Re: [PHP] Question about session_id() and session_start()
On 20/05/2013, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Tell that to the designers of the android gmail app :-) Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 That wasn't the advice given. The advice given was to read the source code. My point was that is not very helpful advice. With a few notable exceptions the help given on this list has become less and less friendly over the years I have been reading it. This can't be good for the PHP community. - Tul Tim -- Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
thank you. I read the source code and it helps a lot, now I know the behavior of the code is consistent with the NOTE. I think the reason is that If the 'new' session_id we want to set already exists on the server, but does not exist on the client's cookie, the server must send a set-cookie header to the client. On Tue, May 21, 2013 at 3:50 PM, Tim Schofield t...@weberpafrica.com wrote: On 20/05/2013, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Tell that to the designers of the android gmail app :-) Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 That wasn't the advice given. The advice given was to read the source code. My point was that is not very helpful advice. With a few notable exceptions the help given on this list has become less and less friendly over the years I have been reading it. This can't be good for the PHP community. - Tul Tim -- Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn
Re: [PHP] Question about session_id() and session_start()
Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking
Re: [PHP] Question about session_id() and session_start()
On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn
Re: [PHP] Question about session_id() and session_start()
On May 20, 2013 8:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn I was thinking if I was sitting in a cafe and someone was sniffing and tried to use my session info they would get a new session id where I would still have my original one so they wouldn't be able to hijack mine trying to reuse the same id I have since php would generate a new one No?
Re: [PHP] Question about session_id() and session_start()
Op 21 mei 2013 03:59 schreef David OBrien dgobr...@gmail.com het volgende: On May 20, 2013 8:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn I was thinking if I was sitting in a cafe and someone was sniffing and tried to use my session info they would get a new session id where I would still have my original one so they wouldn't be able to hijack mine trying to reuse the same id I have since php would generate a new one No? If you read the original question correctly, it's about a *new cookie* with the *same session id*. Second, if somebody is sniffing you he would also be able to grab the new session id, and yours (old and new one) will be useless if he uses the new session id before you do. Avoiding session hijacking is not that easy, it's much easier to just use an SSL connection. At least that protects you from someone sniffing on a public wifi, but it does not help against sniffing viruses, malicious browser extensions or cross site scripting attacks. Since it's off topic, I'll end here. If you want to learn more, Google is your best friend! - Matijn
Re: [PHP] Question about date calculations
On Fri, Dec 30, 2011 at 5:33 PM, Eric Lommatsch er...@pivotaldata.net wrote: When I try this method: $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); I get the following error when I run the page: Fatal error : Call to undefined method DateTime::diff() in /var/www/evalHomeLime.php on line 254 Just for the record: As noted on the manpage [1], your PHP version needs to be = 5.3.0. Cheers, Matijn [1] http://www.php.net/manual/en/datetime.diff.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Question about date calculations
Hello Frank, As far as I know I am not doing anything in terms of trying to write or use my own function. What I am trying to do is use what PHP provides. Thank you Eric H. Lommatsch Programmer Pivotal Data Incorporated 2087 South Grant Street Denver, CO 80210 Tel 303-777-8939 Ext 23 Fax 888-282-9927 www.pivotaldata.com er...@pivotaldata.com -Original message- From: Frank Arensmeier farensme...@gmail.com Sent: Thu 29-12-2011 15:25 To: Eric Lommatsch er...@pivotaldata.net; CC: php-general@lists.php.net; Subject: Re: [PHP] Question about date calculations 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank
RE: [PHP] Question about date calculations
When I try this method:
$interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); I get the
following error when I run the page:
Fatal error : Call to undefined method DateTime::diff() in
/var/www/evalHomeLime.php on line 254
Thank you
Eric H. Lommatsch
Programmer
Pivotal Data Incorporated
2087 South Grant Street
Denver, CO 80210
Tel 303-777-8939 Ext 23
Fax 888-282-9927
www.pivotaldata.com
er...@pivotaldata.com
-Original message-
From: ad...@buskirkgraphics.com
Sent: Thu 29-12-2011 16:07
To: 'Fatih P.' fatihpirist...@gmail.com; 'Frank Arensmeier'
farensme...@gmail.com;
CC: 'Eric Lommatsch' er...@pivotaldata.net; php-general@lists.php.net;
Subject: RE: [PHP] Question about date calculations
-Original Message-
From: Fatih P. [mailto:fatihpirist...@gmail.com]
Sent: Thursday, December 29, 2011 5:10 PM
To: Frank Arensmeier
Cc: Eric Lommatsch; php-general@lists.php.net
Subject: Re: [PHP] Question about date calculations
On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier
farensme...@gmail.comwrote:
29 dec 2011 kl. 22.22 skrev Eric Lommatsch:
So far in looking at the functions that are available at
http://www.php.net/manual/en/ref.datetime.php I have not been able
to
figure
out how to do what I need to do. Below is a snippet showing
approximately
what I am trying to do.
