- ---BeginMessage--- I would like to know how to avoid (using PHP code) any user to read the content of my website folder ? as my website is hosted by and external company, i do not have access to apache conf file. If your server's default file is index.php, you could use the following in an index.php file: ?php header('Location: /'); ? If it's index.html, you could use the following: script type=text/javascript !-- location.href = '/'; -- /script Try the PHP version first. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software that eases your support burden and helps increase your sales. ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** ---End Message--- ---BeginMessage--- Richard Heyes wrote: I would like to know how to avoid (using PHP code) any user to read the content of my website folder ? as my website is hosted by and external company, i do not have access to apache conf file. If your server's default file is index.php, you could use the following in an index.php file: ?php header('Location: /'); ? If it's index.html, you could use the following: script type=text/javascript !-- location.href = '/'; -- /script Try the PHP version first. Will that not result in an infinite redirection loop? Or am i missing something very obvious ! -- Regards, Anup Shukla ---End Message--- ---BeginMessage--- Will that not result in an infinite redirection loop? Or am i missing something very obvious ! If it's placed in the root folder of the website, yes. But why do that? If, however, that's what is required just put an empty index.html file there. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software that eases your support burden and helps increase your sales. ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** ---End Message--- ---BeginMessage--- Hi everyone. Please excuse me for cross posting to four lists, but I'm aware that not everyone subscribes to all of the lists, so I don't want anyone to miss this announcement. I have written a new website that is dedicated to debugging PHP applications. From the about page: http://www.php-debuggers.net/home/anyuser/about.php About php-debuggers A one-stop resource for Free Open Source PHP debuggers, covering all operating systems. This site has been developed in, and is maintained in, my spare time. I hope it helps you with debugging your PHP applications. Here at php-debuggers you can: * Find details of Open Source PHP debuggers available for your particular OS, including screenshots, and external download links. * Find download links and installation and configuration instructions for PHP debugger modules, such as DBG and Xdebug. * Post forum help requests for problems you have installing and configuring DBG or Xdebug PHP modules. * Find installation and configuration instructions for your OS's PHP debugger GUI programs. * Post forum help requests for problems you have installing and configuring the PHP debugger GUI programs on your OS. * Make forum requests for PHP debugger GUI programs to be ported to your OS. * Converse with other Open Source developers to discuss porting a particular PHP GUI debugger from one OS to any other. * Add tutorials on the forum for how install and configure a particular PHP debugger module, or debugger GUI for your OS. * Post details of Open Source PHP Debugger Projects that need more help, or a new maintainer for the project. To suggest other OS categories, more PHP debugger GUI's, or improvements to the website, please see the contact page. Kind Regards and Best Wishes, Keith Roberts.
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
Nathan Nobbe wrote: i didnt see the option in gmail; but if you know where it is or how to set it up in gmail, i will happily take the 2 seconds to enable it. Sorry, I don't use gmail. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] avoid server folder reading
this is what i already did before asking :-) On Jan 19, 2008 7:53 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: On Jan 19, 2008 1:46 PM, Alain Roger [EMAIL PROTECTED] wrote: Sorry if my post was not clear... in fact i would like to hide the contant of my webfolders and avoid user to see the index of folders... for sure users should be able to browse the website, but not to see its structure by browsing the index :-) then define an index.php file for each directory that routes the users appropriately. -nathan -- Alain Windows XP SP2 PostgreSQL 8.2.4 / MS SQL server 2005 Apache 2.2.4 PHP 5.2.4 C# 2005-2008
Re: [PHP] avoid server folder reading
I would like to know how to avoid (using PHP code) any user to read the content of my website folder ? as my website is hosted by and external company, i do not have access to apache conf file. If your server's default file is index.php, you could use the following in an index.php file: ?php header('Location: /'); ? If it's index.html, you could use the following: script type=text/javascript !-- location.href = '/'; -- /script Try the PHP version first. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software that eases your support burden and helps increase your sales. ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] avoid server folder reading
Richard Heyes wrote: I would like to know how to avoid (using PHP code) any user to read the content of my website folder ? as my website is hosted by and external company, i do not have access to apache conf file. If your server's default file is index.php, you could use the following in an index.php file: ?php header('Location: /'); ? If it's index.html, you could use the following: script type=text/javascript !-- location.href = '/'; -- /script Try the PHP version first. Will that not result in an infinite redirection loop? Or am i missing something very obvious ! -- Regards, Anup Shukla -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] avoid server folder reading
Will that not result in an infinite redirection loop? Or am i missing something very obvious ! If it's placed in the root folder of the website, yes. But why do that? If, however, that's what is required just put an empty index.html file there. -- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and Helpdesk software that eases your support burden and helps increase your sales. ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] New website dedicated to debugging PHP.
