Re: [PHP] https question
On Sep 25, 2013, at 2:24 PM, Tedd Sperling wrote: > > I understand that cc processing should be done via https. > > Normally, that means to me that I place my $ scripts in a https directory -- > the problem is that I don't have one with this host. > > So, I am asking how does one do that with a https directory? > > Thanks, > > tedd > ___ > tedd sperling > tedd.sperl...@gmail.com > I'm saying the site should be served entirely under HTTPS. There shouldn't be separate https/http directories. Apache (or whatever your web server is) has a certificate installed on it and that vhost is configured to only respond to https requests. Typically this also means running a separate vhost on http that redirects to the https variant. Where is this new host? It should be a dedicated box (vps or other) due to how the certificates need to be issued (dedicated ip address). Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] https question
On Sep 25, 2013, at 1:55 PM, Tedd Sperling wrote: > Hi gang: > > I have a client who had his entire site moved to another host -- no big > problem. > > However, the old site had a https directory, where I had secure scripts to do > credit-card transactions, but the new site doesn't have a https directory -- > in fact it doesn't even have a http directory at all. So, what options do I > have to do secure transactions? > > I remember someone saying that this could be done via a .htaccess file, but I > don't have the code, nor am I positive this is the answer. > > What do you recommend? > > Thanks, > > tedd Did you setup the server (Apache / nginx) configuration? The entire site should be served under https if you're doing CC processing Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:23 PM, Larry Martell wrote: > On Fri, Sep 20, 2013 at 11:16 AM, Joshua Kehn wrote: >> >> I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned >> to having all my workstations be laptops of one sort or another and they >> have built-in trackpads. Of course I also rarely use the mouse when there >> are so many keyboard shortcuts available. > > When I'm on my MacBook (which is most of the time) I use the trackpad. > But in the unfortunate times I have to be on a Windows box I always > connect a mouse. Slightly snobbish solution: Don't use windows. --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:26 PM, Larry Martell wrote: > On Fri, Sep 20, 2013 at 11:24 AM, Joshua Kehn wrote: >> >> >> Slightly snobbish solution: Don't use windows. > > Unfortunately required to VPN into most of my clients corporate networks. Windows is required to VPN in? I'm guessing they use some proprietary client then? --jk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday's Question
On Sep 20, 2013, at 1:04 PM, Daniel Brown wrote: >I'm in my mid-thirties and - despite having an optical mouse - I > do indeed still use a mousepad. A customized one that the wife did > for me for Christmas one year: images of Futurama, the Cleveland > Browns, Minnesota Vikings, and several aircraft, all surrounding a > picture of her and our daughter. I've found that shiny surfaces - > such as my desk - reflect too much of the laser, causing the mouse to > be far less responsive. > > -- > > Network Infrastructure Manager > http://www.php.net/ I'm in my 20's and rarely, if ever, use a dedicated mouse. I've transitioned to having all my workstations be laptops of one sort or another and they have built-in trackpads. Of course I also rarely use the mouse when there are so many keyboard shortcuts available. Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pass parameter from client to server
Could also use jquery instead Best, -Josh ___ http://byjakt.com Currently mobile On Jul 19, 2013, at 4:08, Tedd Sperling wrote: > > One additional comment. > > Please change the javascript onclick to onchange -- that way the demo will > work for Chrome as well as other Browsers. > > Cheers, > > tedd > > _ > t...@sperling.com > http://sperling.com > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
while true; do curl -X POST --data "field=value&field1=value1" http://myblog.com/comment.php; done Best, –Josh ________ Joshua Kehn | @joshkehn http://joshuakehn.com On Oct 11, 2012, at 4:07 PM, Paul M Foster wrote: > Folks: > > I've been getting spam comments on my personal blog (runs on > self-written PHP blog software). I'd like to test some methods I've > devised to prevent or block it. Does anyone know of a very lightweight > framework for simulating an automated "form fill-out" on a site? > Something where you could just add some code to designate the site for > the "attack" and then what fields you wanted to send? > > This should be a relatively simple task for PHP and curl, but I'm not > really familiar with the headers and that part of the HTTP conversation. > Yes, I know this is a risky question for a public list. Feel free to > contact me privately if you think the answer shouldn't be in the > archives of a public list. Likewise, if you can point me to a source of > quickly absorbable research on the subject. I frankly don't know how I'd > google such a thing. > > Paul > > -- > Paul M. Foster > http://noferblatz.com > http://quillandmouse.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] else if vs switch
Way easier to just use a map. $mapping = array( 'Calgary' => "abc@emailaddress", 'Brooks' => "def@emailaddress", // etc ); $toaddress = $mapping[$city]; Regards, –Josh ____ Joshua Kehn | @joshkehn http://joshuakehn.com On Jun 15, 2012, at 6:20 PM, April Mains wrote: > I have 25 cities and am currently using the following to set the $toaddress > for submitting student pre-registration forms based on the city selected: > > if ($city == "Calgary") { >$toaddress = "abc@emailaddress"; > } elseif ($city == "Brooks") { >$toaddress = "def@emailaddress"; > > and so on. > > > Would using switch statements like the following make any appreciable > difference? > > switch ($city) { >case"Calgary": >$toaddress = "abc@emailaddress"; >break; >case"Brooks": >$toaddress = "def@emailaddress"; >break; > >and so on. > > Is there a more elegant solution? > > Thank you for your help, > > April > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] To ?> or not to ?>
I leave them off of any non-view PHP file. It doesn't have any downsides, and leaving them in can cause problems. Just like short tags! Regards, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Apr 3, 2012, at 5:29 PM, Tedd Sperling wrote: > Hi gang: > > Let me start a religious war -- should one end their scripts with "?>" or not? > > After years of never having a problem with ending any of my scripts with > "?>", I found that several students in my class had scripts that did not > produce the desired result even after they were given the scripts via > highlight_file(") to cut and paste. > > As it turned out, several students copy/pasted the script with an addition > whitespace after the ending "?>" and as such the scripts did not run as > expected. You see, the scripts created image but apparently the image > delivery method objected to the additional whitespace. > > Does anyone have more examples of where scripts will fail IF they end with > "?> " (note the additional space)? > > Cheers, > > tedd > > _ > tedd.sperl...@gmail.com > http://sperling.com > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Turning a string into a condition
Can you explain a more clearly what it is you're trying to accomplish? It sounds like you have a string "$x < $y" in the database that you then replace into a string "4 < 5" which you want to test a conditional on. If this is the case, why are you storing conditionals in the database? Regards, –Josh ________ Joshua Kehn | @joshkehn http://joshuakehn.com On Feb 16, 2012, at 3:31 PM, Marc Guay wrote: > Hi folks, > > I've constructed simple conditions based on DB data and would like to > actually evaluate them with PHP. For example, the coded string "$x < > $y" has been str_replaced into "4 < 5", but now I would actually like > to use that string in an if() statement. I tried eval() but got an > unhelpful error, any thoughts would be welcome. > > Marc > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Problem with date
$pubdate is probably null or something. Regards, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Dec 7, 2011, at 1:48 PM, Jack wrote: > Hello All, > > > > I have a problem where Dates are coming out as 12.31.1969 19:00:00 which of > course we didn't have PC's in 1969 > > I'm not able to see where the date is getting screwed up, any ideas?? > > > > // > > # > > function ShowFeed_RSS($XmlRoot) { > > $title = GetFirstChildContentByPath($XmlRoot, "channel/title"); > > $link = GetFirstChildContentByPath($XmlRoot, "channel/link"); > > $desc = GetFirstChildContentByPath($XmlRoot, "channel/description"); > > # Next 2 lines display the title of the feed, and feed description > > > # echo " href=\"$link\">$title\n"; > > # echo "$desc"; > > $nodelist = GetChildrenByPathAndName($XmlRoot, "channel", "item"); > > if (!$nodelist) return 0; > > foreach ($nodelist as $nl) { > >$title = GetFirstChildContentByName($nl, "title"); > >$link= GetFirstChildContentByName($nl, "link"); > >$desc= GetFirstChildContentByName($nl, "description"); > >$creator = GetFirstChildContentByName($nl, "author"); > > > > #if (!$creator) $creator = GetFirstChildContentByName($nl, > "dc:creator"); > > > > # echo "JACK" . $nl . ""; > > #$pubdate = GetFirstChildContentByName($nl, "pubDate"); > >if (!isset($pubdate)) $pubdate = GetFirstChildContentByName($nl, > "dc:date"); > > #if (!$pubdate) $pubdate = GetFirstChildContentByName($nl, "dc:date"); > >if (isset($pubdate)) $pubdate = strtotime($pubdate); > >if (isset($pubdate)) $pubdate = strftime("%m.%d.%Y %H:%M:%S", $pubdate); > >$out = $creator; > > > >if ( ($creator != "") && ($pubdate != "") ) $out .= " @ "; > > >$out .= $pubdate; > >echo "$title"; > >echo "$out"; > >echo "$desc"; > > # echo "This is not green"; > > > > } > > # this line is after each rss feed group > > # echo "\n"; > > > > } > > > > > > > > Thanks! > > Jack > > >
Re: [PHP] php hide menu
Sounds like a good job for client side JavaScript. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Jun 7, 2011, at 12:40 AM, Chris Stinemetz wrote: > I have three drop down menus in my form. How do I make it so the > second and third menus are only visible once the prior menu was > selected? > > Below is the first two drop down menus. > > Thanks in advance. > > // Generating first menu using array. > $markets = array('MCI' => 'Kansas City', > 'STL' => 'ST. Louis', > 'ICT' => 'Wichita', > 'OMA' => 'Omaha', > 'LIN' => 'Lincoln'); > echo "Choose Market\n"; > foreach ($markets as $key => $market) { > echo "$market\n"; > } > echo ""; > > // This will evaluate to TRUE so the text will be printed. > if (isset($markets)) { >echo "This var is set so I will print."; > } > > > > // Then, later, validating the menu > if (! array_key_exists($_POST['Market'], $choices)) { > echo "You must select a market."; > } > > $query="SELECT cell_sect FROM sector_list order by cell_sect"; > > $result = mysql_query ($query); > echo "Choose Cell Sector"; > // printing the list box select command > > while($cellSect=mysql_fetch_array($result)){//Array or records stored > in $cellSect > echo "$cellSect[cell_sect]"; > /* Option values are added by looping through the array */ > } > echo "";// Closing of list box > > // This will evaluate to TRUE so the text will be printed. > if (isset($cellSect)) { >echo "This var is set so I will print."; > } > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Found this and I thought of you.
Hah! That is an excellent example of why to turn error reporting off when deploying code. Regards, -Josh http:joshuakehn.com Currently mobile On Jun 4, 2011, at 7:34 PM, Richard Quadling wrote: > http://www.exxcire.com/login.php > > If nothing more than a good "bad example". > > -- > Richard Quadling > Twitter : EE : Zend : PHPDoc > @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] about getting a site
On May 28, 2011, at 2:18 AM, Negin Nickparsa wrote: > if i don't have any site can i share my php files in somewhere 4 free? > if yes, what u suggest? Nergin- Several small points. 1. Use correct punctuation. Use capitalization. 2. Don't use phrases like "what u suggest" or "somewhere 4 free" as it will reflect poorly on yourself and cause most people to ignore your request. 3. The best things in life aren't free, if you want something useful you often have to pay for it in some form. 4. Question: By "share" do you mean "host and run?" 5. I am assuming a true flag thrown on point #4; I do not know of any free hosting sites worth mentioning. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] strcmp()?