On the same page you are referring, there are plenty of examples on
how to
calculate the difference between two dates. Choose one and see if it
fits
your bill. Or is there any particular reason why you're writing your
own
function?
http://www.php.net/manual/en/ref.datetime.php#78981
/frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
since you have everything in database tables why not to do this
calculation
on database side which would be much appropriate place ?
/* columns
date_start = '2011-02-08';
date_end = ' 2011-03-04';
*/
select DATEDIFF(date_end, date_start);
http://dev.mysql.com/doc/refman/5.5/en/date-and-time-
functions.html#function_datediff
I looked at this answer and see the date is from an array of a database and not
2 fields with in the table.
While the DATEDIFF() is very useful in queries this will not help you unless
both fields are in the table.
Try this example
$dteStartDate[$intCnt] = new DateTime($row[10]);
$dteEndDate[$intCnt] =new DateTime($row[11]);
$interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]);
echo $interval-format('%R%a days');
RE: Re: [PHP] Question about date calculations
Actually for what I need this is exactly what i was looking for. I am
converting an asp page that was calculating this difference using VBA functions
and I was trying to duplicate things as they were in that page.
Thank you
Eric H. Lommatsch
Programmer
Pivotal Data Incorporated
2087 South Grant Street
Denver, CO 80210
Tel 303-777-8939 Ext 23
Fax 888-282-9927
www.pivotaldata.com
er...@pivotaldata.com
-Original message-
From: Fatih P. fatihpirist...@gmail.com
Sent: Thu 29-12-2011 16:16
To: ad...@buskirkgraphics.com;
CC: 'Frank Arensmeier' farensme...@gmail.com; 'Eric Lommatsch'
er...@pivotaldata.net; php-general@lists.php.net;
Subject: Re: [PHP] Question about date calculations
On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote:
-Original Message- From: Fatih P. [ mailto:fatihpirist...@gmail.com ]
Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric
Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Question about date
calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier
farensme...@gmail.com wrote:
29 dec 2011 kl. 22.22 skrev Eric Lommatsch:
So far in looking at the functions that are available at
http://www.php.net/manual/en/ref.datetime.php I have not been able
to
figure
out how to do what I need to do. Below is a snippet showing
approximately
what I am trying to do.
On the same page you are referring, there are plenty of examples on
how to
calculate the difference between two dates. Choose one and see if it
fits
your bill. Or is there any particular reason why you're writing your
own
function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP
General Mailing List ( http://www.php.net/ ) To unsubscribe, visit:
http://www.php.net/unsub.php
since you have everything in database tables why not to do this calculation on
database side which would be much appropriate place ? /* columns date_start =
'2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end,
date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time -
functions.html#function_datediff
I looked at this answer and see the date is from an array of a database and not
2 fields with in the table. While the DATEDIFF() is very useful in queries this
will not help you unless both fields are in the table. Try this example
$dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new
DateTime($row[11]); $interval =
$dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo
$interval-format('%R%a days');
well then look deeper in the question:
I have a page I am trying to create where I am comparing the values of two
MySQL date fields with the current date. One of the MySQL Date fields is a
class start date, the other is the class end date.
all needs to do is modify his query.