Hi everyone. Please excuse me for cross posting to four lists, but I'm aware that not everyone subscribes to all of the lists, so I don't want anyone to miss this announcement. I have written a new website that is dedicated to debugging PHP applications. From the about page: http://www.php-debuggers.net/home/anyuser/about.php About php-debuggers A one-stop resource for Free Open Source PHP debuggers, covering all operating systems. This site has been developed in, and is maintained in, my spare time. I hope it helps you with debugging your PHP applications. Here at php-debuggers you can: * Find details of Open Source PHP debuggers available for your particular OS, including screenshots, and external download links. * Find download links and installation and configuration instructions for PHP debugger modules, such as DBG and Xdebug. * Post forum help requests for problems you have installing and configuring DBG or Xdebug PHP modules. * Find installation and configuration instructions for your OS's PHP debugger GUI programs. * Post forum help requests for problems you have installing and configuring the PHP debugger GUI programs on your OS. * Make forum requests for PHP debugger GUI programs to be ported to your OS. * Converse with other Open Source developers to discuss porting a particular PHP GUI debugger from one OS to any other. * Add tutorials on the forum for how install and configure a particular PHP debugger module, or debugger GUI for your OS. * Post details of Open Source PHP Debugger Projects that need more help, or a new maintainer for the project. To suggest other OS categories, more PHP debugger GUI's, or improvements to the website, please see the contact page. Kind Regards and Best Wishes, Keith Roberts. - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On Jan 19, 2008 9:39 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: On Jan 19, 2008 9:25 PM, Ashley M. Kirchner [EMAIL PROTECTED] wrote: Well, at least we know which subject will make it to the top next week nice; say, dan, here comes another feature request; can we see the top thread (or 3 :)) as well ? That would actually be pretty interesting. Since we've all been known to beat a thread to death, it certainly wouldn't be difficult to collect the data. -- /Dan Daniel P. Brown Senior Unix Geek and #1 Rated Year's Coolest Guy By Self Since Nineteen-Seventy-[mumble]. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On Jan 20, 2008, at 10:04 AM, Daniel Brown wrote: On Jan 19, 2008 9:39 PM, Nathan Nobbe [EMAIL PROTECTED] wrote: On Jan 19, 2008 9:25 PM, Ashley M. Kirchner [EMAIL PROTECTED] wrote: Well, at least we know which subject will make it to the top next week nice; say, dan, here comes another feature request; can we see the top thread (or 3 :)) as well ? That would actually be pretty interesting. Since we've all been known to beat a thread to death, it certainly wouldn't be difficult to collect the data. Dan, Are you implying that people on this list have ego's and they can't let them selves be proven wrong? And will keep sending messages about stuff until everyone else just gives up and starts forwarding their e- mail to /dev/null? Because... That so wouldn't fit with the image of the people I have seen on here :P -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
Andrés Robinet wrote: 3 - I don't like the attitude of both Dan and David. IMHO, David thinks the issue is more severe than it is, and Dan just won't recognize that mangling email addresses is kind of a (arguably also) standard practice. No public apologize is needed, but maybe Yeah, I just didn't consider that would be enough. Well said, Andrés. This has been blown out of all proportion by the sarcastic response I got from Dan, followed up by a group of his friends trying to make out the the problem was all of my own making. If the response had been, Shucks, sorry, I'll mangle the addresses (or leave them out) in future, that would have been an end of it. Instead, Dan and his friends decided that attack was the best form of defence, calling me names and questioning my integrity. But what if everyone's addresses had been gathered by someone with a less innocent intent than Dan's statistics? I consider this conversation closed. -- David Powers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On Sun, 2008-01-20 at 10:04 -0500, Daniel Brown wrote: That would actually be pretty interesting. Since we've all been known to beat a thread to death, it certainly wouldn't be difficult to collect the data. FWIW, I would like to continue to see these postings, as mailing list metrics are quite interesting. I have been watching this thread with quite a bit of interest, as I would like to do something similar with the mailing lists for my project(s). Those projects answer to funders, and one of the metrics that our funders would like to see, is mailing list stats. If you do a quick google for mailman stat packages, you will see that they are sorely lacking, so, even though this particular list is not run on mailman, Dan's script could be the start of a *really* useful project for me and others. Only thing is that Dan has not posted a link to the source, nor has he signified that he will. I have also seen a bunch of requests for graphs and such, which I would be willing to add on in some time. Bottom line is, I find this really interesting and useful, and would like to use it elsewhere too. THANKS DAN! You are at least in the top ten coolest guys in the world --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On 20 Jan 2008, at 17:49, David Powers wrote: Andrés Robinet wrote: 3 - I don't like the attitude of both Dan and David. IMHO, David thinks the issue is more severe than it is, and Dan just won't recognize that mangling email addresses is kind of a (arguably also) standard practice. No public apologize is needed, but maybe Yeah, I just didn't consider that would be enough. Well said, Andrés. This has been blown out of all proportion by the sarcastic response I got from Dan, followed up by a group of his friends trying to make out the the problem was all of my own making. If the response had been, Shucks, sorry, I'll mangle the addresses (or leave them out) in future, that would have been an end of it. Instead, Dan and his friends decided that attack was the best form of defence, calling me names and questioning my integrity. But what if everyone's addresses had been gathered by someone with a less innocent intent than Dan's statistics? Therein lies the crux of the matter. Dan was able to gather the addresses without someone else publishing them in the way he did. The list is public, anyone can join it, so there is nothing stopping a spammer from collecting addresses in the same way. What Dan did has certainly not made it any easier for spammers to get your address. You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