On May 23, 2011, at 9:47 AM, Alex Nikitin wrote: > > It depends on what you need to check, josh :) > > If you wanted to say find an anagram, or do a search with some typo > correction, strcmp can be many times more helpful then a ===, that said > comparing 2 strings to be equal === works about 20% quicker, so it works > better for comparing two strings for equality (or unequality) anyways. There > is no confusion, strcmp has a documented way in which it is to work in > posix-compliant languages, ISO/IEC 9899:1999, 7.21.4.2, so as long as you > follow the ISO guidelines for the scrcmp checking, your code should work > correctly... > > -- > The trouble with programmers is that you can never tell what a programmer is > doing until it’s too late. ~Seymour Cray It's good to know it's functionality is available in the case that I ever need it. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 9:45 AM, tedd wrote: > At 9:32 AM -0400 5/23/11, Joshua Kehn wrote: >> >> All this confusion makes me glad that I'm using === for equality checks >> instead of strcmp. >> >> -Josh > > -Josh: > > Yes, but what if you were sorting? I know you could use sort(), but there > might be logic where a strcmp() would better solve the problem. > > Cheers, > > tedd > -- > --- > http://sperling.com/ Never encountered an issue using sort() as-is. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 9:28 AM, Alex Nikitin wrote: > There is an interesting note in the comments for strcmp: > "Well, I am using PHP 4.0 and both strcmp and strcasecmp appear to be giving > me very arbitrary and incomprehensible results. When I input strings, it > appears that "equal" strings return "1", as well as some unequal strings, and > that if the first argument is "smaller" then I *tend* to get negative > numbers, but sometimes I get 1, and if larger I *tend* to get numbers larger > than 1.. " > > > Guessing that earlier versions of php 4 and before would give the results > that would have values other then 1, 0, -1, i looked through the change log, > but nothing immediately jumped out, there was a lot of mbstring work done, > and they did add the nat comparison functions, and play with the pcre engine > a bit, which could have caused this as an unintended result for a few > versions, i think though it was a bug at some point, so, maybe a php dev > would chime in if they remember...? > > > -- Alex -- > -- > The trouble with programmers is that you can never tell what a programmer is > doing until it’s too late. ~Seymour Cray All this confusion makes me glad that I'm using === for equality checks instead of strcmp. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 8:17 AM, tedd wrote: >> > Mike: >>> >>> That's interesting. Try the same comparisons here: >>> >>> http://www.webbytedd.com/lcc/citw229/string-compare.php >>> >> > For me they are 1, -1, and 1. >> >> Might that have something to do with the version of PHP running? >> >> >> -Josh > > > -Josh: > > I've written this on two different servers. > > One is Version 5.2.15 and the other is version 5.2.5 and they both report the > same results. > > Cheers, > > tedd I just checked under 5.3.2 and it gives the same -1, 0, 1 results. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] strcmp()?
On May 23, 2011, at 8:00 AM, tedd wrote: > At 8:13 AM + 5/23/11, Ford, Mike wrote: >> > -Original Message- >> > From: tedd [mailto:tedd.sperl...@gmail.com] >> > >On Sat, 21 May 2011 09:26:02 -0400, tedd wrote: >> > >> The function strcmp() simply evaluates two strings and reports >> > back -1, 0, or 1 depending upon their alphabetical relationship. >> > > >>> >It might do that, but don't bet your horse on it. >>> > >>> ><http://se.php.net/manual/en/function.strcmp.php> >>> > >> > >/Nisse >>> >>> It works that way for me. >> >> Are you absolutely certain about that? >> >> echo strcmp('These are nearly equal', 'These are almost equal'), "\n"; >> echo strcmp('different', 'unequal'), "\n"; >> echo strcmp('b', 'a'), "\n"; >> >> Result: >> >> 13 >> -17 >> 1 >> >> The description of the function merely says that the result is <0, 0 or >0 >> -- it makes no promises about the actual value when it is non-zero. >> >> Mike > > Mike: > > That's interesting. Try the same comparisons here: > > http://www.webbytedd.com/lcc/citw229/string-compare.php > > For me they are 1, -1, and 1. > > Someone with more smarts than me* will have to figure this one out. > > Cheers, > > tedd > > PS: * I can hear the peanut gallery saying "That won't be hard." :-) > > -- > --- > http://sperling.com/ Might that have something to do with the version of PHP running? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 20, 2011, at 4:41 AM, Tim Streater wrote: > On 20 May 2011 at 04:03, Alex Nikitin wrote: > >> but here is a brief example: >> >> (!DEBUG) || error_log("Fetch Data: ".memory_get_usage()/1048576); >> >> reads and writes a lot better and faster then: >> >> if(DEBUG) { >> $memory = memory_get_usage()/1048576; >> error_log("Fetch Data: ".$memory); >> } > > Not to me it doesn't. I find such usage incomprehensible. > > tim I understand what you're doing, and I think it's a bad shortcut to be taking. Make a dedicated class for logging and handle all this there. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 19, 2011, at 3:16 PM, Alex Nikitin wrote: > PHP_SELF requires no processing (i.e. there is no need to do basename()) > > strcmp is binary-safe, i prefer and recommend using string-safe comparison > functions for strings... here is an example of why: > > $value = 0; > if($value=="not zero") { >echo "oopsie, how did this happen, lets see how this works with strcmp > (or === which i would advise)"; >if(strcmp($value, "not zero") == 0) { >echo "You wont see this"; >} else { >echo "Because strcmp works correctly"; >} > } > > you can also use the exact comparator ===, as it compares types, it would > work well as well. Infact if you dont need to determing anything about the > string, i would suggest using the === operator as it is significantly > faster: > > timed: 0m0.724s > for($i=0; $i<=1000; $i++){ > if(1 === "submit") { >continue; > } > } > > timed: 0m4.785s > for($i=0; $i<=1000; $i++){ > if(strcmp(1, "submit")==0) { >continue; > } > } > > -- > The trouble with programmers is that you can never tell what a programmer is > doing until it’s too late. ~Seymour Cray I almost exclusively use ===. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote: > Hello Alex, > > Two (stupid?) questions: > 1. Why PHP_SELF is better than SCRIPT_NAME? > 2. Why strcmp() is better than just comparing? > > -- > With best regards from Ukraine, > Andre > Skype: Francophile > My blog: http://oire.org/menelion (mostly in Russian) > Twitter: http://twitter.com/m_elensule > Facebook: http://facebook.com/menelion No idea about the first, and I've never used strcmp() before for an equality check. If there is something I'm missing I would love to know. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Review Request
On May 18, 2011, at 4:34 PM, tedd wrote: > > > -Josh: > > There are all sorts of bracing styles, as you can see here: > > http://rebel.lcc.edu/sperlt/citw229/brace-styles.php > > Fortunately, we are all free to choose the one we like. :-) > > I like the Whitesmiths style. > > As for your other comments, they made good sense to me, so I made adjustments. > > Thanks, > > tedd Tedd- Yes, bracing style is one of those personal preference things. Some work better for others. I use Allman style most of the time, unless I'm doing inline anon. functions in JavaScript, then I sometimes switch to K&R. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] A Review Request
On May 18, 2011, at 3:22 PM, tedd wrote: > Hi gang: > > I am considering providing PHP code to the general public via my website > > This is my first attempt: > > http://sperling.com/php/authorization/ > > What do you people think? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > I can say I really don't like your bracing style. I don't see a reason to use a form submit to go back to the login page, instead I normally present errors on page. Other then that, looks good. Maybe redirect http://sperling.com/php/ to an index of examples? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Bold links
On May 10, 2011, at 1:10 PM, Micky Hulse wrote: > [OT] > > Thanks for the informative reply Tedd. > > I respect your opinion and I don't think my approach is more right > than yours. I am wondering if this is just a DTD thing. I always use > an HTML 4.01 strict DTD and have not used an XHTML doctype in ages. > > As far as I can tell, the specs in XHTML say "not recommended", but I > can't find similar text in HTML 4.01 specs. > > Jenkins vs. Jenkins > > ... to me, the latter seems to be overkill. > > Jenkins > > I can't of many times I have done the above... If I need to hook into > the or I might just do this (for example): > > Bob Jenkins > > #wrapper b { do whatever here } > > On Tue, May 10, 2011 at 7:41 AM, tedd wrote: >> As for me, I choose to never use and for anything PERIOD and to >> speak out against their use whenever I can. As for in presentation, >> judgment, the and tags present more problems than they solve so I >> will continue to not use those tags and speak against them. > > Looking at your site: > > http://sperling.com/ > > Viewing the source code on your homepage, I see used 15 times in > the body copy. > > I am assuming that maybe you have no control over that portion of your > site due to the CMS you are using? > > Could you imagine using in all those instances where you used > ? Don't you think that would be overkill? > > Sorry to everyone for taking this so OT for the PHP list. > > [/OT] > > Micky Unless he is specifically saying to use .php extensions for url's I doubt it's a CMS. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Short tag: why is it bad practice?
On May 10, 2011, at 11:11 AM, Andre Polykanine wrote: > Hi everyone, > Many times I heard that the following two peaces of code are written > in a bad manner: > 1. > echo "Hello, world!"; > ?> > > 2. > > Your e-mail:value=""> > ... > > > As for now, I use both quite often. Why is this considered not kosher, > I mean, good coding practice? > Thanks! > > -- > With best regards from Ukraine, > Andre > Skype: Francophile > Twitter: http://twitter.com/m_elensule > Facebook: http://facebook.com/menelion Because short tags aren't always enabled and can cause things to break when deploying code to different environments. Best practice dictates that your code should be as environmentally independent as possible. It's another few characters, why neglect it? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bold links
On Monday, May 9, 2011 at 6:53 PM, Micky Hulse wrote: On Mon, May 9, 2011 at 2:56 PM, tedd wrote: > > Really? > > How does the blind via readers, such as JAWS, understand what a is? > > First, never use -- or for that matter. > > Second, use or instead. Readers can understand and render > > STRONG and EMPHASIZED text, but not and text -- those tags mean > > nothing and that's the reason why they are not encouraged for use and even > > removed from XHTML. > > Third, if neither of those tags (i.e., or ) work for you, they > > try using a class (or an id) with a css rule of: > > [OT] > > Tedd, it seems like you are spreading a little bit of mis-information here. > > * — was italic, now for text in an “alternate voice,” such as > foreign words, technical terms and typographically italicized text > * — was bold, now for “stylistically offset” text, such as > keywords and typographically emboldened text (W3C:Markup, WHATWG) > * — was emphasis, now for stress emphasis, i.e., something you’d > pronounce differently (W3C:Markup, WHATWG) > * — was for stronger emphasis, now for strong importance, > basically the same thing (stronger emphasis or importance is now > indicated by nesting) (W3C:Markup, WHATWG) > > – http://html5doctor.com/i-b-em-strong-element/ > > Seems to me the original posted just wanted to "stylistically offset" > or "bold" the last name... I dunno, maybe I am wrong, but here's no > good reason to stress "stronger" emphasis on the last name. > > There's a time and a place and a reason to use one over the other. > > Also, I don't think and have been removed from XHTML... In > fact, they are not even deprecated in XHTML. > > Ok, getting off of my soapbox now. :D > > [/OT] If you are only make the last name bold for stylistic purposes you should use CSS and a class. If you have text that needs to be phasized or ly put use the appropriate tags. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Flattery will get you nowhere
On Wednesday, April 27, 2011 at 3:54 PM, Marc Guay wrote: I just googled up "php tedd form validation" and can't find a single > reference. What does this mean, that I respect tedd's skills or that > he needs better SEO? I wasn't aware Tedd had a form validation lib written. Regards, -Josh_______ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] files outside of the web tree
On Wednesday, April 27, 2011 at 1:08 PM, Jim Giner wrote: I have managed to build include files and store them above my public folder > and the called pages manage to find them from the public folder and properly > include them. My problem is with the html src= attribute. I have uploaded > photos to be included in my web pages and I didn't want them in the web > tree so I moved them above it also. I use php to get the root folder's name > and then I add "../photos/" to the filename's path, but now my tags can't > find them. Can I not do this? > Nope, static elements need to be stored in a web accessible directory. If you could access things by saying `../` then that would defeat the purpose of storing things where they aren't accessible. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newsgroup status
On Wednesday, April 27, 2011 at 12:20 PM, Steve Staples wrote: On Wed, 2011-04-27 at 11:54 -0400, Joshua Kehn wrote: > > If this is the PHP list thinking of it's moderately active. I sometimes > > forget which ones I'm subscribed to. > > > > Regards, > > > > -Josh_______ > > Joshua Kehn | josh.k...@gmail.com > > http://joshuakehn.com > > I guess we've all figured out how to deal with our problems... > > TO THE CLOUD!! > > > Steve. As EC2 has shown, while clouds might look safe all white and fluffy, sometimes they can create drastic storms. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newsgroup status
If this is the PHP list thinking of it's moderately active. I sometimes forget which ones I'm subscribed to. Regards, -Josh_______ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Wednesday, April 27, 2011 at 11:52 AM, Al wrote: Is this group off the air or just no topics being posted? > > I've not seen it so quiet in years. > > Al. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] JavaScript Injection ???
On Monday, April 18, 2011 at 1:06 PM, tedd wrote: Hi gang: > > Quite some time ago I had a demo that showed Javascript injection. It > was where a user could type in: > > alert("Evil Code"); > > and a JavaScript alert would be shown. > > But now my demo no longer works. So, what happened? Was there a php > update that prohibited that sort of behavior or did hosts start > setting something to OFF, or what? > > If you know, please explain. > > Thanks, > > tedd > -- > --- > http://sperling.com/ Not that I know of. Are you talking about on-page injection, like comments and such? Normally JS injection would be that (bad scripts inserted by the user on a comment form or review page) or where you are using eval() and they dump bad code into there. Regards, -Josh___ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Manipulating variables
I must be missing something, why do you need to use variable variables when checking user answers? The logic should be something like: $answer_key = array('question1' => 'answer', 'question2' => 'answer', ); foreach($answer_key as $q => $a) { check_answer($_POST[$q], $a); } Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Feb 23, 2011, at 11:48 PM, Ron Piggott wrote: > > Is there a way to make this syntax: > > $checking_answer = $answer_reference_2; > > Equal to: > > $checking_answer = $answer_reference_ . ($i + 1); > > (where $i = 1) > > making $checking_answer take on the value of $answer_reference_2 ? > > I am trying to develop a web app quiz and I need to test the users answers. > > Ron > > The Verse of the Day > “Encouragement from God’s Word” > http://www.TheVerseOfTheDay.info
Re: [PHP] Parse question
On Jan 21, 2011, at 7:52 PM, Ron Piggott wrote: > > Would someone write me a syntax so all the web site addresses in $data turn > into links > > $data = “Visit our web site http://www.site.com, http://www.secondsite.org > and http://www.thirdsite.info.”; > > My desired results for what I am asking for help turn $data into: > > $output =“Visit our web site href=”http://www.site.com”>http://www.site.com, href=”http://www.secondsite.org”>http://www.secondsite.org and href=”http://www.thirdsite.info”>http://www.thirdsite.info.”; > > Please make provision for .net web sites as well. > > Ron I would check for url regex patterns and build a solution off of that. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 19, 2011, at 12:44 PM, Micky Hulse wrote: > On Wed, Jan 19, 2011 at 6:45 AM, Joshua Kehn wrote: >> They have that. It's called Ruby on Rails. > > CodeIgniter and/or Django (Python) are fun. > > What about a middle of the road solution? > > Google for "php micro framework" and/or "python micro framework". > > I have yet to use a micro framework myself, but I am looking forward > to playing around with one for one of my next PHP projects... I would > love to find one that has a decent "micro" templating system. :D > > M I love using CodeIgniter. I think it's the best minimalist PHP framework out there, and thankfully it doesn't pretend to be Rails. I've been told to look at Lithium but haven't gotten around to it yet. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
> On Tue, Jan 18, 2011 at 23:39, Joshua Kehn wrote: >The use of existing packages is so increasingly prevalent that I > have the unfortunate displeasure of knowing many "developers" who do > nothing but this, yet who can't even answer simple questions about > general coding, and who cry and complain that a "previous developer" > must have borked something. I think Donovan is right on track here > --- he's just getting started, and challenging himself to learn the > language at a deeper level. That will make him a developer, not just > a copy-and-paster. > >I do see from where it is you're coming, though, Josh --- once > you've gotten the fundamentals, a lot of times it's easier - sometimes > even a better idea - to use an existing, mature solution. What helps > you to determine its value from a code standpoint? Your existing > experience. > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ You are correct, and it is a shame to see many developers fall into the copy / paste realm, especially with a language like PHP where such snippets are often found easily but of dubious quality. Rolling your own is a great way to understand how things work (or should work) internally, as well as giving you valuable practice. I don't mean to discredit is. As I mentioned, more often then not I'm a fan of it. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 19, 2011, at 9:43 AM, Jay Blanchard wrote: > [snip] > ... > [/snip] > > Imagine when there'll be the day when you do not have to code at > all...just copy 'n paste snippets together in the order that you wish > them to work in and Voila'! - instant web app. > > > Th!! > They have that. It's called Ruby on Rails. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:53 PM, Donovan Brooke wrote: > The idea of using existing resources for efficiency is very valid indeed.. > especially with a job at hand. But, there are good reasons to > roll-your-own... education and knowing your own code are 2 that are important > to me right now. Besides, a cookie based log-in system is really not that > complex. ;-) > > Now.. payment gateway API? AJAX requests? I'll take the snippets please. > > Cheers, > Donovan (moving on to database administration) Payment gateways suck. AJAX requests are easy if you roll JavaScript well and have a decent inspector (Firebug). I agree, a simple login is not that complex. I thought it was a bit more involved then that. Regards, -Josh ________ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:33 PM, Donovan Brooke wrote: >>> -- >>> D Brooke >> >> I just died a bit on the inside. >> >> Why would you build that from scratch? >> >> Regards, >> >> -Josh > > > Alright, I'll bite (since I affected you that much) ;-), > > do tell... > > Why not? Would you rather I use PHP's session_start()? > > > Donovan > Why not use one of the countless, not to mention secure and stable cookie management systems available? If it's an exercise cool, I misunderstood. I'm not one to normally shun people rolling their own code, lord knows I've done it more then once or twice, but there are some things I wouldn't touch with a ten foot pool, and cookie management is one of them. The other would be things like CSV parsers or text manipulations. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 11:01 PM, Donovan Brooke wrote: > Thanks. > > I had initialized $t_mssg as an empty string further up the chain out of old > habit.. removed that, and now it works... just built my first > basic cookie-based PHP/MySQL log-in script from scratch! ;-) > > Fun stuff, > Donovan > > > > -- > D Brooke I just died a bit on the inside. Why would you build that from scratch? Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] switch case madness
On Jan 18, 2011, at 10:30 PM, Donovan Brooke wrote: > Hello, > > I must not understand PHP's switch/case.. > The case '0' below fires when $t_mssg = "" apparently. > Is this how it's suppose to work? I would think > it would only fire if it equaled "0". > > -- > print "-$t_mssg- "; > > if (isset($t_mssg)) { > switch ($t_mssg) { >case 0: > echo 'Log In Successful'; > break; > } > } > -- > > TIA, > Donovan > > -- > D Brooke I use switch cases so rarely I would have to refer you to the documentation. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] PHP tutorials
On Jan 16, 2011, at 1:26 PM, tedd wrote: > Hi gang: > > In the past we talked about PHP tutorials, but I don't remember if there was > a single clearinghouse/link for them or not -- is there one? If not, what do > you recommend? > > Disclaimer: This is a clear solicitation by me for help with my PHP class. I > will be teaching this class at my local college starting this semester. > Please realize this is the first time my local college has considered PHP > anything of importance. > > In the past, the college has been totally ingrained in .NET (i.e., APS, VB, > C#). They believe their focus should be teaching students what the Corporate > World wants and those needs have been defined by the State of Michigan and > General Motors. Considering that neither of those institutions are > financially solvent, other avenues are being considered. > > I know I can Google for "PHP tutorials", but I am looking for recommendations > from this list as to which tutorials/references are the best. > > Thanks, > > tedd > > -- > --- > http://sperling.com/ I have always had good luck http://www.tizag.com/phpT/ I guess it would depend on what topics you want to cover. Do the students have prior programming experience? HTML / CSS / JavaScript (other frontend web stack language) experience? Do you want to do simple junk (submit form, view results) or more complex actions (database involvement, basic CMS, authentication systems)? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] A bad design decision or pure genius?
On Jan 13, 2011, at 7:49 PM, li...@pruimphotography.com wrote: > Hey Everyone, > > I have a question about php & javascript... Yes I know this forum is for php > BUT I needed an opinion on where to look for stuff... > > I have a application that I'm working on that uses google maps to display > interactive maps (using javascript) on the website. I now have the need to > display multiple maps on the same page and from what I can tell I have to > create new instances and variables for all of them... > > What I'm wondering is since I know very little javascript would it be bad to > create a PHP function to write the java code for the proper number of maps I > need to display? The map info is being pulled from a database where events > are being added and could contain 2 or 200 maps... > > Or should I learn javascript and figure out how to create a loop in there so > that I can just loop it in the java and not repeat code? > > Thanks for any assistance you can give! > > Jason Pruim > pru...@gmail.com > > Love the lists@ email address there. My preference would be to invest some time in frontend (JavaScript) skills, as that would be the most "proper" way to implement it. If you don't have the time, might as well use whatever tools you are most comfortable with. Could turn into a bit of a mess though. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Array Symbol Suggestion
On Jan 12, 2011, at 3:28 PM, Ashley Sheridan wrote: > If you check out the manual pages for those functions as well, you'll > see other related functions. I must say, of any language I've used, the > php.net documentation is by far the best, giving plenty of information > and user comments too. It's a resource I still can't do without, and I > reckon even the old hands on this list would say the same. > > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > I fully agree with you on php.net being some of the best documentation out there. I would say that a lot of the Java documentation is wonderfully done as well. It doesn't offer user comments, but it is very complete and covers just about every aspect of a class. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array Symbol Suggestion
On Jan 12, 2011, at 3:23 PM, sono...@fannullone.us wrote: > Thanks for all the responses to my suggestion. I realize this would be a > major change, so that's why I also mentioned it as an addition to the > language. > > I'm sure it's just what you're used to, but still being new to all this, it > just makes sense (to me anyway) to have different symbols for different > variable types: > $scalar > @array > #hash > > Since the @ sign is already reserved, maybe there's another symbol that would > work better? I don't know. These are just ideas that I came up with while > reading and I thought I'd throw it out there to see what others thought. > > I like the idea of a naming convention, so that's what I'll do in my scripts. > I also appreciate the heads up on is_string(), is_array(), and var_dump(). > > Thanks again, > Marc > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > This would make sense to me for a compiled or strongly typed language, but no other language (that I've know of) uses this format. I haven't used Perl. In a dynamically typed language you normally have duck typed variables. # Python a = "Hello" b = 12 // JavaScript a = "Hello"; b = 12; c = [1, 2, 3]; // PHP $a = "Hello"; $b = 12; $c = array(1, 2, 3); Unless I'm misunderstanding the question? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:41 PM, la...@garfieldtech.com wrote: > "Application" is perhaps a misnomer. I'm not looking at rewriting Emacs or > anything. Just some batch processing that would get run as: > > php myscript.php --config=foo.xml --setting-1=stuff > > And then it will run off and move a few million records around between > different data stores, a process that will probably take an hour or so. (The > backend will be cycling through a queue server.) I just need something to > make handling of the args and environment easier, because I find the native > SAPI calls to be ugly/cumbersome. > > I'm sure it could be written in Perl or Python or Java. But I know extremely > little Perl, no Python, and my Java is quite rusty, plus there are mature PHP > libraries that talk to the 3rd party systems I'm tying together. My PHP-fu > is much stronger than my Perl, Python, and Java combined. > > > Yeah, PHP was "intended" as a template language only; that fell by the > wayside a decade ago or more when people started building real web apps in > it, which are a lot more than templates. That boat has long since sailed and > is irrelevant to this discussion. > > > --Larry Garfield In that case I can't offer any good CLI libs, but it sounds like a few others here could offer some. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:53 PM, Ashley Sheridan wrote: > There's no real reason why you shouldn't use PHP for cli apps, it has a lot > of features specifically intended for it even. I've found it to be fast > enough for my needs, it's familiar, and I don't need to compile an app every > time I make a small code change. > > Yes PHP is primarily a web-based language, but there's no reason it can't be > used other places too. In fact, I've even got PHP installed on my Android > phone, although I've yet to find a practical use for that! > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > I don't see a reason other then I find other languages more nimble for small scripts. If you are using lots of shared PHP code then of course it would make sense to leverage that existing code rather then re-implement it. The OP was asking (I assume) about a standalone application built from scratch. I would kill for a PHP interpreter (+ Haskell and Python) on iOS. Unfortunately I haven't found one. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 1:48 PM, Nathan Nobbe wrote: > shrug, you must not be too familiar with php then. 9 times out of 10 it's > the natural, perfect choice for a cli program. there are situations where > you get past what php is ideal for on the cli, typically when you get into > heavy forking or require threading. > > It does completely depend on your mastery of the language. If you're very > good with PHP and you don't often do non-web things it might not make sense > to learn another language as well. > > why bother learning 2 languages when 1 will suit most needs perfectly? for > most folks who work with the web and a typical deployment environment like a > linux server, the second language of choice most likely would be a client > side one like javascript. > > -nathan You can't say that PHP is a more natural CLI choice then bash or Python. Maybe I'm using PHP too much for web development. Perhaps I am unfamiliar with it. Why bother learning other languages? Is this a joke? Why should someone stop learning ever? Having a mastery of multiple languages can only enhance you. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 12:34 PM, Daniel Brown wrote: > On Fri, Jan 7, 2011 at 12:18, Joshua Kehn wrote: >> >> Using another language more suited towards CLI / standalone (non-web) >> development would be easier. PHP at it's core is a templating language. I >> don't think it is as suited as say Python for developing standalone >> applications. > >One might argue that it depends on your mastery of and comfort > with the language. That in mind, the same is true of nearly any > programming language. > >And thanks for reminding me of what PHP is at its core. ;-P > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ My apologies. I just view PHP as a perfected web language, due to it's templating nature, while using it for other things (scripts, utilities, cron) is a misuse in my opinion. It does completely depend on your mastery of the language. If you're very good with PHP and you don't often do non-web things it might not make sense to learn another language as well. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Command line PHP
On Jan 7, 2011, at 12:12 PM, Daniel Brown wrote: > On Fri, Jan 7, 2011 at 12:01, Joshua Kehn wrote: >> >> Why are you writing a command line application in PHP? I would think that is >> starting off on a very wrong foot. > >I would not be exaggerating to say that I've written over a > thousand command line applications in PHP since about 2003. For a > variety of reasons and uses (more and more because my wife needs > something done or I'm adding more home automation stuff) I write no > less than ten each week. For the majority, it's because it's easier > than writing it in C and more portable than Bash --- I can write a PHP > script and put it on a dozen machines at home and in the offices and > it'll work the same (when written properly). No need to worry about > OS or architecture. > > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams Using another language more suited towards CLI / standalone (non-web) development would be easier. PHP at it's core is a templating language. I don't think it is as suited as say Python for developing standalone applications. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Command line PHP
On Jan 7, 2011, at 11:55 AM, la...@garfieldtech.com wrote: > Hi folks. I have a project coming up that will involve writing a non-trivial > command line PHP application. Most of it will be nice and abstracted and > standalone and all of that jazz, but it will need to do command line > interation. I'm not sure yet if it will be interactive or if I just need to > parse lots of command line switches. > > Has anyone used a CLI-handling library they like? I recall briefly using the > PEAR CLI library many many years ago and disliking it because it was only > barely a step above the raw PHP-CLI SAPI, and still required lots of if-else > branching in my code. I don't know if there's anything better since then, > however. I prefer clean OO to procedural, but can work with procedural if > needs be. The fewer dependencies it has the better as well. > > Any recommendations? > > (Open source, GPLv2-compatible required.) > > --Larry Garfield Larry- Why are you writing a command line application in PHP? I would think that is starting off on a very wrong foot. Can you explain the requirements / use cases a bit more? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 2, 2011, at 5:56 PM, Adolfo Olivera wrote: > Thanks for the replies. I'll just put a php on all my html containing php. > A little of topic. Wich IDE are you guys using. I'm sort of in a catch twenty > two here. I been alternating vim and dreamweaver. I'm trying to go 100% open > source, but I really find dreamweaver easier to use so far. > I use VIM and TextMate exclusively. Regards, -Josh ________ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 2, 2011, at 1:17 PM, Adam Richardson wrote: > > I tend to disagree with Ashley on this topic. For many websites, I'll start > out making all pages .php, even if they don't require PHP at the moment. > That's for a couple reasons. > > 1) A few years back, there was certainly a significant performance advantage > to keeping essentially static pages html. However, in my current > benchmarking (using both siege and ab on my Ubuntu servers using apache with > mod_php), if I use a cache such as APC and a well-configured apache server, > PHP tends to perform just as well (or sometimes even better) than the html > version. > > Rasmus has demonstrated similar performance results: > http://talks.php.net/show/froscon08/24 > > 2) I don't want to have to change urls site-wide and set up redirects from > the old url whenever a page requires adding dynamic capabilities. By making > all pages PHP right from the beginning, adding dynamic capabilities is a > snap as I just add the functionality. > > Adam I agree starting with all .php files is good practice for basic sites. I recommend for applications and bigger then basic project using a decent framework or main routing file to handle routes for you, instead of requiring you to manually adjust them if something changes. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie Question
On Jan 2, 2011, at 12:50 PM, wrote: > The question was "The .php extension is a requirement?" > > The answer is no. > > While me and Ash may completely disagree on the php parser, the simple answer > is there are many ways around running a non .php extension file in php. > > > mod_rewrite rules in .htaccess files are interpreted for each request and CAN > slow down things if your traffic is high. > > Having said that, mod_rewrite in httpd.conf is faster because it is compiled > at server restart and it is native to the server. > > As a beginner, I completely agree with ash on bad practice rule of thumb. You > will simply rewrite the html file later on wishing you had never did the hack > to make it function. > > Richard L. Buskirk > Sorry, here is the code. The .php extension is a requirement? Can't it b > embedded on a .html file? _This_ question when asked from a beginner requires a non-confusing answer of "yes." > Can't it be embedded on a .html file? PHP is always embedded alongside HTML code within tags. It's not embedded inside a .html file as the extension should indicate the file type. Adding a mod_rewrite rule (as you suggest) can lead to confusion later on in development. At the very least you'll look stupid re-asking "Can't it be embedded..." Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 2, 2011, at 11:48 AM, wrote: > Add this to your .htaccess file and HTML files will be handled like PHP > files allowing you put PHP in HTML files. > > AddType application/x-httpd-php .html > > > Richard L. Buskirk > I would not recommend this approach, some perfectly valid reasons given by Ash. It's the wrong mindset to have. Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 1, 2011, at 8:37 PM, Adolfo Olivera wrote: > Sorry, here is the code. The .php extension is a requirement? Can't it b > embedded on a .html file? > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > Untitled Document > > > > $a = "hello"; > $hello ="Hello Everyone"; > echo $a; > echo $hello; > ?> > > > > On Sat, Jan 1, 2011 at 9:55 PM, Joshua Kehn wrote: > On Jan 1, 2011, at 7:50 PM, David Robley wrote: > > > > And normally would need to be saved as a .php file so the contents will be > > handled by php. > > > > > > Cheers > > -- > > David Robley > > > > A fool and his money are my two favourite people. > > Today is Boomtime, the 2nd day of Chaos in the YOLD 3177. > > Save the code as hello.php. Copy it to your root web directory (should be the > base directory or something called public_html / www when you FTP in) and > access it from youdomain.com/hello.php > > Regards, > > -Josh > > Joshua Kehn | josh.k...@gmail.com > http://joshuakehn.com > Yes it _can_ be embedded alongside HTML code, but it must have the .php extension otherwise it won't be picked up as a PHP file. You could add a .htaccess rule to change the processing directive (essentially make every HTML file a PHP file) but that would be wasteful if you ever serve straight HTML. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 1, 2011, at 7:50 PM, David Robley wrote: > > And normally would need to be saved as a .php file so the contents will be > handled by php. > > > Cheers > -- > David Robley > > A fool and his money are my two favourite people. > Today is Boomtime, the 2nd day of Chaos in the YOLD 3177. Save the code as hello.php. Copy it to your root web directory (should be the base directory or something called public_html / www when you FTP in) and access it from youdomain.com/hello.php Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Newbie Question
On Jan 1, 2011, at 7:36 PM, Adolfo Olivera wrote: > Hi, >I'm new for php. Just trying to get my hello world going on godaddy > hosting. Can't getting to work. I think sintax it's ok. I was understanding > that my shared hosting plan had php installed. Any suggestions. Thanks, > > Happy 2011!! > > PS: Please, feel free to educate me on how to address the mailing list, > since again, I'm new to php and not a regular user of mailing lists, Can you post the code that you are using? It should look something like the following: Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:31 AM, Tamara Temple wrote: > > On Dec 28, 2010, at 10:28 PM, Joshua Kehn wrote: > >> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: >> >>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: >>> >>>> Specifically: >>>> >>>>>> Dotan Cohen wrote: >>>>>>> I seem to have an issue with users who copy-paste their usernames and >>>>>>> passwords coping and pasting leading and trailing space characters. >>>> >>>> Users should not be copy-pasting passwords or usernames. Do not compromise >>>> a system to cater to bad [stupid, ignorant, you pick] users. If this is an >>>> issue then educate the users. >>>> >>> >>> Wrong. I use a program called pwgen to generate passwords for me, which >>> I cannot remember. I use another program I built to store them in an >>> encrypted file. When I have to supply a password which I've forgotten >>> (as usual), I fire up my password "vault", find the password, and paste >>> it wherever it's needed. Users would be wise to follow a scheme like >>> this, rather than using their dog's name or somesuch as their passwords. >>> >>> Paul >>> >>> -- >>> Paul M. Foster >>> http://noferblatz.com >>> >> >> What is "wrong?" That users should not be copy-pasting passwords or don't >> compromise the system? >> >> I agree that users should not use weak passwords, but not everyone goes >> everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 >> character full set passwords. > > 20? child's play. How about 250+ randomly generated passwords and username > combinations? Why do you randomly generate 250+ usernames and passwords?? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 31, 2010, at 1:26 AM, Tamara Temple wrote: > > On Dec 28, 2010, at 2:11 PM, Joshua Kehn wrote: > >> Specifically: >> >>>> Dotan Cohen wrote: >>>>> I seem to have an issue with users who copy-paste their usernames and >>>>> passwords coping and pasting leading and trailing space characters. >> >> Users should not be copy-pasting passwords or usernames. Do not compromise a >> system to cater to bad [stupid, ignorant, you pick] users. If this is an >> issue then educate the users. > > I'm sorry, but this is just bloody stupid. I keep my usernames and randomly > generated, very long passwords in a password keeper. If you're not going to > let me copy paste them into a web page, i'm just not going to ever use your > application. Copy/pasting is something that happens on the *local* machine -- > it never goes out to the net. By forcing people to type in their user names > and passwords you are going to cause them to enter easily-remembered, and > typically easily-crackable combinations. What is the possible logic for > disallowing someone to paste in their usernames/passwords??? > My point has been completely missed by you. I'm not saying don't allow copy pasting usernames and passwords (though I think that this is a poor choice). I'm saying don't automatically trim the passwords. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 6:52 PM, TR Shaw wrote: > > On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote: > >> On Dec 29, 2010, at 12:37 PM, tedd wrote: >> >>> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote: >>>> Also, change them {passwords} frequently. >>> >>> I've always wondered about that -- if your password works, then why change >>> it? Where's the logic in that? >>> >>> From my perspective, it looks like "Hey, the crackers have not been able to >>> crack this, so let's give them another chance". That doesn't sound logical. >>> >>> There are things we "think" are right, but is this practice supported in >>> some way that's provable? >>> >>> Cheers, >>> >>> tedd >>> >>> -- >>> --- >>> http://sperling.com/ >> >> An attacker manages to obtain the hashes and starts an attack. You change >> your password. The attacker now has to restart the attack. >> >> Changing your passwords prevents an attack from continuing past the length >> of time between password changes. >> >> Also if they _have_ managed to crack the password changing it forces them to >> crack it again, thus also limiting the time the account is compromised. > > > Gosh. Think about it. Lets not take the "your machine is compromised case" > and/or your password is moronic and/or you are not passing your password > cleartext. > > So the threat is external. Now there are 2 types of external: one in house > and one on the 'net. > > The one in house is simply detected by an IDS like snort looking for very > rapid login attempts. Slow walkers are no risk at all. Further if your > password is computationally hard your GigE LAN is not fast enough to support > cracking a computationally hard password before you retire. So there is no > threat that your computationally hard password will be cracked so your > password is safe. > > For a 'net threat, the bandwidth is even more constrained so you could live 9 > lives and still not have your computationally hard password cracked. Further, > log checking at the firewall and on internal machines can easily detect > cracking attempts. I detect about 4 per day on our mailserver looking for > pop logons and about 25 a day against ssh where we don't even use passwords. > ftp is not used. > > So an external threat against your machine as defined above, is not a risk. > > So now lets look at the case where there is malware on your machine which > will try to brute force your computationally hard password and is smart > enough to use your graphics engine to increased computational power. Folks > at MIT and Carnegie Mellon have already numerically proved that a 12 > character password is not crackable using brute force in any reasonable > timeframe. In fact an 8 character one has strength of years. I would contend > that using that much power will make its existence known to you and coupled > with the fact that you restart your computer every now and again and that you > run an antivirus periodically that will eventually find it even if you don't > notice the slow down. > > As you can see, cracking a password on your machine is so fruitless that no > one would even try to since if you have access to the machine a keylogger, > for example, is faster and more reliable. To thwart this you might want to > run tripwire or equivalent and institute exfiltration detection. > > The big problem today is that "security" people in IT and security wannabee's > quote cracking numbers not based in the real world but mathematically based > on quasi "real" preconditions. They and some crazy guys who I know at > Microsoft along with some NIST guys are pushing 12 character minimums of > upper, lower, numbers and specials, changed every 60 days and no reuse for 2 > years in business settings. They say this will make the corporate machines > safe. This is utter BS. And, in fact, makes corporate networks even more > vulnerable due to the fact that people can't remember all these password so > they write them down or make them relatively easy thus increasing social > engineering break-in opportunities. > > The best solution is to select a computationally hard password and then don't > change it unless you have to. I also recommend that you select another that > is different and use it for all 'net based logins with a extension > concatenated for each service. > > This comment about "if they _have_ managed to crack the password changing it
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 12:37 PM, tedd wrote: > At 11:06 AM +0200 12/29/10, Dotan Cohen wrote: >> Also, change them {passwords} frequently. > > I've always wondered about that -- if your password works, then why change > it? Where's the logic in that? > > From my perspective, it looks like "Hey, the crackers have not been able to > crack this, so let's give them another chance". That doesn't sound logical. > > There are things we "think" are right, but is this practice supported in some > way that's provable? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ An attacker manages to obtain the hashes and starts an attack. You change your password. The attacker now has to restart the attack. Changing your passwords prevents an attack from continuing past the length of time between password changes. Also if they _have_ managed to crack the password changing it forces them to crack it again, thus also limiting the time the account is compromised. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 11:51 PM, Paul M Foster wrote: > On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote: > >> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: >> >>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: >>> >>>> Specifically: >>>> >>>>>> Dotan Cohen wrote: >>>>>>> I seem to have an issue with users who copy-paste their usernames and >>>>>>> passwords coping and pasting leading and trailing space characters. >>>> >>>> Users should not be copy-pasting passwords or usernames. Do not compromise >>>> a system to cater to bad [stupid, ignorant, you pick] users. If this is an >>>> issue then educate the users. >>>> >>> >>> Wrong. I use a program called pwgen to generate passwords for me, which >>> I cannot remember. I use another program I built to store them in an >>> encrypted file. When I have to supply a password which I've forgotten >>> (as usual), I fire up my password "vault", find the password, and paste >>> it wherever it's needed. Users would be wise to follow a scheme like >>> this, rather than using their dog's name or somesuch as their passwords. >>> >>> Paul >>> >>> -- >>> Paul M. Foster >>> http://noferblatz.com >>> >> >> What is "wrong?" That users should not be copy-pasting passwords or don't >> compromise the system? >> >> I agree that users should not use weak passwords, but not everyone goes >> everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 >> character full set passwords. >> > > And so you assume everyone can do that? I can remember maybe 5 of the > passwords I regularly need. (I rarely repeat passwords for different > sites.) In addition, some passwords have been *assigned* to me and > cannot readily be changed (and are usually difficult to remember). Many > of the rest I so seldom use that it would be silly to try to remember > them. Particularly when I do have a password-locked file I can use to > record them for me. > > Under the circumstances I described, I have yet to hear in what way > copying and pasting passwords compromises security of anything by > itself. Please enlighten me. > > Paul I believe you misunderstood. I believe that trimming passwords to remove spaces is a compromise of the system, not the copy-paste. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote: > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote: > >> Specifically: >> >>>> Dotan Cohen wrote: >>>>> I seem to have an issue with users who copy-paste their usernames and >>>>> passwords coping and pasting leading and trailing space characters. >> >> Users should not be copy-pasting passwords or usernames. Do not compromise a >> system to cater to bad [stupid, ignorant, you pick] users. If this is an >> issue then educate the users. >> > > Wrong. I use a program called pwgen to generate passwords for me, which > I cannot remember. I use another program I built to store them in an > encrypted file. When I have to supply a password which I've forgotten > (as usual), I fire up my password "vault", find the password, and paste > it wherever it's needed. Users would be wise to follow a scheme like > this, rather than using their dog's name or somesuch as their passwords. > > Paul > > -- > Paul M. Foster > http://noferblatz.com > What is "wrong?" That users should not be copy-pasting passwords or don't compromise the system? I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:24 PM, Dotan Cohen wrote: > On Tue, Dec 28, 2010 at 22:11, Joshua Kehn wrote: >> Users should not be copy-pasting passwords or usernames. Do not compromise a >> system to cater to bad [stupid, ignorant, you pick] users. If this is an >> issue then educate the users. >> > > Educate the users?!? Is that like making water flow uphill, or > reversing aging? I can do a lot of things, but don't even ask me to > bring back the dead! > > -- > Dotan Cohen We're PHP programmers, we do the impossible all the time. Without automatic migrations, managed models, succinct ORM's. Other developers look at us in shock as we memorize the $haystack and $needle argument orders for explode and str* functions. Raising the dead would be easy in comparison. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:32 PM, Dotan Cohen wrote: > On Tue, Dec 28, 2010 at 22:30, Joshua Kehn wrote: >>> indeed, and on reflection, if you're putting this much effort in to it, and >>> security is a worry, then forget username and passwords, and issue each user >>> with a client side RSA v3 certificate and identify them via the public key >>> of the cert. >> >> I just realize that this would also completely solve your trim() problem! >> > > "Hello, Dotan? Hi, we haven't spoken in a full week now that we don't > have the trim problem. But I reinstalled Windows and wiped the drive, > now I can't log in. Can you help me?" > > -- > Dotan Cohen Hey, progress is progress! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:26 PM, Nicholas Kell wrote: > > If you work for a company that admins over a hundred websites, you may be > inclined to copy-paste a few passwords. > > I don't know about you, but when we use passwords that are over 16 characters > long and I don't want to get an incorrect pass, because it was a grave > character versus a single apostrophe, or a capital i versus a lowercase L or > a zero versus an O, etc.. There is no way I am retyping passwords for > every-time I need to log in, or FTP into a site. > > We use apps to store all our passes, so yeah I copy and paste. But on the > same note I am conscious of copying a space at the end of the password / > username. > > Sorry, you are not going to (re)educate the public on what you think is > password best practices. But I do however, think that it is the users > problem, not the developers. Learn how to copy-paste. You have a good point. Both with (1) you won't stop it, and (1) learn how to copy-paste. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:29 PM, Nathan Rixham wrote: > Joshua Kehn wrote: >> On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote: >>> I'm toying with the idea of having the passwords hashed twice: they're >>> already in the database hashed, and javascript hashes them on the >>> client before sending them over, but I'm thinking about sending an >>> additional salt to the client to hash the hashed passwords with salt, >>> and that's what is sent back. This way, each login is done with a >>> different hash of the password so an attacker cannot simply capture >>> and reuse the hashed password. >>> >>> But before all that goes on, I have to decide what to do about leading >>> and trailing spaces. >> Toy with it and discard it. Client side hashing / salting is not a good >> idea. A much better alternative is to use SSL. > > indeed, and on reflection, if you're putting this much effort in to it, and > security is a worry, then forget username and passwords, and issue each user > with a client side RSA v3 certificate and identify them via the public key of > the cert. I just realize that this would also completely solve your trim() problem! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:23 PM, Dotan Cohen wrote: > On Tue, Dec 28, 2010 at 22:02, Joshua Kehn wrote: >> Trim usernames but not passwords. >> Some people put spaces at the beginning and end of their passwords. Double >> confirm and don't mess with the input otherwise they tend to get confused. >> > > How about: > > if ($trimmedUsername != $username){ >trim($password); > } > > I suppose that it is reasonable to assume (ha!) that if one was > copy-pasted with spaces, so would the other. Naive, I know, too bad I > don't dare start logging raw data to determine how true this might or > might not be. Educate the users, don't compromise the system. Either go full on and trim everything (I don't recommend this) or trim nothing. Be consistent in which one you pick. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 28, 2010, at 3:18 PM, Dotan Cohen wrote: > I'm toying with the idea of having the passwords hashed twice: they're > already in the database hashed, and javascript hashes them on the > client before sending them over, but I'm thinking about sending an > additional salt to the client to hash the hashed passwords with salt, > and that's what is sent back. This way, each login is done with a > different hash of the password so an attacker cannot simply capture > and reuse the hashed password. > > But before all that goes on, I have to decide what to do about leading > and trailing spaces. Toy with it and discard it. Client side hashing / salting is not a good idea. A much better alternative is to use SSL. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Trim usernames but not passwords. Some people put spaces at the beginning and end of their passwords. Double confirm and don't mess with the input otherwise they tend to get confused. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote: > Dotan Cohen wrote: >> I seem to have an issue with users who copy-paste their usernames and >> passwords coping and pasting leading and trailing space characters. > > Don't trim or limit the range of input characters, but far more importantly > /don't send passwords in clear text/, indeed don't generate passwords at all, > let users enter there desired password, then they won't be copy and pasting > them ;) > > ps: if unavoidable, then give some advice on "login" failure like "passwords > are case sensitive, check you don't have caps lock on and that you haven't > included any additional spaces". > > Best, > > Nathan > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Re: Do you trim() usernames and passwords?
