from:"Adam Richardson"

Re: [PHP] Load testing an app

2013-04-22 Thread Adam Richardson

On Mon, Apr 22, 2013 at 10:41 PM, Andrew Ballard  wrote:

> The other developer in our office spent some time profiling the site with
> xdebug and found that an exec() call to netsh used on a couple pages seems
> to take 2-4 seconds to complete. Unfortunately, those exec() calls are the
> one function that we cannot test in our development environment. We are
> considering some optimizations, but since load on the production server is
> at a seasonal low we want to duplicate the problem so we can measure the
> impact of any changes we make. We spent most of today hammering the site
> with JMeter today in an attempt to reproduce the issue. While we were
> easily able to slow the site to a crawl (some samples taking over 2 minutes
> to complete), the server returned to normal as soon as the test concluded
> and it never became totally unresponsive like it did this past fall.
>

If you can't test the exec calls, directly, I'd refactor the functionality
that calls exec() so you could pass in replacement functionality that
creates that artificially creates the pause in your development environment:

function callnetsh($args, $func) {
$func($args);
}
// in dev environment, pass in $func that doesn't call exec but just sleeps
for the expected duration
callnetsh(['some', 'args'], function($args){
sleep(4);
});

We're both new to JMeter. I know a single test server may not be able to
> create enough simultaneous requests to accurately simulate real traffic,
> but I'm fairly confident that our tests involved far more (roughly-)
> simultaneous connections than we were experiencing live. (The first test
> used 20 threads; we gradually increased the threads for each test to 500
> threads before we quit for the day.) The site is on a private subnet, so
> distributed and/or cloud-based testing are probably not options.
>

2 quick notes:

If you have a linux box available, I like the simplicity of siege, but
jmeter is nice, too:
http://www.joedog.org/siege-home/

If the exec() calls were not being executed (e.g., they were bypassed) and
weren't being accounted for in terms of processing time, then these tests
would likely fail to recreate the load issues with similar numbers.

The site is running PHP 5.3 on IIS/Windows Server 2003. The netsh calls are
> to a DHCP server on a separate Windows server, and the database is SQL
> Server 2008 (previously 2000).
>

PHP 5.4 offers performance improvements. I don't suspect the migration from
SQL Server 2003 to 2008 caused any of these issues.


> So, any ideas we can try?


We'd probably have to know more about what the netsh calls were doing.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Close enough to Friday...

2013-02-28 Thread Adam Richardson

On Thu, Feb 28, 2013 at 10:19 PM, tamouse mailing lists
 wrote:
>
> Congratulations on ditching the Dreamweaver Templates!
>
> Now, as to preprocessing: how does this benchmark out? Have you
> noticed a significant different in processing time, memory usage, disk
> usage, etc?

Well, it depends...

For example, if you use code similar to the inlined function example,
there is a difference. In that example, the inlined code runs almost
twice as fast.

 $b && $a % 2 !== 0) ? $a : (($b % 2 !== 0) ? $b : (($a
% 2 !== 0) ? $a : null));
}

$runtime = microtime() - $start;
echo $runtime;

?>

 $b && $a % 2 !== 0) ? $a : (($b % 2 !== 0) ? $b : (($a %
2 !== 0) ? $a : null));
}

$a = 1;
$b = 2;
$start = microtime();

for ($i = 0; $i < 1; $i++) {
$result = maxodd($a, $b);
}

$runtime = microtime() - $start;
echo $runtime;

?>

That said, there's tremendous variance across the possible range of
function types (e.g., number of args, complexity of function, etc.),
so there's no guarantee you'll always see a worthwhile (which is also
subjective) improvement. I'm going to use inlining for functions that
output html-escaped output (the function wraps htmlspecialchars to
allow whitelisting), as they're frequent and simple, the very type of
function that is easily inlined and provides some speed benefit.

In terms of the templating, in my tests using siege comparing
Dreamweaver Templates vs PHP includes, I've typically seen significant
benefits when the template requires multiple includes, with the effect
dropping off as the number of includes approaches 0. These results
should be the same. Again, there seems to be a broad range of
considerations (in terms of using APC, using absolute paths helped the
include performance:
http://www.php.net/manual/en/apc.configuration.php#ini.apc.stat)

There are usually bigger ways to enhance performance (data
persistence, etc.), but in the same way that I try to teach my little
girls to turn off the faucet in between spitting into the sink even
though monitoring showers can do much more to save water, when I see
simple ways I can consistently save cycles, I try to implement them :)

Adam

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Close enough to Friday...

2013-02-28 Thread Adam Richardson

Just wanted to toss this out as something I quick developed in case it
could help others:
https://github.com/AdamJonR/PreHP

Essentially, I just wanted a quick pre-processor that would work with
PHP so I could limit some of the processing done at runtime. As
opposed to C macros, I wanted to design it so that files could/should
be developed to be valid html/php without the preprocessor. The
preprocessor merely speeds the performance. The example for templating
could be redone to use includes and then replace those with the
inlined content, I just prefer to work with skeleton HTML so I can
validate the XHTML as I go within the static file rather than having
to check the content on a test server.

The preprocessor is dumb (for now, I'm not parsing the PHP to ensure
the comments are not contained within strings, etc.), but this
shouldn't pose an issue for most situations.

Anyways, I just whipped this up so I could ditch Dreamweaver Templates
(which I used so the templating happened prior to runtime, too), as
I'm trying to save some money and I don't want to upgrade to the next
version :)

Happy Friday!

Adam

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Arrays

2013-02-25 Thread Adam Richardson

On Mon, Feb 25, 2013 at 8:40 PM, Karl DeSaulniers  wrote:
> Hi Guys/Gals,
> If I have an multidimensional array and it has items that have the same name
> in it, how do I get the values of each similar item?
>
> EG:
>
> specialservices => array(
> specialservice => array(
> serviceid => 1,
> servicename=> signature required,
> price => $4.95
> ),
> secialservice => array(
> serviceid => 15,
> servicename => return receipt,
> price => $2.30
> )
> )
>
> How do I get the prices for each? What would be the best way to do this?
> Can I utilize the serviceid to do this somehow?
> It is always going to be different per specialservice.

Something appears to be amiss, as your array couldn't contain multiple
items with the specialservice key (I'm assuming the second key
'secialservice' is just a typo), as any subsequent assignments would
overwrite the previous value.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] if (empty versus if (isset

2013-02-19 Thread Adam Richardson

On Tue, Feb 19, 2013 at 9:29 PM, John Taylor-Johnston
 wrote:
>
> What is the difference between?
>
> if (empty... http://www.php.net/manual/en/function.empty.php "Determine 
> whether a variable is empty"
> and
> if (isset... http://php.net/manual/en/function.isset.php "Determine if a 
> variable is set and is not *|NULL|*"


I like the explanation on the empty page:

"No warning is generated if the variable does not exist. That means
empty() is essentially the concise equivalent to !isset($var) || $var
== false."


> I have an .
>
> If it is not checked, it is NOT empty, because it has a value, right?
> But it is NOT set, right?

Some of the form elements (e.g., checkboxes, radio's) are a little tricky:
http://stackoverflow.com/questions/476426/submit-an-html-form-with-empty-checkboxes

When unchecked, no GET or POST variable is present to represent their value.

> Is this empty, because it's value is ""?
>
> 
>
> Just trying to understand ... :)

A text field would be present in the GET or POST super globals, and if
empty (the user did not add input), the empty function would return
true because an empty string is one of the values that evaluates to
false:
- "" (an empty string)
- 0 (0 as an integer)
- 0.0 (0 as a float)
- "0" (0 as a string)
- NULL
- FALSE
- array() (an empty array)
- $var; (a variable declared, but without a value)

Adam

--
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Affordable low-fee e-commerce - DIY?

2013-02-18 Thread Adam Richardson

On Mon, Feb 18, 2013 at 1:26 PM, George Langley wrote:

> Hi all. Am wanting to build a site where people can donate $1.00 but is
> not for charity or other non-profit per se. So if I use PayPal, with their
> 2.9% + .30 per transaction fee, that equals .33 cents for each dollar -
> that's a full third of the amount the people would be giving. Credit cards
> appear to be similar, with some percantage and about .22 cents per
> transactions.
> Am wondering what other options I'm missing, that won't take such a chunk
> out of the low price? Is it easy enough to code to some other API for free
> (or at least cheaper)?
> Thanks.
>

Not really a PHP question, but just FYI, Paypal and other providers provide
micropayments options:
https://www.paypalobjects.com/IntegrationCenter/ic_micropayments.html

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] fopen and load balancing

2013-02-10 Thread Adam Richardson

On Sun, Feb 10, 2013 at 5:41 PM, Adam Tong  wrote:

> Hi,
>
> We had an issue with the code of a junior php developer that used
> fopen to load images using the url of the companies website that is
> load balanced.
>
> We could not the detect the problem in dev and test because the dev
> and test servers are not load balanced.
>
> I know that he could load the images using just the filesystem, but I
> am curious to know why it failed and if the load balancer is really
> the source of the problem or it is a limitation on the function
> itself.
>
> Thank you
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I'm not sure it sounds like an issue with the load balancer, as a load
balancer shouldn't have any qualm with passing through the image data
associated with an http request (which is what the fopen wrapper
essentially performs behind the scenes.) It's possible that the prod
servers (those making the call to fopen) aren't configured to allow the
http wrapper. It could just be as simple as allow_url_fopen being set to
false, in contrast to the configuration of the dev server(s).

http://php.net/manual/en/function.fopen.php
http://php.net/manual/en/wrappers.php
http://www.php.net/manual/en/wrappers.http.php

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] newbie with imap_mail_move

2013-02-09 Thread Adam Richardson

On Sat, Feb 9, 2013 at 7:29 PM, dealTek  wrote:

>
> Warning: reset() [function.reset]: Passed variable is not an array or
> object in /home/bbeast/public_html/emtest/em-move.php on line 91
>


> if ($mbox_name != $newmbox_name) {
>   reset($msg_no);
>   $messageset = implode (",",$msg_no);
>   imap_mail_move($mbox,$messageset,$newmbox_name);
>   imap_expunge($mbox);
> }
>

Where is the variable $msg_no coming from?

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Integer

2013-02-01 Thread Adam Richardson

On Fri, Feb 1, 2013 at 11:40 PM, Ron Piggott  wrote:

> How can I get the 25 by itself?
> - I want to drop the “2.” and remove all the zero’s
>
> Would it be best to turn this into a STRING?
>

I would recommend turning it into a string, splitting the string at the
decimal, then scanning the second string for the first non-zero and storing
the subsequent characters. Working with floats at that precision level
would likely lead to tragic results:

"10.0 times .1 is hardly ever 1.0"
http://www.eg.bucknell.edu/~xmeng/Course/CS2330/Handout/StyleKP.html

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] seg fault with pecl ps extension

2012-11-28 Thread Adam Richardson

On Thu, Nov 29, 2012 at 12:18 AM, Ray  wrote:

> ...I first had to deal with a
> change in the way call by reference worked in php. (I had to delete the '&'
> from some function calls.) Did that correspond to the 5.3 -> 5.4 upgrade?
>

Yep, 5.4 removed call-time pass-by-reference:
http://www.php.net/manual/en/language.references.pass.php

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] seg fault with pecl ps extension

2012-11-28 Thread Adam Richardson

On Wed, Nov 28, 2012 at 10:50 PM, Ray  wrote:

> Hello,
> I'm not positive if this is the right list, or if other info is required.
> If this is the wrong list, please recomend a better one. If other info is
> desired, just ask.
>
> I am having some problems with the PECL PS (postscript) extension. For some
> commands, everything works properly, but when the code tries to deal with
> fonts, it seg faults and core dumps. In my code, the problem appears to be
> caused by the ps_setfont command.
> I have some code that uses it that used to work, but no longer does. I have
> confirmed the same behaviour with the example code that ships with the
> extension, glyphlist.php for a specific example. I have un-installed and
> reinstalled the php5-ps (64 bit) package through the package manager to no
> effect.
>

Hi Ray,

Does this issue coincide with an upgrade to PHP 5.4, and if so, which
version of PHP were you running before?

You could try to email the maintainer listed, Uwe Steinmann <
u...@steinmann.cx> or , but it looks like it's been a while
since anyone has touched that code.

If this is because of backwards incompatible changes in PHP (e.g.,
http://www.php.net/manual/en/migration54.incompatible.php,
http://php.net/manual/en/migration53.incompatible.php), you could try to
avoid the PHP bindings Uwe developed and merely use PHP to call a C program
that directly deals with his project pslib:
http://pslib.sourceforge.net/

Sorry for the trouble,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] globbed includes?

2012-11-18 Thread Adam Richardson

On Sun, Nov 18, 2012 at 3:29 PM, tamouse mailing lists <
tamouse.li...@gmail.com> wrote:

> There are certain times I'd like to include all files in a given
> directory (such as configuration stuff that is split out by type, a la
> apache conf.d). Anyone have something handy that implements that?
>

http://stackoverflow.com/questions/599670/how-to-include-all-php-files-from-a-directory

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] serialize() casts numeric string keys to integers

2012-11-12 Thread Adam Richardson

On Mon, Nov 12, 2012 at 2:18 AM, eyal.t  wrote:

> Hi all,
>
> Was wondering whether the fact that serialize() casts numeric string keys
> to integers, is a bug, intended behaviour, or just something that is minor
> enough not to have bothered anyone yet?
>

This behavior is consistent with the standard key casts for arrays:
http://php.net/manual/en/language.types.array.php

Try dumping the array before the serialize operations.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] TURBOPY cloud framework + IDE beta available NOW

2012-10-31 Thread Adam Richardson

On Wed, Oct 31, 2012 at 4:46 PM, Marco Behnke  wrote:

>
> 1. If you have code using static methods and members and use phpunit for
> testing it, you have to either make sure, that everything is properly
> resetted after use OR have to run phpunit in a mode where every test is run
> in a single php call for itself. One is potentially harmful to the test if
> you forgot some side effects and one is time consuming.
>

There are "potentially harmful" conditions are present in all unit tests.
If there's an error in the test, you find it and fix it, whether it's due
to a failure to reset the static properties, accidental mutation of data,
instantiating the wrong object, etc.

> 2. When thinking about dependency injection (give everything you use
> inside, from the ouside in), show me how one can do this with classes
> WITHOUT passing strings around? And without DI, how do you keep your
> application flexible to different environments and conditions?
>
>  I try to emulate functional approaches in PHP, such as what you'd find in
> Scala, Clojure, or Haskell, and static calls in PHP can facilitate this
> approach.
>
> While OOP is one way to approach programming, it's not the only way. Even
> Rasmus has said he leans 
> procedurally:http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html
>
>  Are you serious quoting that post?
> Posted by Rasmus  on **Monday,
> February 27. 2006
> **
>

Yes, seriously, I quoted that post. There is nothing inherently wrong with
a procedural approach to programming, an OO approach to programming, a
functional approach to programming, an AO approach to programming, etc.
Each has there advantages, and not all are available when programming in
particular languages.

When I code in C, I'm not thinking in OO terms. Although I do sometimes use
function pointers in a way that allows me to emulate functional
programming, I'm mostly thinking in procedural terms because the language
affords this.

When I coded in Clojure, I learned to think in immutable terms and embrace
meta-programming.

As I'm learning Go, I'm learning how to think in terms of data and
algorithms involving a clean, convenient separation using interfaces.

When I code in PHP, I tend to take a functional programming approach. But,
I'll sometimes use OOP principles if the situation feels right (although
this is rare.)

Now, back to your comment on DI. DI is cool for OOP, but I don't find I
need it as much when I'm working from a functional programming paradigm.
Others have spoken on the topic of DI in functional languages, but I tend
to use other approaches, such as passing in first-class functions (PHP's
Closure objects create the appearance of this.)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: Re: [PHP] TURBOPY cloud framework + IDE beta available NOW

2012-10-31 Thread Adam Richardson

On Tue, Oct 30, 2012 at 7:33 AM, ma...@behnke.biz  wrote:

>
> In times of testability and several design patters, the use of static
> calls is
> really outdated.
> I understand that you can read and write the invocations of the methods
> much
> faster, but you should think more to the future on that point.

What?

Where is it written that the use of static calls is really outdated?
Functional programming is on the rise, and this is largely because of the
virtues of testability, scalability, and simplified patterns. Using a class
to organize a set of static functions can benefit the code in PHP (allow
for autoloading in PHP because functions can't be autoloaded, essentially
serves as a child namespace, etc.) whilst maintaining the benefits of a
more functional approach (unit testing purely written static functions is
much easier, putting all IO tasks in separate components makes for cleaner
modules, etc.)

I try to emulate functional approaches in PHP, such as what you'd find in
Scala, Clojure, or Haskell, and static calls in PHP can facilitate this
approach.

