php-general Digest 4 Aug 2011 16:03:02 -0000 Issue 7428 Topics (messages 314330 through 314349):
Form Already Filled Out
314330 by: wil prim
314331 by: Thiago H. Pojda
314334 by: James Yerge
314336 by: Bálint Horváth
314349 by: jean-baptiste verrey
Re: Best editor?
314332 by: Florian Müller
314333 by: Florian Müller
314339 by: Donovan Brooke
Re: How do I enable $_SERVER['HTTP_X_WAP_PROFILE'] or $_SERVER['HTTP_PROFILE']
314335 by: Stuart Dallas
When is gettimeofday() or microtime() unavailable?
314337 by: Ivo F.A.C. Fokkema
NuSOAP
314338 by: Kanishka
Re: Studying mcrypt
314340 by: Donovan Brooke
314346 by: Alex Nikitin
Re: testing
314341 by: Jim Giner
314342 by: Jim Giner
314343 by: Daniel Brown
314344 by: Jim Giner
314345 by: Daniel Brown
314347 by: Tim Streater
314348 by: Jim Giner
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---Hello, Soooo i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance!Here is the login.php code, i didn't md5() the password yet:
<?php
if ($_SESSION['user'])
{
header("Location: error.php");
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo "<p style='color:red'>Wrong Username or Password</p>";
}
?>
<html>
<head>
<title></title>
<link href="" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="main">
<div id="menu">
<ul>
<li>
<a href="">Home</a>
</li>
<li>
<a href="">Topix</a>
</li>
<li>
<a href="">Mission</a>
</li>
</ul>
</div>
<div id='content'>
<form method='post' action=''>
Username: <br/>
<input type='text' name='user' maxlength='30'/><br/>
Password: <br/>
<input type="password" name='pass' maxlength='30'/><br/>
<input type="submit" value="Log In!" name="login"/>
</form>
<a href=""> Register? </a>
</div>
</body>
</html>
--- End Message ---
--- Begin Message ---Hmmm looks like you saved the password and your browser or OS may be filling it for you. Em 04/08/2011 01:42, "wil prim" <wilp...@me.com> escreveu: > Hello, Soooo i created a simple login system, and I am using sessions. Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! > > Here is the login.php code, i didn't md5() the password yet: > > > <?php > > if ($_SESSION['user']) > { > header("Location: error.php"); > exit(); > } > include('connect.php'); > if ($_POST['login']){ > > > $user=$_POST['user']; > $pass=$_POST['pass']; > $sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'"; > $result=mysql_query($sql, $con); > $count=mysql_num_rows($result); > if ($count==1){ > $_SESSION['user'] = $user; > header('location: home.php'); > } > else > echo "<p style='color:red'>Wrong Username or Password</p>"; > } > > ?> > <html> > <head> > <title></title> > <link href="style.css" rel="stylesheet" type="text/css" /> > </head> > <body> > > <div id="main"> > <div id="menu"> > <ul> > <li> > <a href="#">Home</a> > </li> > <li> > <a href="#">Topix</a> > </li> > <li> > <a href="#">Mission</a> > </li> > </ul> > </div> > <div id='content'> > <form method='post' action='index.php'> > Username: <br/> > <input type='text' name='user' maxlength='30'/><br/> > Password: <br/> > <input type="password" name='pass' maxlength='30'/><br/> > <input type="submit" value="Log In!" name="login"/> > </form> > <a href="register.html"> Register? </a> > > </div> > </body> > </html>
--- End Message ---
--- Begin Message ---On 08/05/2011 12:43 AM, wil prim wrote: > Hello, Soooo i created a simple login system, and I am using sessions > Everything > seems to work fine, however; when I upload my files to my server and type my > domain name my index.php page comes up and the form is automatically filled > out > with a username and password. How do i make it empty when I initially enter > the > site, and yes I did create a logout.php file that destroys a session. Please > help, it is hard to explain this when I cant show it in person. Thanks in > advance! > > Here is the login.php code, i didn't md5() the password yet: > > > <?php > > if ($_SESSION['user']) > { > header("Location: error.php"); > exit(); > } > include('connect.php'); > if ($_POST['login']){ > > > $user=$_POST['user']; > $pass=$_POST['pass']; > $sql="SELECT * FROM members WHERE username='$_POST[user]' and > password='$_POST[pass]'"; > $result=mysql_query($sql, $con); > $count=mysql_num_rows($result); > if ($count==1){ > $_SESSION['user'] = $user; > header('location: home.php'); > } > else > echo "<p style='color:red'>Wrong Username or Password</p>"; > } > > ?