-Original Message-
From: tedd [mailto:tedd.sperl...@gmail.com]
Sent: 22 May 2011 22:33
At 5:50 PM +0200 5/22/11, Nisse =?utf-8?Q?Engstr=C3=B6m?= wrote:
On Sat, 21 May 2011 09:26:02 -0400, tedd wrote:
The function strcmp() simply evaluates two strings and reports
back
-1, 0,
At 5:50 PM +0200 5/22/11, Nisse =?utf-8?Q?Engstr=C3=B6m?= wrote:
On Sat, 21 May 2011 09:26:02 -0400, tedd wrote:
The function strcmp() simply evaluates two strings and reports back
-1, 0, or 1 depending upon their alphabetical relationship.
It might do that, but don't bet your horse on
At 2:49 PM -0400 5/19/11, Joshua Kehn wrote:
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote:
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best regards from Ukraine,
Andre
Skype:
Yep, and it comes in handy, especially in school, lol, in advanced algorithms
and datastructures, I once submitted a project assignment that was 5 lines
long, and instead of figuring out anagrams, strcmp was very helpful :)
Sent from my Verizon Wireless 4GLTE smartphone
- Reply message
On 11-05-21 09:26 AM, tedd wrote:
At 2:49 PM -0400 5/19/11, Joshua Kehn wrote:
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote:
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best
On 20 May 2011 at 04:03, Alex Nikitin niks...@gmail.com wrote:
but here is a brief example:
(!DEBUG) || error_log(Fetch Data: .memory_get_usage()/1048576);
reads and writes a lot better and faster then:
if(DEBUG) {
$memory = memory_get_usage()/1048576;
error_log(Fetch Data:
On 19 May 2011 at 23:47, Adam Richardson simples...@gmail.com wrote:
You did make several other great points (session hijacking, multiple login
attempts), but to be fair to Tedd, there are many levels of security, and I
doubt he's trying to educate PHP developers with your background. In the
On 20 May 2011 11:20, Tim Streater t...@clothears.org.uk wrote:
*snip*
[...] is marked as being aimed at the novice, and at the same time lists some
of the areas that deliberately haven't been addressed in the example
provided, then that should suffice.
Apart from the above that would
On May 20, 2011, at 4:41 AM, Tim Streater wrote:
On 20 May 2011 at 04:03, Alex Nikitin niks...@gmail.com wrote:
but here is a brief example:
(!DEBUG) || error_log(Fetch Data: .memory_get_usage()/1048576);
reads and writes a lot better and faster then:
if(DEBUG) {
$memory =
On 11-05-20 09:14 AM, Joshua Kehn wrote:
On May 20, 2011, at 4:41 AM, Tim Streater wrote:
On 20 May 2011 at 04:03, Alex Nikitinniks...@gmail.com wrote:
but here is a brief example:
(!DEBUG) || error_log(Fetch Data: .memory_get_usage()/1048576);
If you're going to use ugly little
Absolutely agree with logging function or class (i ofcourse prefer the
latter) for persistent logging that is to be present in the end product;
however its is not the best of ideas to spend time developing logging code
and using it for debug purposes that will only be used during the initial
At 11:11 AM -0400 5/20/11, Alex Nikitin wrote:
Also to tedd, i would say that you should make it a series of
tutorials of how to make simple user auth progressively more and
more secure, i would say that would be a good learning experience
for someone. Start with your basic code, introduce new
Hello tedd,
Oh, I liked what you've said about a website like a house. May I
translate this into Russian and quote you in my blog? I'll place the
copyright :-).
Actually, what I would like to learn is how to break things. No, I
don't gonna be a hacker (I don't want to go to a jail!),
At 9:20 PM +0300 5/20/11, Andre Polykanine wrote:
Hello tedd,
Oh, I liked what you've said about a website like a house. May I
translate this into Russian and quote you in my blog? I'll place the
copyright :-).
Sure -- a link back would be fine.
I plan on placing that analogy on my
At 12:41 AM -0400 5/20/11, Paul M Foster wrote:
As pointed out, there are security and other issues. But since I know
what kind of code you can produce, I realize you left these issues in
place because you were getting at a different point.
Thanks for giving me my due. Often on a list, people
Making professional coding techniques visible to others can only be a
good thing. I've been doing this for a while, but I'm still interested
in how other people do these things. I never know when I might learn
something.
I've never meet a person who I couldn't learn from.
A great chef
At 3:00 PM -0400 5/20/11, HallMarc Websites wrote:
Making professional coding techniques visible to others can only be a
good thing. I've been doing this for a while, but I'm still interested
in how other people do these things. I never know when I might learn
something.
I've never meet
Just a comment on the building a house, a house is a page, but as
programmers (at least decent ones) we are no longer building single pages,
we build a house template and fill it with various elements to define what
the house is and what it does, so in essense you actually are not building
just
On Fri, May 20, 2011 at 12:28 PM, Alex Nikitin niks...@gmail.com wrote:
Also you left out a database, your basement/foundation . . .