Specifically: >> Dotan Cohen wrote: >>> I seem to have an issue with users who copy-paste their usernames and >>> passwords coping and pasting leading and trailing space characters. Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Dec 28, 2010, at 3:07 PM, Nathan Rixham wrote: > Joshua Kehn wrote: >> Trim usernames but not passwords. > > agree. nice catch, I was thinking about passwords specifically and forgot > usernames was in the topic too! > > >> On Dec 28, 2010, at 2:57 PM, Nathan Rixham wrote: >>> Dotan Cohen wrote: >>>> I seem to have an issue with users who copy-paste their usernames and >>>> passwords coping and pasting leading and trailing space characters. >>> Don't trim or limit the range of input characters, but far more importantly >>> /don't send passwords in clear text/, indeed don't generate passwords at >>> all, let users enter there desired password, then they won't be copy and >>> pasting them ;) >>> >>> ps: if unavoidable, then give some advice on "login" failure like >>> "passwords are case sensitive, check you don't have caps lock on and that >>> you haven't included any additional spaces". >>> >>> Best, >>> >>> Nathan >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >
Re: [PHP] ORM doctrine
On Dec 10, 2010, at 11:20 AM, tedd wrote: > At 9:53 AM -0500 12/10/10, Robert Cummings wrote: >> On 10-12-09 10:41 PM, Daevid Vincent wrote: >>> >>> Use PHP the way God intended it to be used. >> >> Could you cite a reference for where God states his intentions on PHP? >> >> Thanks, >> Rob. > > Mark:7:34 > > And looking up to heaven, he sighed, and saith unto him, e PHP hatha, that > is, Be opened. > > If it was to be otherwise, he would have said "Be closed". > > Cheers, > > tedd > -- > --- > http://sperling.com/ Tedd- I guess it's time to starting being religious again if they have upgraded the Bible to suit my interests. Thanks for the laugh! Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Closing Browser
On Dec 3, 2010, at 10:37 AM, Ethan Rosenberg wrote: > ++ > > Thank you. > > I probably did state my question correctly. Let's try again... > > I have two(2) browser tabs open. One is a Google search and the other is my > PHP script. When my PHP script exits, I want that tab to close. > > Sorry for any confusion. > > Ethan Ethan- You can't do that. Better to simply close the tab when done. Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] http://www.mytrash.mail.ua spam
I get the same thing but wrote it off as someone's autoresponder. I didn't check the email address. Regards, -Josh ________ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 13, 2010, at 2:52 PM, Ashley Sheridan wrote: > I know this isn't PHP related, but every day I post to this list I get a > message back from "mytr...@mail.ua" which is an > auto-responder. > > It is rather annoying, and makes little sense for whoever is using this > service to sign up to a mailing list and not make this service aware of the > mailing list at all. > > Please could whomsoever is responsible please try to figure something out > with it. It's ironic, because while it appears to be aimed at preventing > spam, it is actually creating spam for me, and doubtless many others. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > > From: "mytr...@mail.ua" > Date: October 13, 2010 2:28:04 PM EDT > To: "Ashley Sheridan" > Subject: Требуется подтверждение отправки Вашего письма для mytr...@mail.ua > Reply-To: "mytr...@mail.ua" > > > (see english version below) > (дивіться українську версію нижче) > > > Я использую антиспам-систему, которая не позволяет принимать письма > от незнакомых отправителей, не внесенных в мою адресную книгу ("белый > список"), > поэтому ваше письмо было помещено в папку "Спам". > > Для того чтобы переместить ваше письмо в папку "Входящие сообщения", > перейдите по этой ссылке: > http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua > > После этого ваш адрес будет автоматически добавлен в мою адресную книгу, > и вы сможете отправлять мне письма с адреса "Ashley Sheridan" > > без дополнительных проверок. > > Вы также можете отправлять мне сообщения в любой момент с моей персональной > страницы: > http://www.mytrash.mail.ua > > Спасибо за понимание, > sender owner mytr...@mail.ua > > > -- english --- > > Confirmation is required to send your message to mytr...@mail.ua > > > My antispam system detected your message as possible SPAM, > because your address is not listed in my address book ("white list"). > > To confirm that your message is not a spam, please open the following link: > http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua > > After that your address will be automatically added into > my address book and you will be able to send me messages from > "Ashley Sheridan" without any additional checks. > > You can also use my personal webpage and send me a message anytime: > http://www.mytrash.mail.ua. > > Thank you, > sender owner mytr...@mail.ua > > > -- українська --- > > Потрібне підтвердження відправки Вашого листа для mytr...@mail.ua > > > Я використовую антиспам-систему, яка не дозволяє приймати листи > від незнайомих відправників, не внесених у мою адресну книгу ("білий список"), > тому ваш лист був поміщений у папку "Спам". > > Для того, щоб перенести ваш лист до "Вхідних повідомлень", > перейдіть по цьому посиланню: > http://www.mytrash.mail.ua/confirm/1286994421.H636465P22409.mx.mail.ua > > Після цього ваша адреса буде автоматично додана в мою адресну книгу, > і ви зможете відправляти мені листи з вашої адреси "Ashley Sheridan" > > без жодних додаткових перевірок. > > Ви також можете відправляти мені повідомлення в будь-який момент з моєї > персональної сторінки: > http://www.mytrash.mail.ua. > > Дякую вам за розуміння, > sender owner mytr...@mail.ua > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] break out of
If I'm understanding the question right, yes you can. if($AlertUser2success != 0) { ?> http://joshuakehn.com On Oct 11, 2010, at 7:05 PM, Govinda wrote: > Hi everyone, > > - newbie preface > - > I finally got some time to come back to learning a little more PHP... and I > am looking forward to lots more in coming months, with any luck. Anyway, as > I was working towards the last deadline with the PHP project I was working > on, I uncovered several issues I did not know the answer to.. and I just > hacked around them to avoid taking more time while I was under the > clock/meter. Now on my own time, I want to ask, so I learn more deeply what > was more ideal understanding/technique. > - /newbie preface > - > > Here's one of those Q's: > > I was working on a system ("MoveableType", A.K.A. "MT") that writes db data > to static text files (web pages) whenever the CMS admin tells it to > "publish". That system writes out the PHP code that I tell it to, in each > page of the site. There was one place in my PHP code (marked with ***MT***, > below) where I needed to include a chunk of data that would not be known (or > written out) until the admin next published the page (i.e. I could not > include the code inline). I needed to display it only in case of a PHP > comparison evaluating to true. I was tempted to break out of PHP at that > point, and then go back into PHP within that ***MT*** block itself, _only_ > when/where in the few places that block needs PHP.. in order to reduce the > head pressure (of the less-technical admin using the MT CMS) having to wade > through so many PHP print/echo statements (I could not get heredoc to work > right, but that is another topic/post ;-). But despite the temptation, I did > not attempt that because I thought it might break the logic of the if { } . > On the other hand, I vaguely remember reading something that made me think > something like that is possible.. but I don't know where I saw it. > > To better summarize my Q: > > could the below "" (which contains a long block > of HTML sprinkled with a little PHP whose contents are known only at > runtime) be *broken out of* of the wrapper that surrounds the if > { } statement, and have it still only get displayed on the final webpage when > the if { } statement evaluates to true? The reason I want that is so that I > can just keep the HTML straight and simple in that MT block, instead of using > PHP string-printing statements to spit out it's mostly-pure-HTML contents. > The admin using the system is using a WYSIWYG HTML editable textarea > interface, kind of like FCKEditor. > > if($AlertUser2success != 0) { > echo ''."\n"; > echo ' src="images/BehindBox01.png" alt="" />'."\n"; > echo ''."\n"; > /*--- here is the ***MT*** > block/include ---> ---*/ > echo ''."\n"; > echo ''."\n"; > } else { > ... > > > Govinda > govinda(DOT)webdnatalk(AT)gmail(DOT)com > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] tedd's Friday Post ($ per line)
$100 a line. If you want more then one line let's meet and go over the project. I might give a significant discount. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 4:51 PM, tedd wrote: > At 6:50 PM +0100 10/7/10, a...@ashleysheridan.co.uk wrote: >> Surely it would have been a bit more sensible to work out the time the >> programmer had spent on the project and then calculate it as a percentage of >> the total time that programmer would spend on it to complete it (which might >> not be the whole duration of the project) >> >> Also, counting code lines seems unfair. I know it used to be this way, but >> its a bit like paying firemen based on the number of fires they put out; >> don't be surprised if arson figures go up! >> >> I would guess though that this fellow likely had to pay some of that initial >> outlay of cash back though, and would further assume the total price >> attributed to each line was no more than 3 or 4 cents (damb English androids >> don't have the cent character) >> >> Thanks, >> Ash > > As I said, this was a case that I worked on several years ago (20+). I was > not the programmer, but rather a consultant for an attorney. > > The programmer wanted to have his payment based upon the hours he put it, but > the client wanted proof of the programmers effort. Both were understandable > positions. > > Considering that the programmers effort did not work, and there were no time > clocks showing the actual hours the programmer worked, the solution centered > on an evaluation of the end-product. That evaluation reduced to the amount of > code written, which boiled down to lines of code. > > Granted, as Rob said, some lines are worth more than others, but overall a > case was made to pay a certain amount per line. > > Now, back to the question at hand -- what price would you sell a line of your > code for? > > Cheers, > > tedd > > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
I guess that's what I get for spending the last four weeks developing with JavaScript and Node.js. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 2:09 PM, Daniel P. Brown wrote: > On Thu, Oct 7, 2010 at 14:04, Joshua Kehn wrote: >> In the case payment does come down to lines of code written I'm already >> covered. >> >> if( count > 5) >> { >>/* Bracing Style >> } > >PHP Notice: Use of undefined constant count - assumed 'count' on line 1 >PHP Warning: Unterminated comment starting line 3 on line 3 >PHP Parse error: syntax error, unexpected $end on line 4 > > -- > > Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting > (866-) 725-4321 > http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] tedd's Friday Post ($ per line)
In the case payment does come down to lines of code written I'm already covered. if( count > 5) { /* Bracing Style } Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 1:50 PM, a...@ashleysheridan.co.uk wrote: > Surely it would have been a bit more sensible to work out the time the > programmer had spent on the project and then calculate it as a percentage of > the total time that programmer would spend on it to complete it (which might > not be the whole duration of the project) > > Also, counting code lines seems unfair. I know it used to be this way, but > its a bit like paying firemen based on the number of fires they put out; > don't be surprised if arson figures go up! > > I would guess though that this fellow likely had to pay some of that initial > outlay of cash back though, and would further assume the total price > attributed to each line was no more than 3 or 4 cents (damb English androids > don't have the cent character) > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > - Reply message - > From: "tedd" > Date: Thu, Oct 7, 2010 18:20 > Subject: [PHP] tedd's Friday Post ($ per line) > To: > > Hi gang: > > Several years ago I was involved in a court case where a programmers > work was being evaluated to establish a dollar amount for the work > done. > > The case was a dispute where the client wanted money back from a > programmer for a discontinued project. The programmer simply wanted > to be paid for the work he had done. This wasn't a case where anyone > had done anything wrong, but rather a circumstance where two parties > were trying to figure out who was due what. > > You see, the original client had been taken over by another company > who put a halt to the project the programmer was working on. The new > company claimed that because the project wasn't finished, then the > programmer should pay back all the money he was paid up-front to > start the project. However, while the project had not been finished, > the programmer had indeed worked on the project for several months. > > The programmer stated he wanted to paid his hourly rate. But the new > client stated that the up-front money paid had been based upon a bid > and not an hourly rate. So, they were at odds as to what to do. > > The solution in this case was to place a dollar amount on the actual > "lines of code" the programmer wrote. In other words, they took all > of programmers code and actually counted the lines of code he wrote > and then agreed to a specific dollar amount to each line. In this > case, the programmer had written over 25,000 lines of code. What do > you think he was paid? > > And with all of that said, what dollar amount would you place on your > "line of code"? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] tedd's Friday Post ($ per line)