> > <html> > <head> > <title></title> > <link href="style.css" rel="stylesheet" type="text/css" /> > </head> > <body> > > <div id="main"> > <div id="menu"> > <ul> > <li> > <a href="#">Home</a> > </li> > <li> > <a href="#">Topix</a> > </li> > <li> > <a href="#">Mission</a> > </li> > </ul> > </div> > <div id='content'> > <form method='post' action='index.php'> > Username: <br/> > <input type='text' name='user' maxlength='30'/><br/> > Password: <br/> > <input type="password" name='pass' maxlength='30'/><br/> > <input type="submit" value="Log In!" name="login"/> > </form> > <a href="register.html"> Register? </a> > > </div> > </body> > </html> Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; <input type='text' name='user' value='' maxlength='30'/> <input type="password" name='pass' value='' maxlength='30'/> I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values.
--- End Message ---
--- Begin Message ---Hi, Use value="$_POST['user']" or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete="off"* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: "javascript turn off autofill" be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge <ja...@nixsecurity.org> wrote: > On 08/05/2011 12:43 AM, wil prim wrote: > > Hello, Soooo i created a simple login system, and I am using sessions > Everything > > seems to work fine, however; when I upload my files to my server and type > my > > domain name my index.php page comes up and the form is automatically > filled out > > with a username and password. How do i make it empty when I initially > enter the > > site, and yes I did create a logout.php file that destroys a session. > Please > > help, it is hard to explain this when I cant show it in person. Thanks in > advance! > > > > Here is the login.php code, i didn't md5() the password yet: > > > > > > <?php > > > > if ($_SESSION['user']) > > { > > header("Location: error.php"); > > exit(); > > } > > include('connect.php'); > > if ($_POST['login']){ > > > > > > $user=$_POST['user']; > > $pass=$_POST['pass']; > > $sql="SELECT * FROM members WHERE username='$_POST[user]' and > > password='$_POST[pass]'"; > > $result=mysql_query($sql, $con); > > $count=mysql_num_rows($result); > > if ($count==1){ > > $_SESSION['user'] = $user; > > header('location: home.php'); > > } > > else > > echo "<p style='color:red'>Wrong Username or Password</p>"; > > } > > > > ?> > > <html> > > <head> > > <title></title> > > <link href="style.css" rel="stylesheet" type="text/css" /> > > </head> > > <body> > > > > <div id="main"> > > <div id="menu"> > > <ul> > > <li> > > <a href="#">Home</a> > > </li> > > <li> > > <a href="#">Topix</a> > > </li> > > <li> > > <a href="#">Mission</a> > > </li> > > </ul> > > </div> > > <div id='content'> > > <form method='post' action='index.php'> > > Username: <br/> > > <input type='text' name='user' maxlength='30'/><br/> > > Password: <br/> > > <input type="password" name='pass' maxlength='30'/><br/> > > <input type="submit" value="Log In!" name="login"/> > > </form> > > <a href="register.html"> Register? </a> > > > > </div> > > </body> > > </html> > > Your browser is more than likely filling in the username and password > fields for you, automatically. Most modern browsers offer this > functionality by default. What you're looking for isn't relative to PHP. > > Have you tried visiting your page from multiple browsers, to see if you > get the same results? > > You could set the value of the username and password fields in the form > to NULL. > > e.g.; > <input type='text' name='user' value='' maxlength='30'/> > <input type="password" name='pass' value='' maxlength='30'/> > > I doubt your visitors are going to encounter the same issue you are, > unless they allow their browser or some other 3rd party software to > automatically fill in the form values for them. > > Another method would consist of using JavaScript, once the DOM is ready > (all elements rendered), have JavaScript reset the form values. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
--- End Message ---