Re: [PHP] Question about date calculations
On 12/29/2011 01:22 PM, Eric Lommatsch wrote:
Hello List,
I am using PHP version 5.2.6.
I am using PHP V5.3.3
In my setup, the following lines give me errors stating that PHP cannot
convert the DateTime object to a string. I was able to get around the
error by changing your code to the following.
$intDayCnt=$dteEndDate[$i]-$dteStartDate[$i];
$intDayCnt = ( $dteEndDate[$i]-format('m') -
$dteStartDate[$i]-format('m') );
Be sure to change the following line as well.
$dteCheckDate = date('U');
if (($dteCheckDate=($dteEndDate[$i]-7)
$dteCheckDate=($dteEndDate[$i]+1)) $intDayCnt16)
if (
$dteCheckDate = ( $dteEndDate[$i]-format('U') - (7*86400) )
$dteCheckDate = ( $dteEndDate[$i]-format('U') + (86400) )
$intDayCnt 16
) {
Eric Lommatsch.
--
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Question about date calculations
-Original Message-
From: Eric Lommatsch [mailto:er...@pivotaldata.com] On Behalf Of Eric
Lommatsch
Sent: Friday, December 30, 2011 12:31 PM
To: Fatih P.; ad...@buskirkgraphics.com
Cc: 'Frank Arensmeier'; 'Eric Lommatsch'; php-general@lists.php.net
Subject: RE: Re: [PHP] Question about date calculations
Actually for what I need this is exactly what i was looking for. I am
converting an asp page that was calculating this difference using VBA
functions and I was trying to duplicate things as they were in that
page.
Thank you
Eric H. Lommatsch
Programmer
Pivotal Data Incorporated
2087 South Grant Street
Denver, CO 80210
Tel 303-777-8939 Ext 23
Fax 888-282-9927
www.pivotaldata.com
er...@pivotaldata.com
-Original message-
From: Fatih P. fatihpirist...@gmail.com
Sent: Thu 29-12-2011 16:16
To: ad...@buskirkgraphics.com;
CC: 'Frank Arensmeier' farensme...@gmail.com; 'Eric Lommatsch'
er...@pivotaldata.net; php-general@lists.php.net;
Subject: Re: [PHP] Question about date calculations
On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote:
-Original Message- From: Fatih P. [
mailto:fatihpirist...@gmail.com ] Sent: Thursday, December 29, 2011
5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php-
gene...@lists.php.net Subject: Re: [PHP] Question about date
calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier
farensme...@gmail.com wrote:
29 dec 2011 kl. 22.22 skrev Eric Lommatsch:
So far in looking at the functions that are available at
http://www.php.net/manual/en/ref.datetime.php I have not been able
to
figure
out how to do what I need to do. Below is a snippet showing
approximately
what I am trying to do.
On the same page you are referring, there are plenty of examples on
how to
calculate the difference between two dates. Choose one and see if it
fits
your bill. Or is there any particular reason why you're writing your
own
function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank --
PHP General Mailing List ( http://www.php.net/ ) To unsubscribe, visit:
http://www.php.net/unsub.php
since you have everything in database tables why not to do this
calculation on database side which would be much appropriate place ? /*
columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select
DATEDIFF(date_end, date_start);
http://dev.mysql.com/doc/refman/5.5/en/date-and-time -
functions.html#function_datediff
I looked at this answer and see the date is from an array of a database
and not 2 fields with in the table. While the DATEDIFF() is very useful
in queries this will not help you unless both fields are in the table.
Try this example $dteStartDate[$intCnt] = new DateTime($row[10]);
$dteEndDate[$intCnt] =new DateTime($row[11]); $interval =
$dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval-
format('%R%a days');
well then look deeper in the question:
I have a page I am trying to create where I am comparing the values of
two
MySQL date fields with the current date. One of the MySQL Date fields
is a class start date, the other is the class end date.
all needs to do is modify his query.
Thank you Eric,
Date conversion is a popular issue when converting the language from
one to the next.
I prefer to manage any date filtering outside of MySQL because sometimes the
fields are not clean or formatted correctly, and the DATEDIFF() of MySQL
just fails.