I'm not sure this is even worth answering. The question isn't how many lines of code were written but percentage of the project completed. If he estimated 8 months, worked for 4 months, and was 50% done, he should get half his estimate. Hourly rates wouldn't come into it unless the client thought it would be cheaper to simply pay him for his time rather then the bid. Subject the following to my poor legal knowledge: I would also guess that if he was under contract with a company to provide a product for a set dollar amount then wouldn't the company be forced to complete it's half so to speak? Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Oct 7, 2010, at 1:20 PM, tedd wrote: > Hi gang: > > Several years ago I was involved in a court case where a programmers work was > being evaluated to establish a dollar amount for the work done. > > The case was a dispute where the client wanted money back from a programmer > for a discontinued project. The programmer simply wanted to be paid for the > work he had done. This wasn't a case where anyone had done anything wrong, > but rather a circumstance where two parties were trying to figure out who was > due what. > > You see, the original client had been taken over by another company who put a > halt to the project the programmer was working on. The new company claimed > that because the project wasn't finished, then the programmer should pay back > all the money he was paid up-front to start the project. However, while the > project had not been finished, the programmer had indeed worked on the > project for several months. > > The programmer stated he wanted to paid his hourly rate. But the new client > stated that the up-front money paid had been based upon a bid and not an > hourly rate. So, they were at odds as to what to do. > > The solution in this case was to place a dollar amount on the actual "lines > of code" the programmer wrote. In other words, they took all of programmers > code and actually counted the lines of code he wrote and then agreed to a > specific dollar amount to each line. In this case, the programmer had written > over 25,000 lines of code. What do you think he was paid? > > And with all of that said, what dollar amount would you place on your "line > of code"? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Standalone WebServer for PHP
On Sep 12, 2010, at 1:33 PM, tedd wrote: > At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: >> On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: >> >>> Can a business have a server connected to the Internet but limit >>> access to just their employees? I don't mean a password protected >>> scheme, but rather the server being totally closed to the outside >>> world other than to their internal employees? Or is this something >>> that can only be provided by a LAN with no Internet connection? >>> >> >> Not entirely sure what you're asking, but could you maybe achieve something >> like this with a WAN using a VPN? >> >> Thanks, >> Ash > > Ash: > > I'm sure this is an obvious question for many on this list, but I'm not above > showing my ignorance. > > I guess what I am asking -- if a client wanted an application written (in web > languages) so that their employees could link all their different computers > together and share/use information using browsers, is that possible using a > server that is not connected to the Internet? > > Look, I know that I can solve my clients problems by finding a host and > writing scripts to do what they want -- that's not a problem. But everything > I do is open to the world. Sure I can provide some level of security, but > nothing like the security that can be provided behind closed and locked doors. > > So, can I do what I do (i.e., programming) without having a host? Can I > install a local server at my clients location and interface all their > computers to use the server without them ever being connected to the Internet? > > Maybe I should ask my grandson. :-) > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Tedd- What do you mean "without ever being connected to the internet?" That statement throws me a bit because if it isn't connected to the public net the only alternative would be to run hard lines between hosts. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Tedd- Would he consider access to another database? I.e. a separate, say memcached db which stores the "boss" status? An issue with the temporary file would also be session length, if the session expires without the user explicitly logging off, the file wouldn't be removed. A way to bypass this would be to add some sort of session expiration header to the file and update that. And couldn't you make a simple check if the boss is logged in or not by the ability to access the database? Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 12, 2010, at 12:32 PM, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online business > database restricted to only times when he is logged on. (Don't ask why) > > In other words, when the boss is not logged on, then his employees cannot > access the business database in any fashion whatsoever including checking to > see if the boss is logged on, or not. No access whatsoever! > > Normally, I would just set up a field in the database and have that set to > "yes" or "no" as to if the employees could access the database, or not. But > in this case, the boss does not want even that type of access to the database > permitted. Repeat -- No access whatsoever! > > I was thinking of the boss' script writing to a file that accomplished the > "yes" or "no" thing, but if the boss did not log off properly then the file > would remain in the "yes" state allowing employees undesired access. That > would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Adam- It is unique. I'm writing code that really can't be done any other way. How it handles events, sockets, etc is exceptional. The best part is everything now is JavaScript. The server (Node.js) is written in JavaScript. MongoDB is JavaScript. The frontend used to manage the WebSocket is entirely JavaScript. I have essentially replaced J2EE as the backend with Node and I couldn't be happier. Of course standard JavaScript woes apply. Debugging is a royal pain in the ass. Your code can and will suddenly fail due to odd strange errors. There are stability concerns with Node, it is version 0.2 after all. It won't replace PHP or Java as an enterprise level solution, but it does fill in the gaps very nicely. Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 10, 2010, at 2:53 PM, Adam Richardson wrote: >> >> >> >> This is what I get for taking a week to code everything in Node.js. >> >> > > It is a Friday, so I'll let my curiosity get the best of me and ask a > follow-up on something non-PHP. What insights/impressions do you have > regarding Node.js after a week of working with it? > > Thanks, > > Adam > > -- > Nephtali: PHP web framework that functions beautifully > http://nephtaliproject.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Ash- Correct, hence my typo and nomenclature slip. ;) Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 10, 2010, at 2:48 PM, a...@ashleysheridan.co.uk wrote: > Node.js, wouldn't that be javascript rather than java? :P > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > - Reply message - > From: "Joshua Kehn" > Date: Fri, Sep 10, 2010 19:32 > Subject: [PHP] newbie question about code > To: "Bob McConnell" > Cc: "Adam Williams" , "PHP General list" > > > > Bob- > > Yes, yes I did. > > And note that my Java code is incorrect, that should simply be public static > void, no function. > > This is what I get for taking a week to code everything in Node.js. > > Regards, > > -Josh > > Joshua Kehn | josh.k...@gmail.com > http://joshuakehn.com > > On Sep 10, 2010, at 2:32 PM, Bob McConnell wrote: > > > Did you mean to say "That is a method call."? > > > > Bob McConnell > > > > - > > From: Joshua Kehn > > > > That is a function call. In Java: > > > > class Code > > { > >public static void function do_command(){ } > > } > > > > Code.do_command(); > > > > Regards, > > > > -Josh > > > > Joshua Kehn | josh.k...@gmail.com > > http://joshuakehn.com > > > > On Sep 10, 2010, at 2:27 PM, Adam Williams wrote: > > > >> I'm looking at someone's code to learn and I'm relatively new to > > programming. In the code I see commands like: > >> > >> $code->do_command(); > >> > >> I'm not really sure what that means. How would that look in > > procedural style programming? do_command($code); or something else? > >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > >
Re: [PHP] newbie question about code
Bob- Yes, yes I did. And note that my Java code is incorrect, that should simply be public static void, no function. This is what I get for taking a week to code everything in Node.js. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 10, 2010, at 2:32 PM, Bob McConnell wrote: > Did you mean to say "That is a method call."? > > Bob McConnell > > ----- > From: Joshua Kehn > > That is a function call. In Java: > > class Code > { >public static void function do_command(){ } > } > > Code.do_command(); > > Regards, > > -Josh > > Joshua Kehn | josh.k...@gmail.com > http://joshuakehn.com > > On Sep 10, 2010, at 2:27 PM, Adam Williams wrote: > >> I'm looking at someone's code to learn and I'm relatively new to > programming. In the code I see commands like: >> >> $code->do_command(); >> >> I'm not really sure what that means. How would that look in > procedural style programming? do_command($code); or something else? >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] newbie question about code
Adam- That is a function call. In Java: class Code { public static void function do_command(){ } } Code.do_command(); Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 10, 2010, at 2:27 PM, Adam Williams wrote: > I'm looking at someone's code to learn and I'm relatively new to programming. > In the code I see commands like: > > $code->do_command(); > > I'm not really sure what that means. How would that look in procedural style > programming? do_command($code); or something else? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Zend framework
Chris- While I find Zend to be more of a wonderful set of libraries then a framework, it does do both and is a good introduction. I do most of my framework coding on CodeIgniter though. Regards, -JOsh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 9, 2010, at 9:33 PM, chris h wrote: > Hello all, > > I'm starting a new project and I'm thinking about building it on Zend > framework and possibly Zend server. I've only used the framework slightly > and I've never really used Zend server. That being said I hear that the > framework is pretty decent to work with. I want something that is strict > and uses OOP & MVC well, and I hear it does; though I also have the > impression that it's slow and bloated... > > Anyways, I was curious if any of you have some general advice / good things > / horror stories on the Zend framework? > > > Thanks, > Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Jim- Yes, that was a typo. The issues was I didn't cut / paste and instead retyped it. Should be foreach($array as $key1 => $list) { foreach($list as $key2 => $value) I will check those links out, I had the first one not the second. Regards, -Josh ________ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 5, 2010, at 12:32 AM, Jim Lucas wrote: > Joshua Kehn wrote: >> I'm working on creating a compiled extension for some code I've written. >> Mostly it's manipulating a very large multi-demensional array of values. >> This is some pseudo code for the array. >> // Imagine this but much much bigger >> $big_ass_array = array('5' => array('0' => 4, '3' => 6, '8' => 7), '10' => >> array('4' => 3, '5' => 10')); Currently I'm traversing this with >> foreach($array as $key1 => $value) >> { >> foreach($value as $key2 => $value) >> { > > Well, I hope you are not using it this way. > > The above will overwrite your $value variable set by the first foreach > > Maybe you had a cut/paste error with the $value1 $value2 portion... > >> // Use $key1, $key2, and $value here >> } >> } >> My question is how does this translate into the C code I will have to write? > > My suggestion would be to download the source code and find a comparable > array function and see how they do it. > >> If anyone has a decent extension building tutorial that would be great too. > > First google result for "php extension tutorial" > > http://devzone.zend.com/article/1021 > http://www.talkphp.com/vbarticles.php?do=article&articleid=49&title=creating-custom-php-extensions > http://www.php.net/~wez/extending-php.pdf > > Just to list a few... > > Jim > >> Regards, >> -Josh >> >> Joshua Kehn | josh.k...@gmail.com >> http://joshuakehn.com >
[PHP] Question about translating assoc. arrays to C
I'm working on creating a compiled extension for some code I've written. Mostly it's manipulating a very large multi-demensional array of values. This is some pseudo code for the array. // Imagine this but much much bigger $big_ass_array = array('5' => array('0' => 4, '3' => 6, '8' => 7), '10' => array('4' => 3, '5' => 10')); Currently I'm traversing this with foreach($array as $key1 => $value) { foreach($value as $key2 => $value) { // Use $key1, $key2, and $value here } } My question is how does this translate into the C code I will have to write? If anyone has a decent extension building tutorial that would be great too. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] a quick question about array keys
On Aug 31, 2010, at 11:46 AM, Ashley Sheridan wrote: > On Tue, 2010-08-31 at 11:46 -0400, Joshua Kehn wrote: >> >> Quickest way I can think of would be to do something like >> >> $tmp = array(); >> >> foreach($old_array as $key => $value) >> { >> $tmp[$value] = $key; >> } >> >> But knowing PHP there is probably some array_reverse_keys() function. >> >> Regards, >> >> -Josh >> >> Joshua Kehn | josh.k...@gmail.com >> http://joshuakehn.com >> >> On Aug 31, 2010, at 11:43 AM, Tontonq Tontonq wrote: >> >> > a quick question >> > lets say i have an array like that >> > >> > >> > Array >> > ( >> > [300] => 300 >> > [301] => 301 >> > [302] => 302 >> > [303] => 303 >> > [304] => 304 >> > [305] => 305 >> > [306] => 306 >> > [307] => 307 >> > [308] => 308 >> > ... >> > how can i change keys to 0,1,2,3,.. by faster way >> > (it should like that) > >> > Array >> > ( >> > [0] => 300 >> > [1] => 301 >> > [2] => 302 >> > [3] => 303 >> > >> >> > > That doesn't actually answer the question, it just changes the key/value > pairs around. There is a built-in function for this in PHP, but it's not what > the OP asked for. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > I misread the question as flipping array keys, my mistake. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] a quick question about array keys
