php-general Digest 15 Apr 2005 05:53:48 -0000 Issue 3398
Topics (messages 213099 through 213126):
Re: Directory perms
213099 by: Jason Wong
Getting a contract
213100 by: Ryan A
213102 by: chris
213108 by: Miles Thompson
213110 by: Brent Baisley
Reverse plural forms to singular for search
213101 by: Eugene Voznesensky
Re: header()
213103 by: chris
Insert Chars into a string
213104 by: PartyPosters
213106 by: Mike Johnson
213107 by: Mike Johnson
Re: RegEx help
213105 by: trlists.clayst.com
ini_set and upload_tmp_dir
213109 by: Reynier Perez Mira
213111 by: Marek Kilimajer
213112 by: Jason Wong
Streaming video BLOBs from MySQL
213113 by: J J
Re: imagecopyresample
213114 by: Marek Kilimajer
213123 by: gareth.zaphodmcmillan.com
Re: Storing password in cookie
213115 by: trlists.clayst.com
213116 by: trlists.clayst.com
pixels per character
213117 by: Christian Calloway
213119 by: Chris W. Parker
213120 by: Greg Donald
213126 by: Amir Mohammad Saied
Best practices for set/get methods
213118 by: Tim Boring
213121 by: Greg Donald
213122 by: Rasmus Lerdorf
Sessions and frames
213124 by: Gustav Wiberg
213125 by: Chris W. Parker
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On Thursday 14 April 2005 22:25, Reynier Perez Mira wrote:
> How I can obtain directory perms and how I know if they are RW on Win32
> plattforms? I find into PHP Manual but I only obtain function fileperms
> wich have only for files and not for directories
fileperms() works on files AND directories (and in fact the examples shows
that). is_readable() and is_writeable() also works on files/dirs.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
Hey,
There was some discussion before this on how much to charge to make a site /
set of scripts,
which also turned into advise from the more experienced members of this
list...good advise I
might add.
Note:
This thread is not directly a php thread but related in a big way to what
most of us do, you might
not want to read it if you only read programming threads, this is intended
to be more of a discussion.
That said....I'll continue:
One of the parts that I noted (and that has come back to haunt me) is:
write the entire scope of the project and make them sign on the dotted line
even if they are family friends.
(more or less those words)
I'm working with a client who is really ticking me off with his constant
request for addition of
features/changes some of which i pointly decline unless i am paid
more...others I do...coz the project is
big and well paying....and the changes are not too big.
The client I am working with gave me some rough drawings (pen (not pencil)
hand drawings on napkins
and A4 papers), some scribblings etc
My question is, how can we document the whole contract *properly* when the
client is asking you
to make something new (eg features not found anywhere else), code, layouts,
navigation, buttons,
sections, functionality etc? Getting a lawyer is (for most of us...like me)
out of the question...
Is there any software out there that helps? or do you take the extra days
(or maybe weeks) to write
up everything for him to sign on the dotted line? Keep in mind while you are
taking the time to write
up the whole thing he can pick someone else...or he might be in a hurry.
Advise on what you think would help...and things that you _actually_ do
would help a lot of us I think
sidestep bad experiences in the future.
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.9 - Release Date: 4/13/2005
--- End Message ---
--- Begin Message ---
Ryan,
Write the contract to state the targets as they exist now, the estimated
hours and how you will be paid(i.e. - by the hour, milestone, etc...)
then when a change is made to the design, simply make an addendum to the
original contract and list the changes that are to be done, estimated time
and again how you will be paid. Make sure the client is signing this stuff
(even friends and family). Personally I like setting design targets (or
goals if you prefer) and having the client sign off on each as they are
completed and I am paid per target finished.
CJ
"Ryan A" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hey,
> There was some discussion before this on how much to charge to make a site
> /
> set of scripts,
> which also turned into advise from the more experienced members of this
> list...good advise I
> might add.