This failure can be devastating when dealing with a MySQL replication setup.
I gauge the MySQL process against the PHP process and determine which is
faster and which do I have more effective controls in.
I have found I have better flexibility and control of date filtering in PHP.
But squirrels will be squirrels...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.comwrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_datediff
RE: [PHP] Question about date calculations
-Original Message-
From: Fatih P. [mailto:fatihpirist...@gmail.com]
Sent: Thursday, December 29, 2011 5:10 PM
To: Frank Arensmeier
Cc: Eric Lommatsch; php-general@lists.php.net
Subject: Re: [PHP] Question about date calculations
On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier
farensme...@gmail.comwrote:
29 dec 2011 kl. 22.22 skrev Eric Lommatsch:
So far in looking at the functions that are available at
http://www.php.net/manual/en/ref.datetime.php I have not been able
to
figure
out how to do what I need to do. Below is a snippet showing
approximately
what I am trying to do.
On the same page you are referring, there are plenty of examples on
how to
calculate the difference between two dates. Choose one and see if it
fits
your bill. Or is there any particular reason why you're writing your
own
function?
http://www.php.net/manual/en/ref.datetime.php#78981
/frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
since you have everything in database tables why not to do this
calculation
on database side which would be much appropriate place ?
/* columns
date_start = '2011-02-08';
date_end = ' 2011-03-04';
*/
select DATEDIFF(date_end, date_start);
http://dev.mysql.com/doc/refman/5.5/en/date-and-time-
functions.html#function_datediff
I looked at this answer and see the date is from an array of a database and not
2 fields with in the table.
While the DATEDIFF() is very useful in queries this will not help you unless
both fields are in the table.
Try this example
$dteStartDate[$intCnt] = new DateTime($row[10]);
$dteEndDate[$intCnt] =new DateTime($row[11]);
$interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]);
echo $interval-format('%R%a days');
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote:
-Original Message-
From: Fatih P. [mailto:fatihpirist...@gmail.com]
Sent: Thursday, December 29, 2011 5:10 PM
To: Frank Arensmeier
Cc: Eric Lommatsch; php-general@lists.php.net
Subject: Re: [PHP] Question about date calculations
On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier
farensme...@gmail.comwrote:
29 dec 2011 kl. 22.22 skrev Eric Lommatsch:
So far in looking at the functions that are available at
http://www.php.net/manual/en/ref.datetime.php I have not been able
to
figure
out how to do what I need to do. Below is a snippet showing
approximately
what I am trying to do.
On the same page you are referring, there are plenty of examples on
how to
calculate the difference between two dates. Choose one and see if it
fits
your bill. Or is there any particular reason why you're writing your
own
function?
http://www.php.net/manual/en/ref.datetime.php#78981
/frank
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
since you have everything in database tables why not to do this
calculation
on database side which would be much appropriate place ?
/* columns
date_start = '2011-02-08';
date_end = ' 2011-03-04';
*/
select DATEDIFF(date_end, date_start);
http://dev.mysql.com/doc/refman/5.5/en/date-and-time-
functions.html#function_datediff
I looked at this answer and see the date is from an array of a database and not
2 fields with in the table.
While the DATEDIFF() is very useful in queries this will not help you unless
both fields are in the table.
Try this example
$dteStartDate[$intCnt] = new DateTime($row[10]);
$dteEndDate[$intCnt] =new DateTime($row[11]);
$interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]);
echo $interval-format('%R%a days');
well then look deeper in the question:
I have a page I am trying to create where I am comparing the values of two
MySQL date fields with the current date. One of the *MySQL Date fields
*is a class start date,*the other* is the class end date.
all needs to do is modify his query.
Re: [PHP] Question about date calculations
Fatih P. wrote: well then look deeper in the question: I have a page I am trying to create where I am comparing the values of two MySQL date fields with the current date. One of the *MySQL Date fields *is a class start date,*the other* is the class end date. all needs to do is modify his query. And by moving the lookup into the query then Eric only needs to return the rows of the table that are in range ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about socket_select
On Wed, Dec 14, 2011 at 1:25 AM, Matijn Woudt tijn...@gmail.com wrote:
On Wed, Dec 14, 2011 at 12:11 AM, Mihai Anghel mihaigrim1...@gmail.com
wrote:
Hello,
It appears to me that something is strange with the socket_select function.