Quickest way I can think of would be to do something like $tmp = array(); foreach($old_array as $key => $value) { $tmp[$value] = $key; } But knowing PHP there is probably some array_reverse_keys() function. Regards, -Josh ____ Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Aug 31, 2010, at 11:43 AM, Tontonq Tontonq wrote: > a quick question > lets say i have an array like that > > > Array > ( > [300] => 300 > [301] => 301 > [302] => 302 > [303] => 303 > [304] => 304 > [305] => 305 > [306] => 306 > [307] => 307 > [308] => 308 > ... > how can i change keys to 0,1,2,3,.. by faster way > (it should like that) > > Array > ( > [0] => 300 > [1] => 301 > [2] => 302 > [3] => 303 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing Social Security Number WAS: Encryption/Decryption Question
On Aug 12, 2010, at 11:55 AM, tedd wrote: > At 11:39 AM -0400 8/12/10, Joshua Kehn wrote: >> Would one option be to have a table of unencrypted SSN's with an encrypted >> id for the user. So you could search the SSN's and then connect them, >> however if the table was dumped you wouldn't be able to link it directly to >> the person (as it would just have a SSN and an id). >> >> Regards, >> >> -Josh > > No, the problem here is to keep the database from containing any raw SS#. It > is absolutely necessary to encrypt the data. > > The question is: > > 1. Is it legal? > > 2. How to do it? > > Cheers, > > tedd > -- > --- > http://sperling.com/ Tedd- In my mind if you have a table of raw SSN's it's fine as long as they can't be readily linked to a person without decrypting the id. Again, I don't know the legalities of it so I defer. If you have to encrypt them then I'm not sure how you would run any %LIKE% query unless you went through and decrypted them OTF when running the query. This (I don't believe) can be done in MySQL (or any other RDB) so it would have to be done in memory. Depending on the table size that gets annoyingly slow. If the SSN's must be encrypted, and you aren't encrypting the parts separately ( enc - enc - enc) I don't think you will be able to run a %LIKE% query simply. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Storing Social Security Number WAS: Encryption/Decryption Question
On Aug 12, 2010, at 11:32 AM, tedd wrote: > At 10:56 AM -0400 8/12/10, Bastien Koert wrote: >> However, the data must be stored in an encrypted format and it must be >> transmitted via SSL. We do it that way (taking both a hash for >> searching for the ssn and the encrypted form) and haven't had any >> issues as yet. > > The data will be encrypted and only accessible behind an SSL via an > authorization process -- that's given. > > I have given some thought about searching the database for encrypted SS#'s > and have been perplexed as how to do that. > > For searching standard fields, it's a piece of cake to use %LIKE%. For > example, let's say the investigator has a piece of paper that has the number > "393" on it and want's to search the database for all phone numbers that > contain "393" -- he could use %LIKE% and that would produce 517-393-, > 393-123-4567, 818-122-4393 and so on. That's neat! > > However, if the field is encrypted, then how do you preform a partial search > on that? You can't encrypt the search string and use that because you need > the entire string. So, how do you solve that problem? > > If you hash the number of store the hash, then you can create a hashed search > string and use that. But again it doesn't work for partial %LIKE% searches. > For example, I couldn't search for "393" in a SS# -- I would have to search > for the complete SS#. > > So, how do you solve the %LIKE% problem with encryption and hashes? > >> The other thing to consider is that more and more states are looking to >> encrypt PII data >> (name, dob, ssn etc) for more security. > > I'm considering that as well, but that also raises more searching problems as > described above. > >> You could consider storing just the encrypted ssn and link data in a >> separate database, that would require a different logon to access when >> the data is required. > > Interesting -- I might also hash the foreign link. But I have to think about > that. > > Cheers, > > tedd > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Would one option be to have a table of unencrypted SSN's with an encrypted id for the user. So you could search the SSN's and then connect them, however if the table was dumped you wouldn't be able to link it directly to the person (as it would just have a SSN and an id). Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
Re: [PHP] PHP The Anthem
On Aug 6, 2010, at 11:12 AM, tedd wrote: > At 10:30 AM -0400 8/6/10, Joshua Kehn wrote: >> On Aug 6, 2010, at 7:27 AM, tedd wrote: >> >> >> There is something wrong with having a little fun? >> >> Regards, >> >> -Josh > > Yes, it's a waste of time -- humbug! > > Cheers, > > tedd > > -- > --- > http://sperling.com/ Tedd- I guess that quarters game was a complete waste of time as well? :) Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP The Anthem
On Aug 6, 2010, at 7:27 AM, tedd wrote: > At 4:57 PM -0700 8/5/10, Daevid Vincent wrote: >> http://www.youtube.com/watch?v=S8zhmiS-1kw >> >> http://shiflett.org/blog/2010/aug/php-anthem >> >> ...some people have way too much time. ;-) > > I agree. I don't have time to do nonsense and don't understand how people who > are successful can waste time like this. Besides IMO, this is another example > of hip-flop. > > Cheers, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > There is something wrong with having a little fun? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Protecting PHP scripts called via AJAX from evil
On Aug 6, 2010, at 9:41 AM, Marc Guay wrote: > Hi folks, > > I'm looking for a straightforward way to protect PHP files which are > called via AJAX from being called from outside my application. > Currently, someone could forseeably open the console and watch the > javascript post variables to a public file (actions/delete_thing.php) > and then use this knowledge to trash the place. I found this thread > at stackoverflow which seems to cover the issue I'm looking at, but > it's pretty intense and I figure there's an easier way but I'm not > sure how. > > http://stackoverflow.com/questions/2486327/jquery-post-and-php-prevent-the-ability-to-use-script-outside-of-main-website > > It seems unlikely that this is the method everyone uses, but maybe > not. Advice is nice. > Marc > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Marc- The best way (and what I currently use) is to add a nonce style value to the form with a random name and then also add that to the session. $nonce = sha1(microtime(true)); $name = sha1(rand(0,10)); $_SESSION['nonce'] = array($name => $nonce); ?>http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help.
On Jul 30, 2010, at 3:03 PM, Paul Halliday wrote: >> >> Paul- >> >> Why are those values not defaulted to 0 in the database? >> >> Regards, >> >> -Josh >> >> > > They are defaulted, the query is grouping: > > select count(status) as count, status from table group by status order > by status desc; Paul- Correct, so stuff with a status of 0 will still show up unless I'm missing something. Regards, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Array help.
On Jul 30, 2010, at 2:36 PM, Paul Halliday wrote: > I have a query that may not always return a result for a value, I need > to reflect this with a "0". I am trying to overcome this by doing this > (the keys are ID's): > > while ($row = mysql_fetch_row($statusQuery)) { > >$cat = > array(0=>0,1=>0,11=>0,12=>0,13=>0,14=>0,15=>0,16=>0,17=>0,19=>0); > >switch ($row[1]) { >case 0: $cat[0] = $row[0]; break; >case 1: $cat[1] = $row[0]; break; >case 11: $cat[11] = $row[0]; break; >case 12: $cat[12] = $row[0]; break; >case 13: $cat[13] = $row[0]; break; >case 14: $cat[14] = $row[0]; break; >case 15: $cat[15] = $row[0]; break; >case 16: $cat[16] = $row[0]; break; >case 17: $cat[17] = $row[0]; break; >case 19: $cat[19] = $row[0]; break; >} > >print_r($cat); >} > > Which gives me this: > > Array ( [0] => 15547 [1] => 0 [11] => 0 [12] => 0 [13] => 0 [14] => 0 > [15] => 0 [16] => 0 [17] => 0 [19] => 0 ) > Array ( [0] => 0 [1] => 0 [11] => 0 [12] => 0 [13] => 0 [14] => 0 [15]s > => 30 [16] => 0 [17] => 0 [19] => 0 ) > > The query only return 2 rows: > > 15 | 30 > 0 | 15547 > > What am I doing wrong? Is there a more elegant way to achieve what I want? > > Thanks. > > -- > Paul Halliday > Ideation | Individualization | Learner | Achiever | Analytical > http://www.pintumbler.org > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Paul- Why not say: $cat = array(); if(isset($row[1]) { $cat[$row[1]] = $row[0]; } print_r($cat); Regards, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trapping for PDF Type and file size in a UPLOAD form...
On Jul 29, 2010, at 12:50 PM, Don Wieland wrote: > I am trying to create an UPLOAD form and need to figure a way to only allow > PDF files to be selected. Something like: > > > > >accept="application/pdf" /> > Choose a file to upload: type="file" /> > > > > > > It is documented online that I can pass a parameter ACCEPT="applaction/pdf", > BUT it is not recognized in most browsers. > > It was suggested by someone that I could trap for this using a JAVASCRIPT. > Can someone assist with a snippet of javascript code to trap for this for me? > This is the end result I need: > > If the user selects a file that IS NOT a PDF file, display an javascript > alert "You can only upload PDF files. Please try again." > > If the user selects a PDF file greater than 1MB, display an javascript alert > "File uploads may not exceed 1M in file size. Please try again." > > I appreciate any help that can be offered. Thanks in advanced! > > Don Wieland > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Don- Remember that anything submitted by the client can be spoofed or faked. Ensure that your PHP script accounts for Javascript being disabled. Past that, I'm sure you can get results from somewhere like Stackoverflow.com instead of a PHP mailing list. Thanks, -Josh -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] the state of the PHP community
On Jul 29, 2010, at 3:32 AM, Nathan Rixham wrote: > Hi Josh, > > Thanks for taking the time - comments in-line from here :) > > Josh Kehn wrote: >> Java, JS (in the form of Node and MongoDB, +raw client / jQuery stuff) and >> PHP get used regularly. Python / Ruby infrequently. > > With true confirmation bias - great to see you mentioning node.js, have a > universal language / syntax for programming is critical moving forwards. I've > been 'playing' with node for a while now myself, added an upgrade to handle > client side ssl certificates properly and expose needed values recently, and > currently working on making tabulator's rdflib work on both client and server > (i.e., porting it to node amongst other things). I haven't gone that far with Node yet, someone is writing an email server though. I hated JS for many (I believe good) reasons for a long time. I felt it was a client side showy gimmick. I do server side development. Why should I know the eight or nine different DOM structures? Leave that to designers I said! Once you get past the syntax it is an incredibly powerful language. There are faults (come on, it fails silently!) but proper understanding negates these for the most part. Another thing to note is how incredibly flexible it is. Node / Mongo both make use of JS syntax (albeit with their own unique "flavor") but it all boils down to a very simple, elegant, system. > > MongoDB I managed to bypass somewhere, I quickly migrated past NoSQL and on > to triple/quad store(s) - again for universality reasons, on the path to a > full embrace of N3. This said, I should probably give some more weight to > MongoDB, certainly with it's json friendly-ness I can see how it could fit in > to my preferred tech stack. MongoDB is a bit unique. I've only been working with it for a few months now but it really is something to keep an eye out for. If you prefer traditional "SQL" also take a look at VoltDB. > >> Started with QBasic and realized it was crap. Moved on to Java, realized >> object rock but J2EE doesn't. Moved to PHP / Java. > > QBasic was crap lol, that was my first language after playing with .bat files! I'm not sure if I did bat files first, but I do remember playing with Win95 assembler. It's a miracle I'm not scarred for life. > >> http://www.mongodb.org/ >> http://nodejs.org/ >> See http://joshuakehn.com/blog/index.php/blog/view/28/MongoDB-Node-js/ > > Nice blog, subscribed - used to do my braces the same as you then reverted > back to putting them EOL, will comment on your blog with reasons why. If the comments don't work let me know. That's a basic blogging engine I wrote with CI, it's in desperate need of some help. > > Also, golf-code! that had escaped my radar somehow, looks like I can waste a > few hours with that one - love it. > >>> >> I haven't gotten flashed on any PHP meetups, but I wouldn't shy away from >> them. > > Here in Scotland I read that as "I haven't had anybody flash their genitals > at me on any PHP meetups, but I wouldn't shy away from them" - thus, lol! LOL would be the correct reaction to that! > >>> Are you a member or any other web tech communities, opensource efforts, or >>> standardization bodies - again, if so which? >> None that I recall. >>> Are there any efforts, projects or initiatives which are floating your boat >>> right now and that your watching eagerly (or getting involved with)? >> Node, Mongo. I'm also watching a couple git repos, memcached and scribe to >> name two. Some stuff I just can't be involved in (C / C++ dev is tricky when >> you work with Java / PHP). > > another +1 for git, makes life easier, will hunt you down and see what you're > all following (other than memcached and scribe). If you go to my root site I believe I have a link. > > on the c/c++ side, I thought the same thing (being Java/PHP for the past > while pretty solidly) but as mentioned earlier, recently hacked out some c++ > for node and it was easier than I thought once I 'just did it', I guess I'm > saying don't let that feeling phase you, if you want to do it - just do it, > you're a programmer not a specific languager. :) > >>> ps: please *do not* flame anybodies answers, that really wouldn't be fair. >>> >>> Best & Regards, >>> >>> Nathan >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> Regards, >> -Josh > > Likewise, > > Nathan Regards, -Josh