--- Begin Message ---if you want to force the browser to not be able to have this behaviour you need the name tag to always change a quick example would be that <?php // keep the name in session $_SESSION['formRandomName']=time(); ?> <input type="password" name="<?php echo $_SESSION['formRandomName'];?>[password]" /> 2011/8/4 Bálint Horváth <hbal...@gmail.com> > Hi, > Use value="$_POST['user']" or sg like that because: > before send value eq null, after if returned -cause of a fail- the inputs > remain > > also set *autocomplete="off"* (at form) and if it doesn't work use js > to set null values to input boxes (add a name for ur form...) > > Another way, use Google: "javascript turn off autofill" > > be careful: > http://www.php.net/manual/en/security.database.sql-injection.php > http://php.net/manual/en/security.php > > *Valentine* > > On Thu, Aug 4, 2011 at 8:54 AM, James Yerge <ja...@nixsecurity.org> wrote: > > > On 08/05/2011 12:43 AM, wil prim wrote: > > > Hello, Soooo i created a simple login system, and I am using sessions > > Everything > > > seems to work fine, however; when I upload my files to my server and > type > > my > > > domain name my index.php page comes up and the form is automatically > > filled out > > > with a username and password. How do i make it empty when I initially > > enter the > > > site, and yes I did create a logout.php file that destroys a session. > > Please > > > help, it is hard to explain this when I cant show it in person. Thanks > in > > advance! > > > > > > Here is the login.php code, i didn't md5() the password yet: > > > > > > > > > <?php > > > > > > if ($_SESSION['user']) > > > { > > > header("Location: error.php"); > > > exit(); > > > } > > > include('connect.php'); > > > if ($_POST['login']){ > > > > > > > > > $user=$_POST['user']; > > > $pass=$_POST['pass']; > > > $sql="SELECT * FROM members WHERE username='$_POST[user]' and > > > password='$_POST[pass]'"; > > > $result=mysql_query($sql, $con); > > > $count=mysql_num_rows($result); > > > if ($count==1){ > > > $_SESSION['user'] = $user; > > > header('location: home.php'); > > > } > > > else > > > echo "<p style='color:red'>Wrong Username or Password</p>"; > > > } > > > > > > ?> > > > <html> > > > <head> > > > <title></title> > > > <link href="style.css" rel="stylesheet" type="text/css" /> > > > </head> > > > <body> > > > > > > <div id="main"> > > > <div id="menu"> > > > <ul> > > > <li> > > > <a href="#">Home</a> > > > </li> > > > <li> > > > <a href="#">Topix</a> > > > </li> > > > <li> > > > <a href="#">Mission</a> > > > </li> > > > </ul> > > > </div> > > > <div id='content'> > > > <form method='post' action='index.php'> > > > Username: <br/> > > > <input type='text' name='user' maxlength='30'/><br/> > > > Password: <br/> > > > <input type="password" name='pass' maxlength='30'/><br/> > > > <input type="submit" value="Log In!" name="login"/> > > > </form> > > > <a href="register.html"> Register? </a> > > > > > > </div> > > > </body> > > > </html> > > > > Your browser is more than likely filling in the username and password > > fields for you, automatically. Most modern browsers offer this > > functionality by default. What you're looking for isn't relative to PHP. > > > > Have you tried visiting your page from multiple browsers, to see if you > > get the same results? > > > > You could set the value of the username and password fields in the form > > to NULL. > > > > e.g.; > > <input type='text' name='user' value='' maxlength='30'/> > > <input type="password" name='pass' value='' maxlength='30'/> > > > > I doubt your visitors are going to encounter the same issue you are, > > unless they allow their browser or some other 3rd party software to > > automatically fill in the form values for them. > > > > Another method would consist of using JavaScript, once the DOM is ready > > (all elements rendered), have JavaScript reset the form values. > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > >
--- End Message ---
--- Begin Message ---I don't think UltraEdit is a good editor, because it has some really great troubles with simple syntax highlighting... Well, my version can't even highlight a string on two rows ¬.¬ > Date: Wed, 3 Aug 2011 17:04:01 +0200 > From: hbal...@gmail.com > To: php-gene...@lists.php.net > Subject: Re: [PHP] Best editor? > > Hi, > On Windows I used UltraEdit. On Linux Kate is simple and comfortable app. > Actually I prefer NetBeans too. Eclipse could be faster but I think less > comfortable... > *Valentine* > > On Wed, Aug 3, 2011 at 4:45 PM, Matt Giddings <mcgid...@gmail.com> wrote: > > > Notepad!!! LOL.. I use netbeans but eclipse is nice. A lot of it is > > personal opinion. > > > > On Wed, Aug 3, 2011 at 9:46 AM, Florian Müller <florip...