From what I understand the value of the fourth parameter, tv_sec,
should block the execution of the script for that number of seconds.
I tried this code :
?php
error_reporting(E_ERROR);
$serverSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$result = socket_bind($serverSocket, 127.0.0.1, 20668);
$start = time();
while(true)
{
$reads = array($serverSocket);
$writes = null;
$except = null;
$changes = socket_select($reads, $writes, $except, 5);
$now = time();
echo $now - $start;
echo \n;
}
and when I run it with php -q server3.php the ouput shows something
like 0 0 0 0 0 1 1 1 1 1 2 2 2 2 etc so the script doesn't pause on
socket_select until it returns.
Cam somebody explain me what's happening ?
It seems to me that your socket_select function is failing, maybe
because earlier code is failing. Check the return of socket_select
like this:
if ($changes === false) {
echo socket_select() failed, reason: .
socket_strerror(socket_last_error()) . \n;
}
Cheers,
Matijn
Thanks for your suggestion, I reviewed the code and I saw that I was
missing : socket_listen($serverSocket) . After adding this it worked
like expected
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about socket_select
On Wed, Dec 14, 2011 at 12:11 AM, Mihai Anghel mihaigrim1...@gmail.com wrote:
Hello,
It appears to me that something is strange with the socket_select function.
From what I understand the value of the fourth parameter, tv_sec,
should block the execution of the script for that number of seconds.
I tried this code :
?php
error_reporting(E_ERROR);
$serverSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$result = socket_bind($serverSocket, 127.0.0.1, 20668);
$start = time();
while(true)
{
$reads = array($serverSocket);
$writes = null;
$except = null;
$changes = socket_select($reads, $writes, $except, 5);
$now = time();
echo $now - $start;
echo \n;
}
and when I run it with php -q server3.php the ouput shows something
like 0 0 0 0 0 1 1 1 1 1 2 2 2 2 etc so the script doesn't pause on
socket_select until it returns.
Cam somebody explain me what's happening ?
It seems to me that your socket_select function is failing, maybe
because earlier code is failing. Check the return of socket_select
like this:
if ($changes === false) {
echo socket_select() failed, reason: .
socket_strerror(socket_last_error()) . \n;
}
Cheers,
Matijn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about performance between for iteration and extension function
On Fri, Dec 9, 2011 at 5:04 PM, Lin Yo-An cornelius.h...@gmail.com wrote: Hi folks, I am in doubt of this, I thought pure php iteration is slower than calling join or other extension functions. but the result shows: https://gist.github.com/b2a94c94ca66a55814d4 Using Pure PHP for iteration is faster than using join function. why ? because of the php runtime typecasting ? And json_encode is the most slowest. There's a bug in your first test (the php iteration). You're using $i for the inner and outer loop, meaning that the outer loop will only run once. Try this updated example: https://gist.github.com/1452696 On my box it gives(with microtime instead of your timer class): php join.php n=1000 Pure PHP iteration: 0.87661409378052 String join: 0.13562703132629 json_encode: 0.081185102462769 json_encode is the fastest one here. Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about PHP FPM and shared memory
On 11/23/2011 08:25 PM, Daniel Betz wrote: Hello list, I am trying to start PHP FPM with 2600 worker pools with ondemand processmanager. Each for one domain. The problem is now, that the php-fpm quits with: ERROR: pid 10937, fpm_shm_alloc(), line 28: unable to allocate 1040 bytes in shared memory: Cannot allocate memory: Cannot allocate memory (12) The server is 32bit :( and has 12GB of ram. I have tried to raise the SHMMAX and SHMALL settings via sysctl, but the problem isn't gone. Do you have any hints ? Thx and greetings, Daniel How much did you set it and were those changes applied? -- Nilesh Govindarajan http://nileshgr.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On 11-11-12 06:30 AM, tamouse mailing lists wrote:
I'm curious how others feel about this. When I'm creating an SQL
string, either for a non-prepared or prepared execution, I build it in
a variable and then pass the variable to the query or prepare
function. This lets me easily add something to view the SQL statement,
and also if there's an error, emit the SQL statement. Thus:
$sql = SELECT * FROM TABLE WHERE id=$id;
if ($debug) error_log($sql. from .__FILE__.' at '.__LINE__' in
'__FUNCTION__.PHP_EOL); // just an example
$rslt = $db-query($sql) or die(Could not get result from $sql:
.$db-errno.: .$db-error...PHP_EOL);
and so on...