>
> Note:
> This thread is not directly a php thread but related in a big way to what
> most of us do, you might
> not want to read it if you only read programming threads, this is intended
> to be more of a discussion.
>
> That said....I'll continue:
> One of the parts that I noted (and that has come back to haunt me) is:
> write the entire scope of the project and make them sign on the dotted
> line
> even if they are family friends.
> (more or less those words)
> I'm working with a client who is really ticking me off with his constant
> request for addition of
> features/changes some of which i pointly decline unless i am paid
> more...others I do...coz the project is
> big and well paying....and the changes are not too big.
> The client I am working with gave me some rough drawings (pen (not pencil)
> hand drawings on napkins
> and A4 papers), some scribblings etc
>
> My question is, how can we document the whole contract *properly* when the
> client is asking you
> to make something new (eg features not found anywhere else), code,
> layouts,
> navigation, buttons,
> sections, functionality etc? Getting a lawyer is (for most of us...like
> me)
> out of the question...
>
> Is there any software out there that helps? or do you take the extra days
> (or maybe weeks) to write
> up everything for him to sign on the dotted line? Keep in mind while you
> are
> taking the time to write
> up the whole thing he can pick someone else...or he might be in a hurry.
>
>
> Advise on what you think would help...and things that you _actually_ do
> would help a lot of us I think
> sidestep bad experiences in the future.
>
> Thanks,
> Ryan
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.308 / Virus Database: 266.9.9 - Release Date: 4/13/2005
--- End Message ---
--- Begin Message ---
Keep this in mind - I'll repeat it: WE ARE DOING INTELLECTUAL WORK, not
painting walls. The simplest request can have unknown ramifications.
I was lucky - in hindsight - got burned that way after I'd been in
business about 6 weeks.
Wrote up one of those beautiful proposals which outline exactly what I was
going to do, thereby demonstrating to my potential client that I KNEW what
I was talking about.
Waited. And waited. And waited some more, then called client after a couple
of weeks.
"Thank you for your excellent document. It had a lot of very good ideas. We
are having the IT instructor at xxx school implement the work."
WE ARE DOING INTELLECTUAL WORK
From then on - customer got one hour free; then the meter started. If they
want details, they're buying my expertise, and it's been damned,
hard-earned expertise too.
Feature creep seems to be the problem here. Money which should go to solid
development gets frittered away checking this and that, adding a bit of
fanciness here, etc. A friend of mine had a project shut down for three
weeks, and his client looking for another developer, because of that. The
contact person could not resist adding new things, and willingly signed
work orders for their addition, but lost sight that the overall goal was a
functioning job-tracking / management system for a printing plant.
How did it work out? Well, he talked to all of his competition, and we
indicated in our bids that he would be the person we'd engage to do the
work. Hell, he was the most skilled FoxPro developer in town, and the only
one who really knew the system.
Some helpful things:
1. Let's conform to original plan, what you are talking about can be added
when the project is up and running.
WE ARE DOING INTELLECTUAL WORK
2. How much do you want to spend checking this out? (It's really easy to
"Take 15 minutes", then you send an email which might take 30 min to get
really clear and accurate, and the answer requires another "15~30 minutes"
and another email - hey, where'd the afternoon go?)
WE ARE DOING INTELLECTUAL WORK
3. Trust is important. An outline of the scope of the project, the
available inputs, and what the desired outputs are, and an ESTIMATE of what
it MIGHT cost. Remember - those napkins, notes and squiggles are contract
documents.
WE ARE DOING INTELLECTUAL WORK
3. Bill bi-weekly, with bi-weekly terms.
Clients don't see us at work - and if they did they wouldn't understand. To
close off, well-done scripting (or any type of programming) looks seamless
and gives the user a good experience.
Don't know if this has been helpful. You might also see if Whil Hentzen is
still publishing his "Developers Guide" at http://www.hentzenwerke.com. Or
ask if he has an old copy, mine dates from 1997.