While OOP is one way to approach programming, it's not the only way. Even
Rasmus has said he leans procedurally:
http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] PDO

2012-10-22 Thread Adam Richardson

On Mon, Oct 22, 2012 at 5:27 PM, Silvio Siefke  wrote:
> Hello,
>
> i have built php 5.4.7 on Ubuntu with the configure Arguments like on my
> Gentoo System. But on Gentoo run the website without Problems, under Ubuntu
> want not work. I become in error.log:
>
> [22-Oct-2012 21:15:00 UTC] PHP Fatal error:  Call to a member function
> prepare() on a non-object in html/index.html on line 23
>

Can you show the code in db.php (just remember to remove any login
credentials)? It looks like there's an issue creating the $db object
you're using.

Adam



-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP to decode AES

2012-10-18 Thread Adam Richardson

On Thu, Oct 18, 2012 at 12:06 PM, Rick Dwyer  wrote:
> Hello all.
>
> Has anyone ever tried to decode a JAVA AES/CBC encrypted string with PHP 
> before?
>
> I found a tutorial online with the following code to use as starting point, 
> but it fails to return anything readable:
>
> $code ='Hello World';
> $key = 'my key';
>
> function decrypt($code, $key) {
> $key = hex2bin($key);
> $code = hex2bin($code);
> $td = mcrypt_module_open("rijndael-128", "", "cbc", "");
> mcrypt_generic_init($td, $key, "fedcba9876543210");
> $decrypted = mdecrypt_generic($td, $code);
> mcrypt_generic_deinit($td);
> mcrypt_module_close($td);
> return utf8_encode(trim($decrypted));
> }
>
>
> function hex2bin($hexdata) {
> $bindata = "";
> for ($i = 0; $i < strlen($hexdata); $i += 2) {
> $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
> }
> return $bindata;
> }
> echo decrypt($code, $key);
>
> The above returns output containing a series of unprintable characters.
>
> I thought maybe it was due to $code not being in a hex format, but after 
> converting to hex and resubmitting, I still unprintable characters.
>
> Any info is appreciated.

Can you post the Java code you're using? There are things such as the
padding specification that could cause some issues.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Wrong time being displayed by PHP!

2012-10-16 Thread Adam Richardson

On Tue, Oct 16, 2012 at 2:02 PM, Richard S. Crawford
 wrote:
> The value of date.timezone in php.ini is set to "America/Los_Angeles".
>
> The local time is 11:02 a.m. Yet the output of date("h:i a e") is:
>
> 02:02 pm America/Los_Angeles
>
> which is three hours ahead of the real time.
>
> Why is this? What's going on?

The server's time could be wrong. Or, code somewhere could be
(re)setting the timezone.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] stream_read function for registered wrapper class.

2012-09-19 Thread Adam Richardson

On Wed, Sep 19, 2012 at 12:43 PM, Rob  wrote:
> I have a very large XML file that I have to process.  It's about 7 GB.
> Some of the individual elements that I need are larger than 8192 bytes.
> I'm trying to write a Stream wrapper class to give me a specific element
> at a time, but I keep running into issues with the stream wrapper and
> fread, stream_get_content functions.

You could just use the XML Parser (SAX) as it doesn't require loading
the entire document into memory:
http://php.net/manual/en/book.xml.php

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Threading on Windows

2012-09-14 Thread Adam Richardson

On Fri, Sep 14, 2012 at 9:40 PM, Joe Watkins  wrote:
> https://github.com/krakjoe/pthreads
>
> Windows Download on downloads page, it's a couple of days behind. Keep
> watching ... enough to get you started ...

That's pretty slick, Joe. Nice work!

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP array unions

2012-09-14 Thread Adam Richardson

On Fri, Sep 14, 2012 at 2:30 AM, Matijn Woudt  wrote:
>
> It doesn't need to be clunky.. just use array_flip and you've got the old
> array again..
>

Well, array_flip has it's own potential issues (duplicate values are
lost, so my example of using zeros would not work.) I suppose I could
duplicate the keys as the values (e.g., array('value 1' => 'value 1',
'value 2' => 'value 2', ...).) Then, the keys would  allow me to
utilize the nice properties of hash maps whilst maintaining the
ability to work with the values as one normally does in typical array
functions.

Ex:

$a1 = array('apples' => 'apples', 'oranges' => 'oranges', 'pears' => 'pears');
$a2 = array('oranges' => 'oranges', 'kiwi' => 'kiwi');
// can use the union operator without any additional calls and the
performance is stellar
$a3 = $a1 + $a2
// can use the values of the array using the convention that the value
is what you expect to handle/manipulate
foreach ($a3 as $val) {
  echo $val
}

Here, the clunkiness is the redundancy in the array, but, as Claude
Shannon has demonstrated, redundancy isn't all bad :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP array unions

2012-09-13 Thread Adam Richardson

On Wed, Sep 12, 2012 at 2:37 PM, Sebastian Krebs  wrote:
> Hi,
>
> In PHP the array is in fact a hash map, but especially it is _used_ for
> nearly everything map-, set-, ...-like thing. So in short: The is no
> operator or built-in function, that merges two arrays _and_ treat them as
> set (instead of the hashmap, what they are). Your solution is the way to go.

Sure, I know about the underlying implementation. I was just hopeful
because several of the array functions handle the maps differently
depending on whether the keys are numeric or string or both.

If I wanted to get cute, I could store the value in the key (e.g.,
array('value 1' => 0, 'value 2' => 0, ...)), and that allows me to use
the '+' operator. In spite of the nice performance benefits of this
approach (leveraging the hashes benefits), the code that utilizes the
arrays becomes quite clunky.

Thanks,

Adam

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] The end of "mysql"

2012-09-07 Thread Adam Richardson

On Fri, Sep 7, 2012 at 9:58 PM, Jim Giner  wrote:
> So with the announced end of the mysql functions (and switching to a
> different extension), one would think that my isp/hoster would be a bit more
> interested in my dilemma.  I tried today to create my first mysqli-based
> test script and found that I didn't have that extension.  A series of emails
> with my tech support told me that the shared server farm does not get
> "mysqli" - only their business servers.  Since I dont' have a need for and
> want to pay more for a 'business server', I'm told I'm s... outta luck.

What about PDO? Is that available?

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] templeting

2012-09-04 Thread Adam Richardson

On Mon, Sep 3, 2012 at 9:14 PM, David McGlone  wrote:
> Does anyone use any templeting system for any projects? If so what would
> anyone recommend? I looked at Code Ignitor, but it seems the templeting system
> is optional and left out by default.
>
> --
> Regards
> David M.

Well, for a different take on templating, my web framework is
basically just a combination of input validation and output mechanisms
(templating.) The library takes a functional programming approach in
terms of architecture.

Here's an example of the markup:
http://nephtaliproject.com/documentation/markup/

Page output regions are broken up into pipes, and if one pipe errors
out, it does not impact the other output regions.

It does other things, too (config settings, debugging output, avoid
prompts on back clicks after posting data, convenient PDO wrappers,
etc.), but at its core, it's really a templating framework with input
validation capabilities.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] OT (maybe not): Drupal vs WordPress

2012-08-28 Thread Adam Richardson

On Tue, Aug 28, 2012 at 3:07 PM, Larry Garfield  wrote:
> Only semi-joking line that's been making the rounds lately:
>
> If you want to build a blog, use Wordpress.
> If you want to build Wordpress, use Drupal.
> If you want to build Drupal, use Symfony2.

Here's another semi-joking line :)

If build a blog using Wordpress, build Wordpress using Drupal, build a
Drupal using Symfony2, I'd feel the same way I feel after drinking
several beers, eating a pizza, snacking on some hot wings, and
polishing it all off with a banana split: bloated :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] include selectively or globally?

2012-08-28 Thread Adam Richardson

On Tue, Aug 28, 2012 at 3:28 PM, Matijn Woudt  wrote:
> On Tue, Aug 28, 2012 at 7:18 PM, Adam Richardson  wrote:
>
> Finally, you're the first one that actually has measured something.
> You should redo your test with real world files, because in real world
> functions aren't that small.

In terms of redoing the test with "real world files", that's an
entirely different debate (and one I won't enter into at this time,
though this list has discussed this topic before, most recently in a
post Ted made talking about screen height.)

The point is, there is a real difference. The question remains if the
difference is enough to act on in future code bases (and I would say
yes if my tests showed this difference, you may say no.)

> In functions with more lines (say ~100 lines per function), you'll see
> a different ratio between 5k and 50k. In my tests it is:
> - 5K: 22ms
> - 50K: 34 ms

Those trends/results depend significantly on the contents of the
functions, too. The overly simplistic example we've used both helps
and hurts the analysis (I'll admit my example likely has more
functions than other 5K/50K files, and I suspect most functions
require more complicated work behind the scenes to build up than echo
statements.)

The point I'd make here is that it's very difficult to have apriori
knowledge of how something will perform without testing it.

> When I create files that only contain 1 function, with just a number
> of echo "Hello world"; lines until 5k or 50k, the results are:
> - 5K: 15 ms
> - 50K: 17 ms

Ummm... sure. What did you say about real world before :)

Have a nice day!

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] include selectively or globally?

2012-08-28 Thread Adam Richardson

On Tue, Aug 28, 2012 at 7:39 AM, Matijn Woudt  wrote:
> On Tue, Aug 28, 2012 at 3:49 AM, Adam Richardson  wrote:
>> On Mon, Aug 27, 2012 at 6:54 PM, Matijn Woudt  wrote:
>>> On Mon, Aug 27, 2012 at 10:56 PM, Haluk Karamete
>>>  wrote:
>
> First of all, I believe PHP is smart enough to not generate bytecode
> for functions that are not used in the current file. Think about the
> fact that you can write a function with errors, which will run fine
> until you call the function. (except for syntax errors).

I believe this is untrue. PHP generates the bytecode and then parses
the bytecode per request to generate the userland infrastructure,
including classes and functions, for the entire include file. During
the generation of bytecode, PHP doesn't know apriori which functions
will be called at runtime. I suspect if you asked for confirmation of
this on the internals list, they'd confirm this. In terms of errors,
there are certainly different stages that errors can occur, and what
you're referring to are runtime errors. Runtime errors don't
necessarily show up in every possible execution branch. That doesn't
mean that PHP didn't generate the code for the userland functionality.

> The speed difference between loading 5K file or 50K file (assuming
> continuous blocks) is extremely small. If you split this library, you
> would have PHP files that require you to load maybe 3 or 4 different
> files to have all their functions.

Here's where I believe we have a communication issue. I never spoke of
splitting up the library into 3 or 4, or any number of different
files. The opening post states that only 10% of the pages need the
library. I suggested that he only include the library in the 10% of
the pages that need the library. That said, it's possible I
misinterpreted him.

I will say that I do disagree with your analysis that difference
between loading a 5K or 50K php file is extremely small. So I just put
this to the test.

I created a 5K file and a 50K file, both of which have the form:

function hello1(){
echo "hello again";
}

function hello2(){
echo "hello again";
}

etc.

I have XDegub installed, have APC running, warmed the caches, and then
test a few times. There results all hover around the following:

Including the 5K requires around 50 microseconds. Including the 50K
requires around 180 microseconds. The point is that there is a
significant difference due to the work PHP has to do behind the
scenes, even when functions (or classes, etc. are unused.) And,
relevant to the dialog for this current thread, avoiding including an
unused 50K PHP on 90% of the pages (the pages that don't need the
library) will lead to a real difference.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] include selectively or globally?

2012-08-27 Thread Adam Richardson

On Mon, Aug 27, 2012 at 6:54 PM, Matijn Woudt  wrote:
> On Mon, Aug 27, 2012 at 10:56 PM, Haluk Karamete
>  wrote:
>>
>> Now, the question is... should you use a global include that points to
>> this library - across the board - so that ALL the pages ( including
>> the 90% that do not need the library ) will get it, or should you
>> selectively add that include reference only on the pages you need?
>>
>
> Since searching for files is one of the most expensive (in time)
> operations, you're probably best off with only a single PHP file.

Maybe I misinterpreted the question, but I don't think I agree.

If you have a 50K PHP file that's only needed in only 10% of the
pages, then, when solely considering performance, that file should
only be included on the 10% of the pages that actually use the file.
Now, there are reasons where you might want to include the file
globally (maintenance purposes, etc.) Loading the 50K of PHP code
requires building up all of the associated infrastructure (zvals,
etc.) for the user code (even if APC is used, the cached opcode/PHP
bytecode still has to be parsed and built up for the user-defined
classes and functions per request, even if they're unused), is
certainly going to perform more slowly than selectively including the
library on only the pages that need the library.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] multiple forms one page

2012-08-26 Thread Adam Richardson

On Mon, Aug 27, 2012 at 12:08 AM, Rosie Williams
 wrote:
>
> Hi all,
> I am a newbie to PHP. I have several php forms which were originally on 
> separate pages now included in the one page. Each form had the following code 
> in it:
> function mysql_fix_string($string){ if (get_magic_quotes_gpc()) $string = 
> stripslashes($string);return mysql_real_escape_string($string);}
> function mysql_entities_fix_string($string){return 
> htmlentities(mysql_fix_string($string));}
> However I am only able to include it in one of the forms on the new page with 
> multiple scripts due to the fatal error that I can only declare the function 
> once.

You only have to declare the function(s) once, then you can use them
later in the page. You can also put code into files and then
dynamically include them in other files to make it easier to share
functionality.

> So for testing I have commented these lines out of the other scripts. I need 
> to know what the security implications of > this are?

For security, the simple rule (at least in terms of statement of
intent, not necessarily in terms of implementation) is that you should
validate input and escape output according to context. Without seeing
more code, it's hard to tell what this means for your particular
example.

> Do the scripts that do not contain these lines run without it or is it 
> included automatically every time the database is accessed regardless of 
> which script is accessing it?
> If not how do I deal with it?
> thanks in advanceRosie

Hard to know from your example. There are some great resources
covering general PHP security practices that can help you get up to
speed a bit. Here's an oldie but goodie that might help shed some
light on some of the code you're seeing:
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

Happy learning!

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] syntax error breaking in and out of php into html code

2012-08-25 Thread Adam Richardson

On Sat, Aug 25, 2012 at 6:54 PM, Ashley Sheridan
 wrote:
> I've just inherited some (pretty awful code) that I have to make some
> edits to, and came across a bit of a problem. A lot of the code breaks
> in and out of PHP and into HTML code:
>
>   while(condition)
> {
> ?>
> some html here
>  }
> ?>
>
> But when I check this my PHP parser is saying that this is a syntax
> error (checked in the browser and CLI). I know this is code from a
> working site, so it must be a setting within my PHP configuration.

I honestly can't think of a config setting that would cause a syntax
error for this type of example.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redefine a define ...

2012-08-25 Thread Adam Richardson

On Sat, Aug 25, 2012 at 2:27 PM, Lester Caine  wrote:
> What I was not expecting was a string of 'Notices:' complaining about the
> redefines. So how does one get around this message? One can't 'if defined'
> as the string needs to be replaced with the more appropriate one. I would
> say, why is this even a problem, or alternatively I just give up on E_STRICT
> and make sure it's disabled again on PHP5.4?
>
> Having spent several months getting the code clean on E_STRICT, switching it
> off again will really pig me off, but I can't see any real alternative given
> the number of languages and strings that will need reworking simply to get
> things clean :(

Well, I'd do the following to avoid issues in the future.

1) Create a function like that below, which provides global access to
variables and allows you to update existing values:

function val($name, $value = null)
{
static $values = array();

if ($value === null) {
return isset($values[$name]) ? $values[$name] : null;
} else {
return $values[$name];
}
 }

2) Create a php script that searches out define("SOME_NAME_PATTERN",
"value") and replaces that with val("some_name_pattern", "value").

3) Create a php script that searches out SOME_NAME_PATTERN and
replaces with val("SOME_NAME_PATTERN");

Not too bad in terms of work, as PHP's parsing capabilities are really nice.

Hope this gives you ideas :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Is PHP unsuitable for HTML5 WebSockets?

2012-08-13 Thread Adam Richardson

> I have read in some places on the net that PHP is not suitable for WebSockets 
> due to it's nature. That WebSockets are designed for long running 
> threads/processes which each maintain multiple event-driven connections, 
> whereas PHP was designed around the short-lived single process procedural 
> paradigm.

Well, you could certainly run into trouble if you're not careful. For
example, using an Apache module PHP installation would not likely end
nicely :)

> Yet on the other hand I see lots of guides and libraries (such as 
> http://socketo.me/) on the net that deal with PHP WebSockets. So I don't know 
> what to think at this stage. Is PHP a suitable platform for developing a web 
> application that requires WebSockets?

I'm sure you could get get your application running with PHP. That
said, I personally would not use PHP for the web socket implementation
in my stack. I'd probably use Go, node.js or even Erlang for the web
socket server itself (non-blocking IO is baked into these
environments, which is handy for limiting the resources required for
this type of application), but I'd likely use PHP for components that
weren't directly tied to the web sockets (db frontend, etc.)

Obviously, that's just my personal preference, and as you've noted,
people are doing nice things in the web sockets world with PHP, so it
can be done. That said, I suspect I'd have an easier time with one of
the other languages for this particular aspect of an application, as
the resource management should be much easier to manage. I don't think
there's a "right" tool for the job, but I do believe some language
environments may better facilitate this specific type of development.