I liken the database to the sewer: it's where all the crap goes. :D
Happy Friday!
David
On Fri, May 20, 2011 at 02:32:42PM -0400, tedd wrote:
[snip]
And I agree with the majority that your bracing style is horrid. But I
long ago despaired of turning you from the Dark Side(tm). ;-}
I understand, but like my wife often says Bite me :-)
OMG! She must be related to *my* wife!
@David
Fair enough, then i have seen so many badly designed sewage systems, that
the backed up sewage monsters come to me in my dreams... :) wait no the
other one :(
@Paul
And my girlfriend, apparently
--
The trouble with programmers is that you can never tell what a programmer is
doing until
On 20 May 2011 19:32, tedd tedd.sperl...@gmail.com wrote:
I've never meet a person who I couldn't learn from.
Yep. You can always serve as a bad example.
Richard.
(Is it still Friday)?
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY :
At 3:28 PM -0400 5/20/11, Alex Nikitin wrote:
Just a comment on the building a house, a house is a page, but as
programmers (at least decent ones) we are no longer building single
pages, we build a house template and fill it with various elements
to define what the house is and what it does,
I will try to respond to the original question.
Note: this is constructive criticism, so i wont do much in terms of praising
the good parts
It works, its very primitive, in some ways its pretty insecure, for example
it provides no session hijacking protection, it's not written with the
better of
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook:
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote:
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly
PHP_SELF requires no processing (i.e. there is no need to do basename())
strcmp is binary-safe, i prefer and recommend using string-safe comparison
functions for strings... here is an example of why:
$value = 0;
if($value==not zero) {
echo oopsie, how did this happen, lets see how this
On May 19, 2011, at 3:16 PM, Alex Nikitin wrote:
PHP_SELF requires no processing (i.e. there is no need to do basename())
strcmp is binary-safe, i prefer and recommend using string-safe comparison
functions for strings... here is an example of why:
$value = 0;
if($value==not zero) {
=== or preg_match for me, lol, unless its all just math :)
--
The trouble with programmers is that you can never tell what a programmer is
doing until it’s too late. ~Seymour Cray
On Thu, May 19, 2011 at 3:26 PM, Joshua Kehn josh.k...@gmail.com wrote:
On May 19, 2011, at 3:16 PM, Alex
Hi Alex,
Some nice conversation points, indeed. I do have a few follow-ups below:
On Thu, May 19, 2011 at 3:16 PM, Alex Nikitin niks...@gmail.com wrote:
PHP_SELF requires no processing (i.e. there is no need to do basename())
Actually, the way Tedd is using the info, PHP_SELF would
At 2:29 PM -0400 5/19/11, Alex Nikitin wrote:
I will try to respond to the original question.
Note: this is constructive criticism, so i wont do much in terms of praising
the good parts
It works, its very primitive, in some ways its pretty insecure, for example
it provides no session hijacking
Hey Adam :)
I devoted entire 3 minutes to glimpsing over the code and showing simple
ways to fix them, you make excellent points, i simply didnt even look into
them. You are absolutely correct in saying that sha1 a weak way to do this
(though it is wy better then md5), ofcourse the propper
At 2:29 PM -0400 5/19/11, Alex Nikitin wrote:
Also don't declare a bunch of needless variables for their one-time use,
don't compare unsanitized strings with a binary unsafe operator, server
variables contain link to current script, here are examples of what i mean:
I object.
First of all
At 8:51 PM -0400 5/19/11, Alex Nikitin wrote:
Tedd, yes you do have to worry about xss, yes with unescaped PHP_SELF you
can inject code into the form here form name=my_form action=?php
echo($self);? method=post
Ahhh!
Most excellent.
I'll change that.
Cheers,
tedd
--
---
On Thu, May 19, 2011 at 8:51 PM, Alex Nikitin niks...@gmail.com wrote:
Hey Adam :)
I devoted entire 3 minutes to glimpsing over the code and showing simple
ways to fix them, you make excellent points, i simply didnt even look into
them. You are absolutely correct in saying that sha1 a weak
My general rule of thumb regarding variables from post and/or get, is such:
if you use it once, dont throw it into a variable, if you use it more than
once, then put it in a variable. If you name things consistently and well,
regardless of how long from now you are reading the code,
On Wed, May 18, 2011 at 03:22:35PM -0400, tedd wrote:
Hi gang:
I am considering providing PHP code to the general public via my website
This is my first attempt:
http://sperling.com/php/authorization/
What do you people think?
I've always been a fan of your site(s). It's been
On May 18, 2011, at 3:22 PM, tedd wrote:
Hi gang:
I am considering providing PHP code to the general public via my website
This is my first attempt:
http://sperling.com/php/authorization/
What do you people think?
Cheers,
tedd
--
---
http://sperling.com/
I can say
At 3:31 PM -0400 5/18/11, Joshua Kehn wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
I am considering providing PHP code to the general public via my website
This is my first attempt:
http://sperling.com/php/authorization/http://sperling.com/php/authorization/
What do you people think?