Cheers - Miles
At 01:39 PM 4/14/2005, Ryan A wrote:
Hey,
There was some discussion before this on how much to charge to make a site /
set of scripts,
which also turned into advise from the more experienced members of this
list...good advise I
might add.
Note:
This thread is not directly a php thread but related in a big way to what
most of us do, you might
not want to read it if you only read programming threads, this is intended
to be more of a discussion.
That said....I'll continue:
One of the parts that I noted (and that has come back to haunt me) is:
write the entire scope of the project and make them sign on the dotted line
even if they are family friends.
(more or less those words)
I'm working with a client who is really ticking me off with his constant
request for addition of
features/changes some of which i pointly decline unless i am paid
more...others I do...coz the project is
big and well paying....and the changes are not too big.
The client I am working with gave me some rough drawings (pen (not pencil)
hand drawings on napkins
and A4 papers), some scribblings etc
My question is, how can we document the whole contract *properly* when the
client is asking you
to make something new (eg features not found anywhere else), code, layouts,
navigation, buttons,
sections, functionality etc? Getting a lawyer is (for most of us...like me)
out of the question...
Is there any software out there that helps? or do you take the extra days
(or maybe weeks) to write
up everything for him to sign on the dotted line? Keep in mind while you are
taking the time to write
up the whole thing he can pick someone else...or he might be in a hurry.
Advise on what you think would help...and things that you _actually_ do
would help a lot of us I think
sidestep bad experiences in the future.
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.9 - Release Date: 4/13/2005
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
For larger projects, I always charged a contingency fee, maybe
$100-$500, depending on the scope. This money basically pays you to
write up a project document. After all, you are spending your valuable
time on something for them. If they accept your proposal to write the
application, the money goes towards your fee for the project. If decide
not to use you, or pick someone else in the meantime, the money is
yours. They get to keep the proposal, which they could give to someone
else so that they could develop the application, but you at least got
paid.
Whatever you do, document everything. Who asked for what change and
when, even changes you reject.
On Apr 14, 2005, at 12:39 PM, Ryan A wrote:
Hey,
There was some discussion before this on how much to charge to make a
site /
set of scripts,
which also turned into advise from the more experienced members of
this
list...good advise I
might add.
Note:
This thread is not directly a php thread but related in a big way to
what
most of us do, you might
not want to read it if you only read programming threads, this is
intended
to be more of a discussion.
That said....I'll continue:
One of the parts that I noted (and that has come back to haunt me) is:
write the entire scope of the project and make them sign on the dotted
line
even if they are family friends.
(more or less those words)
I'm working with a client who is really ticking me off with his
constant
request for addition of
features/changes some of which i pointly decline unless i am paid
more...others I do...coz the project is
big and well paying....and the changes are not too big.
The client I am working with gave me some rough drawings (pen (not
pencil)
hand drawings on napkins
and A4 papers), some scribblings etc
My question is, how can we document the whole contract *properly* when
the
client is asking you
to make something new (eg features not found anywhere else), code,
layouts,
navigation, buttons,
sections, functionality etc? Getting a lawyer is (for most of
us...like me)
out of the question...
Is there any software out there that helps? or do you take the extra
days
(or maybe weeks) to write
up everything for him to sign on the dotted line? Keep in mind while
you are
taking the time to write
up the whole thing he can pick someone else...or he might be in a
hurry.
Advise on what you think would help...and things that you _actually_ do
would help a lot of us I think
sidestep bad experiences in the future.
Thanks,
Ryan
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.9 - Release Date: 4/13/2005
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--- End Message ---
--- Begin Message ---
I'm trying to reverse plural forms to singular ones
and use the result for search [in database].
Is there any third party product to integrate with
PHP, or some reliable algorithm?
Thank you,
Eu.