Stut wrote: You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. I do understand it. What I object to is a supposedly responsible member of this list publishing everyone's address, and then attacking me for criticising him for such a dumb move. __ David Powers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On 20 Jan 2008, at 18:02, David Powers wrote: Stut wrote: You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. I do understand it. What I object to is a supposedly responsible member of this list publishing everyone's address, and then attacking me for criticising him for such a dumb move. You're still missing the point. Every time you send a message to this list *you* are publishing your email address. What Dan's done a) was only possible because you had already published your address, and b) almost certainly won't result in more spambots picking up your address than would have anyway. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
On Sun, 2008-01-20 at 18:02 +, David Powers wrote: Stut wrote: You seem unable to accept that you are the one that put your email address out there for anyone to collect. If you can't understand that then there is indeed no point in continuing the conversation. I do understand it. What I object to is a supposedly responsible member of this list publishing everyone's address, and then attacking me for criticising him for such a dumb move. I've been away for a while... but been reading through this thread a bit. Seems the push and shove of the thread revolves around re-publishing what has already been publicly published. As Stut pointed out, when you post to this list, your address becomes public. Dan has neither added nor subtracted from the publicly available pool of email addresses. As such, and within this context, nothing has been gained and nothing has been lost. I understand what you are thinking, but the fact remains your address is already public for having posted to the list. It seems you are getting bent out of shape because you aren't grasping this fact. Dan hasn't done anything wrong nor does he owe any apologies or concessions. Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
Robert Cummings wrote: I understand what you are thinking, but the fact remains your address is already public for having posted to the list. It seems you are getting bent out of shape because you aren't grasping this fact. Dan hasn't done anything wrong nor does he owe any apologies or concessions. I am not naive enough to think that my email address would have remained secret if Dan hadn't published the list. Unfortunately, this is the only newsgroup out of more than 20 that I regularly monitor or contribute to that exposes individual addresses. I have tried posting in the past with a munged address, but the post was rejected. I took the risk of using an address that had been spam-free for years in the full knowledge of what might happen. I did so, because this seemed a professional list, and the address remained spam-free for about a year after my first post. It's only within the last couple of months that spam has started coming in. Whether it's this list that's been harvested, it's impossible to say. Of course, anyone with the appropriate coding skill can harvest addresses from this list, as Dan has shown. I just don't think it's sensible for a responsible member to hand the addresses of 100 members on a plate to all and sundry. As I've said before, if Dan's response had been, Sorry, that wasn't meant to happen, that would have been the end of it. And now this really must be the end of it. __ David Powers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Digital Downloads and Scale
Hello everyone, I'd appreciate any insights, or source suggestions regarding site traffic and necessary adjustments. For example, I'm using a simple digital download page for an indie artist. Not a ton of traffic, not a ton of concurrent requests. Was thinking about introducing something similar for a bigger artist(though still not huge) and I'm concerned for any trouble more demand might create. On the web server side, I'm not worried, as it's on a Pair high volume account. I am concerned where I might need back-ups or adjustments to code and database queries. Not quite sure where to start in researching this - any ideas or keywords would be appreciated. Thanks, -dg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
have you ever googled for [EMAIL PROTECTED] ? looks like it brings up some thread from around september of 07... oh wait; isnt that before dan started up the stat program .. -nathan
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Sunday 20 January 2008 22:06:54 Nathan Nobbe wrote: have you ever googled for [EMAIL PROTECTED] ? looks like it brings up some thread from around september of 07... oh wait; isnt that before dan started up the stat program .. -nathan MAN don't expose it like that. Now he'll get tons upon tons of spam :D -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Sunday 20 January 2008 19:58:03 David Powers wrote: Robert Cummings wrote: I understand what you are thinking, but the fact remains your address is already public for having posted to the list. It seems you are getting bent out of shape because you aren't grasping this fact. Dan hasn't done anything wrong nor does he owe any apologies or concessions. I am not naive enough to think that my email address would have remained secret if Dan hadn't published the list. Unfortunately, this is the only newsgroup out of more than 20 that I regularly monitor or contribute to that exposes individual addresses. I have tried posting in the past with a munged address, but the post was rejected. I took the risk of using an address that had been spam-free for years in the full knowledge of what might happen. I did so, because this seemed a professional list, and the address remained spam-free for about a year after my first post. It's only within the last couple of months that spam has started coming in. Whether it's this list that's been harvested, it's impossible to say. Of course, anyone with the appropriate coding skill can harvest addresses from this list, as Dan has shown. I just don't think it's sensible for a responsible member to hand the addresses of 100 members on a plate to all and sundry. As I've said before, if Dan's response had been, Sorry, that wasn't meant to happen, that would have been the end of it. And now this really must be the end of it. You really don't get it yet? You distributed it, I knew your email long before Dan did squat, didn't take any programming to acomplish that. And for skills? I'm poor at regexp (as in I SUCK) but hell, even I could do an harvest directly from postfix and you would come up time after time by your own hand, a few mails more with the mention of your email wouldn't do any difference, see; I got you one the first mail. __ David Powers -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Jan 20, 2008 4:09 PM, Børge Holen [EMAIL PROTECTED] wrote: MAN don't expose it like that. Now he'll get tons upon tons of spam :D damn, did i, like, just publish it again :-O -nathan
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Sunday 20 January 2008 22:38:24 Robert Cummings wrote: On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote: On Jan 20, 2008 4:09 PM, Børge Holen [EMAIL PROTECTED] wrote: MAN don't expose it like that. Now he'll get tons upon tons of spam :D damn, did i, like, just publish it again :-O Is this going to turn into one of those things like with the Blu-Ray decryption code? nono. Depending on the reply from david it either: Turns into a twin peak thriller with a sudden stop or a soap like bold and the beautiful episode 345k we'll just go on and on and on and on. Slashdot in 10... ;) Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Jan 20, 2008 4:38 PM, Robert Cummings [EMAIL PROTECTED] wrote: On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote: On Jan 20, 2008 4:09 PM, Børge Holen [EMAIL PROTECTED] wrote: MAN don't expose it like that. Now he'll get tons upon tons of spam :D damn, did i, like, just publish it again :-O Is this going to turn into one of those things like with the Blu-Ray decryption code? Slashdot in 10... ;) good to have you back around rob! btw.. not to like steal a thread or anything, did you see my thread on the crypt() thing? mind tossing 2 cents at it ? -nathan
Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008:php-general@lists.php.net
On Sun, 2008-01-20 at 16:13 -0500, Nathan Nobbe wrote: On Jan 20, 2008 4:09 PM, Børge Holen [EMAIL PROTECTED] wrote: MAN don't expose it like that. Now he'll get tons upon tons of spam :D damn, did i, like, just publish it again :-O Is this going to turn into one of those things like with the Blu-Ray decryption code? Slashdot in 10... ;) Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net
[snip] Sending to the LIST this time... I personally replied, how dumb was *I* this morning... And top posted... Twice... Dang Jay, you feeling OK? You've been quiet the last week... Or did Richard just tie you up so you couldn't post and he could get top honors this week? :) [/snip] Richard mixed up the keys on my keyboard and it took me all week to re-map my typing skills. Most of everything this week came out lsjhkid like gibejuhuish. Then there was the mess with the glue on the keys -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Posting Summary for Week Ending 18 January,2008:php-general@lists.php.net
Børge Holen wrote: You really don't get it yet? You distributed it, I knew your email long before Dan did squat, didn't take any programming to acomplish that. Obviously, you don't get it either. It's now common practice to remove email addresses from public forums. Instead of justifying Dan's mistake (which he has acknowledged by agreeing to remove or obfuscate email addresses in future reports), why not consider whether privacy could be improved on the PHP list? A Google check on my email address shows that, with one exception, it has been released into the public domain solely through archives and mirrors of this list. The exception is a private group, whose administrator I have alerted to avoid the leaking of other people's addresses. Of course, I could set up a throwaway address; and I do have a pretty effective spam trap. But I still need to check them both. It's a waste of time. Spam is an upleasant fact of life, but if you consider yourselves competent professionals, you should be doing what you can to combat it. Dan's post didn't start the leak of addresses, but it should be regarded as a wakeup call to the way this list is configured and run. -- David Powers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Digital Downloads and Scale
dg wrote: Hello everyone, I'd appreciate any insights, or source suggestions regarding site traffic and necessary adjustments. For example, I'm using a simple digital download page for an indie artist. Not a ton of traffic, not a ton of concurrent requests. Was thinking about introducing something similar for a bigger artist(though still not huge) and I'm concerned for any trouble more demand might create. On the web server side, I'm not worried, as it's on a Pair high volume account. I am concerned where I might need back-ups or adjustments to code and database queries. Not quite sure where to start in researching this - any ideas or keywords would be appreciated. Backups are just space, so make sure you have enough to meet your demands. Most hosts will add an extra 10G or something for a flat rate per month so as you need more, you can buy more backup space. Database queries are harder. Fill up your database with random data and see which bits go slow. If you're using mysql, enable slow-query-logs and see what shows up. If you're using something else, see the appropriate documentation to see if they have an equivalent. Make sure you use random data because if you use the same data for each record, the database won't be able to utilize indexes properly. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] general time question
Hello again; I am developing an application that uses php with Apache. A user requests a script file from a web site and the server takes such things as $_SERVER['REMOTE_ADDRESS'] and uses php's time() function to record the time in utc code (which would be the server's system time) and other bits of info and saves it in a php script file on the server. The script is a login script. When the user successfully logs in. Javascript is used to send the client time and time zone offset. These are written to this file also. To track the user for statistical and authorization reasons this file is used to authenticate each user request and track usage. What I do not understand perfectly at the moment, and I have to learn somewhere sometime, is the figures that are recorded. I know, I could use php's built in session handling but I have special reasons for doing it this way. These are the values I am recording: (a sample php script file) $sid = '96f120f9dcf293e64e6dcbd16024491e'; // this is a session id $da = '1200867964'; // this is the value generated by the time() function $hid = '2c9a46c1a5d89469481951065cc6a621';// another session id $ctzo = '480'; // This is time zone offset according to what javascript sends $ctzn = '1200868142247'; // This is the client time according to javascript, which is supposed // to be in milliseconds The specific questions are what does the offset '480' mean? (add or subtract from utc/GMT to get local time?) I am in Pacific Standard Time testing this script. The server is also at the same location. The javascript time value should be the original request time plus the time it takes for a successful login to be processed: The user types in the info and clicks the form button the client pre submission script is run then the server receives and processes $_POST values and decides if the user has sent a valid id. Javascript time value is specified as milliseconds. millisecond is 1/1000 of a second, right? and dividing the value by 1000 would give seconds elapsed from Jan 1 1970(?) thank you in advance; Jeff k -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] A stupid question?
