php-general Digest 17 Feb 2012 04:40:57 -0000 Issue 7692 Topics (messages 316617 through 316646):
Re: Form Post to different domain 316617 by: Daniel Brown 316619 by: Matijn Woudt 316620 by: Daniel Brown 316621 by: Matijn Woudt Bug with DOMNode::insertBefore in 5.x? 316618 by: Christoph Boget Connect to Google 316622 by: John Taylor-Johnston 316623 by: Marc Guay 316624 by: Ashley Sheridan 316625 by: Marc Guay 316626 by: John Taylor-Johnston 316627 by: John Taylor-Johnston 316628 by: Ashley Sheridan 316629 by: Ashley Sheridan 316630 by: Matijn Woudt 316631 by: Marc Guay 316632 by: Marc Guay 316640 by: Maciek Sokolewicz 316642 by: Matijn Woudt Turning a string into a condition 316633 by: Marc Guay 316634 by: Joshua Kehn 316635 by: Marc Guay 316636 by: Ashley Sheridan 316637 by: Marc Guay 316638 by: Matijn Woudt 316639 by: Marc Guay 316641 by: Kevin Kinsey 316643 by: Matijn Woudt 316644 by: Marco Behnke Re: pathinfo or other 316645 by: Donovan Brooke basic captcha 316646 by: Donovan Brooke Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net ----------------------------------------------------------------------
--- Begin Message ---On Thu, Feb 16, 2012 at 09:53, Tedd Sperling <tedd.sperl...@gmail.com> wrote: > > Why the '.PHP_EOL' ? > > I've never seen that before and looking through the PHP documentation doesn't > give me much. Cross-compatibility. For systems which use \n, PHP_EOL will be \n. For systems which use \r\n, PHP_EOL will be \r\n. And, for oddball or legacy systems which still use \r.... you get the point. This means you can rest assured that the newlines will be appropriate for the system on which PHP is running. While it makes little difference on the web, it makes a world of difference at the CLI and when writing to plain-text files (including CSV). I've been using it out of the force of habit for about seven years or so, and exclusively (with the exception of email headers and other warranted cases) for the last four. There are a lot of other very useful and yet very underused constants. You can find the info on them here: http://php.net/reserved.constants -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 4:09 PM, Daniel Brown <danbr...@php.net> wrote: > On Thu, Feb 16, 2012 at 09:53, Tedd Sperling <tedd.sperl...@gmail.com> wrote: > > This means you can rest assured that the newlines will be > appropriate for the system on which PHP is running. While it makes > little difference on the web, it makes a world of difference at the > CLI and when writing to plain-text files (including CSV). I've been > using it out of the force of habit for about seven years or so, and > exclusively (with the exception of email headers and other warranted > cases) for the last four. > What if the system PHP is running on not the same one as the one that is going to read the plain-text/CSV/.. files? I don't think it is good practice to use it when writing to files. I often write files on a Linux server that people are going to read on a Windows PC. Apart from that, most software written in the last 5-10 years will happily read files with either \n or \r\n line endings. I'm not really sure about Win XP for example, but if it would have a problem with the Linux \n endings, it might even be better to *always* use \r\n line endings (except where standards require it), as I haven't seen a single Linux application since I started using it (about 9 years ago) that was not able to read a file with \r\n based line endings. Even better, go Unicode. Unicode specifies that there are 8 ways to make a new line, and they should all be accepted. However, the pretty uncommon NEL, LS and PS are not supported in many applications. (though CR, LF and CRLF are). - Matijn
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 10:57, Matijn Woudt <tijn...@gmail.com> wrote: > > What if the system PHP is running on not the same one as the one that > is going to read the plain-text/CSV/.. files? I don't think it is good > practice to use it when writing to files. I often write files on a > Linux server that people are going to read on a Windows PC. Then what is the difference between PHP_EOL and forcing \n? It's still going to use POSIX-style EOLs, but now you've taken away the benefit of the compatibility. > Apart from that, most software written in the last 5-10 years will > happily read files with either \n or \r\n line endings. I'm not really > sure about Win XP for example, but if it would have a problem with the > Linux \n endings, it might even be better to *always* use \r\n line > endings (except where standards require it), as I haven't seen a > single Linux application since I started using it (about 9 years ago) > that was not able to read a file with \r\n based line endings. You may want to check again. Ever see ^M at the end of your lines? Or, in vim, notice how it says it's a DOS file? > Even better, go Unicode. Unicode specifies that there are 8 ways to > make a new line, and they should all be accepted. However, the pretty > uncommon NEL, LS and PS are not supported in many applications. > (though CR, LF and CRLF are). Nothing you've suggested is necessarily bad, but more to the point, it doesn't come close to invalidating the benefit of PHP_EOL. -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 5:02 PM, Daniel Brown <danbr...