--- End Message ---
--- Begin Message ---
But you can design the script to redirect to a page with a JavaScript to
open a file(PDF) by using the target="_new" and then it redirects to the
home page.
CJ
"Matthew Weier O'Phinney" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>* Martín Marqués <martin@bugs.unl.edu.ar>:
>> I'm having a bit of a problem understanding how the header() sends the
>> HTTP
>> headers.
>>
>> Here's what I want to do:
>>
>> 1) Send a PDF file which will be printed in the client (the client will
>> read
>> it and print it if he wants to.
>> 2) Redirect to the main page of the aplication.
>
> You can't do both; you can do one or the other. A Location header will
> always redirect, even if a content-type has been sent.
>
> --
> Matthew Weier O'Phinney | WEBSITES:
> Webmaster and IT Specialist | http://www.garden.org
> National Gardening Association | http://www.kidsgardening.com
> 802-863-5251 x156 | http://nationalgardenmonth.org
> mailto:[EMAIL PROTECTED] | http://vermontbotanical.org
--- End Message ---
--- Begin Message ---
Hello,
I have a variable that contains a filename, I want to be able to insert the
date and time just before for the ".jpg"
for example if my filename is 'pic.jpg' I want it to read 'pic_Monday 15th of
January 2003 05:51:38 AM.jpg (or if anyone else knowshow to write the time and
time all in numbers it would be appreciated as I'm using ate("l dS of F Y h:i:s
A") which obviously is a bit long.
Many thanks.
Kaan
--- End Message ---
--- Begin Message ---
From: PartyPosters [mailto:[EMAIL PROTECTED]
> Hello,
> I have a variable that contains a filename, I want to be able
> to insert the date and time just before for the ".jpg"
> for example if my filename is 'pic.jpg' I want it to read
> 'pic_Monday 15th of January 2003 05:51:38 AM.jpg (or if
> anyone else knowshow to write the time and time all in
> numbers it would be appreciated as I'm using ate("l dS of F Y
> h:i:s A") which obviously is a bit long.
First off, I'd probably use preg_replace(). Maybe something like:
$pattern = '/^(.*?)(\.jpg)$/';
$replacement = '\1' . date('l dS of F Y h:i:s A') . '\2';
$filename = preg_replace($pattern, $replacement, $filename);
I haven't tested that, but I think it should work.
As for the date format, if it doesn't need to be human-readable, might I
suggest date('U')? It's the number of seconds since the epoch; it's
easily convertable to human-readable format. If that doesn't fly,
perhaps MySQL's datetime format, which is a 14-digit int, achievable
with date('YmdHis'). I may be a holdover from DOS, but I shudder at
spaces in filenames. :)
HTH!
--
Mike Johnson Smarter Living, Inc.
Web Developer www.smartertravel.com
[EMAIL PROTECTED] (617) 886-5539
--- End Message ---
--- Begin Message ---
From: Mike Johnson [mailto:[EMAIL PROTECTED]
> From: PartyPosters [mailto:[EMAIL PROTECTED]
>
> > Hello,
> > I have a variable that contains a filename, I want to be able
> > to insert the date and time just before for the ".jpg"
> > for example if my filename is 'pic.jpg' I want it to read
> > 'pic_Monday 15th of January 2003 05:51:38 AM.jpg (or if
> > anyone else knowshow to write the time and time all in
> > numbers it would be appreciated as I'm using ate("l dS of F Y
> > h:i:s A") which obviously is a bit long.
>
> First off, I'd probably use preg_replace(). Maybe something like:
>
> $pattern = '/^(.*?)(\.jpg)$/';
> $replacement = '\1' . date('l dS of F Y h:i:s A') . '\2';
> $filename = preg_replace($pattern, $replacement, $filename);
>
> I haven't tested that, but I think it should work.
Actually, it occurs to me that strrpos() might be faster.
$filename = substr($filename, 0, strrpos('.jpg'))
. date('YmdHis')
. substr($filename, strrpos('.jpg'), strlen($filename));
Might need to tweak it, but that should work.