Have fun!

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: show info from mysql db

2012-06-10 Thread Adam Richardson

On Sun, Jun 10, 2012 at 8:25 AM, Tim Dunphy  wrote:
> $dbc = mysqli_connect('127.0.0.1','admin',secret','trek_db')
>     or die ('Could not connect to database');
>
> used to be...
>
> $dbc = mysqli_conect('127.0.0.1','admin','Duk30fZh0u','trek_db')
>     or die ('Could not connect to database');

You had been keeping the password secret, but it looks like you
accidentally leaked it, so a replacement might be in order :)

Glad you got it fixed. Typos can be little buggers to find sometimes.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL Injection

2012-06-08 Thread Adam Richardson

On Fri, Jun 8, 2012 at 12:37 PM, Ethan Rosenberg  wrote:
> Is it possible to have a "meeting of the minds" to come up with (an)
> appropriate method(s)?

Minds, meet prepared statements :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Too many arrays! My head is exploding!

2012-05-29 Thread Adam Richardson

On Tue, May 29, 2012 at 10:55 AM, Tedd Sperling  wrote:
> On 29 May 2012 18:15, Gary  wrote:
>
>> Okay, let's assume I have three "things", A, B, and C. I need to produce
>> an array with a list of all possible combinations of them, however many
>> there might be in those combinations: e.g. A, B, C, D, AB, AC, AD, BC,
>> ABC (not sure if I've missed any!). Normally I'm pretty good at working
>> this stuff out, but to be honest I'm struggling with this one, at least
>> to do it in any kind of elegant way. Does anyone have any ideas?
>
> Sure, but what you are asking for is a permutation and not a combination.

His example seems to suggest order does not matter (I've omitted 'D',
which I suspect was a typo given the set of A, B, and C):

A
B
C
AB
AC
BC
ABC

If order did matter, he would have included BA, etc.

That all said, combinations typically involve a consistent number of
choices, and his example includes various ranges of r.

These would be combinations for r = 1:
A
B
C

These would be combinations for r = 2:
AB
AC
BC

This would be the combination for r = 3:
ABC

What it seems like he's after is the power set of set ABC (minus the empty set):
http://en.wikipedia.org/wiki/Power_set

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Variables via url

2012-05-12 Thread Adam Richardson

On Sat, May 12, 2012 at 12:25 PM, Ashley Sheridan
 wrote:
> As this method requires an Apache restart, I don't see what advantage
> you have over using an .htaccess file?

Performance:

http://httpd.apache.org/docs/current/howto/htaccess.html

"You should avoid using .htaccess files completely if you have access
to httpd main server config file. Using .htaccess files slows down
your Apache http server. Any directive that you can include in a
.htaccess file is better set in a Directory block, as it will have the
same effect with better performance."

"...putting this configuration in your server configuration file will
result in less of a performance hit, as the configuration is loaded
once when httpd starts, rather than every time a file is requested."

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session lost problem

2012-04-23 Thread Adam Richardson

On Tue, Apr 24, 2012 at 12:58 AM, bug zhu  wrote:
> there are tow php files a.php and b.php,
>
> content of a.php as follows:
>  session_start();
> if (!isset($_GET['flag']))
> {
> header('Location: b.php');
> }
> else
> {
> var_dump($_SESSION);
> }
>
> content of  b.php as follows:
>  session_start();
> session_commit();
> $_SESSION['test'] = 'test';
> session_commit();
> header('Location: a.php?flag=1');
>
> when i visit a.php, the dumped $_SESSION array is empty
> but if i commented the first session_commit() in b.php and then visit
> a.php, i cound see the $_SESSION array,which is not empty
> i wish i have descibed  clear about my problem and someone could give me a
> feedback~

Hi,

So, you:
1) Visit page a.php (I'm assuming without the flag)
2) Are forwarded to page b.php, which you're expecting to store a
session variable 'test'.
3) Then forwarded back to page a.php.

You're likely expecting that you're return visit to page a.php should
reveal the 'test' variable.

The issue is that you're calling session_commit(), which is actually
an alias for session_write_close(). This function actually stops the
current session. So, when you hit the line $_SESSION['test'] = 'test',
your session has already terminated.

Try removing the session_commit() calls (or at least permanently
remove the first call.) You only want to call session_commit() when
you're done accessing/updating $_SESSION variables.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP: "superior code quality"

2012-03-28 Thread Adam Richardson

On Wed, Mar 28, 2012 at 11:21 AM,   wrote:
> A little note about our favorite language:
>
> "
> Linux 2.6, PHP 5.3, and PostgreSQL 9.1 are recognized as open source
> projects with superior code quality and can be used as industry
> benchmarks, achieving defect densities of .62, .20, and .21 respectively.
> "
>
> http://www.coverity.com/html/press/open-source-code-quality-on-par-with-proprietary-code-in-2011-coverity-scan-report.html

Very nice! Thanks for sharing, Kirk.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Thinking out loud - a continuation...

2012-03-21 Thread Adam Richardson

On Wed, Mar 21, 2012 at 2:39 PM, Jay Blanchard
 wrote:
> ...
> I have a project where I have multiple queries and each query uses the 
> results from the previous query to get it's results. I need to do one of two 
> things, either out put a multidimensional array that I can use json_encode() 
> on or I have to format the output from the queries as a JSON string. The 
> resulting JSON will be used by a JavaScript widget and must be formed 
> correctly. I created the following array by hand:
>
> $userList = array("John" => array(
>                     "email" => "j...@demo.com",
>                     "website" => "www.john.com",
>                     "age" => "22",
>                     "password" => "pass",
>                     "description" => array(
>                        "hair" => "blonde",
>                        "eyes" => "blue",
>                        "build" => "medium"
>                     )),
>                  "Anna" => array(
>                     "email" => "a...@demo.com",
>                     "website" => "www.anna.com",
>                     "age" => "24",
>                     "password" => "pass",
>                     "description" => array(
>                        "hair" => "brunette",
>                        "eyes" => "hazel",
>                        "build" => "petite"
>                        )
>                     ));
>
> I ran it through json_encode() and got the following output
>
> {"John":{"email":"j...@demo.com","website":"www.john.com","age":"22","password":"pass","description":{"hair":"blonde","eyes":"blue","build":"medium"}},"Anna":{"email":"a...@demo.com","website":"www.anna.com","age":"24","password":"pass","description":{"hair":"brunette","eyes":"hazel","build":"petite"}}}
>
> jslint.com verifies this as good JSON (although I thought there had to be 
> square brackets around child arrays).

Speaking to your belief that arrays had to have square brackets,
json_encode examines the PHP array and only encodes sequential numbers
JSON arrays. Others (as in your case) are encoded as object literals:
http://php.net/manual/en/function.json-encode.php

That said, you can still access Javascript Object properties with
array access if you prefer in the client code:
http://www.quirksmode.org/js/associative.html

> If you were me would you just generate the JSON? If not what is he best way 
> to output an array that will nest properly for each subsequent query?

Because of the options json_encode provides and the flexibility it
affords while in PHP, I would generate PHP and then always use
json_encode to generate the JSON as needed.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] $POST and $_SESSION

2012-03-15 Thread Adam Richardson

On Thu, Mar 15, 2012 at 11:04 AM, Tedd Sperling  wrote:
> Hi gang:
>
> What's a better/shorter way to write this?
>
> $first_name = $_SESSION['first_name'] ? $_SESSION['first_name'] : null;
> $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : 
> $first_name;
> $_SESSION['first_name'] = $first_name;

When not working within my framework (which facilitates this
automatically), I tend to have a function for each just to save time:

function g($key){
   return isset($_GET[$key]) ? $_GET[$key] : null;
}

function p($key){
   return isset($_POST[$key]) ? $_POST[$key] : null;
}

function c($key){
   return isset($_COOKIE[$key]) ? $_COOKIE[$key] : null;
}

function s($key, $val = null){
   !isset($_SESSION) && session_start();

   if ($val === null) {
  return isset($_SESSION[$key]) ? $_SESSION[$key] : null;
   } else {
  return $_SESSION[$key] = $val;
   }
}

Then, you can just write:

$first_name = s('first_name', p('first_name'));

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] How do I enable more useful PHP error logging?

2012-02-28 Thread Adam Richardson

On Tue, Feb 28, 2012 at 6:14 PM, Daevid Vincent  wrote:

> My question is, is there a way to enable some PHP configuration that would
> output more verbose information, such as a backtrace or the URL attempted?
>
> In our PHP error log, we have the usual semi-useful information. However
> this is only a partial story as it's hard to re-create the URL that caused
> the error. In the first Actor example, yeah actor_id 2206 doesn't exist and
> so now I have put a try/catch on all pages that have "new Actor($actor_id)"
> but it doesn't tell me WHY this is happening. How did someone get to this
> point? I doubt they just randomly picked '2206' which happens to be one of
> only a handful of actually missing actors out of 100k. Sure I guess it
> could
> be a bot that sequentially tried them all, but this is not likely since we
> have SEO style URLs and so we re-map an actor name back to the ID. So the
> bot would have to try NAMEs not IDs. This means we must have some link
> somewhere that points to this. Same with the common foreach() warnings
> below. Yeah, the array being passed is empty/null. Sure I can check the
> array before doing the foreach() or even @foreach() but that doesn't tell
> me
> the root cause. What video are they trying to access that has no scenes or
> invalid actors?
>
> We do NOT have apache logging turned on as we get 30,000 hits per second
> and
> it would be too expensive. I only care about PHP errors like this. And the
> apache error log (which we do have enabled) doesn't have useful info
> related
> to these kinds of issues as they're really not apache's problem. That log
> only deals with missing files/images/pages/etc.
>
> [28-Feb-2012 13:43:19 UTC] PHP Fatal error:  Uncaught exception
> 'ObjectNotFound' with message 'There is no such object Actor [2206].' in
> /home/SHARED/classes/base.class.php:103
> Stack trace:
> #0 /home/SHARED/classes/actor.class.php(61): Base->load_from_sql()
> #1 /home/m.videosz.com/browse_scenes.php(89): Actor->__construct(2206)
> #2 {main}
>   thrown in /home/SHARED/classes/base.class.php on line 103
>
> [28-Feb-2012 10:54:01 UTC] PHP Warning:  Invalid argument supplied for
> foreach() in /home/m.dev.com/scene.php on line 138
>
> [28-Feb-2012 07:22:50 UTC] PHP Warning:  Invalid argument supplied for
> foreach() in /home/SHARED/classes/scene.class.php on line 423
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I tend to set up a custom error handler that throws exceptions
(set_error_handler()), then set up an exception handler
(set_exception_handler()) that logs the backtrace (or saves it to a db)
available using debug_backtrace().

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Insert new array after specific key in multidimensional array

2012-02-28 Thread Adam Richardson

On Mon, Feb 27, 2012 at 9:12 PM, Micky Hulse wrote:

> Howdy!
>
> Example code:
>
> 
>
> What would be the best way to insert $o_insert array into $o array
> after specified key?
>
> I hate to just ask for example code, but I can't seem to find the
> perfect solution. :(
>
> Many thanks in advance for the help!
>
> Cheers,
> Micky
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Out of curiosity, why are you worried about the order of elements in an
associative array?

Thanks,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

[PHP] Great video by Bret Victor: Inventing on Principle

2012-02-25 Thread Adam Richardson

Saw this on the Clojure list and thought it was worth sharing here, too:
http://vimeo.com/36579366

Worth the hour of time to watch it, as it has some great ideas for
improving the experience of developers.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Help! Having trouble getting one XML field from this feed reliably

2012-02-09 Thread Adam Richardson

On Thu, Feb 9, 2012 at 9:10 AM, Yared Hufkens  wrote:

> I wonder why you use cURL as SimpleXML itself can load URLs:
>
> $vastdata = new
> SimpleXMLElement('http://afe.specificclick.net/?l=32259&t=x&rnd=123456
> ',0,true);
>
> See http://de.php.net/manual/en/simplexmlelement.construct.php

It is pretty convenient that SimpleXMLElement allows you to grab URL's, but
curl allows me to manually set a timeout limit (along with many other
things, although they're not necessarily needed in Rob's example), so I
tend to use curl in this type situation, too.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Help! Having trouble getting one XML field from this feed reliably

2012-02-08 Thread Adam Richardson

On Wed, Feb 8, 2012 at 10:44 PM, Rob Gould  wrote:

> Can anyone tell me what I'm doing wrong here?  I'm trying to get the
> VASTAdTagURI field from the XML data at this url:
>
> http://afe.specificclick.net/?l=32259&t=x&rnd=123456
>
>
>
>
> Here's my code.  (below).  It works maybe 30% of the time, but most of the
> time it just returns nothing from that field.  Yet when I go to the above
> url in Firefox, I always see the data.  This is very strange.
>
>
>
>
>
> // Lets get the ad!
>
> $curl_handle=curl_init();
> curl_setopt($curl_handle,CURLOPT_URL,'
> http://afe.specificclick.net/?l=32259&t=x&rnd=123456');
> curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);
> curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
> $buffer = curl_exec($curl_handle);
> curl_close($curl_handle);
>
> $vastdata = new SimpleXMLElement($buffer);
>
> $vasturi = $vastdata->Ad->Wrapper->VASTAdTagURI;
>
> echo "If the script works, vasturi = " . $vasturi;
>
> echo "";
>
> print_r($vastdata);
>

I'd try adding some error checks to see what issues curl may be having:

$str = curl_exec($ch);
$error_no = curl_errno($ch);
curl_close ($ch);

if ($error_no != 0)
throw new Exception('There was an error retrieving the string contents
of the url \''.$url.'\'. CURL error number:'.$error_no);

I wonder if you transaction is timing out, which you can set as below:

curl_setopt($ch, CURLOPT_TIMEOUT, $transaction_timeout = 2);

Adam


-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] What's Your Favorite Design Pattern?

2012-02-07 Thread Adam Richardson

On Tue, Feb 7, 2012 at 1:56 PM, Mike Mackintosh <
mike.mackint...@angrystatic.com> wrote:

> I was curious to see what everyones favorite design patterns were, if you
> use any, and why/when have you used it?
>
> Choices include slots and signals (observer), singleton, mvc, hmvc,
> factory, commander etc..


Higher-order functions:

http://programmers.stackexchange.com/questions/72557/how-do-you-design-programs-in-haskell-or-other-functional-programming-languages

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Headers on smart phone browsers

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 3:50 PM, Adam Richardson wrote:

> On Mon, Feb 6, 2012 at 12:58 AM, Paul M Foster wrote:
>
>> This is sort of obliquely related to PHP.
>>
>> I don't have a smart phone, but I need to know a couple of things:
>>
>> 1) Do smart phones use the same browsers as the desktop, or do they have
>> their own stripped down versions of browsers?
>>
>
> Both, although more and more smart phones join the ranks of the
> desktop-quality browser every day (iPhone and Android both have very
> capable browsers, with the iPhone's omission of flash support being the
> biggest difference between these two.)
>
>
>>
>> 2) When a browser broadcasts its header telling the server what kind of
>> browser is involved, do they broadcast anything in the header to
>> indicate that they're being run on a smart phone?
>>
>
> Yes, but that gets complicated quickly:
> http://www.zytrax.com/tech/web/mobile_ids.html
>
>
>>
>> 3) Bonus question: Is there a preferred method amongst coders to
>> determine what type of environment is being browsed from, so as to serve
>> up the proper type of page (desktop or smart phone version of a
>> webpage)?
>>
>
> To supplement the alistapart link already mentioned, here's another recent
> writeup:
>
> http://dev.opera.com/articles/view/how-to-serve-the-right-content-to-mobile/
>


Apologies, I sent the wrong link last time:
http://dev.opera.com/articles/view/the-mobile-web-optimization-guide/

Adam

Re: [PHP] Re: Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 3:44 PM, Marco Behnke  wrote:

> Am 06.02.12 17:23, schrieb Alain Williams:
> > However: a few GOTOs can make things clearer. Think of a function that
> > can fail in several different places (eg data validation, ...). But it
> > is reading a file which needs to be closed before the function
> > returns. I have seen code where some $IsError variable is tested in
> > many places to see if things should be done. That is just as bad as
> > lots of GOTO -- often when having to write something like that I will
> > have a GOTO (in
>
> Good code uses Exceptions and try catch for that kind of scenarios.
>

Marco,

Do you know of any research (Human Factors, Bug Analysis, etc.) that
supports this? I'm certainly not saying that your assertion is incorrect.
However, I'm starting to compile relevant research related to this topic.

Thanks,

Adam


-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Headers on smart phone browsers

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 12:58 AM, Paul M Foster wrote:

> This is sort of obliquely related to PHP.
>
> I don't have a smart phone, but I need to know a couple of things:
>
> 1) Do smart phones use the same browsers as the desktop, or do they have
> their own stripped down versions of browsers?
>

Both, although more and more smart phones join the ranks of the
desktop-quality browser every day (iPhone and Android both have very
capable browsers, with the iPhone's omission of flash support being the
biggest difference between these two.)