Regards, Shelley -Original Message- From: Eric Butera [mailto:[EMAIL PROTECTED] Sent: Saturday, January 19, 2008 12:03 AM To: Jochem Maas Cc: php-general@lists.php.net Subject: Re: [PHP] A stupid question? On Jan 18, 2008 10:49 AM, Jochem Maas [EMAIL PROTECTED] wrote: Eric Butera schreef: On Jan 18, 2008 9:31 AM, Jochem Maas [EMAIL PROTECTED] wrote: Eric Butera schreef: On Jan 17, 2008 9:54 PM, Shelley Shyan [EMAIL PROTECTED] wrote: Hi all, Maybe this is a somehow stupid question. I want to know how php could know whether session_start() has been called, that is, whether session has been started. I Googled, but got little help. Thank you for help! Any tip is greatly appreciated. Regards, Shelley One other thing is you won't be able to start a session if headers have been sent. It is a good idea to use output buffering to help aid with this. no it's not a good idea to use output bufferin to 'help aid' this. instead write code that is logically structured so that the initialization of your pages/app/scripts occurs BEFORE any output is generated. to avoid spurious output of whitespace avoid including the trailing '?' is included php[-only] files. (and ignore whatever Tedd says on the subject ;-) If headers have been sent you'll get a nasty warning. if (headers_sent()) { echo oops!; } use code to avoid warnings. It can be a php.ini setting or you can simply call ob_start() on the first line of your script. I agree with you that it is ideal to do what you're saying but it isn't always 100% practical. Sometimes the stuff we work on is handed down and in our purist world we'd like to change it, but can't. So I think that you should recommend best practices for future creations, but blindly shooting down all alternatives isn't right. My solution would get the job done rather than the OP refactoring the pages and not getting paid for it. It would work and over time things could be tidied up on future revisions over time. still, it's not a good idea because that implies a concept that you are wanting to apply. you don't want to use output buffering if you can help it. output buffering to overcome output being created before headers are [conditionally] sent in badly written code is a viable hack given certain budgetary and/or time constraints. what I'm saying is it's a viable solution to a immediate problem for which you don't have the time/money to fix properly - it's more than fine to enlighted the OP as such, I just don't think calling it a good idea is the right thing to do - it gives the impression that your giving it the seal-of-good-coding-practice-approval, and the OP might just take your word for it. Also, if you do what you've said and created your logic 100% perfectly, there should never be any use for headers_sent(), right? Headers shouldn't have been sent until you've specifically sent them. true, and they are not - but if you want to be sure to avoid cruft in the output and/or shit in the logs you program defensively for those occasions where somebody [else?] makes a mistake of some kind. Fair enough, you win! :) Thank you all. Thank you very much. :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] change php variable depending on selection
Hi, I've looked everywhere on the web (except of course the place that has the answer ;) ) but can't seem to find a solution. I'm trying to build an rss reader on a webpage. The idea is simple: there's a dropdown box where you select the name of the blog and when you select the blog you want to view a variable in the php script changes that captures the rss feed of that blog. The db is setup so that the name of the blog is stored next to the rss feed of the blog. If I'm thinking of this correctly I've developed the dropdown box so that it populates from my db the name of the blogs I have stored. I can't seem to figure out how to, when you select matt'sblog (for example), how to make it so that the php variable will be populated with the rssfeed of matt's blog and then the feed will show. For instance, selecting matt'sblog from the drop down list will make it so that $url=rss feed from matt'sblog (which is stored in the db next to the name of the blog). Make sense? thx in advance for any help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] general time question
jekillen schreef: Hello again; I am developing an application that uses php with Apache. A user requests a script file from a web site and the server takes such things as $_SERVER['REMOTE_ADDRESS'] $_SERVER['REMOTE_ADDRESS'] is a pretty useless value for the age old reason that, for instance, AOL users may very wellhave their IP address changed every other request (STW or STA for more on this) and uses php's time() function to record the time in utc time() only returns UTC (aka GMT) if your server's timezone is UTC. am I mistaken? if not check: gmmktime() code (which would be the server's system time) and other bits of info and saves it in a php script file on the server. is a file really the best place? if not the session then a database is probably still a better idea. The script is a login script. When the user successfully logs in. Javascript is used to send the client time and time zone offset. These are written to this file also. To track the user for statistical and authorization reasons this file is used to authenticate each user request and track usage. What I do not understand perfectly at the moment, and I have to learn somewhere sometime, is the figures that are recorded. I know, I could use php's built in session handling but I have special reasons for doing it this way. These are the values I am recording: (a sample php script file) $sid = '96f120f9dcf293e64e6dcbd16024491e'; // this is a session id $da = '1200867964'; // this is the value generated by the time() function $hid = '2c9a46c1a5d89469481951065cc6a621';// another session id 2 session ids for the same set of data? $ctzo = '480'; // This is time zone offset according to what javascript sends $ctzn = '1200868142247'; // This is the client time according to javascript, which is supposed there is no saying what exactly these values are without seeing the javascript code that generates them. let us have a look. now for the juicy bit - you have *no* garantee that the system clock and/or the timezone setting on the client machine is anything like correct. actually the chances that it is not are quite high - disregarding idiots, just think of people who have to screw their clock/TZ to accomodate some other application and more likely, people on the road, using laptops ... I don't bother to change my TZ or clock just because I went to see a friend somewhere far away from home .. do you? // to be in milliseconds The specific questions are what does the offset '480' mean? (add or subtract from utc/GMT to get local time?) I am in Pacific Standard Time testing this script. The server is also at the same location. The javascript time value should be the original request time plus the time it takes for a successful login to be processed: The user types in the info and clicks the form button the client pre submission script is run then the server receives and processes $_POST values and decides if the user has sent a valid id. you might try explaining what it is that you are trying to achieve rather than the mechanism your currently trying to employ - someone might have a better approach Javascript time value is specified as milliseconds. millisecond is 1/1000 of a second, right? and dividing the value by 1000 would give seconds elapsed from Jan 1 1970(?) thank you in advance; Jeff k -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Digital Downloads and Scale