@hotmail.com > > >wrote: > > > > > > > > Maybe an adittional information: PSPad is completely freeware and > > portable. > > > > > > You can download it right here: http://pspad.en.softonic.com/ > > > > > > This would be the best idea if you can't run a local server, because if > > > there is an editor with this functionality built in, he'd have to bring a > > > little local server with it, and I really don't know an editor which is > > able > > > to do that without an external software. > > > > > > Regards and much fun ;) Flo > > > > > > > From: florip...@hotmail.com > > > > To: msa...@gmail.com; sstap...@mnsi.net > > > > CC: php-gene...@lists.php.net > > > > Date: Wed, 3 Aug 2011 15:40:12 +0200 > > > > Subject: RE: [PHP] Best editor? > > > > > > > > > > > > I'm using PSPad since one year, and I'm very happy with it. > > > > > > > > With your description, I think it is the most simple way with it: > > Connect > > > it with a webserver, and then you can edit all files right on the server, > > so > > > if you save, they are live. > > > > > > > > PSPad is actually even a portable program, and there are lots of syntax > > > highlighters, so this program is very nice! > > > > > > > > > Date: Wed, 3 Aug 2011 09:32:34 -0400 > > > > > From: msa...@gmail.com > > > > > To: sstap...@mnsi.net > > > > > CC: php-gene...@lists.php.net > > > > > Subject: Re: [PHP] Best editor? > > > > > > > > > > Let me clarify a bit... I don't own my own machine - I'm using my > > work > > > > > computer. I can install an editor, but installing a full fledged > > > > > server would be verboten (like WAMP). And while its not hard to set > > up > > > > > a VM in virtualbox, I'd prefer not to if I don't have to. I know the > > > > > functionality of testing inside the editor used to be there, I'd just > > > > > like to see if I can find it again :) > > > > > > > > > > If I have to, i'll just go the VM route. > > > > > > > > > > On Wed, Aug 3, 2011 at 9:26 AM, Steve Staples <sstap...@mnsi.net> > > > wrote: > > > > > > On Wed, 2011-08-03 at 09:22 -0400, Matty Sarro wrote: > > > > > >> Hey everyone, > > > > > >> I am a super newbie just beginning to learn PHP. Awhile ago, I had > > > > > >> used aptana for dabbling with php and was amazed to find out that > > it > > > > > >> had a built in php interpreter so I could do some minor testing > > > > > >> without having to upload everything to a web server, or have a web > > > > > >> server locally. Flash forward to now, and it looks like that > > > > > >> functionality doesn't exist anymore (at least not by default). > > > > > >> > > > > > >> So, I'm curious what editors are out there? Are there any out > > there > > > > > >> which will let me test PHP files without having to upload > > everything > > > > > >> every time I edit it? Any help would be greatly appreciated. > > Thanks! > > > > > >> -Matty > > > > > >> > > > > > > > > > > > > I personally use Komodo IDE, but there are lots out there. There > > is > > > the > > > > > > Eclipse with PHP, or there was the way I learned, NotePad (then > > > switched > > > > > > to EditPlus+) > > > > > > > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > > -- > > > > > PHP General Mailing List (http://www.php.net/) > > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > >
--- End Message ---
--- Begin Message ---Ahm ..... oh ^^ so, for the size of projects which I am realising, there is no problem of live editing. And even for learning PHP, it's a good idea to make it live on a server because if he wants to learn it, he does not have a website he edits on which has a really big traffic. So this would be the best choice I think... If I got bigger projects, I always edit in a single beta folder, just to say ^^ > From: tamouse.li...@gmail.com > To: php-gene...@lists.php.net > Date: Wed, 3 Aug 2011 11:46:15 -0500 > Subject: Re: [PHP] Best editor? > > > On Aug 3, 2011, at 11:39 AM, David Harkness wrote: > > > On Wed, Aug 3, 2011 at 9:36 AM, Tamara Temple > > <tamouse.li...@gmail.com> wrote: > > Not to hijack the thread, but I really, *really* hope you are not > > suggesting that someone do live edits on a production server.... > > > > I would never consider tinkering on test pages while learning PHP a > > "production" server. :) > > > I think you missed my point -- that wasn't to the OP, that was to > the respondent talking about how PSPad lets you edit files directly on > the webserver....