>
> 2) When a browser broadcasts its header telling the server what kind of
> browser is involved, do they broadcast anything in the header to
> indicate that they're being run on a smart phone?
>

Yes, but that gets complicated quickly:
http://www.zytrax.com/tech/web/mobile_ids.html


>
> 3) Bonus question: Is there a preferred method amongst coders to
> determine what type of environment is being browsed from, so as to serve
> up the proper type of page (desktop or smart phone version of a
> webpage)?
>

To supplement the alistapart link already mentioned, here's another recent
writeup:
http://dev.opera.com/articles/view/how-to-serve-the-right-content-to-mobile/

I develop mobile games and websites, and I never use the User Agent to
alter site/presentation. Media queries and types are the way I handle this
(sometimes creating separate mobile resources, but most of the time
creating designs that adapt accordingly.)

All this to say, I don't use PHP to handle this aspect of the development.

Adam


-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: Re: [PHP] Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 11:58 AM, Tim Streater  wrote:

> On 06 Feb 2012 at 09:48, Adam Richardson  wrote:
>
> > On Mon, Feb 6, 2012 at 4:25 AM, Adam Richardson  >wrote:
> >
> >> On Mon, Feb 6, 2012 at 4:07 AM, Tim Streater 
> wrote:
>
> >> I disagree that the nested function is a straw-man. I (just as the other
> >> authors I'd linked to describing the "arrow" pattern of code) have seen
> >> plenty of examples of similar code.
>
> I guess what I meant was, that I'd never have written it that way in the
> first place, so as an example it felt contrived. Amateurs or people with no
> training (in particular physicists at CERN 40 years ago) should be kept
> well clear of the goto. I'd probably write your function like this:
>
> function val_nested ($name = null, $value = null, $is_mutable = false)
>  {
>
>  static $values   = array();
>  static $mutables = array();
>
>  if  ($name===null)  return $values;
>
> if  ($value===null)  return isset($values[$name]) ? $values[$name] :
> null;
>
> if  (isset($values[$name]))
>  {
>
>   if (!$val_is_mutable = in_array($name, $mutables))// Set
> existing value
>   {
>   $msg = 'The value "' . $name . '" is immutable and has
> already been set to ' . $values[$name] . '.';
>throw new Exception ($msg);
>}
>
>   return $values[$name] = $value;
>
>   }
>
>  if ($is_mutable)  $mutables[] = $name; // Set new
> value
>  $values[$name] = $value;
>
>  return $value;
>
> }
>
>
> I always add blank lines for clarity. Remove those and the above is 30%
> shorter than yours - as far as I could tell, none of the else clauses was
> required.
>
> My approach is:
>
> 1) deal with the trivial and error cases first
>
> 2) deal with the real work next
>
> --
> Cheers  --  Tim
>

Thanks for providing your example, Tim. Bailing early through guard clauses
towards the top of the function body is a nice approach (I used it in my
second example, but I also used conditional grouping and factoring out
functions so I could display all three techniques listed in the post.)

I might try performing some experiments using the different versions of the
code and test for things like:
- Time it takes to add some additional piece of functionality to the code.
- Number of bugs in the revision.
- Time it takes for one to write a new function using only one of the
possible techniques (deep nesting, guard clauses, pulling out functions,
goto, etc.)
- Providing function input and testing accuracy of predicted output

Thanks for the time you've taken to provide your PHP coding preference in
this situation.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 12:09 PM, Larry Martell
wrote:

>
> The source is my own personal experience working for an avionics
> company and working with the FAA to get our code certified under the
> DO-178B standard. I never saw anything that said 'no GOTOs' but that's
> what I was told. I was also told no C++ was allowed nor was any
> recursion. This was important to me, as we had purchased some code
> that was all that (C++, with recursion and GOTOs) and I was given the
> task of rewriting it in C and removing the gotos and the recursion.
>

Now that was probably a lot of work! Interesting that C++ was not allowed.

Thanks for the background information,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 11:28 AM, Larry Martell
wrote:

> On Mon, Feb 6, 2012 at 9:23 AM, Alain Williams  wrote:
> > On Mon, Feb 06, 2012 at 11:12:53AM -0500, Jim Giner wrote:
> >> NO "GO"!
> >> As one who started back in the 70's with old style coding that utilized
> GoTo
> >> in Cobol, Fortran, etc. and had to deal with "spaghetti code" written by
> >> even earlier developers who never considered that someone else would
> have to
> >> maintain their code, I feel strongly that GoTo is not to be used.
> >
> > I remember being faced with spaghetti code 35 odd years ago - yes,
> horrible.
> > But what do we mean by ''spaghetti code'' ? I remember code where every
> 3rd
> > statement was some form of GOTO - yuck!
> >
> > One very desirable feature of code is that it be clear, ie: lucid, able
> to be
> > understood by others. Too many GOTO statements and it is hard.
> >
> > However: a few GOTOs can make things clearer.  Think of a function that
> can fail
> > in several different places (eg data validation, ...).  But it is
> reading a file
> > which needs to be closed before the function returns.  I have seen code
> where
> > some $IsError variable is tested in many places to see if things should
> be done.
> > That is just as bad as lots of GOTO -- often when having to write
> something like
> > that I will have a GOTO (in several places) to the bottom of the
> function that
> > closes the file and returns failure.
> >
> > That is much clearer than extra variables.
> >
> > If I survey my code I find that I use one GOTO in about 4,000 lines of
> code -
> > that I do not find excessive.
> >
> > There are, however, people who consider any GOTO as communion with the
> devil.
> > IMHO: not so - if used sparingly.
>
> Just for another data point, the FAA does not allow gotos in any code
> that goes into an airplane.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Can I have the source for this so I can read the rationale? I'm curious
which language implementation it's referencing (C, Ada, etc.) and what
restrictions the language places on the construct. Again, the PHP version
of the construct is beneficially quite restrictive. For instance, some
people don't like giving programmers access to pointers just because you
can get into so much trouble with them, but I wonder if they'd be concerned
about Go's pointers, which don't allow pointer arithmetic, limiting one are
of potential trouble:

http://golang.org/doc/go_for_cpp_programmers.html#Conceptual_Differences

Interesting.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 10:05 AM, Robert Cummings wrote:

> On 12-02-06 04:07 AM, Tim Streater wrote:
>
>> On 06 Feb 2012 at 07:47, Adam 
>> Richardson>
>>  wrote:
>>
>>  While not purely focused on PHP, I toss this out to the group because I
>>> believe there are some novel, interesting points regarding the potential
>>> benefits of using the goto construct as implemented in PHP:
>>>
>>> http://adamjonrichardson.com/**2012/02/06/long-live-the-goto-**
>>> statement/<http://adamjonrichardson.com/2012/02/06/long-live-the-goto-statement/>
>>>
>>
>> Your val_nested() function looks like a straw-man to me. I've not used a
>> goto since I stopped writing in FORTRAN in 1978, and not missed it [1].
>> Neither do I ever have deeply nested if-then-else - these are a good source
>> of bugs. I suppose the rest of your article might have been dealing with
>> simplifying val_nested() but TBH I wasn't interested enough to find out.
>>
>> [1] Not quite true - a Pascal compiler I once had to use in 1983 lacked a
>> return statement, so I had to fake it by putting a 999: label at the end of
>> the function and goto-ing to that.
>>
>
> Goto has it's uses, demonizing it due to the poor implementation and
> misuse of it's same-named historical counterparts is an exercise in
> closed-mindedness. Goto can really shine in parsers and various other
> scenarios. While the example shown may be contrived it doesn't miss the
> point. Since goto cannot jump out of the function nor jump into the
> function it is well constrained to provide readability while eliminating
> complexity. Additionally, it is quite likely that it is more optimal. A
> single jump target versus one or more state variables to control nested
> conditionals or loops results in faster execution (also important for
> parsers).
>
> I've had a strong opinion on goto for a very long time. I was one of the
> proponents who argued on internals for its inclusion several years ago. I
> stand by its utility and refer the reader to the fact that many open source
> projects, especially ones that use some kind of parser, have goto hidden
> within their implementation. You can find it in the C code for the PHP,
> MySQL, and Apache to name a few easily recognizable projects.
>
> Cheers,
> Rob.

All excellent points, Robert.

Tim mentioned that my example was a straw-man, and you mentioned it was
contrived. Actually, it's a refactoring of a real function in my web
framework that I've committed to trunk and going to use for a while (it's
functionally inspired, and having the ability to store and retrieve
immutable values is quite handy in this situation.)

I like experimenting with different approaches (my background is in
cognitive psychology), and there's certainly research to show that deeply
nested ifs are problematic, cognitively speaking. Then, there are the other
techniques mentioned in the blog post to deal with them (guard clauses,
pulling out functions, grouping conditions), but they have they're issues,
too, in terms of processing (they can hurt proximity of related concepts,
forcing programmers to work against the mental model they've built up of a
problem, etc.) There are going to be issues with the goto approach I took
to refactoring the function, too, but I'm keenly interested in playing
around with it a while and letting the evidence accrue over time. I've read
many, many sources that seem to reject ANY approach using GOTO even without
properly evaluating its use within a language like PHP that offers some
beneficial restrictions.

Thanks for the insights (and I'm glad you pushed for the construct :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 4:25 AM, Adam Richardson wrote:

> On Mon, Feb 6, 2012 at 4:07 AM, Tim Streater  wrote:
>
>> On 06 Feb 2012 at 07:47, Adam Richardson  wrote:
>>
>> > While not purely focused on PHP, I toss this out to the group because I
>> > believe there are some novel, interesting points regarding the potential
>> > benefits of using the goto construct as implemented in PHP:
>> >
>> > http://adamjonrichardson.com/2012/02/06/long-live-the-goto-statement/
>>
>> Your val_nested() function looks like a straw-man to me. I've not used a
>> goto since I stopped writing in FORTRAN in 1978, and not missed it [1].
>> Neither do I ever have deeply nested if-then-else - these are a good source
>> of bugs. I suppose the rest of your article might have been dealing with
>> simplifying val_nested() but TBH I wasn't interested enough to find out.
>>
>
> I disagree that the nested function is a straw-man. I (just as the other
> authors I'd linked to describing the "arrow" pattern of code) have seen
> plenty of examples of similar code.
>
> PHP provides a restricted implementation of the goto construct that, in my
> opinion, can hold great value for developers.
>
> Thanks for the feedback,
>
> Adam
>

Tim,

One quick follow-up. I'd thoroughly enjoy viewing a refactored version of
the val_nested() function from you (or anyone one else on the list) to see
the techniques PHP users tend to use to avoid the deep nesting.

That would be very useful in terms of properly evaluating the range of the
possible refactoring options and PHP user preferences.

Thanks again,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Long Live GOTO

2012-02-06 Thread Adam Richardson

On Mon, Feb 6, 2012 at 4:07 AM, Tim Streater  wrote:

> On 06 Feb 2012 at 07:47, Adam Richardson  wrote:
>
> > While not purely focused on PHP, I toss this out to the group because I
> > believe there are some novel, interesting points regarding the potential
> > benefits of using the goto construct as implemented in PHP:
> >
> > http://adamjonrichardson.com/2012/02/06/long-live-the-goto-statement/
>
> Your val_nested() function looks like a straw-man to me. I've not used a
> goto since I stopped writing in FORTRAN in 1978, and not missed it [1].
> Neither do I ever have deeply nested if-then-else - these are a good source
> of bugs. I suppose the rest of your article might have been dealing with
> simplifying val_nested() but TBH I wasn't interested enough to find out.
>

I disagree that the nested function is a straw-man. I (just as the other
authors I'd linked to describing the "arrow" pattern of code) have seen
plenty of examples of similar code.

PHP provides a restricted implementation of the goto construct that, in my
opinion, can hold great value for developers.

Thanks for the feedback,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

[PHP] Long Live GOTO

2012-02-05 Thread Adam Richardson

Hi,

While not purely focused on PHP, I toss this out to the group because I
believe there are some novel, interesting points regarding the potential
benefits of using the goto construct as implemented in PHP:

http://adamjonrichardson.com/2012/02/06/long-live-the-goto-statement/

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] differences in between these env. variables

2012-01-29 Thread Adam Richardson

On Sun, Jan 29, 2012 at 11:38 AM, Tedd Sperling wrote:

> On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote:
>
> > On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling 
> wrote:
> > On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
> >
> > > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
> >
> > Was this every answered? I would like to know.
> >
> > Cheers,
> >
> > tedd
> >
> > Yep, can be different:
> >
> http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri
> >
> > Adam
>
> I should have been more clear -- I understand:
>
> [PHP_SELF] => /test.php/foo/bar
> [SCRIPT_NAME] => /test.php/
>
> by practice is different.
>
> I should have used basename() in my question.
>
> The main point I was trying to get was which one is more secure and not
> subject to cross-site scripting or other such security issues?
>
> IOW, if you had to bet your life on it, which would be most secure in
> reporting an accurate basename()?

That's an interesting question.

Because $_SERVER['SCRIPT_NAME'] doesn't include path info appended to the
get request, it greatly limits the attack surface, so I try to use it when
I can. However, there are times when you want the ability to pass in
additional path info (e.g., pretty urls), and that makes
$_SERVER['PHP_SELF'] quite useful.

In terms of securely using $_SERVER['PHP_SELF'], the one thing I don't ever
recommend is trying to sanitize input (this view is in stark contrast to
some of the resources online that detail how to safely use
$_SERVER['PHP_SELF'] through a combination of techniques including
sanitization.) I suggest that any time script receives that doesn't meet
its expectations, the script should throw away the data and kindly
communicate to the user that they'll have to try the request again with
valid data.

To use $_SERVER['PHP_SELF'] safely, the most important thing is context. In
order for an XSS attack to succeed, it has to sneak in data that is
structurally meaningful in the context of its use. If the web page outputs
$_SERVER['PHP_SELF'] in an href such as the one below, then a double quote
(or any of its possible encodings which buggily sneak through older
browsers, but modern browsers seem to have corrected many of these issues)
must be escaped:

// if a double quote comes through PHP_SELF here and is not escaped, we're
in trouble
//
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.232_-_Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes
Link back to this page

So, in the above case, I would first filter the PHP_SELF value through a
regex that establishes a whitelist of valid values and/or characters (if
you know all the possible paths of your app ahead of time, make sure
there's a match; if you know that the path info only includes letters a-z,
make sure there are they are the only characters you allow; etc.), and then
for valid input, escape the output using htmlspeciachars().

NOTE: Developers who fail don't use quotes on attributes would have to be
much more careful and escape several other characters in the above example.

That all said, if PHP_SELF was being echoed out into a script tag, the
above technique would be insufficient to protect against XSS, as the
content of the script tag has many more structurally meaningful characters
that have to be watched for and escaped.

So, it really varies by the context of use. I'd use SCRIPT_NAME where I
don't need the path info (but I'd still likely whitelist it's possible
values and escape it's output.) And, if I needed the path info, I'd
whitelist the possible PHP_SELF values and then escape the output according
to the context.

That all said, if my life depended on security of the app, I'd probably be
very slow to put up any web pages, as the amount of testing and auditing
I'd want to perform would be on the scale of years ;)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] differences in between these env. variables

2012-01-27 Thread Adam Richardson

On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling wrote:

> On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
>
> > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
>
> Was this every answered? I would like to know.
>
> Cheers,
>
> tedd
>

Yep, can be different:
http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Date function kill lots time !

2012-01-04 Thread Adam Richardson

On Wed, Jan 4, 2012 at 11:07 PM, xucheng  wrote:

> hi all,
>   I have a webapp which track visitors, and use xhprof for profiling my
> codes .
>   After reading some reports produced by xhprof, i found that function
> Date() kills most time of my app !
>   how can this happen ? Is this function has some internal issue that i
> should kown ?
>   Any comment appreciate ! thanks !
>
> --
> RTFSC - Read The F**king Source Code :)!
>


Did you set the timezone? If not, PHP raises a notice, which causes
terrible performance (see the comment at the bottom):
https://bugs.php.net/bug.php?id=39968

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: Preferred Syntax

2011-12-16 Thread Adam Richardson

On Fri, Dec 16, 2011 at 11:53 PM, Eric Butera  wrote:

> To all the people who responded to this thread:
> It is 2011 - please stop writing code like this.
>
> To the OP:
> I'm glad you're asking questions and realizing you're not happy with
> your current abilities and suspect there's a better way.  I've read
> the replies in this thread and feel a bit let down.  Use a templating
> language - yes, I understand that is what php is for - but I won't go
> into it.  You should not be echoing, printing, or any other method of
> concatenating html dealing with escaping quotes inside your php logic
> code.  Please separate your concerns.
>
> Not sure what that means?  That's OK!  If you want to move forward,
> look up how modern frameworks deal with this issue using their views
> or template views.  You don't have to use a framework if you do not
> want to, that's perfectly fine.  If it works, it works.  But in the
> end, it the separation of logic and html is essential to code
> maintenance.

