php-general Digest 11 Dec 2012 19:52:09 -0000 Issue 8062
Topics (messages 319832 through 319840):
Re: Unexpected behavior of max() function
319832 by: áÌÅËÓÅÊ ðÏÌÅ×
319833 by: Andreas Perstinger
319834 by: Rodrigo Silva dos Santos
Storing passwords in session variables
319835 by: Paul Halliday
319836 by: Ashley Sheridan
319837 by: Paul Halliday
319838 by: Ashley Sheridan
319839 by: Paul Halliday
319840 by: Peet Grobler
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Because it returns alphabetical highest string.
You should change your locale or use dot instead of comma:
var_dump(
max(array('100', '110*.*453351020813', '9'))
);
On 11 December 2012 10:48, "Рогулин С.В." <rogu...@garant.ru> wrote:
> Hi, dear subscribers.
>
> I encountered with unexpected behavior of max() function. When i pass a
> parameter ['100', '110,453351020813', '9'], this function gives answer '9'
>
> var_dump(
> max(array('100', '110,453351020813', '9'))
> );
>
> // will output:
> // string(1) "9"
>
> I can`t understand this behaviour. Please explain this behavior.
>
> PHP 5.4.7 on FreeBSD 9.0-RELEASE-p4 amd64
>
> P.S.
> Sorry for my english :(
>
> --
> ----------------------------
> With best regards, Sergey Rogulin
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On 11.12.2012 07:48, "Рогулин С.В." wrote:
I encountered with unexpected behavior of max() function. When i pass a
parameter ['100', '110,453351020813', '9'], this function gives answer '9'
var_dump(
max(array('100', '110,453351020813', '9'))
);
// will output:
// string(1) "9"
As the output tells you, you are comparing strings and the character '9'
is greater than the character '1' (at the beginning of the two other
strings).
Bye, Andreas
--- End Message ---
--- Begin Message ---
A solution to it is, if you can, enter the array itens without the
commas, just array(100,110.453351020813,9);
Em 11-12-2012 05:05, Andreas Perstinger escreveu:
On 11.12.2012 07:48, "Рогулин С.В." wrote:
I encountered with unexpected behavior of max() function. When i pass a
parameter ['100', '110,453351020813', '9'], this function gives
answer '9'
var_dump(
max(array('100', '110,453351020813', '9'))
);
// will output:
// string(1) "9"
As the output tells you, you are comparing strings and the character
'9' is greater than the character '1' (at the beginning of the two
other strings).
Bye, Andreas
--- End Message ---
--- Begin Message ---
Hi,
I have a form that has username and password fields. While the form
exists and contains various other fields the most common mode of
operation is to have the form auto submit if it has enough arguments
in the URL. So, someone is using an external program that has links
wired as such:
test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
and when they hit that URL it sees it has enough arguments, fires and
returns the result.
Client <-> Server is encrypted, can I toss these into session variables?
The user could be coming from multiple frontends and it would be nice
to forgo the user/pass in the url; give the username focus on the
first visit let them drop their creds and then store them into the
session so with each subsequent hit they can just get their results.
Make sense?
Note: I need to pass the credentials to an external app each time a
request is made.
Thanks.
--
Paul Halliday
http://www.pintumbler.org/
--- End Message ---
--- Begin Message ---
On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote:
> Hi,
>
> I have a form that has username and password fields. While the form
> exists and contains various other fields the most common mode of
> operation is to have the form auto submit if it has enough arguments
> in the URL. So, someone is using an external program that has links
> wired as such:
>
> test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
>
> and when they hit that URL it sees it has enough arguments, fires and
> returns the result.
>
> Client <-> Server is encrypted, can I toss these into session variables?
>
> The user could be coming from multiple frontends and it would be nice
> to forgo the user/pass in the url; give the username focus on the
> first visit let them drop their creds and then store them into the
> session so with each subsequent hit they can just get their results.
>
> Make sense?
>
> Note: I need to pass the credentials to an external app each time a
> request is made.
>
> Thanks.
>
> --
> Paul Halliday
> http://www.pintumbler.org/
>
It looks like you're trying to re-invent authorisation procedures.
Typically, the first request logs a client in and retrieves a hashed
key, which is then used in all subsequent requests so that the server
can correctly verify the client. You can do this the way you suggested
with the session, but you must ensure that the session id is passed
across to your script by each of the connecting clients. That will be
done either as part of the head request, or as an extra parameter in the
URL.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Tue, Dec 11, 2012 at 9:02 AM, Ashley Sheridan
<a...@ashleysheridan.co.uk>wrote:
> **
> On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote:
>
> Hi,
>
> I have a form that has username and password fields. While the form
> exists and contains various other fields the most common mode of
> operation is to have the form auto submit if it has enough arguments
> in the URL. So, someone is using an external program that has links
> wired as such:
>
> test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
>
> and when they hit that URL it sees it has enough arguments, fires and
> returns the result.
>
> Client <-> Server is encrypted, can I toss these into session variables?
>
> The user could be coming from multiple frontends and it would be nice
> to forgo the user/pass in the url; give the username focus on the
> first visit let them drop their creds and then store them into the
> session so with each subsequent hit they can just get their results.
>
> Make sense?
>
> Note: I need to pass the credentials to an external app each time a
> request is made.
>
> Thanks.
>
> --
> Paul Hallidayhttp://www.pintumbler.org/
>
>
> It looks like you're trying to re-invent authorisation procedures.
> Typically, the first request logs a client in and retrieves a hashed key,
> which is then used in all subsequent requests so that the server can
> correctly verify the client. You can do this the way you suggested with the
> session, but you must ensure that the session id is passed across to your
> script by each of the connecting clients. That will be done either as part
> of the head request, or as an extra parameter in the URL.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
I understand that. The username/pass are NOT for authentication to the
form, they are being passed to exec();
So, I guess in this context they are just arguments.
Providing I handle the session properly, does it make sense to toss these
arguments into session variables?
--- End Message ---
--- Begin Message ---
On Tue, 2012-12-11 at 08:58 -0400, Paul Halliday wrote:
> On Tue, Dec 11, 2012 at 9:02 AM, Ashley Sheridan
> <a...@ashleysheridan.co.uk> wrote:
>
> On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote:
>
> > Hi,
> >
> > I have a form that has username and password fields. While the form
> > exists and contains various other fields the most common mode of
> > operation is to have the form auto submit if it has enough arguments
> > in the URL. So, someone is using an external program that has links
> > wired as such:
> >
> >
> test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
> >
> > and when they hit that URL it sees it has enough arguments, fires
> and
> > returns the result.
> >
> > Client <-> Server is encrypted, can I toss these into session
> variables?
> >
> > The user could be coming from multiple frontends and it would be
> nice
> > to forgo the user/pass in the url; give the username focus on the
> > first visit let them drop their creds and then store them into the
> > session so with each subsequent hit they can just get their results.
> >
> > Make sense?
> >
> > Note: I need to pass the credentials to an external app each time a
> > request is made.
> >
> > Thanks.
> >
> > --
> > Paul Halliday
> > http://www.pintumbler.org/
> >
>
>
>
>
> It looks like you're trying to re-invent authorisation
> procedures. Typically, the first request logs a client in and
> retrieves a hashed key, which is then used in all subsequent
> requests so that the server can correctly verify the client.
> You can do this the way you suggested with the session, but
> you must ensure that the session id is passed across to your
> script by each of the connecting clients. That will be done
> either as part of the head request, or as an extra parameter
> in the URL.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> I understand that. The username/pass are NOT for authentication to the
> form, they are being passed to exec();
I would say this is the username/password being used precisely for
authentication, otherwise you wouldn't need to pass them across to
exec()
> So, I guess in this context they are just arguments.
>
> Providing I handle the session properly, does it make sense to toss
> these arguments into session variables?
You can use the session, but the only way your script will know what
session to use is if the clients are sending the session id as part of
their request.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Tue, Dec 11, 2012 at 9:12 AM, Ashley Sheridan
<a...@ashleysheridan.co.uk>wrote:
> **
> On Tue, 2012-12-11 at 08:58 -0400, Paul Halliday wrote:
>
> On Tue, Dec 11, 2012 at 9:02 AM, Ashley Sheridan <a...@ashleysheridan.co.uk>
> wrote:
>
> On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote:
>
> Hi,
>
> I have a form that has username and password fields. While the form
> exists and contains various other fields the most common mode of
> operation is to have the form auto submit if it has enough arguments
> in the URL. So, someone is using an external program that has links
> wired as such:
>
> test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
>
> and when they hit that URL it sees it has enough arguments, fires and
> returns the result.
>
> Client <-> Server is encrypted, can I toss these into session variables?
>
> The user could be coming from multiple frontends and it would be nice
> to forgo the user/pass in the url; give the username focus on the
> first visit let them drop their creds and then store them into the
> session so with each subsequent hit they can just get their results.
>
> Make sense?
>
> Note: I need to pass the credentials to an external app each time a
> request is made.
>
> Thanks.
>
> --
> Paul Hallidayhttp://www.pintumbler.org/
>
>
>
> It looks like you're trying to re-invent authorisation procedures.
> Typically, the first request logs a client in and retrieves a hashed key,
> which is then used in all subsequent requests so that the server can
> correctly verify the client. You can do this the way you suggested with the
> session, but you must ensure that the session id is passed across to your
> script by each of the connecting clients. That will be done either as part
> of the head request, or as an extra parameter in the URL.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
> I understand that. The username/pass are NOT for authentication to the
> form, they are being passed to exec();
>
> I would say this is the username/password being used precisely for
> authentication, otherwise you wouldn't need to pass them across to exec()
>
> So, I guess in this context they are just arguments.
>
> Providing I handle the session properly, does it make sense to toss these
> arguments into session variables?
>
> You can use the session, but the only way your script will know what
> session to use is if the clients are sending the session id as part of
> their request.
>
>
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
Thanks :) I see the flaw in my reasoning. Just needed to talk about it!
--- End Message ---
--- Begin Message ---
On 2012/12/11 2:46 PM, Paul Halliday wrote:
> Client <-> Server is encrypted, can I toss these into session variables?
>
Do note your full url (including &user=xx&pass=yy will be logged in
apache logs, and depending on configuration in squid logs in-between too.
--- End Message ---