While I am not a big fan of OOP, I do like PDO, and recommend its use.
This is a sample function I have to maintain a record based on POSTed
changes:
function updatecategory($dbh, $x) {
$sql = UPDATE gallery_category
SET category_name = :name,
category_description = :description
WHERE category_id = :id;
$catname = fieldcheck($x['catname']);
$catdescription = textfieldcheck($x['catdescription']);
$stmt = $dbh-prepare($sql);
try {
$stmt-bindParam(':name', $catname);
$stmt-bindParam(':description', $catdescription);
$stmt-bindParam(':id', $x['cid']);
$stmt-execute();
} catch (PDOException $e) {
return 'Error updating category orders: ' . $e-getMessage();
}
return Maintained category . $catname;
}
PDO is very efficient when you are looping through updates, and the
error handling is simple to code.
Using a disciplined format keeps everything readable and easy to use as
a template for additional work.
Cheers
Stephen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On Sat, 12 Nov 2011, tamouse mailing lists wrote: I'm curious how others feel about this. When I'm creating an SQL string, either for a non-prepared or prepared execution, I build it in a variable and then pass the variable to the query or prepare function. This lets me easily add something to view the SQL statement, and also if there's an error, emit the SQL statement. I do this. This means that when a user encounters an error, they can actually give you a meaningful error report which should reduce the time it takes to fix it by a considerable amount. Geoff. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On Sat, Nov 12, 2011 at 7:01 AM, Stephen stephe...@rogers.com wrote: While I am not a big fan of OOP, I do like PDO, and recommend its use. Right -- I wasn't actually inquiring about how to access a data base, merely the pactice of using a variable for the SQL -- In your example, you are doing this as well, which fits in fine with what I was enquiring about. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about losing port number
On 26 Sep 2011 at 23:45, vince chan rainma...@gmail.com wrote: I have a general question about PHP: So basically I have a link, and I want the href to be absolute., so I do 'https://' . $_SERVER['HTTP_HOST'] . '/login' ; this gives me https://127.0.0.1/login on my local; however, what i really want is https://127.0.0.1:9090/login, it is missing :9090. I also have tried to use $_SERVER['SERVER_PORT'], but $_SERVER['SERVER_PORT'] doesn't give me 9090, it gives me 80. Where does the 9090 come from? -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about directory permissions
Sure. The script runs with the permissions of whoever is running it. In general, a PHP script that's a web page in linux will run by a user called something like apache, apache2, www-user, or something similar. If you give that user permissions -- either directly or through their group, often of the same name -- to write to the directory in question, then the script will be able to write to it. For instance: on my Ubuntu 10.04 server, I want my script DW3 to be able to write to /var/www/DW3/logs. I leave ownership of everything else as it was, and do the following: $ cd /var/www/DW3 $ chgrp www-data ./logs $ chmod 770 ./logs Now members of the group www-data (at the moment only apache) can write to the directory, as can the owner, but no one else can. In reality, I could probably have set that to 660, but I don't much care about the slight added risk of using 770 in this case. (If you're confused by the numbers I used, check here: http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html) I hope that helps! -Andy On Mon, Mar 21, 2011 at 1:58 PM, Al n...@ridersite.org wrote: I understand dir perms pretty well; but, have a question I can't readily find the answer to. Under a Linux system, scripts can't write, copy, etc. to other dirs unless the perms are set for writable for the script e.g., nobody. But, is there a way a script can write or copy within its own dir? Thanks... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about directory permissions
Al wrote: I understand dir perms pretty well; but, have a question I can't readily find the answer to. Under a Linux system, scripts can't write, copy, etc. to other dirs unless the perms are set for writable for the script e.g., nobody. But, is there a way a script can write or copy within its own dir? Not unless it has permission to do so. Most likely, however, it can write to the temp space such as /tmp or /var/tmp. --Curtis
Re: [PHP] question about preventing polling for more than once
Have you checked for any cookies left by that website? Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: 肖晗 xiaohan2...@gmail.com Date: Fri, Nov 12, 2010 15:14 Subject: [PHP] question about preventing polling for more than once To: php-general@lists.php.net I noticed that some websites such as polldaddyhttp://polldaddy.com/account/home.php has fascinating poll service. And I am just curious about how it prevents user from polling the same poll for more than once. Or more accurately, I am a dynamic IP user. And I found that if I have polled once for a certain poll and after some time, I changed my IP when I got connected to the Internet again, I cannot poll the previous one for the second time. So I am confused how polldaddy http://polldaddy.com/account/home.php can figure out that I have polled even if I had changed my IP. Is there any way to achieve that? Thanks in advance.