On May 18, 2011, at 4:34 PM, tedd wrote:
-Josh:
There are all sorts of bracing styles, as you can see here:
http://rebel.lcc.edu/sperlt/citw229/brace-styles.php
Fortunately, we are all free to choose the one we like. :-)
I like the Whitesmiths style.
As for your other comments,
On 18 May 2011 at 20:31, Joshua Kehn josh.k...@gmail.com wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
What do you people think?
I can say I really don't like your bracing style.
I completely disagree - having the braces lined up is the only way to go. Means
I don't have to search all
On 11-05-18 04:42 PM, Tim Streater wrote:
On 18 May 2011 at 20:31, Joshua Kehnjosh.k...@gmail.com wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
What do you people think?
I can say I really don't like your bracing style.
I completely disagree - having the braces lined up is the only
On 18 May 2011 22:34, tedd t...@sperling.com wrote:
At 3:31 PM -0400 5/18/11, Joshua Kehn wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
I am considering providing PHP code to the general public via my website
This is my first attempt:
Joshua's style (Allman) also lines up. I also find tedd's particular
bracing style disconcerting. I always brace myself for it when I visit
his site (sorry couldn't resist ;)
I'm also in the Allman camp :)
Cheers,
Rob.
IMO, the style used by tedd just wastes one tabulation index (the
At 10:55 PM +0200 5/18/11, Peter Lind wrote:
On 18 May 2011 22:34, tedd t...@sperling.com wrote:
At 3:31 PM -0400 5/18/11, Joshua Kehn wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
I am considering providing PHP code to the general public via my website
This is my first attempt:
On 18 May 2011 23:12, tedd t...@sperling.com wrote:
At 10:55 PM +0200 5/18/11, Peter Lind wrote:
On 18 May 2011 22:34, tedd t...@sperling.com wrote:
At 3:31 PM -0400 5/18/11, Joshua Kehn wrote:
On May 18, 2011, at 3:22 PM, tedd wrote:
I am considering providing PHP code to the general
On 18 May 2011 at 22:22, Peter Lind peter.e.l...@gmail.com wrote:
On 18 May 2011 23:12, tedd t...@sperling.com wrote:
This is just one way to give-back.
Suggesting people that they copypaste your code is a very bad way of
giving back. Suggesting that they read and understand the code is a
On 18 May 2011 23:28, Tim Streater t...@clothears.org.uk wrote:
On 18 May 2011 at 22:22, Peter Lind peter.e.l...@gmail.com wrote:
On 18 May 2011 23:12, tedd t...@sperling.com wrote:
This is just one way to give-back.
Suggesting people that they copypaste your code is a very bad way of
On Wed, May 18, 2011 at 2:22 PM, Peter Lind peter.e.l...@gmail.com wrote:
You make my point for me but for some reason don't want to follow the
logical conclusion of it. Why?
This is just one way to give-back.
Suggesting people that they copypaste your code is a very bad way of
giving
On Wed, May 18, 2011 at 2:38 PM, Peter Lind peter.e.l...@gmail.com wrote:
As is probably clear by now, in my opinion it would be much better to
go the motions of the script a bit at a time, with comments of *why*
things are done (not *what* is done) - and why you really should spend
a bit
At 11:22 PM +0200 5/18/11, Peter Lind wrote:
On 18 May 2011 23:12, tedd t...@sperling.com wrote:
Thanks, but the point here *is* to get people involved using PHP.
Good and noble intent. Does not in any way have anything to do with
copypasting.
That's more of an argument than a fact -- and
On 18 May 2011 23:50, tedd t...@sperling.com wrote:
At 11:22 PM +0200 5/18/11, Peter Lind wrote:
On 18 May 2011 23:12, tedd t...@sperling.com wrote:
Thanks, but the point here *is* to get people involved using PHP.
Good and noble intent. Does not in any way have anything to do with
At 2:41 PM -0700 5/18/11, David Harkness wrote:
On Wed, May 18, 2011 at 2:22 PM, Peter Lind
mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote:
You make my point for me but for some reason don't want to follow the
logical conclusion of it. Why?
This is just one way to give-back.
On May 18, 2011, at 3:06 PM, tedd wrote:
You know, if you sat down with me and saw how my IDE handles braces, I think
you might see the reason why I code like I do.
Tedd,
I like the demo. Thanks for posting it.
From another post of yours, I take it that you're a Mac guy.
At 2:44 PM -0700 5/18/11, David Harkness wrote:
On Wed, May 18, 2011 at 2:38 PM, Peter Lind
mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote:
As is probably clear by now, in my opinion it would be much better to
go the motions of the script a bit at a time, with comments of *why*
At 12:03 AM +0200 5/19/11, Peter Lind wrote:
On 18 May 2011 23:50, tedd t...@sperling.com wrote:
Premise: The code I've placed in the Copy/Paste sections will work
as-is *IF* the users follow directions. I've tested it and it does
work.
Premise: Granted, for over a dozen years I've provided
56 matches
Mail list logo