Eric,

There are many posters to this list, and there exists a broad range of
programming styles and abilities. I'll bet you're a competent programmer,
and that you've worked hard to hone your craft. It takes passion and drive
to improve one's skill set. However, I'd encourage you to focus that
passion on the list in a way that facilitates the growth of those with
questions whilst staying true to their current, specific needs.

Frankly, every answer on the list could begin with the suggestion that they
just use a framework. The list is here to help build up the entire skill
set of PHP developers.

Let's reexamine the original post:

Hello all.
> Can someone tell me which of the following is preferred and why?

Use of the word "Which" implies that there were a closed set of options
they wanted to consider, although we did offer some others, but they all
stayed relatively true to his original options.

>
>  echo " href='/mypage.php/$page_id'>$**page_name";
>  echo " href='/mypage.php/".$page_id."**'>".$page_name."";

Simple.

Please note there is no logic anywhere in this example. PHP is truly
serving merely as a templating language here. So, while I agree with the
general notion that logic should not be intermingled with markup, this
particular example does not serve as the anti-pattern you suggest.

Also, note that we aren't sure where the $page_id and $page_name variables
are coming from. In instances where these are set manually within the
script (like a view variables at the top of the page), there's no need to
escape anything. That said, you're right, if the data is coming from
somewhere else, escaping should happen, but there's not enough information
to infer that, as you say, "You should not be echoing, printing, or any
other method of concatenating html dealing with escaping quotes inside your
php logic code."

>
> When I come across the above code in line 1, I have been changing it to
> what you see in line 2 for no other reason than it delineates out better in
> BBEdit.  Is this just a preference choice or is one method better than the
> other?

The above statement suggests there's an existing codebase that was being
worked through. In this light, the answers mostly focused on answering the
OP's original question, realizing that this was existing code that he was
refactoring lightly as he goes.

This is not to say that I disagree with all that you said, as I actually
developed my own framework that:

   - Cleanly separates PHP from HTML to avoid the intermingling of logic
   and presenation:
   http://nephtaliproject.com/documentation/markup/
   - Automatically handles output escaping, input validation:
   http://nephtaliproject.com/documentation/examples/contact.php
   - And lots of other features that coincide with the general focus of
   your words.

Given that work, I think it's fair to say that I do agree with several of
your general points for web development overall. However, this question
wasn't a big picture question on how to do web development with PHP. It was
a simple question that was answered in a helpful, specific manner by
several on the list.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Preferred Syntax

2011-12-14 Thread Adam Richardson

On Wed, Dec 14, 2011 at 7:59 AM, Rick Dwyer  wrote:

> Hello all.
>
> Can someone tell me which of the following is preferred and why?
>
>  echo " href='/mypage.php/$page_id'>$**page_name";
>
>  echo " href='/mypage.php/".$page_id."**'>".$page_name."";
>
> When I come across the above code in line 1, I have been changing it to
> what you see in line 2 for no other reason than it delineates out better in
> BBEdit.  Is this just a preference choice or is one method better than the
> other?
>

I prefer sending arguments to the echo language construct (note, if you
send more than one argument, you can't use parentheses.) I perceive this
usage to be a clean presentation of the code's intent, easy to use in most
IDE's, and it's very fast relative to the other options:

echo "$**page_name";

echo "".$page_name."";

echo "", $**page_name, "";

And, for longer lines, I'll often break it up into separate lines by
argument like below:

echo
"",
$**page_name,
"";

That all said, I don't change code that uses another convention, as I think
it's most beneficial to stay with the established conventions in any
codebase (unless you're establishing a new convention and refactoring the
entire code base.) This is just my general preference, and I don't believe
there is consensus as to the most appropriate.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] mcrypt_encrypt help needed

2011-11-30 Thread Adam Richardson

On Wed, Nov 30, 2011 at 4:25 PM, Matijn Woudt  wrote:

> On Wed, Nov 30, 2011 at 10:18 PM, Adam Richardson 
> wrote:
> > On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt  wrote:
> >
> >> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer 
> wrote:
> >> > Hello all.
> >> >
> >> > I am using the following function to encrypt a string:
> >> >
> >> > define('SALT', 'myvalueforsalthere');
> >> >
> >> > function encrypt($text)
> >> > {
> >> >return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> >> > $text, MCRYPT_MODE_ECB,
> >> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> >> MCRYPT_MODE_ECB),
> >> > MCRYPT_RAND;
> >> > }
> >> >
> >>
> >> Can you post your decrypt function too?
> >>
> >> You create a random IV here, don't you need that IV to decrypt too?
> >>
> >>
> > You're normally right, Matijn,
> >
> > However, ECB mode doesn't use an IV, so even though he's generating an
> IV,
> > it's not being used (and, the benefit of an IV is one of the main reasons
> > you try to avoid ECB.)
> >
> > Adam
>
> Ah, I see, you're right. I thought he was using CBC (which I would
> recommend).
> That also means that example #1 is wrong at mcrypt_encrypt help page[1].
>
> Matijn
>
> [1] http://php.net/manual/en/function.mcrypt-encrypt.php#example-884
>

Nice catch in the documentation, Matijn. While it will encrypt and decrypt
successfully, the IV isn't being used, so it would seem to be a better
illustration of use of someone switched the mode to one that's using the IV.

Someone with access to the documents want to make the change to one of the
other modes (as Matijn pointed out, CBC is pretty common?)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] mcrypt_encrypt help needed

2011-11-30 Thread Adam Richardson

On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt  wrote:

> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer  wrote:
> > Hello all.
> >
> > I am using the following function to encrypt a string:
> >
> > define('SALT', 'myvalueforsalthere');
> >
> > function encrypt($text)
> > {
> >return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> > $text, MCRYPT_MODE_ECB,
> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB),
> > MCRYPT_RAND;
> > }
> >
>
> Can you post your decrypt function too?
>
> You create a random IV here, don't you need that IV to decrypt too?
>
>
You're normally right, Matijn,

However, ECB mode doesn't use an IV, so even though he's generating an IV,
it's not being used (and, the benefit of an IV is one of the main reasons
you try to avoid ECB.)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] mcrypt_encrypt help needed

2011-11-30 Thread Adam Richardson

On Wed, Nov 30, 2011 at 3:57 PM, Rick Dwyer  wrote:

> Hello all.
>
> I am using the following function to encrypt a string:
>
> define('SALT', 'myvalueforsalthere');
>
> function encrypt($text)
> {
>return trim(base64_encode(mcrypt_**encrypt(MCRYPT_RIJNDAEL_256, SALT,
> $text, MCRYPT_MODE_ECB, 
> mcrypt_create_iv(mcrypt_get_**iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB), MCRYPT_RAND;
> }
>
> and then:
>
> $myval="hello";
> $mayval= encrypt($myval);
>
>
> echo decrypt($myval);
>
> returns "hello" great.
>
>
>
> But when my input string is more complicated I get unprintable characters
> out of the decyrpt side:
>
> $myval="var1=1&var2=2&var3=3";
>
> The above when decrypted will spit out a string of unprintable characters.
> Is encrypt/decrypt choking on the "=" sign?  I tried:
>
> $myval=htmlentities($myval);
>
> But it did not work.  Any help is appreciated.
>
> Thanks,
>
> --Rick
>

Hi Rick,

Can you show us the decrypt function, too (even though it should be just
the reverse order of operations using a decrypt function, I'd just like to
double check it before commenting.) By the way, I wouldn't recommend using
ECB mode unless you have a special circumstance:
http://www.quora.com/Is-AES-ECB-mode-useful-for-anything

Adam

(Sorry for the duplicate, Rick, I forgot to reply all the first time.)

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] delete and recreate

2011-11-09 Thread Adam Richardson

On Wed, Nov 9, 2011 at 10:35 AM, Kirk Bailey wrote:

> So, I want to create a script to delete an old file and create a new one
> which is empty. The script receives a password via query string. The
> obvious methods give me back a very useless 500 error. Any suggestions on
> how to accomplish what I seek?
>
> --
> end
>
> Very Truly yours,
> - Kirk Bailey,
>   Largo Florida
>
>   kniht
>  +-+
>  | BOX |
>  +-+
>   think
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Make sure PHP has the permissions needed to delete and create files in the
directory.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: Writing out errors to a file

2011-11-03 Thread Adam Richardson

On Thu, Nov 3, 2011 at 9:04 PM, Jim Giner wrote:

> Try reading the manual on "set_error_handler".  I've never needed to do
> this
> kind of thing, but this sure looks like something that could do it.
> Basically, I'm imagining that it would open a file handle on some text file
> in some folder, then append a write of mysql_error() to that file and
> probably the line number and such and then close it.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
The combination of set_error_handler() and within the handler using
error_log() works very well.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Friday Distraction

2011-10-28 Thread Adam Richardson

On Thu, Oct 27, 2011 at 10:18 AM, Richard Quadling wrote:

> On 21 October 2011 17:27, Daniel Brown  wrote:
> >I'll get this week's Friday distraction kicked off here with
> > something shared with me by a Facebook friend.  If you're on Facebook,
> > try this.  It's pretty sweet (and safe for work and kids).
> >
> >http://www.takethislollipop.com/
>
> Sweet? SWEET!? What sort of sicko are you???
>
> I've got a deranged nutter hunting me down.
>
> He looks a LOT like you
>
>
>
>
>
> Cool though.
>
>
Well, Daniel,

I'll bet you never thought that your "Friday Distraction" would elicit such
a broad range of responses AND keep the commentary coming right through to
the next Friday.

Nice :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Sequential access of XML nodes.

2011-09-26 Thread Adam Richardson

On Mon, Sep 26, 2011 at 12:24 PM, Richard Quadling wrote:

> Hi.
>
> I've got a project which will be needing to iterate some very large
> XML files (around 250 files ranging in size from around 50MB to
> several hundred MB - 2 of them are in excess of 500MB).
>
> The XML files have a root node and then a collection of products. In
> total, in all the files, there are going to be several million product
> details. Each XML feed will have a different structure as it relates
> to a different source of data.
>
> I plan to have an abstract reader class with the concrete classes
> being extensions of this, each covering the specifics of the format
> being received and has the ability to return a standardised view of
> the data for importing into mysql and eventually MongoDB.
>
> I want to use an XML iterator so that I can say something along the lines
> of ...
>
> 1 - Instantiate the XML iterator with the XML's URL.
> 2 - Iterate the XML getting back one node at a time without keeping
> all the nodes in memory.
>
> e.g.
>
>  $o_XML = new SomeExtendedXMLReader('http://www.site.com/data.xml');
> foreach($o_XML as $o_Product) {
>  // Process product.
> }
>
>
> Add to this that some of the xml feeds come .gz, I want to be able to
> stream the XML out of the .gz file without having to extract the
> entire file first.
>
> I've not got access to the XML feeds yet (they are coming from the
> various affiliate networks around, and I'm a remote user so need to
> get credentials and the like).
>
> If you have any pointers on the capabilities of the various XML reader
> classes, based upon this scenario, then I'd be very grateful.
>
>
> In this instance, the memory limitation is important. The current code
> is string based and whilst it works, you can imagine the complexity of
> it.
>
> The structure of each product internally will be different, but I will
> be happy to get back a nested array or an XML fragment, as long as the
> iterator is only holding onto 1 array/fragment at a time and not
> caching the massive number of products per file.
>
> Thanks.
>
> Richard.
>
>
> --
> Richard Quadling
> Twitter : EE : Zend : PHPDoc
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I believe the XMLReader allows you to pull node by node, and it's really
easy to work with:
http://www.php.net/manual/en/intro.xmlreader.php

In terms of dealing with various forms of compression, I believe you con use
the compression streams to handle this:
http://stackoverflow.com/questions/1190906/php-open-gzipped-xml
http://us3.php.net/manual/en/wrappers.compression.php

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] how catch a warning by file_put_contents() ?

2011-08-19 Thread Adam Richardson

On Sat, Aug 20, 2011 at 1:23 AM, Simon J Welsh  wrote:

> On 20/08/2011, at 4:51 PM, Andreas wrote:
>
> > Hi,
> > I wrote stuff with file_put_contents() in a try{} catch{} and it worked.
> >
> > Then I'd like to check what happens when some error occurs so I
> writeprotected the targetfile.
> > Instead of getting my own message by the catch{} block I got a standard
> warning in the browser.
> >
> > Can't I catch those warnings, too?
> > And why does this function rise a warning when it can't acomplish it's
> task?
> >
> >
> > Samplecode:
> >try {
> >$msg = date ("d.m.Y H:i:s") . 'This should be stored in the
> file.';
> >file_put_contents( '/tmp/exceptions.txt', $msg . "\n",
> FILE_APPEND);
> >}
> >catch ( Exception $e ) {
> >$msg = "Exception " . $e->getCode() . " / " . $e->getMessage();
> >echo "$msg";
> >}
>
> file_put_contents() doesn't throw exceptions. As the note on the exception
> documentation says: "Internal PHP functions mainly use Error reporting, only
> modern Object oriented extensions use exceptions."
>
> If you look at the documentation for its return value (
> http://php.net/file_put_contents), you'll see that false is returned on
> failure.
>
> In this case, a warning makes more sense than throwing an exception anyway.
> A warning can be ignored, either by changing the error_reporting level or
> using the error control operator, whereas an exception must be dealt with or
> execution halts.
> ---
> Simon Welsh
> Admin of http://simon.geek.nz/
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Simon explains the rationale and heritage well.

If, however, you still wish to catch errors as exceptions, you can do so
with code like that below:

function error_handler($errno, $errstr, $errfile, $errline)
{
// must take into account error suppressor (@) and not do anything with them
(they equal 0)
// http://framework.zend.com/issues/browse/ZF-3829
// check against current error_reporting bitmasks
if (!(\error_reporting() & $errno)) {
return true;
} else {
$error_msg = "Error Type (see
http://www.php.net/manual/en/errorfunc.constants.php):$errnoError
Message:$errstrFile:$errfileLine:$errline";
throw new \Exception($error_msg);
}
}

set_error_handler('error_handler');

I just pulled some quick code from my web framework.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] How to sum monetary variables

2011-07-18 Thread Adam Richardson

2011/7/18 Richard Quadling 

> 2011/7/18 Martín Marqués :
> >
> > Any ideas?
>
> For financial values, I use the money type.
>
> I use MS SQL, but PostgreSQL has
> http://www.postgresql.org/docs/9.0/interactive/datatype-money.html
>

The version of PostgreSQL plays a role, too, as at one point the money type
was deprecated (and I still tend to use numeric, even though work has been
done to improve the money type):
http://archives.postgresql.org/pgsql-general/2008-05/msg00979.php
http://www.postgresql.org/docs/8.2/static/datatype-money.html

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] How to sum monetary variables

2011-07-18 Thread Adam Richardson

2011/7/18 Martín Marqués 

> I'm building a table (which is a report that has to be printed) with a
> bunch of items (up to 300 in some cases) that have unitary price
> (stored in a numeric(9,2) field), how many there are, and the total
> price for each item. At the end of the table there is a total of all
> the items.
>
> The app is running on PHP and PostgreSQL is the backend.
>
> The question is, how do I get the total of everything?
>
> Running it on PHP gives one value, doing a sum() on the backend gives
> another, and I'm starting to notice that even using python as a
> calculator gives me errors (big ones). Right now I'm doing the maths
> by hand to find out who has the biggest error, or if any is 100%
> accurate.
>
> Any ideas?
>

Hi,

I've not had issues with PostgreSQL when using the numeric data type. That
said, when you need more precision than PHP's standard handling of floating
points (http://php.net/manual/en/language.types.float.php),  you can use
PHP's BC Math functions to enforce arbitrary precision:
http://www.php.net/manual/en/ref.bc.php

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Linking A C Program Example to PHP

2011-07-10 Thread Adam Richardson

On Sun, Jul 10, 2011 at 5:56 PM, Thomas Dineen wrote:
>
>   I am attempting to link a C Program example to PHP using the
> tutorial shown at the link below:
> http://voloreport.com/making-**a-c-extension-for-php-in-11-**easy-steps
>
>   Everything worked fine up through step 9 in the tutorial:
>
>   Now the problem:
>
>   The example works fine from the command line with either of the
> commands shown below:
>
> php test.php
> php -c /etc/apache2/php.ini test.php
>
>   But the example will NOT work via the web browser on my Apache 2
> (2.2.17) / PHP (5.3.5) Web Server!
>
>
Did you reload or restart apache after making the edits to php.ini? For
example:
$ /etc/init.d/apache2 restart

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] ApiGen - a tool for generating source code documentation

2011-06-29 Thread Adam Richardson

I'll try it on my PHP 5.3 web framework later today. Thanks for working on
this project!

Adam

2011/6/29 Ondřej Nešpor 

> Hi everybody!
>
> We'd like to introduce you our documentation generator - ApiGen 2. We use
> it as a replacement for PhpDocumentor (that is not being developed for more
> than 3 years). You can find it on Github https://github.com/apigen/**
> apigen  along with a comprehensive
> readme (describing its features and command line options). Compared to
> PhpDocumentor, ApiGen si significantly faster and more flexible. Currently
> we are preparing PHP 5.4 support (mainly traits).
>
>
> An interesting feature is that it describes the source using reflection,
> however not the PHP's reflection as you know it. We have developed our own
> library that emulates reflection using the tokenized source code. This
> library may be useful everywhere you need to process the PHP source code and
> don't want to include/require it. You can find it in a separate repository:
> https://github.com/**Andrewsville/PHP-Token-**Reflection
>
>
> You can see some examples here:
> http://andrewsville.github.**com/PHP-Token-Reflection/
> http://api.nella-project.org/**framework/
> http://jyxo.github.com/php/
> http://doc.kukulich.cz/**doctrine/ 
> http://doc.kukulich.cz/**phpunit/ 
> http://doc.kukulich.cz/zend/
>
>
> To install it you can either use our PEAR channel (as described in the
> readme) or simple download it from GitHub.
>
>
> We'd be grateful for any feedback, so if you're interested please give it a
> try a let us know what you think :) Thanks.
>
>
>
> Ondřej Nešpor (and...@andrewsville.cz)
> Jaroslav Hanslík (kukul...@kukulich.cz)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: about php comet

2011-06-03 Thread Adam Richardson

On Fri, Jun 3, 2011 at 3:43 AM, 李白|字一日  wrote:

>
>
> 2011/6/3 Adam Richardson 
>
>> On Fri, Jun 3, 2011 at 2:20 AM, 李白|字一日  wrote:
>>
>>> is there an efficient way to hold the requests while loop is an expensive
>>> way in most cases.
>>
>>
>> You can call sleep(number_of_seconds_to_sleep) within the while loop to
>> lower the cost, so to speak.
>>
> yes, an interrupt will be a better way. currently libevent is in beta
> state, and i don't know if the libevent extension can be used in mod_php to
> implement comet applications.
>

Oh, I see. Yes, I'm not sure I'd try using that extension yet.

>
>>
>>> and i don't know how to notify the holding connections if the change need
>>> to be notify to the holding requests?
>>>
>>
>> Sorry, I'm not sure what you mean here.
>>
>
> please forgive my poor english, i mean we may have projects need
> interaction with mulitple users and the state changes of one user should be
> send to the users involved, like online games chatting rooms.
>

I believe I understand you, now. This could get costly in terms of
resources, and I now better understand your interest in the libevent
extension.

I'd be tempted to write custom C extensions for a web server like nginx,
which naturally handles asynchronous IO. And, in this case, you could even
make use of fast polling instead of long polling, due to the performance of
nginx, such as demonstrated in the this example:
http://amix.dk/blog/post/19414

And, don't worry about your English too much. My Chinese stops after ni hao
;)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: about php comet

2011-06-03 Thread Adam Richardson

On Fri, Jun 3, 2011 at 2:20 AM, 李白|字一日  wrote:

> is there an efficient way to hold the requests while loop is an expensive
> way in most cases.

You can call sleep(number_of_seconds_to_sleep) within the while loop to
lower the cost, so to speak.

> and i don't know how to notify the holding connections if the change need
> to be notify to the holding requests?
>

Sorry, I'm not sure what you mean here.

Let's say you were checking a db table for new rows. When a new row
appeared, you'd break out of the loop and return the data to the page with
the javascript that initiated the request (maybe you're PHP is returning
JSON, XML, or an HTML fragment for the javascript to manipulate.) The
javascript would update the page content and then initiate a new
long-polling request and wait for new data.

writing extension to php is also a very expensive way for me:(
>

I agree with you. That's in part why I suggested that the extension wouldn't
be needed or worthwhile in this case and basic PHP would be a reasonable
solution.

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Re: about php comet

2011-06-02 Thread Adam Richardson

On Fri, Jun 3, 2011 at 1:50 AM, 李白|字一日  wrote:

> any idea?
>
> 2011/5/25 李白|字一日 
>
> > hello,
> >
> > I am every interested in comet applications recently, and sadly found php
> > is very weak in this area.
> >
> > i am just wondering if it is possible to write an extension to extend the
> > ability of the php to easy the way to comet applications?
> >
> > if it possible for php to hold the connect from the client when it is in
> > fast cgi mode or apache mod php mode?
>

Comet can use one of several techniques for low-latency data (
http://cometdaily.com/about/), with the long-polling mechanism to simulate
the realtime pushing of data from the server being a popular option:
http://cometdaily.com/2007/11/15/the-long-polling-technique/
http://en.wikipedia.org/wiki/Comet_(programming)

To my understanding, PHP
itself can accommodate this quite nicely. Merely start an infinite loop that
breaks and returns new data when available. You'll probably have to adjust
your web server settings and php.ini configuration to allow reasonably long
requests for this particular need. However, when requests do time out, it's
not a big deal as the javascript should be set up to reinitiate a new
request if that happens, just as it would if the request returned new data
and closed, giving the appearance of a continuous stream of pushed data.

This all said, if you wanted to write an extension to facilitate long
polling, you could, but given the natural latencies for these requests, I'm
not sure you'd find a significant benefit.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] notices nightmare - looking for a regex solution

2011-06-01 Thread Adam Richardson

On Wed, Jun 1, 2011 at 6:26 PM, Merlin Morgenstern wrote:

> Hi there,
>
> I am working on a pretty huge site with thousands of files with php code.
> Unfortunatelly the app throws a ton of notices du to missing '' in arrays.
> Of course I could simply disable the output on the dev server to surpress
> notices, but I would rather like to get it fixed.
>
> Has somebody a good idea on how to fix this automated somehow with regex?
>
> The vars are right now: $var[element] and should be $var['element']
>
> I was looking into sed, but I was hoping that there is also a way in php.
> Has anybody a hint on how to get the regex done?
>
> I appreciate any help on that.
>
> Best regards,
>
> Merlin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I'd use the DirectoryIterator to work through the site and locate all of the
php files:
http://www.php.net/manual/en/directoryiterator.isfile.php

And, once I find
a file, I'd perform a preg_replace such as below:
$php = '$var[element]';

$re_patterns = array(
'/^(\$[a-zA-Z0-9]+\[)([a-zA-Z0-9]+)(\])$/'
);
$re_replaces = array(
'\1"\2"\3'
);
// preg_replace can return null, so must make sure php isn't lost
echo $php = (($temp_php = \preg_replace($pattern = $re_patterns,
$replacement = $re_replaces, $subject = $php)) !== null) ? $temp_php: $php;

I'm confident you can easily use PHP to do this, and hopefully this info is
enough to get you started.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Script ID?

2011-05-21 Thread Adam Richardson

On Sat, May 21, 2011 at 10:11 AM, tedd  wrote:

> Hi gang:
>
> Okay, so,what's the "best" (i.e., most secure) way for your script to
> identify itself *IF* you plan on using that information later, such as the
> value in an action attribute in a form?
>
> For example, I was using:
>
> $self = basename($_SERVER['SCRIPT_NAME']);
>
> 
>
> However, that was susceptible to XSS.
>
> http://www.mc2design.com/blog/php_self-safe-alternatives
>
> says a simple action="#" would work.
>
> But is there a better way?
>
> What would do you do solve this?
>
> Cheers,
>
> tedd
>

Tedd, I'm sorry for the confusion.

When I referenced that article, I was speaking to Alex as to why it wouldn't
be prudent for you to use PHP_SELF (as he had suggested to avoid an
additional function call) as opposed to what you were currently using,
basename($_SERVER['SCRIPT_FILENAME']).

My point, and the point of the article, was that PHP_SELF requires special
precautions. However, script_filename is not susceptible to this type of
attack, as it does not include data from the user:
http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm

In fact, basename($_SERVER['SCRIPT_FILENAME']), and basename(__FILE__) were
two of the mitigation methods mentioned in the closing of the article.

Try it out on your
server:

PHP_SELF (dangerous)

$_SERVER['SCRIPT_FILENAME']

$_SERVER['REQUEST_URI'] (dangerous)

__FILE__

basename(__FILE__)

basename($_SERVER['SCRIPT_NAME'])

Try to enter the attack vector and you'll see PHP_SELF could be terrible,
but the basename option for script_filename and __FILE__ are immune.

Again, sorry for the confusion.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] a Debate here - How can you check a if a file is a UTF-8 without the BOM using PHP ?

2011-05-21 Thread Adam Richardson

On Sat, May 21, 2011 at 12:10 PM, Eli Orr (Office) wrote:

>
> Dear PHP Gurus,
>
> I have a debate on the following please let me know what is true / false.
>
> I'am using a PHP function *is_UTF_8_file ($file_name) *that I've found as
> part of my PHP 5.3 installation.
> This function checks if the file start with the 3 UTF-8 BOM bytes.
>
> However another guy told me that there is way to detect if a file is a
> UTF-8 without having the BOM at the file start.
> To me it sounds impossible since if you do not have this indication you
> have a stream of bytes that you can never tell 100% if that is UTF-8 or
> else.
>
> Who is rigt here ?
> If there is a Magical function that can detect files without a BOM if they
> are UTF-8 or not please share you knowledge if this
> is not a "NULL" or impossible function as I thought.
>

Here's a great write-up I've got bookmarked (he points out Windows Notepad
automatically determines the encoding):
http://codesnipers.com/?q=node/68

   - If it's an XML file, the structure allows you determine the encoding.
   - For other files, you can encode it as UTF-8 and look for improper
   encodings.


As far as a PHP function that already does this, I'm not aware of it, but
you could make a system call to "file" if your on Linux, as it tries to
automatically determine the encoding:
http://linux.die.net/man/1/file

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] problem in onclick

2011-05-20 Thread Adam Richardson

On Fri, May 20, 2011 at 2:46 PM, tedd  wrote:

> At 9:30 PM +0300 5/20/11, Andre Polykanine wrote:
>
>> Hi Richard, Tedd,
>>
>>   Hey  guys,  you  did  understand  what I meant. I meant you
>> can't  just  go  and  write  a  session  variable  by onclicking it in
>> JavaScript. You need AJAX for that, don't you?
>>
>
> AJAX = JavaScript.
>
>
Well, no, Ajax is the combination of multiple technologies:
http://www.w3schools.com/ajax/default.asp

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] A Review Request

2011-05-19 Thread Adam Richardson

On Thu, May 19, 2011 at 8:51 PM, Alex Nikitin  wrote:

> Hey Adam :)
>
> I devoted entire 3 minutes to glimpsing over the code and showing simple
> ways to fix them, you make excellent points, i simply didnt even look into
> them. You are absolutely correct in saying that sha1 a weak way to do this
> (though it is wy better then md5), ofcourse the propper way to go about
> this is a sha256 hash with a solid salt, however if the salt is stored in
> clear text in code, and it would have to be in this case, granted someone
> gets the said code, the having used the salt adds no security to the hash.
> The whole idea behind is to add a little bit more at each level, so for
> example on your typical php/database setup, salt may be stored in code
> while
> the hash is stored in mysql, having the hash from the database and not
> having the salt makes it nearly impossible to reverse the hash, but if you
> could get both the salt and hash out of the database or in our case the
> code, it is no more secure then a hash by itself.
>
> Hmm that is an interesting bit about php_self, while my implementations
> (while still using php_self) are not exploitable in this fashion, its still
> an interesting concept, no this has not been locked down, as far as i can
> see from a couple of tests just did (briefly). Hmm, i have to reconsider
> how
> i approach PHP_SELF now, i will have to wrap it in htmlentities or
> something, i'll ponder that for now...
>
> In the meanwhile, i think it would be interesting to bounce some of this
> code to have someone else look at it, especially security-wise, it's been a
> bit of a project of mine when i get a few mins, i had to do something about
> it for our Amazon boxes that use rds, as you cant just use b64d, because
> you
> cant add any mysql modules, so i came up with this idea, but i'm not 100%
> satisfied with it atm: http://pastebin.com/tK5tBuiU
>
> Yeah https was going to be my next suggestion, actually why i got back into
> email before heading home and possibly forgetting, however you have to make
> sure you set up the server to be decently secure with it too, disable weak
> crypto there, fix tls renegotiation, etc.
>
> To be honest, at least with session fixation, i didnt look at the "secured
> page" code at all, but yes, a very good suggestion, i usually make a point
> of making it when someone asks me to glimpse at their code that uses
> sessions too, bah, it's been a long day at work, lol. Also i figured that
> Tedd would hopefully start by addressing the first set of things i threw at
> him, and then we can progress into more and more secure solution :)
>
> Tedd, yes you do have to worry about xss, yes with unescaped PHP_SELF you
> can inject code into the form here 
> Also a bit of a pep talk. You can make your code a lot more secure with a
> little bit more work. It would be wrong to stop and not worry about
> security, simply because code splits into two categories, secure and owned,
> there is no grey area, if someone can bypass your security, then no matter
> how simple your code was, it did nothing to stop the attacker, and thus did
> not fulfil its primary duty, in today's web world some security is not any
> better then no security, protecting against regular users is pointless as
> they are not the ones who will try to break your system ;)
> Just my $.02
>

All great points, Alex.

In terms of your pastebin code, you have a succinct, clean coding style
("Strunk & White" would be proud.) If I have some free time this weekend,
I'll try to take a look, for whatever little that's worth :P

Pleasure,

Adam


-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] A Review Request

2011-05-19 Thread Adam Richardson

Hi Alex,

Some nice conversation points, indeed. I do have a few follow-ups below:

On Thu, May 19, 2011 at 3:16 PM, Alex Nikitin  wrote:

> PHP_SELF requires no processing (i.e. there is no need to do basename())
>

Actually, the way Tedd is using the info, PHP_SELF would potentially be
unsafe (unless it's been updated to correct for this type of issue (you'll
see the blog post has it's own security issues with some missing plugins):
http://www.mc2design.com/blog/php_self-safe-alternatives

So, it would require processing either where Tedd performed the processing
-OR- at in the markup to properly escape it.

>
> strcmp is binary-safe, i prefer and  recommend using string-safe comparison
> functions for strings... here is an example of why:
>
> $value = 0;
> if($value=="not zero") {
>echo "oopsie, how did this happen, lets see how this works with strcmp
> (or === which i would advise)";
>if(strcmp($value, "not zero") == 0) {
>echo "You wont see this";
>} else {
>echo "Because strcmp works correctly";
>}
> }
>

This, in general, is a sound practice, although I would certainly advocate
the use of === as opposed to strcmp for performance reasons (as you pointed
out.)

To be fair to Tedd's code, though, I don't believe this would be an issue,
as I believe that the global arrays store the values as strings, so for
example:

$value = $_GET['test_value'];
if($value == "not zero") {
   echo "oopsie, how did this happen, lets see how this works with strcmp
(or === which i would advise)";
   if(strcmp($value, "not zero") == 0) {
   echo "You wont see this";
   } else {
   echo "Because strcmp works correctly";
   }
} else {
   echo "Even if you enter a 0, I'll bet you see me.";
}

You did make several other great points (session hijacking, multiple login
attempts), but to be fair to Tedd, there are many levels of security, and I
doubt he's trying to educate PHP developers with your background. In the
same way that someone's first foray into the world of database access using
PHP likely avoids a 20 table database with complex transactions for atomic
operations and in-memory queues for  eventually consistent data where
performance is a must, I see this as a reasonable first exposure to the
general principles of how one might use the features of PHP to password
protect a group of pages in a site.

There are some forms of data I'd protect with an authentication scheme of
this simplicity (maybe I just have a mileage app that I'm using to keep
track of my weekly running, or maybe my wife has a todo list that she
manages, etc.) However, as you pointed out, the code wouldn't merit use in
situations where a higher security level is desired. Even your changes have
security issues:

   - You're using a weak hash protocol, and not using a salt:

   https://www.owasp.org/index.php/Top_10_2007-Insecure_Cryptographic_Storage
   https://www.owasp.org/index.php/OWASP_Top_10_Threats_and_Mitigations_Exam
   - You don't mention using HTTPS, and session fixation, even if you use
   other techniques (session_regenerate_id after changing auth level, etc.)
   can't be prevented without this (let alone protecting the passwords from a
   man in the middle attack.)

For developers who are first starting to think about a basic form of
authentication, the code is a nice start. Perhaps Tedd could point out the
shortcomings and provide some follow-up examples that provide progressively
higher levels of security. That would be a nice, and I'm sure those on the
list with your background would help on provide feedback on the more complex
examples that progressively help new developers achieve higher levels of
security.

That said, you made some really nice points, and I'm hopeful Tedd considers
them carefully. His site is a nice resource for many PHP developers already
(especially those just starting out), and these changes can only make it
better.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Filtering data not with mysql...

2011-05-18 Thread Adam Richardson

On Wed, May 18, 2011 at 10:46 PM, Adam Richardson wrote:

>
> I'm a security expert by any means, as I've made mistakes in the past that
> have provided education the hard way!
>

Just to be very clear, this is a mistake (as the rest of the sentence
implies), and it should have said:

I'm *not* a security expert by any means, as I've made mistakes in the past
> that have provided education the hard way!


Just another lesson on rushing :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Filtering data not with mysql...

2011-05-18 Thread Adam Richardson

On Wed, May 18, 2011 at 9:18 PM, Jason Pruim wrote:

> Hey Everyone,
>
> Probably a simple question but I wanted to make sure I was right before I
> got to far ahead of my self
>
> I have a form that I am working on and this form will be emailed to the
> recipient for processing (Not stored in a database).
>
> When I store in a database, I simply run all the data through
> mysql_real_escape_string() and it's all good...  Without the database, is it
> just as easy as addslashes($var)? or is there more that needs to be done?
>
> In the end, the info will be echoed back out to the user to be viewed but
> not edited and emailed to someone to add the registration collect money, etc
> etc.
>
> Am I on the right track or do I need to rethink my whole process? :)
>

Security depends on keeping a keen eye on context. You want to always be
sure that your PHP scripts appropriately validate input according to the
context (what cultures or languages are you expecting, what character
encodings, etc.), and you want to escape output according to context. There
are of course many other security issues developers have to watch for, but
these two areas are the source of many of the security issues in web apps,
and it sounds like you're looking for feedback specific to these two
concerns.

In this case it sounds like you'll be outputting user data using HTML, so
the data should be properly escaped for HTML (also focused on context, as
the output can be within a tag, an attribute of a tag, or a url of a tag,
and each situation requires specific escaping.)

Additionally, it sounds like you'll be using the user data in an email, so
you'll have to properly escape the output to avoid email injection.

To deal with the input validation and HTML escaping, I use my framework,
Nephtali, but many other frameworks help you achieve this (including
facebooks' XHP, which is quite clever according to context:
http://www.facebook.com/notes/facebook-engineering/xhp-a-new-way-to-write-php/294003943919),
and the combination of PHP filters and functions like htmlspecialchars(),
urlencode, etc., greatly facilitate rolling your own library if you wish. To
prevent email injection, I use the Zend Framework Email classes, as they're
very powerful, easy to use, and protect against injection.

I'm a security expert by any means, as I've made mistakes in the past that
have provided education the hard way!

In fact, I'll confess that there was a point a few years ago that I'd sent
Rasmus Lerdorf a link to promote my framework (back when it was OOP-based
rather than the functionally inspired, which was a long time ago), and I
thought I'd make a few quick edits just to make it easy for him to view the
source and see how I was handling what I thought was a cool little parallel
processing idea (it really wasn't that cool, I was young and dumb, and the
implementation was slow.) In my haste to add the code, I actually worked
outside of the framework's natural encoding capabilities, and I forgot to
manually handle the validation and encoding (the feature was new enough that
I hadn't yet integrated into the natural flow of processing.)

Alas, because I noted the security focus of the framework, Rasmus ran some
security tests on my site (which performed slowly because of my stupid
parallel idea) and that code that I forgot to manually handle lead to the
reply below:

Given this claim and the fact that you are eating your own dogfood, as

you say, then it is probably a bad sign that you have an XSS on

framework site.

> The site is so slow it is hard to poke it for others, but there is an

obvious one in the  html comment.  You are not

escaping the url correctly there.

It's been said before, but let me say it with meaning: "NOW THAT'S
EMBARRASSING!"

I tried to make a quick little edit, and even though I'd built a framework
that focused on proper validation and escaping, I still forgot to add the
validation and escaping code for one little snippet I told myself I'd get
back to later to manually handle.

*Moral:* Don't rush. Carefully deliberate on the context, both in terms of
the expectations for input AND the nature of output. If you do this, you
eventually will get the level of security you're after (that, and fuzz the
heck out of something before you send it to Rasmus :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] [SPAM] Re: Explode Question

2011-05-18 Thread Adam Richardson

On Wed, May 18, 2011 at 6:42 PM, Michelle Konzack <
linux4miche...@tamay-dogan.net> wrote:

> Hello ad...@buskirkgraphics.com,
>
> since YOU ARE an ADMIN, you should real know abut,
> HOW TO WRITE A NEW MESSAGE and not to hijack a SPAM thread...
>

What?

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Bold links

2011-05-15 Thread Adam Richardson

>
> On Sun, May 15, 2011 at 7:48 PM, tedd  wrote:

At 1:46 PM -0400 5/10/11, Adam Richardson wrote:
>
>> The rest of the list does show you've read a fair amount in the past month
>> (just as others on this list, including me), but what does it do to
>> specifically support your argument?
>>
>
> It was not presented as a list that supported my argument, but rather as a
> list of references I read within the last month -- just to show that I am
> keeping current on a gamut of topics.
>
> While people may debate the use of  and  tags, it is clear that their
> use is not recommended by many -- and that was my point -- and the reason
> why I do not support their use. YMMV.
>
>
>  Again, I greatly respect you, Ted, I have learned much from your posts,
>> and
>> this discussion does not detract from that. However, I want to make sure
>> the
>> developers subscribing to the list will consider the use of the  and
>> 
>> tags as recommended by the W3C in (X)HTML5.
>>
>> Adam
>>
>
> Please provide the reference where the W3C recommends using the  and 
> tags. I would like to read that.

Ted, you said:

> First, never use  -- or  for that matter.

Micky pointed out the changes in HTML5, linking to an HTML5 Doctor Article
noting the new semantics of the  and  tags:

> – http://html5doctor.com/i-b-em-strong-element/

You brought your authority:

> ...my information/position stems from my understanding derived from both
> daily practice and constant reading. In addition to reading links like the
> above (which I read  btw), I also read several list provided by disability
> concerns, such as "webdev.lists.d.umn.edu" being the best. In addition to
> all that, I also read several technical books each week re these subjects.

> For example, within this last month I've purchased and read HTML5 by
> Lawson, Smashing CSS by Meyer, 100 Things by Weinschenk, Learning Web Design
> by Robbins, Designing with the Mind in Mind by Johnson, Forms that work by
> Jarret, Build your own web site the right way by Lloyd, PHP 5.3 by Doyle,
> and Expert PHP and MySQL by Cuniosoa.  That's a lot of reading, -- so I
> think I keep up with what's going on.

I pointed out that many of us read a great deal, and that the one source you
cited specifically covering HTML5 speaks directly to the use of the  (and
) tags within HTML5.

Additionally, let me say that the Lawson-Sharp book you mentioned is a great
read. I also think that HTML5 Doctor (Micky's source) is a great read. HTML
Doctor is a collaboration which includes both Bruce Lawson and Remy Sharp:
http://html5doctor.com/about/

I provided links to the HTML5 spec (draft):

> http://dev.w3.org/html5/spec/Overview.html#the-i-element

http://dev.w3.org/html5/spec/Overview.html#the-b-element

My position can be summarized as below:

   1. I will try to follow the HTML5 spec (as it is now, and with the
   changes that occur when finalized):
   http://dev.w3.org/html5/spec/Overview.html
   2. The HTML5 spec has given semantic meanings to the i and b tags, making
   them media-independent (nice summaries below, including the link Micky
   pointed to initially):
   http://html5doctor.com/your-questions-16/
   http://html5doctor.com/i-b-em-strong-element/
   3. If one works through the other possible options (the spec points out
   many other tags that may be more appropriate) and the b or i tag still is
   the best fit, they should use it.
   4. Of great importance, *I'm not advocating using the b or i tags for
   presentation purposes!* Rather, consistent with my earlier emails, I'm
   advocating their use for the situations outlined in the spec, when the
   semantics can enhance the markup (which is intended to eventually enhance
   the experience of those utilizing text-to-speech software.)

   Many prominent CSS resets have for some time zeroed out the visual
   styling of i and b tags, including Meyer's:
   http://meyerweb.com/eric/tools/css/reset/

   The use of the tag is now one of semantics, NOT PRESENTATION. The spec
   even points out:
   Style sheets can be used to format
i<http://dev.w3.org/html5/spec-author-view/the-i-element.html#the-i-element>
elements,
   just like any other element can be restyled. Thus, it is not the case that
   content in 
i<http://dev.w3.org/html5/spec-author-view/the-i-element.html#the-i-element>
elements
   will necessarily be italicized.

*
*
If you want to chat more about this topic, Tedd, you can email off list or
we can meet up for a beer (although not this week, my wife is expecting any
time ;)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Bold links

2011-05-10 Thread Adam Richardson

Hi Ash,

I want to clarify a couple points.

On Tue, May 10, 2011 at 2:27 PM, Ashley Sheridan
wrote:

>  On Tue, 2011-05-10 at 13:46 -0400, Adam Richardson wrote:
>
> Hi Tedd,
>
> How's it going? I'm very pleased with the emphasis on accessibility you
> bring to the PHP list, but I do believe you're overstating a few points
> below.
> [Omitted for brevity]
>
> I've read this thread right through and I have to agree with Tedd. The new
> HTML5 spec might say it's fine to use  and  now for certain cases, but
> I still would use  and  for the majority of those and other
> markup where else I could.
>

I posted because Ted said "First, never use  -- or  for that matter."
My objection was to that specific statement.

I don't think the spec says it is "fine to use  and  for certain", but
rather it points out appropriate uses of the tags given the (X)HTML5 spec.

> Consider the example which started this thread. It was merely to make part
> of a name bold. Here is how I probably would have marked it up to give it a
> semantic meaning:
>
> John Smith
>

We're not in disagreement here. I specifically pointed out that "You could
choose to use a span tag" in my example. Such would be perfectly acceptable.

The spec even says:

The b <http://dev.w3.org/html5/spec/Overview.html#the-b-element> element
> should be used as a last resort when no other element is more appropriate.
> In particular, headings should use the 
> h1<http://dev.w3.org/html5/spec/Overview.html#the-h1-h2-h3-h4-h5-and-h6-elements>
>  to 
> h6<http://dev.w3.org/html5/spec/Overview.html#the-h1-h2-h3-h4-h5-and-h6-elements>
>  elements,
> stress emphasis should use 
> theem<http://dev.w3.org/html5/spec/Overview.html#the-em-element> element,
> importance should be denoted with the 
> strong<http://dev.w3.org/html5/spec/Overview.html#the-strong-element> element,
> and text marked or highlighted should use the 
> mark<http://dev.w3.org/html5/spec/Overview.html#the-mark-element>
>  element.

There's a similar caveat for the  tag, too. That said, if I was going to
add the semantics you suggested, I'd probably use the hCard standard to
facilitate the acquisition of this meta information:

  John
  Robert
  Smith

But it's here that we diverge I believe, as I believe that if I've exhausted
the alternatives, as in the case of the examples included in the spec, one
can appropriately use a  tag. And, I also see appropriate uses for the
 tag in light of the spec.

> Easy to style however I wanted, easy to read the code and infer the
> meaning, and I believe there are things out there which digest content and
> make rudimentary attempts to decipher the meaning from simple classes such
> as these. In-fact, it was from simple class definitions like these that led
> to the creation of the new tags in HTML5 such as  and .
>

Absolutely right! Class names are very helpful. The spec even points out for
the  that:

Authors can use the
class<http://dev.w3.org/html5/spec/Overview.html#classes> attribute
> on the i <http://dev.w3.org/html5/spec/Overview.html#the-i-element> element
> to identify why the element is being used, so that if the style of a
> particular use (e.g. dream sequences as opposed to taxonomic terms) is to be
> changed at a later date, the author doesn't have to go through the entire
> document (or series of related documents) annotating each use.

And, I would also point out that it was these same classes that you noted
for footers and navs that lead to the change in the  and  tags.

I feel it's only a matter of time before more tags are added to the mix
> (within limits of course, we don't want to remember a list of a million tags
> every time we fire up our editors to create something!) to make things even
> more semantic. For me, accessibility is only a hop away from semantics, so I
> try to avoid what I consider "bad" markup wherever I can. Although, as
> others have said, what is bad is largely, in part, down to user preference.
>

I agree. That said, it sounds like we might differ in the perceived value of
the  and  tags for semantics and accessibility. When I read the
(X)HTML5 spec, especially for the  tag (see quoted text below), I see
great hope for improving the user experience of those using text-to-speech
software. I hear the speaker using different styles of speech to reflect
 tags,  tags, AND  tags in ways that make me excited for the
future of accessibility. That is why I believe there are times for the
appropriate use of  and  tags.

The i <http://dev.w3.org/html5/spec/Overview.html#the-i-element> element
> represents <http://dev.w3.org/html5/spec/Overview.html#represents> a span
> of text in an alternate voice

Re: [PHP] Bold links

2011-05-10 Thread Adam Richardson

Hi Tedd,

How's it going? I'm very pleased with the emphasis on accessibility you
bring to the PHP list, but I do believe you're overstating a few points
below.


> So, allow me to bring mine -- my information/position stems from my
> understanding derived from both daily practice and constant reading. In
> addition to reading links like the above (which I read  btw), I also read
> several list provided by disability concerns, such as "
> webdev.lists.d.umn.edu" being the best. In addition to all that, I also
> read several technical books each week re these subjects.
>

I'm thankful you've had the chance to inform your perspective on
development.


> For example, within this last month I've purchased and read HTML5 by
> Lawson, Smashing CSS by Meyer, 100 Things by Weinschenk, Learning Web Design
> by Robbins, Designing with the Mind in Mind by Johnson, Forms that work by
> Jarret, Build your own web site the right way by Lloyd, PHP 5.3 by Doyle,
> and Expert PHP and MySQL by Cuniosoa.  That's a lot of reading, -- so I
> think I keep up with what's going on.
>

Of the above books, which actually speaks to semantically appropriate
markup, and of that subset, which actually references the rationale for the
change in semantics of the  tag? And, of that subset, which argues
against using the  and  tags as recommended in the editors draft?

I know that the Lawson book you mentioned references the  tag on 59, but
it does not disparage it's use (rather, it provides an example of the
appropriate use under (X)HTML5.) So that source would seem to support the
use of the  when semantically appropriate, just as Pilgram's book does.

The rest of the list does show you've read a fair amount in the past month
(just as others on this list, including me), but what does it do to
specifically support your argument?


> While it is true that html5 brought back tags such as  and , but it
> has also brought back  for presentation. I leave the reader (and the
> future) to judge the wisdom of that decision.
>

The discussion is not about the table element's role attribute in (X)HTML5,
the discussion was centered on the specific change to the meaning of the 
tag. Even if the table tag implementation is questionable, that does not
mean all of the new semantics for the  are questionable. Each feature
stands on its own merits.


> I think we all realize the problems that these tags bring to the table (no
> pun intended). We can either continue to resolve the problems they present
> or we can resort back to the way things were.
>

Again, the  tag was not the discussion. How would you markup text
that should be "stylistically offset from the normal prose without conveying
any extra importance...?" You could choose to use a span tag. However, I
would, following the W3C quote above, choose to use the  tag as HTML5
becomes better supported.


> As for me, I choose to never use  and  for anything PERIOD and to
> speak out against their use whenever I can. As for  in presentation,
> I am still undecided. While I would never use tables for the presentation of
> text, I often use simple tables (i.e., no nesting) for holding forms
> together. However, I am leaning toward not using tables for that either.
>

I believe you have some  tags in your site.

The world is changing and I don't think any organization can dictate what is
> the right/wrong way to do anything. But the good thing here is that we are
> left to our own judgement as to what we support and what we condemn. In my
> judgment, the  and  tags present more problems than they solve so I
> will continue to not use those tags and speak against them.


Our own judgement AND the standards set out there by the community of
professional web developers. The W3C is clearly moving to standardizing a
new use for the  and  tags, and I will try to follow the standard, as
other software developers (including those who develop screen readers) will
do to try and improve the user experience.

Again, I greatly respect you, Ted, I have learned much from your posts, and
this discussion does not detract from that. However, I want to make sure the
developers subscribing to the list will consider the use of the  and 
tags as recommended by the W3C in (X)HTML5.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Bold links

2011-05-09 Thread Adam Richardson

On Mon, May 9, 2011 at 5:56 PM, tedd  wrote:

> At 1:39 PM -0400 5/7/11,  wrote:
>
>> >   get_currentuserinfo();
>>
>>   echo 'Welcome  ' . $current_user->user_firstname . "\n";
>>   echo '' . $current_user->user_lastname . "\n";
>> ?>
>>
>> Richard L. Buskirk
>>
>
> Really?
>
> How does the blind via readers, such as JAWS, understand what a  is?
>
> First, never use  -- or  for that matter.
>
> Second, use  or  instead. Readers can understand and render
> STRONG and EMPHASIZED text, but not  and  text -- those tags mean
> nothing and that's the reason why they are not encouraged for use and even
> removed from XHTML.
>
> Third, if neither of those tags (i.e.,  or  ) work for you,
> they try using a class (or an id) with a css rule of:
>

Ted is right that the teaching in (X)HTML for the past several years has
been to avoid use of  and  tags, essentially replacing them with
 and  tags, respectively.

However, (X)HTML5 is changing the semantics of the  and  tags so
they're use is again being encouraged (when appropriate):
http://dev.w3.org/html5/spec/Overview.html#the-i-element
http://dev.w3.org/html5/spec/Overview.html#the-b-element

The intention is
to improve the semantics available to web developers, with one of the hopes
being that these nuanced differences will eventually enhance the experience
of those who are using screen readers.

