php-general Digest 14 Feb 2009 14:16:10 -0000 Issue 5958

2009-02-14 Thread php-general-digest-help
php-general Digest 14 Feb 2009 14:16:10 - Issue 5958 Topics (messages 288246 through 288256): Lightweight Picasa API v3 288246 by: John Corry Re: Happy 1234567890 day! 288247 by: German Geek for the security minded web developer - secure way to login? 288248 by:

php-general Digest 15 Feb 2009 03:30:39 -0000 Issue 5959

2009-02-14 Thread php-general-digest-help
php-general Digest 15 Feb 2009 03:30:39 - Issue 5959 Topics (messages 288257 through 288276): Re: for the security minded web developer - secure way to login? 288257 by: German Geek 288259 by: Michael A. Peters 288265 by: Sudheer 288266 by: Sudheer

[PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread German Geek
Hi All, A few months ago it came to my mind, that it might be possible to make non-https session (reasonably) secure by at least not letting people login that shouldn't because they might have sniffed the password from a user. Please let me know if you can find a loop hole in this process. I

Re: [PHP] [Fwd] How to make a secured login form

2009-02-14 Thread German Geek
Have a look at my post called for the security minded web developer - secure way to login?. It seems like a similar idea with less overhead. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Joan Rivers - Never floss with a stranger. 2009/2/14 Virgilio Quilario virgilio.quila...@gmail.com

Re: [PHP] Execute EXE with variables

2009-02-14 Thread German Geek
Hi, I've had a lot of problems with shell_exec too. Mostly it was permissions or environment variables not being set. i dont know if there is a way to set environment variables in the php.ini but if not you can set them with shell_exec as well, at least on unix it works. You can simply

Re: [PHP] list all constitute group of array ?

2009-02-14 Thread German Geek
Do you want exactly that list or simply all the possible combinations? If you want all possible combinations, search for a permute or permutation function in php... Does sound like homework lol. :-) Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com Alanis Morissette - We'll love you just

Re: [PHP] Execute EXE with variables

2009-02-14 Thread Ashley Sheridan
On Sun, 2009-02-15 at 00:16 +1300, German Geek wrote: Hi, I've had a lot of problems with shell_exec too. Mostly it was permissions or environment variables not being set. i dont know if there is a way to set environment variables in the php.ini but if not you can set them with shell_exec

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Michael A. Peters
German Geek wrote: What do you think? I think just use a flippin' ssl server and be done with it. When I go to a website that requires me to let them execute JavaScript I rarely go back. You can use SSL for the login and only the login - I know that it means either using a self signed

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Per Jessen
Michael A. Peters wrote: German Geek wrote: What do you think? I think just use a flippin' ssl server and be done with it. That was my thought too. You can use SSL for the login and only the login - I know that it means either using a self signed cert or paying big bucks, for

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Dotan Cohen
I think just use a flippin' ssl server and be done with it. ++$i When I go to a website that requires me to let them execute JavaScript I rarely go back. Many people do this, I hope that the OP realizes this. You can use SSL for the login and only the login - I know that it means either

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Michael A. Peters
Dotan Cohen wrote: Have you seen the fit Firefox 3 makes for self-signed certs? So far as the end user is concerned, the site is inaccesible. Yes I have. That's why on my site I have an instruction page - and a demonstration of how Opera does it, which is just as secure and less of a PITA,

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread German Geek
Hi gang, Was just thinking of a cheap solution for sites that don't require absolute security. A SSL cert cost about $150 a year. Sites like facebook could use this... Of course it's not for banks etc. You could degrade gracefully when javascript is turned off to just sending the form and

[PHP] Heredoc inside eval?

2009-02-14 Thread Michael
I have a html template with php variables. I then run it through eval(). All that works fine. Problem is that when I add simple html attributes or javascript calls I need to use single or double quotes. And this is where eval throws an error. So I then used htmlspecialchars to mask all the

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Michael A. Peters
German Geek wrote: Hi gang, Was just thinking of a cheap solution for sites that don't require absolute security. A SSL cert cost about $150 a year. Sites like facebook could use this... Sites (like mine) that don't want to pay a certificate authority can use a self-signed cert. Even Red

[PHP] Google Apps AuthSub = missing $_GET element

2009-02-14 Thread John Corry
I am completely baffled by this. I have a PHP script that is using Cameron Hinkle's LightweightPicasaAPIv3 to authenticate with the Google Picasa service using the AuthSub method. Basically, if we're not authenticated, redirect to the google authsub URL:

Re: [PHP] Heredoc inside eval?

2009-02-14 Thread Nitsan Bin-Nun
For instance you have: htmlbla?php echo abcd;?/bla/html The simplest way to eval() it is to use: eval(? . $string_of_html_and_php . ?php); And for what you asked, try this one: eval(\$html = hds $html; hds;); It might work. HTH, Nitsan On Sat, Feb 14, 2009 at 3:58 PM, Michael

Re: [PHP] Heredoc inside eval?

2009-02-14 Thread Michael N. Madsen
Sorry for not including a a code example of the template. html .. div{$content}/div This template I read into a variable using file_get_contents() so I don't think escaping php will work but I will have to test this. Your suggestion for the heredoc problem is simple, yet I didn't

Re: [PHP] Heredoc inside eval?