--
Mike Johnson Smarter Living, Inc.
Web Developer www.smartertravel.com
[EMAIL PROTECTED] (617) 886-5539
--- End Message ---
--- Begin Message ---
On 15 Apr 2005 Tom Rogers wrote:
> BD> a. Must contain an 1 uppercase letter. [A-Z]
> BD> b. Must contain 1 digit. [0-9]
> BD> c. Must be a minimum of 7 characters in length. {7}
>
> BD> I'm not sure of how to build the correct syntax for using all 3
> BD> requirements together.
> easier done seperately I think
> if(
> strlen($text) > 6 &&
> preg_match('/\d+/',$text) &&
> preg_match('/[A-Z]+/',$text)
> ) { echo 'OK <br>';
To do it in one fell swoop you need to use lookahead assertions --
something like this:
if (preg_match('/(?=.*[A-Z])(?=.*[0-9]).{7,}/', $text))
echo 'Valid!';
I believe this matches for any string that has at least one uppercase
letter and one digit and is at least 7 characters long. However it
allows other characters as well (not just A-Z and 0-9). Lots of
possible variations there.
--
Tom
--- End Message ---
--- Begin Message ---
Hi:
I'm try to change de value for the PHP config var upload_tmp_dir with objetive
to make an file upload an access more easy to superglobal array
$_FILES['fichero']['tmp_name']. Into my php file just in the start I have this:
ini_set("upload_tmp_dir","C:\\PHP5\\tmp\\");
The directory exists because I made it's after. What's wrong?
Reynier Pérez Mira
3ero. Ing. Informática
Entre más inteligente me siento, más me doy cuenta de lo ignorante que soy.
--- End Message ---
--- Begin Message ---
Reynier Perez Mira wrote:
Hi:
I'm try to change de value for the PHP config var upload_tmp_dir with objetive
to make an file upload an access more easy to superglobal array
$_FILES['fichero']['tmp_name']. Into my php file just in the start I have this:
ini_set("upload_tmp_dir","C:\\PHP5\\tmp\\");
The directory exists because I made it's after. What's wrong?
http://docs.php.net/en/ini.html
upload_tmp_dir is PHP_INI_SYSTEM - Entry can be set in php.ini or httpd.conf
It's logical, by the time your script is executed the file is already
uploaded.
--- End Message ---
--- Begin Message ---
On Friday 15 April 2005 02:11, Reynier Perez Mira wrote:
> I'm try to change de value for the PHP config var upload_tmp_dir with
> objetive to make an file upload an access more easy to superglobal
> array $_FILES['fichero']['tmp_name']. Into my php file just in the
> start I have this:
>
> ini_set("upload_tmp_dir","C:\\PHP5\\tmp\\");
You can't do that. That has to be set in php.ini.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts
--- End Message ---
--- Begin Message ---
I have a case where video files (mov, flv, etc) have
been stored in a MySQL database as blobs.
I'm loading them into a flash video player and
everything works fine except it takes longer it seems
and it doesn't allow streaming the actual video.
If I load the same videos with a direct link to the
http:// file system (/videos/file.flv) it loads in
super-fast and allows streaming.
I'm guessing mysql and/or php doesn't actually release
the BLOB until it's loaded it completely.
So, is there a way to actually have PHP read the BLOB
and stream it as it's loading? Is there an fstream()
option like the fread()?
Wishful thinking?
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
--- End Message ---
--- Begin Message ---
[EMAIL PROTECTED] wrote:
I have created (adapted) the follow function:
function imageresize($new_width, $new_height, $filename) {
// Content type
header('Content-type: image/jpeg');
// Get new dimensions
list($width, $height) = getimagesize($filename);
// Resample
$image_p = imagecreatetruecolor($new_width, $new_height);
$image = imagecreatefromjpeg($filename);
imagecopyresampled($image_p, $image, 0, 0, 0, 0, $new_width,
$new_height, $width, $height);
// Output
imagejpeg($image_p, null, 100);
}
The idea is it takes a image and resizes it at server end so that you
dont have to download a massive image. And it works.