--- End Message ---
--- Begin Message ---Matty Sarro wrote:Hey everyone, I am a super newbie..in the spirit of the "super newbie".. :-) http://interrobang.jwgh.org/songs/editors.mp3 -- D Brooke
--- End Message ---
--- Begin Message ---On 3 Aug 2011, at 21:07, Daevid Vincent wrote: > I'm working on a mobile site and from the various searches and reading (and > even code fragments I've inherited for the project), they make reference to: > > $_SERVER['HTTP_X_WAP_PROFILE'] and a fallback $_SERVER['HTTP_PROFILE'] > > However, when I hit a phpinfo(); page using both an Android MyTouch 3G (2.2) > and an Apple iPhone 3G, there are nothing even close to those. All of the > 'HTTP_X_*' headers are absent and there is no HTTP_PROFILE either. > > http://www.dpinyc.com/literature/resources/code-bank/php-lightweight-device- > detection/ > http://mobiforge.com/developing/blog/useful-x-headers > http://blog.svnlabs.com/tag/_serverhttp_x_wap_profile/ > > > Do I need to enable something in Apache or PHP?? > > PHP Version 5.3.6 > Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies > with Xdebug v2.0.5, Copyright (c) 2002-2008, by Derick Rethans > > and > > $ httpd -v > Server version: Apache/2.2.17 (FreeBSD) I may be wrong, but as I understand it those headers are for older WAP browsers, not modern mobile-based browsers which are HTML-capable. The best way I've found to detect mobile devices is to examine the user agent header. While it's not 100% reliable it's the best method available. This is the function I've used in the past to detect mobile devices: https://gist.github.com/1124666. I haven't used it for a little while so there are probably new devices out there that it can't detect but it should give you a good starting point. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
--- End Message ---
--- Begin Message ---Dear list, I've tried Google, php.net and the list's archives, but I can't find what I'm looking for. Maybe it's obvious, or maybe nobody wonders about this... For years, I've used microtime() to get the current time including the microseconds. However, somebody pointed me at a sentence in the manual page: "This function is only available on operating systems that support the gettimeofday() system call." And PHP's gettimeofday() suggests the same situation: "This is an interface to gettimeofday(2)." But... what kind of systems then don't have this system call available? Some googling around provided lots of C programmers trying to get a gettimeofday() implementation in C on Windows, since it doesn't seem to include it. But PHP's microtime() and gettimeofday() seem to work just fine on Windows (at least the boxes I could get to). Also, I just can't seem to find PHP code anywhere on the web that seems to check the existence of either microtime() or gettimeofday() before they call it, and there have to be lots of PHP programmers out there working on Windows boxes so... Should I ignore the sentence in the manual and just trust that both functions are always available? Or is there another cross-platform way to get to the system time, including the microseconds, without using microtime() or gettimeofday()? Or will both functions just always exist, but just not give me microseconds if there is no gettimeofday() system call available? Any help is highly appreciated. Thanks, Ivo
--- End Message ---
--- Begin Message ---NuSOAP Hi, I am learning “SOAP web services” using “NuSOAP” I tried to execute hello world program, but it didn’t work. When I execute the server script It generate the wsdl without giving any warning or error. But when I execute the client it gives following message. ******************** ” Warning: SoapClient::SoapClient(http://localhost/nusoap/server.php?wsdl) [soapclient.soapclient]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. in E:\xampp\htdocs\nusoap\client.php on line 5 Warning: SoapClient::SoapClient() [soapclient.soapclient]: I/O warning : failed to load external entity "http://localhost/nusoap/server.php?wsdl"; in E:\xampp\htdocs\nusoap\client.php on line 5 Fatal error: Maximum execution time of 60 seconds exceeded in E:\xampp\htdocs\nusoap\client.php on line 10 ************************* .I have attached “client.php” and “server.php”. server.php ************** “<?php // Pull in the NuSOAP code require_once('lib/nusoap.php'); // Create the server instance $server = new soap_server(); // Initialize WSDL support $server->configureWSDL('hellowsdl', 'urn:hellowsdl'); // Register the method to expose $server->register('hello', // method name array('name' => 'xsd:string'), // input parameters array('return' => 'xsd:string'), // output parameters 'urn:hellowsdl', // namespace 'urn:hellowsdl#hello', // soapaction 'rpc', // style 'encoded', // use 'Says hello to the caller' // documentation ); // Define the method as a PHP function function hello($name) { return 'Hello, ' . $name; } // Use the request to (try to) invoke the service $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; $server->service($HTTP_RAW_POST_DATA); ?> *************” client.php ************* <?php // Pull in the NuSOAP code require_once('lib/nusoap.php'); // Create the client instance $client = new soapclient("http://localhost/nusoap/server.php?wsdl";); // Call the SOAP method $result = $client->call('hello', array('name' => 'Scott')); // Display the result print_r($result); ?> *********** This examples is taken from the http://www.scottnichol.com/nusoapprogwsdl.htm can anybody tell me what’s wrong with this code. Thank you<<attachment: client.php>>
<<attachment: server.php>>
--- End Message ---
--- Begin Message ---Alex Nikitin wrote: [snip]Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your passwords, even if they have the "key".Hello, since this thread is about "studying mcrypt"...In another language, for a "top security with the ability to retrieve data situation", I use a method that stores an encrypted key, but then also, the entire "pages" are encrypted as well, with a separate utility, where I only know the key. Think of it as compiling your software, only it is not compiling, it's encrypting, and it's thenable to run as if it were compiled.The end result is that the key to any encrypted sensitive info does not reside on the server, it resides with me on my local system... thus thepasswords are safely encrypted, yet I can retrieve them manually.I don't know that PHP has the ability to run in compiled or encrypted form.. does it? If not, I guess a 1 way, non-key encryption would be the only way to be absolutely secure with saved data in PHP (such as a hash).Donovan -- D Brooke
--- End Message ---
--- Begin Message ---On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke <li...@euca.us> wrote: > Alex Nikitin wrote: > [snip] > > Also you shouldn't actually encrypt passwords, the proper way to store >> them >> is hashed, so that if someone grabs your database, they dont have your >> passwords, even if they have the "key". >> > > > Hello, since this thread is about "studying mcrypt"... > > In another language, for a "top security with the ability to retrieve data > situation", I use a method that stores an encrypted key, but then also, the > entire "pages" are encrypted as well, with a separate utility, where I only > know the key. Think of it as compiling your software, only it is not > compiling, it's encrypting, and it's then > able to run as if it were compiled. > > The end result is that the key to any encrypted sensitive info does not > reside on the server, it resides with me on my local system... thus the > passwords are safely encrypted, yet I can retrieve them manually. > > I don't know that PHP has the ability to run in compiled or encrypted > form.. does it? If not, I guess a 1 way, non-key encryption would be the > only way to be absolutely secure with saved data in PHP (such as a hash). > > Donovan > > > > -- > D Brooke > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > You can have multiple ways to encrypt data and store it pretty securely. For example i had a system that would encrypt passwords for other services and store them in the database along with an iv, the key was hard coded into the application and salt came from the user and was never stored, this way even if someone got my database and code which would be a feat not for the faint of heart, they still wont be able to get the data decrypted... What makes your local system any less vulnerable of a point than your server, of anything, its more vulnerable and failure-prone, so unless i'm not getting something, that seems like a poor design decision (i'm sorry) There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray
--- End Message ---
--- Begin Message ---""Jim Giner"" <jim.gi...@albanyhandball.com> wrote in message news:6d.60.30104.5b968...@pb1.pair.com... > Don't seem to be getting any feeds thru the newsgroup mirror(?). > Something's wrong. My OE still cannot connect to the news server for this list, it continues to show unread messages are available, but it cannot download them. Something has changed. PLUS - this 'testing' msg of mine DOES show up - whassup with that?
--- End Message ---
--- Begin Message --->> Al<n...@ridersite.org> wrote: >> >>> >>> >>> On 8/2/2011 5:18 PM, Jim Giner wrote: >>>> Don't seem to be getting any feeds thru the newsgroup mirror(?). >>>> >>>> >>> >>> This newsgroup has been a mess for almost a year now. >>> >>> One big problem is that the server only accepts a small number of >>> connections, >>> for just some mail clients, eg Thunderbird; but works for others. My >>> Thunderbird works flawlessly for numerous other newsgroups. >>> >>> I've posted 2 or 3 bug reports, no response! >>> >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >> >> This "newsgroup" is actually a mailing list. >> >> Thanks, >> Ash >> http://www.ashleysheridan.co.uk > > Oh, I thought news.php.net was a NNTP news server. And, > news://news.php.net:119/php.general was a newsgroup on the server. > > My mistake. > Mailing list, newsgroup, either one - something's changed in the last week or so to interrupt the smooth (or semi-smooth) functioning of it. The only messages I'm seeing currently are the ones in this single topic. Why is that???
--- End Message ---
--- Begin Message ---On Thu, Aug 4, 2011 at 10:39, Jim Giner <jim.gi...@albanyhandball.com> wrote: > > Mailing list, newsgroup, either one - something's changed in the last week > or so to interrupt the smooth (or semi-smooth) functioning of it. The only > messages I'm seeing currently are the ones in this single topic. Why is > that??? Actually, we haven't changed anything at all. It's always been temperamental, but it's always just been a small additional offering. As Ash said, this is a mailing list, not a newsgroup. The fact that we offer a newsgroup interface at all is by all means eligible for discontinuation, since only about six people use it in any given year. -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/
--- End Message ---
--- Begin Message ---Sounds like time for me to move on. Thanks for the info Dan. All the talent on this group, and a bug like this (according to posts I've read) has been going on for years? "Daniel Brown" <danbr...@php.net> wrote in message news:CAD9cneMicUmusc9Er7kOmLZKL_r-QORoYcMzGH5hQL=e4er...@mail.gmail.com... On Thu, Aug 4, 2011 at 10:39, Jim Giner <jim.gi...@albanyhandball.com> wrote: Actually, we haven't changed anything at all. It's always been temperamental, but it's always just been a small additional offering. As Ash said, this is a mailing list, not a newsgroup. The fact that we offer a newsgroup interface at all is by all means eligible for discontinuation, since only about six people use it in any given year. -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/
--- End Message ---
--- Begin Message ---On Thu, Aug 4, 2011 at 10:48, Jim Giner <jim.gi...@albanyhandball.com> wrote: > Sounds like time for me to move on. > Thanks for the info Dan. > > All the talent on this group, and a bug like this (according to posts I've > read) has been going on for years? Yeah, it's always been low-priority. I've started to add a dedicated NNTP box a number of times, but always wound up having to move on to higher-priority things. And, of course, being a completely volunteer effort, it loses even more priority status when work is busy. -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/
--- End Message ---
--- Begin Message ---On 04 Aug 2011 at 15:48, Jim Giner <jim.gi...@albanyhandball.com> wrote: > Sounds like time for me to move on. > Thanks for the info Dan. Say Jim, Why don't you pick it up as mail like the rest of us? -- Cheers -- Tim
--- End Message ---
--- Begin Message ---Because I'm lazy. I LIKE the newsgroup method - all my mail in one place: email, newsgroups together yet separate so that I can read the news postings when I have time, and the email is purely mine. "Tim Streater" <t...@clothears.org.uk> wrote in message news:08.87.13433.b57ba...@pb1.pair.com... On 04 Aug 2011 at 15:48, Jim Giner <jim.gi...@albanyhandball.com> wrote: > Sounds like time for me to move on. > Thanks for the info Dan. Say Jim, Why don't you pick it up as mail like the rest of us? -- Cheers -- Tim
--- End Message ---