2009-02-14 Thread Nitsan Bin-Nun
I haven't figured from your sayings if my solutions worked? I haven't tested them so I thought you would check them out ;) Nitsan On Sat, Feb 14, 2009 at 6:59 PM, Michael N. Madsen m...@criion.net wrote: Sorry for not including a a code example of the template. html ..

Re: [PHP] Heredoc inside eval?

2009-02-14 Thread Michael N. Madsen
Hehe ok.. First problem was that eval() was giving error because there was double-quotes in the template. Second problem an attempt to fix problem 1 by wrapping the template in a heredoc syntax. Problem 1 I solved as described with add/strip-slashes(). Out of curiosity I will test your

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Sudheer
Michael A. Peters wrote: German Geek wrote: Hi gang, Was just thinking of a cheap solution for sites that don't require absolute security. A SSL cert cost about $150 a year. Sites like facebook could use this... Sites (like mine) that don't want to pay a certificate authority can use a

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Sudheer
Firefox scares its users when they encounter a website with self signed certificate. If your website users aren't worried about the warning Firefox throws at them, self signed cert works well. I just realized Dotan Cohen already mentioned this. -- With warm regards, Sudheer. S

Re: [PHP] for the security minded web developer - secure way to login?

2009-02-14 Thread Michael A. Peters
Sudheer wrote: Michael A. Peters wrote: Sites (like mine) that don't want to pay a certificate authority can use a self-signed cert. Even Red Hat does for some of their stuff (IE I believe their bugzilla server) Firefox scares its users when they encounter a website with self signed

[PHP] Sorting times

2009-02-14 Thread tedd
Hi gang: Anyone have/know a routine that will sort an array of times? For example, a function that would take an array like this: time[0] ~ '1:30pm' time[1] ~ '7:30am' time[2] ~ '12:30pm' and order it to: time[0] ~ '7:30am' time[1] ~ '12:30pm' time[2] ~ '1:30pm' Cheers, tedd -- ---

Re: [PHP] Sorting times

2009-02-14 Thread John Corry
1. convert the string representation of times to timestamps using strtotime() 2. sort the timestamps 3. display the timestamps as strings using date('format', timestamp) Would that work? John Corry email: jco...@gmail.com On Feb 14, 2009, at 4:07 PM, tedd wrote: Hi gang: Anyone

[PHP] Re: Sorting times

2009-02-14 Thread Shawn McKenzie
tedd wrote: Hi gang: Anyone have/know a routine that will sort an array of times? For example, a function that would take an array like this: time[0] ~ '1:30pm' time[1] ~ '7:30am' time[2] ~ '12:30pm' and order it to: time[0] ~ '7:30am' time[1] ~ '12:30pm' time[2] ~ '1:30pm'

Re: [PHP] Sorting times

2009-02-14 Thread Shawn McKenzie
John Corry wrote: 1. convert the string representation of times to timestamps using strtotime() 2. sort the timestamps 3. display the timestamps as strings using date('format', timestamp) Would that work? John Corry email: jco...@gmail.com On Feb 14, 2009, at 4:07 PM, tedd

[PHP] Re: Sorting times

2009-02-14 Thread Shawn McKenzie
Shawn McKenzie wrote: tedd wrote: Hi gang: Anyone have/know a routine that will sort an array of times? For example, a function that would take an array like this: time[0] ~ '1:30pm' time[1] ~ '7:30am' time[2] ~ '12:30pm' and order it to: time[0] ~ '7:30am' time[1] ~ '12:30pm'

Re: [PHP] Sorting times (SOLVED)

2009-02-14 Thread tedd
At 4:15 PM -0500 2/14/09, John Corry wrote: 1. convert the string representation of times to timestamps using strtotime() 2. sort the timestamps 3. display the timestamps as strings using date('format', timestamp) Would that work? John Corry email: jco...@gmail.com John: Bingo -- that

[PHP] Simple Search Logic Issue...

2009-02-14 Thread revDAVE
Newbie question... I have a search page with multi lines of search criteria: Name Topic Message Etc... I'm hoping to get results based on what criteria I type - but I'm not getting what I expect. I think it's just getting results where in addition to getting search criteria I type - ALSO none

[PHP] Re: list all constitute group of array ?

2009-02-14 Thread Clancy
On Sat, 14 Feb 2009 07:41:28 +0800, a...@pc86.com (LKSunny) wrote: ? $a = array(a, b, c, d); /* how to list: abcd abc ab ac ad bcd bc bd cd a b c d who have idea ? thank you very much !! */ ? If you are talking about arrays of strings,use my function larec (list array recursively). This has

Re: [PHP] Sorting times (SOLVED)

2009-02-14 Thread Shawn McKenzie
tedd wrote: At 4:15 PM -0500 2/14/09, John Corry wrote: 1. convert the string representation of times to timestamps using strtotime() 2. sort the timestamps 3. display the timestamps as strings using date('format', timestamp) Would that work? John Corry email: jco...@gmail.com John: