php-general Digest 24 Jun 2013 10:57:20 -0000 Issue 8276
Topics (messages 321466 through 321467):
php, openssl and GOST ciphers - problem with GOST R 34.10-2001
321466 by: Eugene M. Zheganin
Re: One more newbie question. About foreach..
321467 by: Karl-Arne Gjersøyen
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi.
So, back to the GOST ciphers problem. This is kinda a long story.
Basically, there's tow sides of it. On one side there's a lack of
OPENSSL_config() calls in ext/openssl/openssl.c.
On the other hand, there's also a curl, which is also linked to Openssl.
In case you want any encryption, you will probably want to use both
modules, for obvious reasons. Curl (in this case - the upstream curl)
also lacks OPENSSL_config() calls, so one would think he should add
OPENSSL_config() call in every place. This isn't correct, because being
called sequentlially, this leads to openssl initialization error, so
OPENSSL_config() call should be called once, and it should be called in
the module that is loaded first. In case you are using curl AND openssl,
this definitely is curl module, because openssl initialization is done
in the upstream library. Considering this, no curl/openssl modification
is needed in PHP distribution, - you can patch curl upstream
distribution by the method described above, and use GOST ciphers. In
case you aren't using curl, you need to patch the openssl module in it's
code.
Curl guys are aware of the problem, but they don't want to make things
even worse, so they decided to do nothing at this moment:
http://sourceforge.net/p/curl/bugs/1208/ .
So, why am I writing all of this ? Because I have next problem. I have a
patched curl, php linked with it, fresh openssl with GOST ciphers and
one of the ciphers not accessible by php: this is GOST R 34.10-2001 cipher.
Here's what I have:
/usr/local/openssl/bin/openssl ciphers aGOST01
GOST2001-GOST89-GOST89:GOST2001-NULL-GOST94
(so, openssl has it, according to is manual - "aGOST01 - cipher suites
using GOST R 34.10-2001 authentication.")
Curl also has it:
/usr/local/curl/bin/curl --engine gost --ciphers GOST2001-GOST89-GOST89
https://google.com
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure
I got a failure, but when the non-existent cipher suite is used, the
error is different:
/usr/local/curl/bin/curl --engine gost --ciphers GOST2001-GOST89-GOST666
https://google.com
curl: (59) failed setting cipher list
So, openssl has it, curl has it, but for some reason php doesn't.
openssl_get_md_methods() shows a couple of GOST digest but not GOST R
34.11-94:
array(30) {
[0]=>
string(3) "DSA"
[1]=>
string(7) "DSA-SHA"
[2]=>
string(17) "GOST 28147-89 MAC"
[3]=>
string(15) "GOST R 34.11-94"
[4]=>
string(3) "MD4"
[5]=>
string(3) "MD5"
[6]=>
string(4) "MDC2"
[7]=>
string(9) "RIPEMD160"
[8]=>
string(3) "SHA"
[9]=>
string(4) "SHA1"
[10]=>
string(6) "SHA224"
[11]=>
string(6) "SHA256"
[12]=>
string(6) "SHA384"
[13]=>
string(6) "SHA512"
[14]=>
string(13) "dsaEncryption"
[15]=>
string(10) "dsaWithSHA"
[16]=>
string(15) "ecdsa-with-SHA1"
[17]=>
string(8) "gost-mac"
[18]=>
string(3) "md4"
[19]=>
string(3) "md5"
[20]=>
string(9) "md_gost94"
[21]=>
string(4) "mdc2"
[22]=>
string(9) "ripemd160"
[23]=>
string(3) "sha"
[24]=>
string(4) "sha1"
[25]=>
string(6) "sha224"
[26]=>
string(6) "sha256"
[27]=>
string(6) "sha384"
[28]=>
string(6) "sha512"
[29]=>
string(9) "whirlpool"
}
Why ? How to investigate it ?
Thanks.
Eugene.
--- End Message ---
--- Begin Message ---
WOW! Thank you very, very much!
This is so good! Thanks to all of you for spending time to learning me
programming!
Karl
2013/6/23 Maciek Sokolewicz <maciek.sokolew...@gmail.com>
> On 23-6-2013 17:11, Karl-Arne Gjersøyen wrote:
>
>> Hello again. I Got the solution for my last mention problem. Now I can
>> update several rows at once by one single submit action.
>>
>> [...]
>
> I have tried to search in google and on PHP.net but can't fine anything
>> that explain my problem.
>> I like to have new $sql = SELECT queries for every given serialnumber
>> ($snr)
>>
>> Thanks for your help.
>>
>> Karl
>>
>>
> Ok, Karl, I've seen quite a few messages from you to this list with
> various questions; from all these questions it becomes clear that you're
> trying to work with lists in a single form without understanding the basics
> of a form in the first place. You also seem to not understand what an array
> is exactly, or how to process it.
>
> So let's answer all these questions at once; I will attempt to explain (in
> short) how to do all this, using a custom form here. I don't speak
> Norwegian, and I find your variable names to be horribly long and complex,
> so let's not use them :)
>
> Say you want a simple form online which gives you a product name and asks
> you to update the amount of it in stock.
> <form action="..." method="post">
> <input type="text" name="number_in_stock" value="0">
> <input type="submit" name="submit" value="store">
> </form>
>
> When you submit this simple form, the PHP script defined in the action
> property is called, and the $_POST array looks like:
> $_POST = array(
> 'number_in_stock' = '0'
> );
>
> You can then run your simple query
> mysql_query("UPDATE some_table SET stock='" . $_POST['number_in_stock']);
> // note: you should always sanitize these values; i.e. make sure it is
> EXACTLY what you expect, and CAN NOT possibly be anything else. So if you
> expect it to be a number, check if it IS a number before running this
> query!!!
>
> Now, you said you wanted to update multiple items.
> Imagine you have a form showing multiple items:
> <form action="..." method="post">
> Item A: <input type="text" name="number_in_stock" value="8">
> Item B: <input type="text" name="number_in_stock" value="2">
> Item C: <input type="text" name="number_in_stock" value="258">
> <input type="submit" name="submit" value="store">
> </form>
>
> If you do this, PHP will have no idea what is what, and it will just keep
> overwriting the number_in_stock value until it reaches the last one. So you
> would end up with a $_POST array looking like this:
> $_POST = array(
> 'number_in_stock' = '258'
> );
>
> Obviously, you don't want that. The solution would be to tell PHP to turn
> all recieved values into an array. This can be done by manually specifying
> the key for each array item; or letting PHP do it automatically. This
> automatic way was suggested earlier, like so:
> <form action="..." method="post">
> Item A: <input type="text" name="number_in_stock[]" value="8">
> Item B: <input type="text" name="number_in_stock[]" value="2">
> Item C: <input type="text" name="number_in_stock[]" value="258">
> <input type="submit" name="submit" value="store">
> </form>
>
> This then results in a $_POST array like this:
> $_POST = array(
> 'number_in_stock' = array(
> 0 => '8',
> 1 => '2',
> 2 => '258'
> )
> );
>
> So now, do you have any idea what is what? No. You don't. Why? because you
> don't supply a link between the value and the meaning. Instead, you could
> decide to supply a certain unique key per item, like so:
> <form action="..." method="post">
> Item A: <input type="text" name="number_in_stock['ItemA']**" value="8">
> Item B: <input type="text" name="number_in_stock['ItemB']**" value="2">
> Item C: <input type="text" name="number_in_stock['ItemC']**" value="258">
> <input type="submit" name="submit" value="store">
> </form>
>
> This results in:
> $_POST = array(
> 'number_in_stock' = array(
> 'ItemA' => '8',
> 'ItemB' => '2',
> 'ItemC' => '258'
> )
> );
>
> Wow, now you can actually use this info when updating your table in the DB!
> foreach($_POST['number_in_**stock'] as $item=>$number) {
> mysql_query("UPDATE table SET stock='".$number."' WHERE
> itemId='".$item);
> }
> This will run over each element in the $_POST['number_in_stock'] array. It
> will (for that single loop-run) stick the key in $item and the value in
> $number. For each run, it will run the update query. Then in the next run,
> a new set of values is supplied, and a new query is ran.
>
> If you want to expand this to give you the ability to define which items
> should be updated and which should not, you could add checkboxes. When
> checked, the item will be updated; otherwise it won't. Checkboxes have a
> great feature where if they are checked, they have the value supplied in
> their value attribute. If they are not checked, they have no value. So, you
> could add something like:
> <form action="..." method="post">
> <input type="checkbox" name="item_list['ItemA'] value="1"> Item A: <input
> type="text" name="number_in_stock['ItemA']**" value="8">
> <input type="checkbox" name="item_list['ItemB'] value="1">Item B: <input
> type="text" name="number_in_stock['ItemB']**" value="2">
> <input type="checkbox" name="item_list['ItemC'] value="1">Item C: <input
> type="text" name="number_in_stock['ItemC']**" value="258">
> <input type="submit" name="submit" value="store">
> </form>
>
> When you submit this form, and have only the first checkbox ticked, the
> $_POST array will look like this:
> $_POST = array(
> 'item_list' = array(
> 'itemA' => '1',
> 'itemB' => '',
> 'itemC' => ''
> ),
> 'number_in_stock' = array(
> 'ItemA' => '8',
> 'ItemB' => '2',
> 'ItemC' => '258'
> )
> );
>
> You now know that only itemA should be updated. For this, you could run a
> foreach on item_list, check which value == 1 and then for those, run the
> query:
>
> foreach($_POST['item_list'] as $item=>$value) {
> if($value == 1) {
> // apparently we want to update this item
> $number = $_POST['number_in_stock'][$**item]; // $item = 'ItemA' or
> 'ItemB' or whatever name was selected
> mysql_query("UPDATE table SET stock='".$number."' WHERE
> itemId='".$item);
> }
> }
>
> Simple as that :)
> Don't start unsetting, and doing I don't know what, just KISS (Keep It
> Stupidly Simple)
>
> - Tul
>
--- End Message ---