dg schreef: Hello everyone, I'd appreciate any insights, or source suggestions regarding site traffic and necessary adjustments. For example, I'm using a simple digital download page for an indie artist. Not a ton of traffic, not a ton of concurrent requests. Was thinking about introducing something similar for a bigger artist(though still not huge) and I'm concerned for any trouble more demand might create. On the web server side, I'm not worried, as it's on a Pair high volume account. if you have enough concurrent connections/downloads then nothing but serious load-balanced servers will help. I am concerned where I might need back-ups or adjustments to code and backups are just storage, not exactly a performance issue unless you run some heavy backup scripts/tools on the server at peak periods. database queries. Not quite sure where to start in researching this - any ideas or keywords would be appreciated. get a book? I happen to be rereading building scalable websites by Carl Henderson ... something like that might help you to get a better idea of what you might be facing. use simple code, optimize your db and go and read up on everything you can find about optimizing [download] connections on your webserver ... these spring to mind keywords: [database] optimization webserver concurrency scalable web applications er? Thanks, -dg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_POST Array and Cleaning
I'm trying to create a function that will first take an array of $_POSTs and give them key/value pairs like variables. For instance, if i had $_POST['whatever'] = whatever, that would be made into $whatever = whatever, then i can clean for sql injection and xss. any ideas here? - e -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST Array and Cleaning
On Jan 20, 2008 9:22 PM, nihilism machine [EMAIL PROTECTED] wrote: I'm trying to create a function that will first take an array of $_POSTs and give them key/value pairs like variables. For instance, if i had $_POST['whatever'] = whatever, that would be made into $whatever = whatever, then i can clean for sql injection and xss. any ideas here? foreach($_POST as $curPostKey = $curPostVal) { cleanPost($curPostKey); // -- todo: implement me $$curPostKey = $curPostVal; } -nathan
Re: [PHP] change php variable depending on selection
On Jan 20, 2008 8:51 PM, PHP-General [EMAIL PROTECTED] wrote: Hi, I've looked everywhere on the web (except of course the place that has the answer ;) ) but can't seem to find a solution. I'm trying to build an rss reader on a webpage. The idea is simple: there's a dropdown box where you select the name of the blog and when you select the blog you want to view a variable in the php script changes that captures the rss feed of that blog. The db is setup so that the name of the blog is stored next to the rss feed of the blog. If I'm thinking of this correctly I've developed the dropdown box so that it populates from my db the name of the blogs I have stored. I can't seem to figure out how to, when you select matt'sblog (for example), how to make it so that the php variable will be populated with the rssfeed of matt's blog and then the feed will show. For instance, selecting matt'sblog from the drop down list will make it so that $url=rss feed from matt'sblog (which is stored in the db next to the name of the blog). Make sense? so, you just want to submit a request to the server once someone makes a selection? you need to use the onselect dom level 0 event (easiest way [w/o requiring users to press a submit button]). then you will have a javascript function to submit the form, eg. // assume the select tag has id=rssFeedSelector // assume the form the select is in has id=rssSelectionForm // then the javascript would look (roughly) something like this (put it in the head tag of your page) window.onLoad = function() { document.getElementById('rssFeedSelector').onchange = function() { document.getElementById('rssSelectionForm').submit(); } } -nathan
Re: [PHP] Digital Downloads and Scale
On Jan 20, 2008 8:43 PM, Jochem Maas [EMAIL PROTECTED] wrote: get a book? I happen to be rereading building scalable websites by Carl Henderson ... something like that might help you to get a better idea of what you might be facing. wow, you read books too? i though i was the only one! dg, probly you shouldnt worry a whole lot until you get the client up and running. just make sure your code is decent and the database is indexed. per backups of the database, if youre running mysql, sja is a nice little backup utility written in java. http://www.webyog.com/en/download_form.php?url=http%3A%2F%2Fwww.webyog.com%2Fdownloads%2Fsja615.tar.gz you can cron the backups easily. its nothing sophisticated, but it will give you the ability to backup your data. when it comes to tuning a database for high performance, well, i think that goes a bit beyond the scope of this list. and probly you will know when you really need it ;) -nathan
[PHP] POST/GET into variables
how does this look? should this by me calling ... myforms = new forms(); work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get? class forms { // Some stuff var $MyPosts; var $MyGets; var $CleanedInput; // Connect to the database function forms() { foreach($_POST as $curPostKey = $curPostVal) { CleanInput($curPostKey); $$curPostKey = $curPostVal; } foreach($_GET as $curGetKey = $curGetVal) { CleanInput($curGetKey); $$curGetKey = $curGetVal; } } // Attempt to login a user function CleanInput($userInput) { return $this-CleanedInput; } } thanks to anyone in advance -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] change php variable depending on selection
thx for the reply but i am a bit confused (i am new to php and even to javascript) Where would I put the javascript portion (the window.onLoad part), then? Here is the relevant portion of the code. My test page can be seen at http://valueinvestingplanet.com/test. The idea is to have the rss feed show up on that page after you select which feed you want. thx again! form id=rssSelectionForm name=form1 method=POST action=?php echo $editFormAction; ? label select name=rssFeedSelector id=feedselector ?php do { ? option value=?php echo $row_Recordset1['blogname']??php if (!(strcmp($row_Recordset1['blogname'], $row_Recordset1['blogname']))) {echo selected=\selected\;} ??php echo $row_Recordset1['blogname']?/option ?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); $rows = mysql_num_rows($Recordset1); if($rows 0) { mysql_data_seek($Recordset1, 0); $row_Recordset1 = mysql_fetch_assoc($Recordset1); } ? /select /label input type=hidden name=MM_update value=form1 / /form ?php mysql_free_result($Recordset1); ? Nathan Nobbe [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Jan 20, 2008 8:51 PM, PHP-General [EMAIL PROTECTED] wrote: Hi, I've looked everywhere on the web (except of course the place that has the answer ;) ) but can't seem to find a solution. I'm trying to build an rss reader on a webpage. The idea is simple: there's a dropdown box where you select the name of the blog and when you select the blog you want to view a variable in the php script changes that captures the rss feed of that blog. The db is setup so that the name of the blog is stored next to the rss feed of the blog. If I'm thinking of this correctly I've developed the dropdown box so that it populates from my db the name of the blogs I have stored. I can't seem to figure out how to, when you select matt'sblog (for example), how to make it so that the php variable will be populated with the rssfeed of matt's blog and then the feed will show. For instance, selecting matt'sblog from the drop down list will make it so that $url=rss feed from matt'sblog (which is stored in the db next to the name of the blog). Make sense? so, you just want to submit a request to the server once someone makes a selection? you need to use the onselect dom level 0 event (easiest way [w/o requiring users to press a submit button]). then you will have a javascript function to submit the form, eg. // assume the select tag has id=rssFeedSelector // assume the form the select is in has id=rssSelectionForm // then the javascript would look (roughly) something like this (put it in the head tag of your page) window.onLoad = function() { document.getElementById('rssFeedSelector').onchange = function() { document.getElementById('rssSelectionForm').submit(); } } -nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Digital Downloads and Scale