That is as long as that function is the only think you doing.
For example if I have a page with the following in it:
<?php
require_once('../includes/functions.php');
imageresize('100', '75', 'pages/1.jpg');
?>
I get my image resized. (functions.php is where all my fuctions are
stored) However if I place anything after the imageresize it doesnt
show that. Eg echo"hello'; does nothing. If anything goes before it the
whole page doesnt work.
Any ideas why this is happening and how I can work around it?
You can display either image or html, not both. You must do:
<img src="thumb.php">
thumb.php contains the code to output the thumbnail
--- End Message ---
--- Begin Message ---
On Apr 14, 2005, at 21:37, Marek Kilimajer wrote:
[EMAIL PROTECTED] wrote:
I have created (adapted) the follow function:
function imageresize($new_width, $new_height, $filename) {
// Content type
header('Content-type: image/jpeg');
// Get new dimensions
list($width, $height) = getimagesize($filename);
// Resample
$image_p = imagecreatetruecolor($new_width, $new_height);
$image = imagecreatefromjpeg($filename);
imagecopyresampled($image_p, $image, 0, 0, 0, 0, $new_width,
$new_height, $width, $height);
// Output
imagejpeg($image_p, null, 100);
}
The idea is it takes a image and resizes it at server end so that you
dont have to download a massive image. And it works.
That is as long as that function is the only think you doing.
For example if I have a page with the following in it:
<?php
require_once('../includes/functions.php');
imageresize('100', '75', 'pages/1.jpg');
?>
I get my image resized. (functions.php is where all my fuctions are
stored) However if I place anything after the imageresize it doesnt
show that. Eg echo"hello'; does nothing. If anything goes before it
the whole page doesnt work.
Any ideas why this is happening and how I can work around it?
You can display either image or html, not both. You must do:
<img src="thumb.php">
thumb.php contains the code to output the thumbnail
Thanks a lot That worked a treat
------------------------------------------------------------------------
---------------------
check out my blog to find out what im up to:
http://www.zaphodmcmillan.com/
And my new email is [EMAIL PROTECTED]
--- End Message ---
--- Begin Message ---
On 13 Apr 2005 Richard Lynch wrote:
> I have what I consider a MINIMUM standard level of security for any site
> that asks for a password.
>
> That would include:
> Not storing the password *ANYWHERE* in clear-text.
> Not in database.
> Not in $_SESSION
> Not in COOKIES
Agreed. I see less risk for temporary storage in $_SESSION in the case
where the server is well-protected logically and physically, but it's
so easy to encrypt (if session storage is needed at all) that there's
no reason not to.
> Not storing an encrypted username/password in $_SESSION/COOKIE if having
> those values provides access. Because at that point, the encryption is
> rather meaningless, as it's really a clear-text 32-character code that
> happens to be the encrypted value of something secret, but the clear-text
> 32-character code gives the Bad Guy access, whether they know the secret
> or not.
>
> If your content/application/data is important enough to warrant a
> username/password, then it should be important enough to secure with this
> minimal level of security, IN MY OPINION.
Here I think we disagree as by this logic no one should store anything
in a cookie that provides access (beyond a short temporary timeframe).
There are many kinds of sites where users want some privacy or control
over their own account but also want the convenience of staying logged
in, and where there is little or nothing any Bad Guy skilled enough to
go steal the cookie would bother with. For example, many discussion
board logins fit this description. I personally use a different
password for each one I'm on (it's not very many), and far prefer the
convenience of not having to go look it up every time over the
"security" of having it expire, particularly since the very worst
someone can do if they gain access is post as if they were me.