@php.net> wrote: > On Thu, Feb 16, 2012 at 10:57, Matijn Woudt <tijn...@gmail.com> wrote: >> >> What if the system PHP is running on not the same one as the one that >> is going to read the plain-text/CSV/.. files? I don't think it is good >> practice to use it when writing to files. I often write files on a >> Linux server that people are going to read on a Windows PC. > > Then what is the difference between PHP_EOL and forcing \n? It's > still going to use POSIX-style EOLs, but now you've taken away the > benefit of the compatibility. I'm not saying you should force \n then, but you might want to decide what to force depending on who will be using it, so in case a windows user is going to read it, then you set \r\n, otherwise you select \n.You could even try to detect that based on a browser identification string. > >> Apart from that, most software written in the last 5-10 years will >> happily read files with either \n or \r\n line endings. I'm not really >> sure about Win XP for example, but if it would have a problem with the >> Linux \n endings, it might even be better to *always* use \r\n line >> endings (except where standards require it), as I haven't seen a >> single Linux application since I started using it (about 9 years ago) >> that was not able to read a file with \r\n based line endings. > > You may want to check again. Ever see ^M at the end of your > lines? Or, in vim, notice how it says it's a DOS file? I have seen them, but only in files which had mixed line endings, which should of course never be used. Vim does indeed notice it's a 'dos' file, but it's merely detecting that the file has \r\n line endings and that it should add those too. I don't consider that bad. > >> Even better, go Unicode. Unicode specifies that there are 8 ways to >> make a new line, and they should all be accepted. However, the pretty >> uncommon NEL, LS and PS are not supported in many applications. >> (though CR, LF and CRLF are). > > Nothing you've suggested is necessarily bad, but more to the > point, it doesn't come close to invalidating the benefit of PHP_EOL. I'm not saying using PHP_EOL is bad, but I disagree with using it always as a habit. If line endings matter, then you need to make decisions based on that, and don't depend on it being automatically OK if PHP_EOL is used. - Matijn
--- End Message ---
--- Begin Message ---I'm having problems using DOMNode::insertBefore(). In both php 5.3.8 and 5.2.7, an exception is thrown when I'm trying to copy (and import) a node from one document in to another and inserting it in front of an existing node thusly : <?php $a = '<rootnodea><foo>foo content</foo></rootnodea>'; $b = '<rootnodeb><bar>bar content</bar></rootnodeb>'; $DOMDocumentA = new DOMDocument(); $DOMDocumentA->loadXML($a); $DOMDocumentB = new DOMDocument(); $DOMDocumentB->loadXML($b); $foo = $DOMDocumentA->getElementsByTagName('foo')->item(0); $bar = $DOMDocumentB->getElementsByTagName('bar')->item(0); $importedFoo = $DOMDocumentB->importNode($foo); $DOMDocumentB->insertBefore($importedFoo, $bar); echo $DOMDocumentA->saveXML(); echo "\n\n=========================\n\n"; echo $DOMDocumentB->saveXML(); /* Output for PHP 5.3.8 Fatal error: Uncaught exception 'DOMException' with message 'Not Found Error' in /Users/current_user/Desktop/domInsertBeforeTest.php:16 Stack trace: #0 /Users/jim/Desktop/domInsertBeforeTest.php(16): DOMNode->insertBefore(Object(DOMElement), Object(DOMElement)) #1 {main} thrown in /Users/current_user/Desktop/domInsertBeforeTest.php on line 16 */ ?> Taking the second domdocument out of the equation and doing it this way so that we are working with nodes within the same document : <?php $a = '<rootnodea><foo>foo content</foo></rootnodea>'; $b = '<rootnodeb><bar>bar content</bar><baz>baz content</baz></rootnodeb>'; $DOMDocumentA = new DOMDocument(); $DOMDocumentA->loadXML($a); $DOMDocumentB = new DOMDocument(); $DOMDocumentB->loadXML($b); $bar = $DOMDocumentB->getElementsByTagName('bar')->item(0); $baz = $DOMDocumentB->getElementsByTagName('baz')->item(0); // $importedFoo = $DOMDocumentB->importNode($foo); $DOMDocumentB->insertBefore($baz, $bar); echo $DOMDocumentA->saveXML(); echo "\n\n=========================\n\n"; echo $DOMDocumentB->saveXML(); /* Output for PHP 5.3.8 Fatal error: Uncaught exception 'DOMException' with message 'Not Found Error' in /Users/current_user/Desktop/domInsertBeforeTest.php:16 Stack trace: #0 /Users/jim/Desktop/domInsertBeforeTest.php(16): DOMNode->insertBefore(Object(DOMElement), Object(DOMElement)) #1 {main} thrown in /Users/current_user/Desktop/domInsertBeforeTest.php on line 16 */ ?> Throws the same exception. Is there a problem with DOMNode::insertBefore() in php5? thnx, Christoph
--- End Message ---
--- Begin Message --- I'm a teacher. I want to use PHP to interface with Google and see if a student has plagiarized.I don't see many open-source projects on the subject, so I want to create my own script.How can I use PHP to interface with Google and see if this text exists on the internet?If this is possible, I need some ideas on how to parse the text and input it into Google.Then I might like to get a percentage idea of how this text compares to a site that Google has indexed.$SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus."John
--- End Message ---
--- Begin Message ---> I'm a teacher. I want to use PHP to interface with Google and see if a > student has plagiarized. Hi. Why not just enter the suspected text into a search engine and see if any close matches come up? If you use the advanced search tools you can choose "verbatim" and see if the exact phrase matches. If that's not good enough, can you explain how you would like it to function? Would the whole paper be scanned phrase-by-phrase for matches and then spit out a report? Marc
--- End Message ---
--- Begin Message ---On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote: > I'm a teacher. I want to use PHP to interface with Google and see if a > student has plagiarized. > > I don't see many open-source projects on the subject, so I want to > create my own script. > > How can I use PHP to interface with Google and see if this text exists > on the internet? > > If this is possible, I need some ideas on how to parse the text and > input it into Google. > > Then I might like to get a percentage idea of how this text compares to > a site that Google has indexed. > > > $SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit. > Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc > iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet > at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis > luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget > metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla > nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo > vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus." > > John > > Wow, that's a pretty big project you're chewing there. A quick search shows that there are some project out there to detect plagiarism, but I think for university calibre there's a hefty sum of money required. To get a rough idea, you could break a text into sentences, and then query each one of those to see if it occurs just like that. You can use cURL to grab search results pages for this sort of thing, no need for a special interface. There are a few things to bear in mind though: * Googles terms and conditions may prohibit using their search engine like this, or may impose a limit on how much you can do this * Some sentences will be intentionally copied, as quotes. Maybe some sort of check against the source to see if it's in a quote context. * What if only part of a sentence is copied? Maybe after you've searched for exact matches from the sentences in the source, you could remove them from the source, then re-check every sentence against Googles fuzzy search. It may produce many false positives though. There are plenty of other factors too, such as students copying from books which don't exist in a search engines archives, some subjects may unintentionally result in the same way of wording, particularly technical subjects which tend to be removed from more creative and flowery descriptive tendencies. -- Thanks, Ash http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---> If you use the advanced search > tools you can choose "verbatim" and see if the exact phrase matches. Just correcting myself here, the way to do this is by simply wrapping the words in quotes "like this, hey now". The verbatim tool is something else. Marc
--- End Message ---
--- Begin Message ---Can I use PHP to interface with Google? Any possible examples of this? Let's start with the first step. :) I'm sure proprietary sites like http://www.compilatio.net/ for example connects to search engines. They cannot be crawling the net too. That would be crazy. (I'm a top quoter. It's more intuitive.) Thanks Ash. John Ashley Sheridan wrote:On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote:How can I use PHP to interface with Google and see if this text exists on the internet?Wow, that's a pretty big project you're chewing there. A quick search shows that there are some project out there to detect plagiarism, but I think for university calibre there's a hefty sum of money required.
--- End Message ---
--- Begin Message ---I'm a top quoter. I would parse the text first. Phrase by phrase, or phrase segments. Then spit out a report. Marc Guay wrote:If that's not good enough, can you explain how you would like it to function? Would the whole paper be scanned phrase-by-phrase for matches and then spit out a report?
--- End Message ---
--- Begin Message ---On Thu, 2012-02-16 at 14:47 -0500, John Taylor-Johnston wrote: > Can I use PHP to interface with Google? Any possible examples of this? > > Let's start with the first step. :) > > I'm sure proprietary sites like http://www.compilatio.net/ for example > connects to search engines. They cannot be crawling the net too. That would > be crazy. > > (I'm a top quoter. It's more intuitive.) > > Thanks Ash. > > John > > > > Ashley Sheridan wrote: > > On Wed, 2012-02-15 at 21:56 -0500, John Taylor-Johnston wrote: > >> How can I use PHP to interface with Google and see if this text exists > >> on the internet? > >> > > > > Wow, that's a pretty big project you're chewing there. A quick search > > shows that there are some project out there to detect plagiarism, but > > I think for university calibre there's a hefty sum of money required. > > It might seem more intuitive to you, but it really, really screws up the archives. Like I said before, cURL is the way to "interface" with Google. Basically, cURL can be used to request resources, in this case a web page, from the web. You can call a URL and parse the page of results to determine whatever you need to. As you've not really hashed out any firm ides of what exactly you want, it's a little difficult to say exactly what you need to do. -- Thanks, Ash http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---On Thu, 2012-02-16 at 14:50 -0500, John Taylor-Johnston wrote: > I'm a top quoter. > I would parse the text first. Phrase by phrase, or phrase segments. > Then spit out a report. > > Marc Guay wrote: > > If that's not good enough, can you explain how you would like it to > > function? Would the whole paper be scanned phrase-by-phrase for > > matches and then spit out a report? > You might be a top quoter but, please, to get the best from this list and not annoy people post at the bottom. The list gets archived online at many places, and it's annoying to read things in this order: reply 4 >>reply 2 >>>>question >>>reply 1 >reply 3 Almost every email client I know of allows bottom posting. This is just one of the rules of this list, please don't be offended, but do try to keep to the rules, it keeps everyone happy, and happy people are helpful people! -- Thanks, Ash http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---2012/2/16 John Taylor-Johnston <jt.johns...@usherbrooke.ca>: > Can I use PHP to interface with Google? Any possible examples of this? There's Google Custom Search API: http://code.google.com/intl/nl-NL/apis/customsearch/v1/overview.html It interfaces in JSON, and PHP has json functions included since PHP 5.2. [1]. It's free up to 100 queries a day, after that you have to pay $5 per 1000 queries. - Matijn [1] www.php.net/json
--- End Message ---
--- Begin Message ---This is the first time I've been surprised that a Drupal module existed for something... http://drupal.org/project/authenticate
--- End Message ---
--- Begin Message ---Sort of off topic but here's a list of existing services (some of which are free) in case you don't want to reinvent the wheel. http://www.justfitstudio.com/articles/plagiarism-detection.html
--- End Message ---
--- Begin Message ---On 16-02-2012 03:56, John Taylor-Johnston wrote:Hi, why don't you use one of existing tools for this? Our university (and most universities, and apparently also schools, in the Netherlands) use(s) ephorus (www.ephorus.com). As a tool it works quite well and does exactly what you asked for.I'm a teacher. I want to use PHP to interface with Google and see if a student has plagiarized. I don't see many open-source projects on the subject, so I want to create my own script. How can I use PHP to interface with Google and see if this text exists on the internet? If this is possible, I need some ideas on how to parse the text and input it into Google. Then I might like to get a percentage idea of how this text compares to a site that Google has indexed. $SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus." JohnI'm not sure about the costs though, though they claim them to be very low.The site seems to be experiencing difficulties right now, hopefuly it'll be up soon again.- Tul