this may be common knowledge, but a simple thing for databases that decreased my query time was making sure that you have indices on those fields you use in your SQL. made a world of difference for me. On Jan 20, 2008 2:57 PM, dg [EMAIL PROTECTED] wrote: Hello everyone, I'd appreciate any insights, or source suggestions regarding site traffic and necessary adjustments. For example, I'm using a simple digital download page for an indie artist. Not a ton of traffic, not a ton of concurrent requests. Was thinking about introducing something similar for a bigger artist(though still not huge) and I'm concerned for any trouble more demand might create. On the web server side, I'm not worried, as it's on a Pair high volume account. I am concerned where I might need back-ups or adjustments to code and database queries. Not quite sure where to start in researching this - any ideas or keywords would be appreciated. Thanks, -dg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Crunchmutt Studios Latest News Headlines: http://www.rssvideonews.com http://www.crunchmutt.com http://www.deadjoe.com http://www.dailymedication.com http://www.extremesportclips.com http://www.coolanimalclips.com http://www.robotclips.com http://www.newsfinger.com http://www.postyourimage.com http://www.nakedalarmclock.com
Re: [PHP] POST/GET into variables
im trying to keep this php4 OOP. im just trying to clean the post/gets and then make them all into variables with their names being the keys to the get/post, and their values as the variables values. ie: $_POST['someFormInputName'] = somevalue ... turns into $someFormInputName = somevalue. I am not concerned about cleaning the input as i have a function already for that. On Jan 20, 2008, at 10:06 PM, Nathan Nobbe wrote: On Jan 20, 2008 9:47 PM, nihilism machine [EMAIL PROTECTED] wrote: how does this look? should this by me calling ... myforms = new forms(); work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get? class forms { // Some stuff var $MyPosts; var $MyGets; var $CleanedInput; // Connect to the database function forms() { foreach($_POST as $curPostKey = $curPostVal) { CleanInput($curPostKey); $$curPostKey = $curPostVal; } foreach($_GET as $curGetKey = $curGetVal) { CleanInput($curGetKey); $$curGetKey = $curGetVal; } } // Attempt to login a user function CleanInput($userInput) { return $this-CleanedInput; } } im a little bit lost on the comments about connecting to the database and logging in a user. if you are writing a class to filter data in the $_POST and /or $_GET, then thats all it should be responsible for. the decision youll have to make is this; will this class simply act as a filter for these arrays, which means it will modify the data in those arrays, or will it leave the contents of those arrays unaltered and store the filtered values in instance variables? the design of the class will depend upon this decision. i think if you want to keep it simple, you should shoot for the former option. then your class would look something like this class InputFilter { public static function filterInput($optionalFilter='') { if(count($_GET) 0) { self::filterArray($_GET, $optionalFilter); } if(count($_POST) 0) { self::filterArray($_POST, $optionalFilter); } } private static function filterArray($array, $optionalFilter='') { foreach($array as $key = $value) { $$key = self::filterValue($value); if(!empty($optionalFilter) is_callable($optionalFilter)) { $$key = $optionalFilter($$key); } } } private static function filterValue($value) { return trim(stripslashes($value));/// -- NOTE: this is only an example } } then from client space you would just say InputFilter::filterInput(); then, subsequently you can use $_POST and $_GET directly with the assumption that the input has been escaped. and, using the class above, you can also supply a custom filtering function as well, on a per-need basis; eg. function filterMsql($value) { return mysql_real_escape_string($value); } InputFilter::filterInput('filterMysql'); NOTE: i just typed this into my mail client, so it might not be perfect. -nathan
[PHP] mssql and latin characters
Hello I have a MSSql 2000 database that have stored data with the follow special characters: ó, í, Ñ, á, é, ú. When I see the data through any MsSql Client I see exactly those characters. The Collation of database is: SQL_Latin1_General_CP1_CI_AS I cant change the method of insert data in database. When I get (with MSSQL PHP extension) data that have some of those characters, I get weird characters instead. For example: A data that in database appears as Girón is obtained by PHP as Gir¢n The problem with the encoding of browser is discarded, because wherever I saw the data appears with weird characters. The code I use to get the data is: ?php mssql_connect('server','user','pass'); mssql_select_db('db'); $r = mssql_query(select some_column from some_table); $d = mssql_fetch_assoc($r); echo $d['some_column']; ? My PHP is 4.4.3, and my SO is XP. Other people ask the same as Im and get no answer proper are: http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acento s.html http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acentos .html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.bdat.net/cuestiones_php/php3/0702.html http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos- php-mssql-server-364345/ http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos-p hp-mssql-server-364345/ http://markmail.org/message/7rksvz44sj2te5sl http://markmail.org/message/7rksvz44sj2te5sl http://www.phpbuilder.com/board/archive/index.php/t-10208269.html http://www.phpbuilder.com/board/archive/index.php/t-10208269.html Thanks in advanced. Leticia Larrosa __ Participe en Universidad 2008. 11 al 15 de febrero del 2008. Palacio de las Convenciones, Ciudad de la Habana, Cuba http://www.universidad2008.cu
Re: [PHP] POST/GET into variables