The analogy is that the Bad Guys who know how to break into bank vaults
just don't care about my (hypothetical) shed full of garden tools, and
if they do test their skills there, the garden tools aren't that
valuable anyway. And if in order to prevent this highly unlikely theft
I have to remember my key every time I go out to do some work, that's a
poor tradeoff to me.
What we're arguing about is whether the garden shed [web site] should
be designed so that I *have* to use a key (i.e. require a specific
level of security) or whether I as the user can choose. For anything
involving money or significant personal data, or other similar risks,
yes, to me the login security should be forced. But for less important
assets there are real benefits to security practices that give the user
more control.
Some of this is simply a question of whether there is a category of
stuff that is important enough to protect with a password but that
doesn't require more careful security, login expiration after a short
time and other protection mechanisms. I think that category exists,
sounds like you are saying you think it does not.
> If users forget passwords, they should get new random passwords, with the
> application/email directing them to change those passwords to memorable
> (to them) but hopefully un-guessable (to Bad Guys) values.
Agreed. My clients don't always agree but I think this is correct.
> I would contend that anything less is simply a false sense of security,
> provided to the un-informed, by using inherently insecure
> username/password methodolgy.
>
> The fact that 10 zillion sites are currently doing exactly that does not
> make it "right".
>
> You obviously disagree, and think everything is just hunky-dory in the 10
> zillion sites that are leaking passwords to any Bad Guy with half a clue.
Well I hope that was a bit tongue in cheek. I didn't say that nor do I
think that. There's a lot of bad security out there. That doesn't
make someone like me who disagrees with a particular set of security
principles into someone who thinks all bad security is fine.
--
Tom
--- End Message ---
--- Begin Message ---
On 14 Apr 2005 Chris Shiflett wrote:
> When a user enters a credit card number, there may likely be a
> verification step before the actual purchase is made. It's better to
> keep this number on the server (in the session data store) than to
> unnecessarily expose it over the Internet again (SSL mitigates the risk,
> but an unnecessary risk is still worth avoiding).
>
> Being mindful of this, it's also helpful to not even display it to the
> user, instead showing only the last four digits or something, because
> this display also counts as exposure (since it's in the response).
There is one case where redisplaying the number (via https) makes sense
to me -- when it fails a verification check. The obvious example is a
simple check-digit error due to a typing error on the user's part. In
this case the option is either expecting the user to retype the entire
number every time they make a mistake, or accepting the -- to me
minimal -- risk in sending it back for editing when redisplaying the
form and error message. But doing that does require putting the CC #
in some form into session storage (or some kind of storage) in the case
where the processing / validation and display scripts are separate and
the processing script needs to pass posted data back for redisplay.
Re last four digits, I have notice that many sites seem to be going to
showing the last five or six, first four plus last four, etc.
Apparently people are finding that last four alone isn't sufficient for
users to recognize the card.
--
Tom
--- End Message ---
--- Begin Message ---
Hey all,
trying to dynamically size cell widths; what I need is a formula to measure
pixels per character for an arbitrary font (in this case 10pt verdana). A
simple function f(x) = strlen(x) * SOMECONSTANT just doesn't seem to cut it,
as returned widths are to small are long. Any ideas?
Christian
--- End Message ---
--- Begin Message ---
Christian Calloway <mailto:[EMAIL PROTECTED]>
on Thursday, April 14, 2005 1:59 PM said:
> trying to dynamically size cell widths; what I need is a formula to
> measure pixels per character for an arbitrary font (in this case 10pt
> verdana). A simple function f(x) = strlen(x) * SOMECONSTANT just
> doesn't seem to cut it, as returned widths are to small are long. Any
> ideas?
That's like killing a mouse with an atomic bomb. Why not just do
"white-space: nowrap;" or <td nowrap="nowrap"> or set a percentage based
width?
What are you doing that requires determining the column width based on
pixels?
Chris.