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 10:56 PM, Maciek Sokolewicz <maciek.sokolew...@gmail.com> wrote: > On 16-02-2012 03:56, John Taylor-Johnston wrote: >> >> I'm a teacher. I want to use PHP to interface with Google and see if a >> student has plagiarized. >> >> I don't see many open-source projects on the subject, so I want to >> create my own script. >> >> How can I use PHP to interface with Google and see if this text exists >> on the internet? >> >> If this is possible, I need some ideas on how to parse the text and >> input it into Google. >> >> Then I might like to get a percentage idea of how this text compares to >> a site that Google has indexed. >> >> >> $SampleText = "Lorem ipsum dolor sit amet, test link adipiscing elit. >> Nullam dignissim convallis est. Quisque aliquam. Donec faucibus. Nunc >> iaculis suscipit dui. Nam sit amet sem. Aliquam libero nisi, imperdiet >> at, tincidunt nec, gravida vehicula, nisl. Praesent mattis, massa quis >> luctus fermentum, turpis mi volutpat justo, eu volutpat enim diam eget >> metus. Maecenas ornare tortor. Donec sed tellus eget sapien fringilla >> nonummy. Mauris a ante. Suspendisse quam sem, consequat at, commodo >> vitae, feugiat in, nunc. Morbi imperdiet augue quis tellus." >> >> John >> > Hi, why don't you use one of existing tools for this? Our university (and > most universities, and apparently also schools, in the Netherlands) use(s) > ephorus (www.ephorus.com). As a tool it works quite well and does exactly > what you asked for. > > I'm not sure about the costs though, though they claim them to be very low. > > The site seems to be experiencing difficulties right now, hopefuly it'll be > up soon again. > > - Tul It seems they are not very reliable as their site is down now.. ;)
--- End Message ---
--- Begin Message ---Hi folks, I've constructed simple conditions based on DB data and would like to actually evaluate them with PHP. For example, the coded string "$x < $y" has been str_replaced into "4 < 5", but now I would actually like to use that string in an if() statement. I tried eval() but got an unhelpful error, any thoughts would be welcome. Marc
--- End Message ---
--- Begin Message ---Can you explain a more clearly what it is you're trying to accomplish? It sounds like you have a string "$x < $y" in the database that you then replace into a string "4 < 5" which you want to test a conditional on. If this is the case, why are you storing conditionals in the database? Regards, –Josh ____________________________________ Joshua Kehn | @joshkehn http://joshuakehn.com On Feb 16, 2012, at 3:31 PM, Marc Guay wrote: > Hi folks, > > I've constructed simple conditions based on DB data and would like to > actually evaluate them with PHP. For example, the coded string "$x < > $y" has been str_replaced into "4 < 5", but now I would actually like > to use that string in an if() statement. I tried eval() but got an > unhelpful error, any thoughts would be welcome. > > Marc > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
--- End Message ---
--- Begin Message ---> It sounds like you have a string "$x < $y" in the database that you then > replace into a string "4 < 5" which you want to test a conditional on. If > this is the case, why are you storing conditionals in the database? The user will be able to construct their own query strings, it's complicated but necessary. The issue I'm dealing with, though, is this: $condition = "4 < 5"; if ($condition){ //do stuff }
--- End Message ---
--- Begin Message ---On Thu, 2012-02-16 at 15:38 -0500, Marc Guay wrote: > > It sounds like you have a string "$x < $y" in the database that you then > > replace into a string "4 < 5" which you want to test a conditional on. If > > this is the case, why are you storing conditionals in the database? > > The user will be able to construct their own query strings, it's > complicated but necessary. The issue I'm dealing with, though, is > this: > > $condition = "4 < 5"; > if ($condition){ > //do stuff > } > You were on the right lines with the eval: $condition = "return 4 < 5;"; if (eval($condition)) { //do stuff } I just added the return statement and the semicolon, because the error was complaining about it not being a proper PHP statement basically. -- Thanks, Ash http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---> I just added the return statement and the semicolon, because the error was > complaining about it not being a proper PHP statement basically. That's beautiful, thanks. I just stumbled across a forum post that said it wasn't possible and was about to give up for the day. Marc