So, while I don't necessarily recommend using a lot of  and  tags now,
it's likely that in the near future their use will again be encouraged as
HTML5 becomes better supported.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] str_replace

2011-04-24 Thread Adam Richardson

On Sun, Apr 24, 2011 at 11:44 AM, Ron Piggott <
ron.pigg...@actsministries.org> wrote:

>
> I am trying to figure out a syntax that will replace each instance of %
> with a different letter chosen randomly from the string $puzzle_filler.
> $puzzle_filler is populated with the letters of the alphabet, roughly in the
> same ratio as they are used.
>
> This syntax replaces each instance of % with the same letter:
>
> $puzzle[$i] = str_replace ( "%" , ( substr ( $puzzle_filler , rand(1,98) ,
> 1 ) ) , $puzzle[$i] );
>
> Turning this:
>
> %ECARBME%TIPLUP%%%E%%
>
> Into:
>
> uECARBMEuTIPLUPuuuEuu
>
> Is there a way to tweak my str_replace so it will only do 1 % at a time, so
> a different replacement letter is selected?
>
> This is the syntax specific to choosing a replacement letter at random:
>
> substr ( $puzzle_filler , rand(1,98) , 1 );
>
> Thanks for your help.
>
> Ron
>
> The Verse of the Day
> “Encouragement from God’s Word”
> http://www.TheVerseOfTheDay.info
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Quick guess trying to be fairly performant:

function fill_puzzle($puzzle, $puzzle_filler) {
$puzzle_length = strlen($puzzle);
$puzzle_filler_length = strlen($puzzle_filler);
 for ($i = 0; $i < $puzzle_length; $i++) {
if ($puzzle[$i] == '%') {
$puzzle[$i] = $puzzle_filler[mt_rand(0, ($puzzle_filler_length - 1))];
}
}
 return $puzzle;
}

echo fill_puzzle($puzzle = "%ECARBME%TIPLUP%%%E%%", $puzzle_filler =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ");

Happy Easter :)

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] email w/attachments

2011-04-17 Thread Adam Richardson

On Sun, Apr 17, 2011 at 10:26 PM, tedd  wrote:

> Hi gang:
>
> Anyone have an email script that allows attachments they would share?
>
> I've been trying to figure this out and everything I've tried has failed.
> I've looked at over a dozen scripts that don't work. I'm about to pull out
> what hair I have left.
>

I use the Zend Framework for almost all email capabilities within my
scripts:
http://framework.zend.com/manual/1.0/en/zend.mail.attachments.html

Nice documentation, well tested, and often times I'll end up using one of
the other components in the framework before I'm done, anyway, so it's nice
to have the framework sitting on the server ready to go (and, if desired,
you can send emails using SMTP credentials in a snap.)

Additionally, you only have to use what you want of Zend, so I actually use
my own framework for managing the flow of the application, and I just
include the specific Zend files needed in a particular page.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] $_POST vars

2011-04-13 Thread Adam Richardson

On Wed, Apr 13, 2011 at 1:49 PM, Jim Giner wrote:

> Can one create a set of $_POST vars within a script or is that not do-able?
> My display portion of my script utilizes the POST array to supply values to
> my input screen - this works well for the first display of an empty screen,
> and any following re-displays if there's an error in the user's input.  But
> I want to use this same script/screen to display the results of a query
> when
> the user wants to update an existing record.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I'm not sure what you're asking, but you can set the values of the POST
array directly within a script, for instance:

$_POST['new_key'] = 'new_value';

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Security Question

2011-04-08 Thread Adam Richardson

On Fri, Apr 8, 2011 at 3:24 PM, nighthawk1256  wrote:

> hey guys/girls,
>
> whats the best way to learn about security in php?


Here are some relevant topics to consider:

   - Validate input (only accept what you're expecting, via GET, POST, and
   COOKIE, and don't try to fix an invalid value, throw it out.)
   - Use prepared statements (PDO makes this easy and generalizes quite well
   across popular DB's.)
   - Only give the bare minimum permissions required to accomplish a task
   (e.g., I usually have one SQL user account for reads, and one that allows
   for reads and writes.)
   - When errors occur, don't leak important system information to your
   users.
   - Hash passwords (with a salt) that are stored so you're never storing
   the literal value.
   - If you use an authentication system that's implemented with cookies
   (sessions-based or custom), all requests should run over https instead of
   http.
   - Escape output according to context (html, attribute, or url.)

If you google the above topics, you'll find some great sites/blogs that
address these topics in detail.

Adam

P.S. - Or, you can just use my one-file web framework which helps you
automatically address all but the https issue above :) Sorry, it's a Friday
so I couldn't resist the shameless plug.

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] the best 1 book for php

2011-04-06 Thread Adam Richardson

On Thu, Apr 7, 2011 at 12:15 AM, Kirk Bailey wrote:

> If I only had 1 book on php, what would it be?
>
> --
> end
>
> Very Truly yours,
> - Kirk Bailey,
>   Largo Florida
>
>   kniht
>  +-+
>  | BOX |
>  +-+
>   think
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
This is going to sound a little silly, but I'm going to say [drumroll...]

K & R (The C Programming Language)

Let me explain. I've recently reread (most of it anyway) K & R, and the
whole time I was reading I felt like I was studying up on PHP just as much
as C.

There's no language that played a bigger role in the design decisions, and
this is clearly evident when you listen to the core developers. In fact,
even this past week Rasmus said on the PHP Dev list, "Argh! Everyone should
be forced to learn a bit of C. Like many PHP functions, the name and
argument order is right out of libc", a sentiment he's expressed before.

I must admit that I tend to think of PHP as C code that includes garbage
collection of lots of very practical web goodies. And, the book itself is a
gem in terms of clarity, brevity, and sage advice.

So, read (or read again for the umpteenth time) K & R, and then fill in the
gaps with PHP.net. And, on the rare occasion you would need more speed than
your PHP script is providing, you'll be able to write you're own extension
to PHP using it's older brother, C.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Permission Denied - Help Requested

2011-03-29 Thread Adam Richardson

On Tue, Mar 29, 2011 at 8:21 PM, Ethan Rosenberg wrote:

> At 05:33 PM 3/29/2011, Adam Richardson wrote:
>
>> >
>> > Thanks.
>> >
>> > What do you see if you run this?   "Can't open or create file!"
>> >
>> > Ethan
>>
>>
>> OK,
>>
>> If you're running PHP as an Apache module, by default it won't have
>> permissions to write to the directory (this is by design to avoid security
>> issues.) You can do something like the following:
>>
>>
>>   1. Create a directory for writing files outside of your public directory
>>
>>   (let's call it "uploads".)
>>   2. Change the group associated with the directory to Apache:
>>
>>   sudo chgrp -R www-data /home/username/path/to/uploads
>>   3. Change the permissions on the directory so the group has write
>>
>>   permissions:
>>   sudo chmod -R 2775 /home/username/path/to/uploads
>>   4. Then try the script again.
>>
>>
>> See if that works.
>>
>> Adam
>>
>> --
>> Nephtali:  A simple, flexible, fast, and security-focused PHP framework
>> http://nephtaliproject.com
>>
> 
>
> Thanks -
>
> The directory is output_files, which is a subdirectory of /var/www
> I'm getting a message "invalid owner" on the command "chown Apache
> output_files".  Also with the -R option, and with apache as the owner, also
> with the chgrp.  All these commands are run as root..
>
>
> Help and advice please.
>
> Ethan
>
>
Hi Ethan,

I might be missing something.

Did you set up the user Apache? On a standard install for Debian (using
apt-get), apache is usually set up as the user/group www-data:
http://wiki.debian.org/Apache

<http://wiki.debian.org/Apache>The root user typically owns the /var/www
directory. I usually set up virtual hosts within one of the other accounts
and then change the group on a directory outside of the public directory
specifically set aside for uploads and run the commands I sent.

However, in the case of your example, I believe you can just run the 2
commands I sent on the /var/www/output_files directory and you should be
able to write the files.

sudo chgrp -R www-data /var/www/output_files
sudo chmod -R 2775 /var/www/output_files

Hope this helps, and sorry if I misunderstood something in your
configuration or troubleshooting.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Permission Denied - Help Requested

2011-03-29 Thread Adam Richardson

>
> Thanks.
>
> What do you see if you run this?   "Can't open or create file!"
>
> Ethan


OK,

If you're running PHP as an Apache module, by default it won't have
permissions to write to the directory (this is by design to avoid security
issues.) You can do something like the following:


   1. Create a directory for writing files outside of your public directory
   (let's call it "uploads".)
   2. Change the group associated with the directory to Apache:
   sudo chgrp -R www-data /home/username/path/to/uploads
   3. Change the permissions on the directory so the group has write
   permissions:
   sudo chmod -R 2775 /home/username/path/to/uploads
   4. Then try the script again.

See if that works.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Permission Denied - Help Requested

2011-03-29 Thread Adam Richardson

On Mon, Mar 28, 2011 at 11:43 PM, Ethan Rosenberg wrote:

> At 11:14 PM 3/28/2011, Adam Richardson wrote:
>
>> On Mon, Mar 28, 2011 at 11:03 PM, Ethan Rosenberg <> eth...@earthlink.net>eth...@earthlink.net> wrote:
>> At 01:32 AM 3/28/2011, Hans Ã…hlin wrote:
>> Do you have SELinux installed?
>>
>> 2011/3/28 Ethan Rosenberg <<mailto:eth...@earthlink.net>
>> eth...@earthlink.net>:
>>
>> > Dear List -
>> >
>> > Thanks for all your help in the past. Â Here is another one...
>> >
>> > I am getting a Permission Denied" message when I try to run a PHP
>> script. Â I
>> > just changed the mode on the directory and the files to 777. Â This
>> problem
>> > arose when I changed the permissions. Â I thought I was solving a
>> problem,
>> > because I could not open a file for writing. Â I was not receiving error
>> > messages, but no file was created.
>> >
>> > Help and advice, please.
>> >
>> > Ethan Rosenberg
>> >
>> >
>> >
>> **
>> Â Hans Ã…hlin
>> Â Â  Tel: +46761488019
>> Â Â  icq: 275232967
>> Â Â  <http://www.kronan-net.com/>http://www.kronan-net.com/
>> Â Â  irc://<http://irc.freenode.net:6667>irc.freenode.net:6667 - TheCoin
>>
>> **
>>
>>
>> Hans -
>>
>> Sorry, I did not include my signature, which includes all the requested
>> information.
>>
>> Here it is
>>
>> Ethan
>> ==
>> MySQL 5.1  PHP 5.3.3-6  Linux [Debian (sid)]
>>
>>
>> The problem persists.  I cannot write to a file from PHP.
>>
>> Any more suggestions?
>>
>> Thanks.
>>
>> Ethan
>>
>>
>> Hi Ethan,
>>
>> Are you using suPHP or suExec? I believe the server chokes on 777
>> permissions in those cases.
>>
>> Have you checked the permissions in the command line (sorry for the basic
>> question, but just making sure I know what you've already done?)
>>
>> Also, can we see some of the code you're using to handle the file
>> processing?
>>
>> Thanks,
>>
>> Adam
>>
>> --
>> Nephtali:  A simple, flexible, fast, and security-focused PHP framework
>> <http://nephtaliproject.com>http://nephtaliproject.com
>>
>
> +
>
> Adam -
>
> Thanks.
>
>  1] Pardon my ignorance but I do not understand this - Are you using suPHP
>> or suExec?
>>
>
suPHP and suExec are two modules that allow PHP to run with the permissions
of the user, making it easy to write files to disk. However, suPHP (and I
believe suExec, but I can't remember for sure) does not like 777
permissions.




>
> 2] I changed the permissions to 755 and the "Permission Denied" message
> went away.
>

Check!




>
> 3] Have you checked the permissions in the command line? Yes
>

Check!




>
> 4] Here are some code snippets:
>
> $fptr1 = fopen("chessboard", "r+");  //this works
> $fptr2 = fopen('chessboard', 'w'); //this deletes the file, as it should
> for($i = 0; $i <8; $i++)
>{
>for ($j = 0; $j < 8; $j++)
>fprinf($fptr2, "%s ", $results[$i][$j]);
>fprinf($fptr2, "\n");
>
>} //this never writes, so I am left with an empty file


Can you try a simplified form that checks for success along the way? How
about something like the code below to see how far it gets (I haven't
tested, but it should be close):



What do you see if you run this?

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Permission Denied - Help Requested

2011-03-28 Thread Adam Richardson

On Mon, Mar 28, 2011 at 11:03 PM, Ethan Rosenberg wrote:

> At 01:32 AM 3/28/2011, Hans Ã…hlin wrote:
>
>> Do you have SELinux installed?
>>
>> 2011/3/28 Ethan Rosenberg :
>> > Dear List -
>> >
>> > Thanks for all your help in the past. Â Here is another one...
>> >
>> > I am getting a Permission Denied" message when I try to run a PHP
>> script. Â I
>> > just changed the mode on the directory and the files to 777. Â This
>> problem
>> > arose when I changed the permissions. Â I thought I was solving a
>> problem,
>> > because I could not open a file for writing. Â I was not receiving error
>> > messages, but no file was created.
>> >
>> > Help and advice, please.
>> >
>> > Ethan Rosenberg
>> >
>> >
>> >
>> **
>> Â Hans Ã…hlin
>> Â Â  Tel: +46761488019
>> Â Â  icq: 275232967
>> Â Â  http://www.kronan-net.com/
>> Â Â  irc://irc.freenode.net:6667 - TheCoin
>> **
>>
>
> Hans -
>
> Sorry, I did not include my signature, which includes all the requested
> information.
>
> Here it is
>
> Ethan
> ==
> MySQL 5.1  PHP 5.3.3-6  Linux [Debian (sid)]
>
>
> The problem persists.  I cannot write to a file from PHP.
>
> Any more suggestions?
>
> Thanks.
>
> Ethan
>

Hi Ethan,

Are you using suPHP or suExec? I believe the server chokes on 777
permissions in those cases.

Have you checked the permissions in the command line (sorry for the basic
question, but just making sure I know what you've already done?)

Also, can we see some of the code you're using to handle the file
processing?

Thanks,

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Failure in bitwise operations moving from 5.2.x to 5.3.x

2011-03-15 Thread Adam Richardson

On Tue, Mar 15, 2011 at 12:21 PM, Daniel Brown  wrote:

> On Tue, Mar 15, 2011 at 12:18, Adam Richardson 
> wrote:
> >
> > My apologies:
> >
> > Nice detective work ANDY (sorry, Andy, see earlier note about my shabby
> > memory.) I'd just replied to an Alex on another list.
> >
> > Sorry.
>
> Don't be.  He signs his emails as "Alex."  I had to do a
> double-take before, too.  ;-P
>
> --
> 
> Network Infrastructure Manager
> http://www.php.net/
>

Hah!

This was the list with the Alex. Too many lists, too few neurons.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

Re: [PHP] Failure in bitwise operations moving from 5.2.x to 5.3.x

2011-03-15 Thread Adam Richardson

On Tue, Mar 15, 2011 at 12:15 PM, Adam Richardson wrote:

> On Tue, Mar 15, 2011 at 11:50 AM, Andy McKenzie wrote:
>
>> > Now:  I did a little more looking around this morning, and it looks
>> > like I may well run into problems here given that I'm moving from a
>> > 32-bit architecture to a 64-bit architecture.  Bitwise math is still
>> > fairly obscure to me, so it's likely that I'm overlooking something
>> > obvious, but maybe instead of asking "How do I fix this?" I should be
>> > asking "What would the right way to do this have been?"  As I think I
>> > said before, I didn't actually write most of this code, I inherited
>> > it, and as long as the input and output of the class remain the same,
>> > I don't actually care how the work is done.
>> >
>> >
>> > If anyone has any useful input here, I'd appreciate it!
>> >
>> > -Alex
>> >
>>
>> As it turns out, the most important lesson here is:  "Don't trust what
>> anyone tells you."  The old server is 64-bit.  The new server is
>> 32-bit.  Once I stopped to check that myself, it all became clear.
>> For the archives, here's what happened.
>>
>> Everything worked fine until I ran bindec() on the binary netmask;  at
>> that point it returned a float rather than an int, as it it used to.
>> Therefore, when I ran ip2long on the result, it choked, and returned
>> bool(false).  Which isn't really useful when you're trying to produce
>> a human-readable netmask, when you get right down to it.
>>
>> I still don't have a solution that will work on a 32-bit server, but
>> now that I know what's going on, I should be able to either find
>> something that will work, or get things moved to a 64-bit machine.
>>
>>
>> -Alex
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> Nice detective work, Alex.
>
> Thanks for posting this info back to the list. I'm sure some tired-eyed
> developer some time in the future will benefit from having this information
> available in the list archives (it might even be me once my shabby memory
> has lost the index for this valuable info.)
>
> Adam
>
> --
> Nephtali:  A simple, flexible, fast, and security-focused PHP framework
> http://nephtaliproject.com
>

My apologies:

Nice detective work ANDY (sorry, Andy, see earlier note about my shabby
memory.) I'd just replied to an Alex on another list.

Sorry.

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

1 2 3 >

1 - 100 of 287 matches

Mail list logo