--- End Message ---
--- Begin Message ---
On 4/14/05, Christian Calloway <[EMAIL PROTECTED]> wrote:
> trying to dynamically size cell widths; what I need is a formula to measure
> pixels per character for an arbitrary font (in this case 10pt verdana). A
> simple function f(x) = strlen(x) * SOMECONSTANT just doesn't seem to cut it,
> as returned widths are to small are long. Any ideas?
Google for 'font width calculator'. I've seen a few of them over the
years, mostly Flash or Java based.
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--- End Message ---
--- Begin Message ---
We have to kinds of fonts,
One the fonts that size of all thier characters are equal such as
Courier, but in the other fonts etc. (Verdana) all of characters haven't
an equal width
--- End Message ---
--- Begin Message ---
Does anyone have suggestions/ideas about best practices for writing
set/get methods in PHP5? There are two basic ways I've seen this done,
which I've provided examples of below. Method #2 is obviously the easier
way, but that doesn't mean it may be the best way.
I'm curious to read people's responses.
Thanks,
Tim
#1: set/get method for each member attribute
example:
private $foo;
private $bar;
public getFoo()
{
return $this->foo;
}
public setFoo($val)
{
$this->foo = $val;
}
public getBar()
{
return $this->bar;
}
public setBar($val)
{
$this->bar = $val;
}
#2: generalized set/get methods
example:
private $foo;
private $bar;
public getVar($var)
{
return $this->$var;
}
public setVar($var, $val)
{
set $this->$var = $val;
}
--- End Message ---
--- Begin Message ---
On 4/14/05, Tim Boring <[EMAIL PROTECTED]> wrote:
> Does anyone have suggestions/ideas about best practices for writing
> set/get methods in PHP5? There are two basic ways I've seen this done,
> which I've provided examples of below. Method #2 is obviously the easier
> way, but that doesn't mean it may be the best way.
>
> I'm curious to read people's responses.
I would start off with a simple base class like this:
abstract class Base
{
public function __construct()
{
}
public function __destruct()
{
}
public function __toString()
{
return '<pre>' . print_r( $this, TRUE ) . '</pre>';
}
public function __get( $key )
{
return isset( $this->$key )
? $this->$key
: NULL;
}
public function __set( $key, $value )
{
$this->$key = $value;
}
}
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--- End Message ---
--- Begin Message ---
Tim Boring wrote:
Does anyone have suggestions/ideas about best practices for writing
set/get methods in PHP5? There are two basic ways I've seen this done,
which I've provided examples of below. Method #2 is obviously the easier
way, but that doesn't mean it may be the best way.
I'm curious to read people's responses.
Thanks,
Tim
#1: set/get method for each member attribute
example:
private $foo;
private $bar;
public getFoo()
{
return $this->foo;
}
public setFoo($val)
{
$this->foo = $val;
}
public getBar()
{
return $this->bar;
}
public setBar($val)
{
$this->bar = $val;
}
#2: generalized set/get methods
example:
private $foo;
private $bar;
public getVar($var)
{
return $this->$var;
}
public setVar($var, $val)
{
set $this->$var = $val;
}
Why not use __set()?
http://www.php.net/manual/en/language.oop5.overloading.php
-Rasmus
--- End Message ---
--- Begin Message ---
Hi there!
I have built my site into frames.
I want to transfer a session-variable from my left frame to my right
frame... How do I do this best? Thoughts?
/G
@varupiraten.se
--- End Message ---
--- Begin Message ---
Gustav Wiberg <mailto:[EMAIL PROTECTED]>
on Thursday, April 14, 2005 4:00 PM said:
> I have built my site into frames.
>
> I want to transfer a session-variable from my left frame to my right
> frame... How do I do this best? Thoughts?
You do this best by setting some session data on one page (any page),
and then accessing that same data on another page (any page). If both
frame sources are within the same domain they both have access to the
same session data.
Chris.
--- End Message ---