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 9:49 PM, Marc Guay <marc.g...@gmail.com> wrote: >> I just added the return statement and the semicolon, because the error was >> complaining about it not being a proper PHP statement basically. > > That's beautiful, thanks. I just stumbled across a forum post that > said it wasn't possible and was about to give up for the day. > > Marc While it works, I'm a bit worried about how you're going to use this. If the data is from user input, then this is really dangerous (that's why there is a big fat warning on the eval man page). You can easily execute nasty commands with eval. If it is user input, then it would be much safer to do the parsing yourself. It shouldn't be that hard to parse this type of expressions. - Matijn - Matijn
--- End Message ---
--- Begin Message ---> It shouldn't be that hard to parse this type of expressions. I appreciate your concern, and will do my best to validate the input, but there are two things: 1) The application will only be used by selected users. and 2) The range of possibilities are broader than I indicated. They would like to be able to enter conditions of all sorts. i.e. ($x / $y) > 0.5 (($a+$b+$c) / $d) < .75 etc. If you have any suggestions on how to increase the security while maintaning the flexibility, I'd be happy to hear it. Marc
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 04:37:18PM -0500, Marc Guay wrote: > > It shouldn't be that hard to parse this type of expressions. > > I appreciate your concern, and will do my best to validate the input, > but there are two things: > > 1) The application will only be used by selected users. > and > 2) The range of possibilities are broader than I indicated. They > would like to be able to enter conditions of all sorts. i.e. > > ($x / $y) > 0.5 > (($a+$b+$c) / $d) < .75 > > etc. > > If you have any suggestions on how to increase the security while > maintaning the flexibility, I'd be happy to hear it. > > Marc You might try making a list of "dirty words" (in this case, not the 4-letter type, but things you wouldn't want the user to be able to do (mail() calls, filesystem type calls, etc.). Another possibility might be to explode the contents of the expression and run a call to function_exists() on it ... but that might be a tad too broad as well. HTH, Kevin Kinsey
--- End Message ---
--- Begin Message ---On Thu, Feb 16, 2012 at 10:37 PM, Marc Guay <marc.g...@gmail.com> wrote: >> It shouldn't be that hard to parse this type of expressions. > > I appreciate your concern, and will do my best to validate the input, > but there are two things: > > 1) The application will only be used by selected users. > and Even selected users can not be trusted, or it could be 'by accident', though that seems unlikely. > 2) The range of possibilities are broader than I indicated. They > would like to be able to enter conditions of all sorts. i.e. > > ($x / $y) > 0.5 > (($a+$b+$c) / $d) < .75 > > etc. > > If you have any suggestions on how to increase the security while > maintaning the flexibility, I'd be happy to hear it. > > Marc A simple recursive PHP parser would work. You can find an example here[1], though it handles probably more than you would like. - Matijn [1] http://aragon-online.net/forums/showthread.php?t=530
--- End Message ---
--- Begin Message ---Am 16.02.12 22:37, schrieb Marc Guay: > 2) The range of possibilities are broader than I indicated. They would > like to be able to enter conditions of all sorts. i.e. ($x / $y) > 0.5 > (($a+$b+$c) / $d) < .75 etc. If you have any suggestions on how to > increase the security while maintaning the flexibility, I'd be happy > to hear it. Marc Is math all you want to use? Parsing will be an easy doing and I am pretty sure there are a lot of examples around the web. E.g.: http://www.phpclasses.org/package/2695-PHP-Safely-evaluate-mathematical-expressions.html -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.bizsignature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Elbert F wrote:SCRIPT_NAME is a server side path, try REQUEST_URI. This includes the query string but it's easy to remove. Elbert http://swiftlet.orgHi, I thought I should say that server side SCRIPT_NAME seems to be fine for me in this case. Thanks for the input.Donovan -- D Brooke
--- End Message ---
--- Begin Message ---Hello,Does anyone know of a basic (open source or freeware) form captcha system for PHP?TIA, Donovan -- D Brooke
--- End Message ---