On Jan 20, 2008 9:47 PM, nihilism machine [EMAIL PROTECTED] wrote: how does this look? should this by me calling ... myforms = new forms(); work by turning all key/value pairs for both get and post into variable names of the same name as the get/post key, and the variable values as the values from the post/get? class forms { // Some stuff var $MyPosts; var $MyGets; var $CleanedInput; // Connect to the database function forms() { foreach($_POST as $curPostKey = $curPostVal) { CleanInput($curPostKey); $$curPostKey = $curPostVal; } foreach($_GET as $curGetKey = $curGetVal) { CleanInput($curGetKey); $$curGetKey = $curGetVal; } } // Attempt to login a user function CleanInput($userInput) { return $this-CleanedInput; } } im a little bit lost on the comments about connecting to the database and logging in a user. if you are writing a class to filter data in the $_POST and /or $_GET, then thats all it should be responsible for. the decision youll have to make is this; will this class simply act as a filter for these arrays, which means it will modify the data in those arrays, or will it leave the contents of those arrays unaltered and store the filtered values in instance variables? the design of the class will depend upon this decision. i think if you want to keep it simple, you should shoot for the former option. then your class would look something like this class InputFilter { public static function filterInput($optionalFilter='') { if(count($_GET) 0) { self::filterArray($_GET, $optionalFilter); } if(count($_POST) 0) { self::filterArray($_POST, $optionalFilter); } } private static function filterArray($array, $optionalFilter='') { foreach($array as $key = $value) { $$key = self::filterValue($value); if(!empty($optionalFilter) is_callable($optionalFilter)) { $$key = $optionalFilter($$key); } } } private static function filterValue($value) { return trim(stripslashes($value));/// -- NOTE: this is only an example } } then from client space you would just say InputFilter::filterInput(); then, subsequently you can use $_POST and $_GET directly with the assumption that the input has been escaped. and, using the class above, you can also supply a custom filtering function as well, on a per-need basis; eg. function filterMsql($value) { return mysql_real_escape_string($value); } InputFilter::filterInput('filterMysql'); NOTE: i just typed this into my mail client, so it might not be perfect. -nathan
Re: [PHP] change php variable depending on selection
here is a complete, working example; hope it helps. http://nathan.moxune.com/exampleDynamicSelect.php -nathan
Re: [PHP] POST/GET into variables
On Jan 20, 2008 10:15 PM, nihilism machine [EMAIL PROTECTED] wrote: im trying to keep this php4 OOP. im just trying to clean the post/gets and then make them all into variables with their names being the keys to the get/post, and their values as the variables values. then all you have to do is remove the static keyword from the code i posted (and clean any syntax errors ;)). ie: $_POST['someFormInputName'] = somevalue ... turns into $someFormInputName = somevalue. thats what the code i put out there does; did you try it yet? I am not concerned about cleaning the input as i have a function already for that. then feed it as the callback function to the InputFilter::filterInput() method and all the converted variables will be cleaned as well. -nathan
RE: [PHP] Word Wrap on highlight_file
One solution I can think of is: $showCode = highlight_file($fileWithPath, true); echo str_replace('br /', br /\n, $showCode); It may not be the best one. But it's not recommanded to use echo wordwrap($showCode, 70); Because you may break br / into something like br / Regards, Shelley -Original Message- From: Tom Chubb [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 9:02 PM To: PHP General List Subject: [PHP] Word Wrap on highlight_file Can anyone tell me how to wrap the results of highlight_file so it doesn't mess up the size of my table div? I tried the following and doesn't work! if ($ext == phps) { $showcode = highlight_file($pathtoscripts . $_GET['file']); echo wordwrap($showcode, 70); } else { echo Nice try, but you are not authorised to view the source of files with a $ext extension! ;)\n; } Thanks, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Digital Downloads and Scale
On Mon, 2008-01-21 at 02:43 +0100, Jochem Maas wrote: use simple code, optimize your db and go and read up on everything you can find about optimizing [download] connections on your webserver ... these spring to mind In addition to optimizing code and db (I presume that includes using things like memcacheD, APC and a clustered db system), you should also take a look at using something like LVS and lighthttpd to serve your static content. If your webserver is getting busy fulfilling requests to a download file, simply pass the download bit to a static server running a lightweight httpd and nothing else. Files are completely static, so this is really quite a cool solution for this type of situation. --Paul All Email originating from UWC is covered by disclaimer http://www.uwc.ac.za/portal/public/portal_services/disclaimer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] password hashing and crypt()
On Sat, 2008-01-19 at 23:17 -0500, Nathan Nobbe wrote: thanks for the great responses guys. i guess what im really getting at though is, if crypt() will embed a salt in the value it returns automatically, is there any benefit to creating a salt to pass to the second argument and storing that as well? conceivably, passwords already have a salt using the default crypt() behavior, so the general benefit of salting should be supplied by said default behavior. my guess is that there would be *some* benefit to creating a user supplied salt. greater entropy or something, im not sure what... im just trying to rationalize creating a salt in userspace and storing that in the database as opposed to not. any takers for either case? Andrés Robinet wrote up a good response about why having a salt is a good idea-- it exacerbates the problem when attempting brute force attack on encrypted data since you can't use a premade dictionary lookup. And if you have a different salt for each password (or at least a large number of possibilities) then the attacker must generate a dictionary for each salt. Now to answer about using the salt when PHP will happily provide you with a random salt... There absolutely is a good reason to use a user supplied salt. The following gives away the purpose: The encryption type is triggered by the salt argument. At install time, PHP determines the capabilities of the crypt function and will accept salts for other encryption types. So for instance, try producing crypt()'d strings using the numbers from 1 to 10. On my system I get the following: $1$gcEomRxT$YibOA/5WcjlCC4hseZ6bk/ $1$dDsWYLJK$RPXPnBRCAVDebiHiPkKJK/ $1$XzT/Az1t$QlONw/QqZMjNANMcnZcp/. $1$CSgiFjsQ$3isYQqh9lFj/ZvX0ocsnx0 $1$8HHAUR5/$YzxMhT7rMfM13M/yRf2ET. $1$G/WgK8zD$k3VZ2PAOIi1kcWVsyvnF10 $1$4fh1himm$wRqRYotHmw2Ps/SIkqhBq/ $1$.sTqbfpQ$RXhPwgyNGtS93OQ6jrzYl0 $1$tUCw0Rze$vtJ4i2Ed1k4oyrvod9X0R. $1$W14JfJsx$WbyTs2Nqh9eXIpNgKBsCT0 I don't know what crypt() system produces that, but it's not the default version of crypt() that I remember from my MUD server programming. In fact if I supply a user salt (let's say zz) I get the following: zzsF/.LubwLnI zzF7BImpLw88c zzwyg0kWM1qv. zzg9FBoQ.0O/o zzjyi10UWoOtY zzs2WwvhylXdQ zzk7FKWJk8XiU zzyIn0BmVxHbU zzteAzJnPG9JE zz8WHA83j.CZI And THAT does remind me of my MUD server programming :) So it would seem, by supplying a user defined salt you can ensure compatibility with legacy systems that used the older (and largely deprecated) crypt() system. In fact, the description given by PHP worries me a little. It says, Some operating systems support more than one type of encryption. In fact, sometimes the standard DES-based encryption is replaced by an MD5-based encryption algorithm. This suggests that you can't rely on crypt() producing the same output on two different systems if you don't supply a salt :| So in closing, I'd just go ahead and use SHA1 or something else that is clearly defined :) Cheers, Rob. -- ... SwarmBuy.com - http://www.swarmbuy.com Leveraging the buying power of the masses! ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php