Re: [PHP] question about preventing polling for more than once
Hello ??, Try to clean up your cookies. Maybe they set a cookie on your computer. -- With best regards from Ukraine, Andre Skype: Francophile Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion - Original message - From: ?? xiaohan2...@gmail.com To: php-general@lists.php.net php-general@lists.php.net Date: Friday, November 12, 2010, 5:14:49 PM Subject: [PHP] question about preventing polling for more than once I noticed that some websites such as polldaddyhttp://polldaddy.com/account/home.php has fascinating poll service. And I am just curious about how it prevents user from polling the same poll for more than once. Or more accurately, I am a dynamic IP user. And I found that if I have polled once for a certain poll and after some time, I changed my IP when I got connected to the Internet again, I cannot poll the previous one for the second time. So I am confused how polldaddy http://polldaddy.com/account/home.php can figure out that I have polled even if I had changed my IP. Is there any way to achieve that? Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 19:51, MikeBmpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. You must have already done something. It's working a lot better today. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Dan, Mike, I can confirm this happens all the time in thunderbird, and always has for many years now, on all PHP NNTP lists. However, the problem can be worked around simply, for some reason the timeout generally only happens with the first call to view a mailing list, after X minutes of inactivity. Thus, I simply subscribe to a few different PHP lists (like .soap .test and general) then when I open thunderbird I quickly click a list I *don't* want to see, then click on .general, .general then loads nicely as expected letting the other one timeout :) It's hardly a fix, but it works - may be worth checking if this is the case with the latest thunderbird revision and then reporting it as a bug (in either thunderbird or the mailing list software that PHP is running). Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Good to know there's a workaround. I am thinking of using one (or more) of the old VOOM boxes to mirror the news server for NNTP-only access. Sent from my DROID. Apologies if formatting is off or I'm top-posting on a list. On Sep 14, 2010 8:59 PM, Nathan Rixham nrix...@gmail.com wrote: Daniel Brown wrote: On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Dan, Mike, I can confirm this happens all the time in thunderbird, and always has for many years now, on all PHP NNTP lists. However, the problem can be worked around simply, for some reason the timeout generally only happens with the first call to view a mailing list, after X minutes of inactivity. Thus, I simply subscribe to a few different PHP lists (like .soap .test and general) then when I open thunderbird I quickly click a list I *don't* want to see, then click on .general, .general then loads nicely as expected letting the other one timeout :) It's hardly a fix, but it works - may be worth checking if this is the case with the latest thunderbird revision and then reporting it as a bug (in either thunderbird or the mailing list software that PHP is running). Best, Nathan
Re: [PHP] Question about news.php.net
On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? yes, NNTP. You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. If this persists, I'll look into the alternatives you suggest, but that's another hill to climb when all I'm trying to do is learn PHP and web and mySQL and javascrip and... :) (not complaining, just that right now I've got a lot on my plate and the scope of new things just seem to keep expanding faster than I can get a handle on it). In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Thanks, I did that. In the process I found a 2005 bug report that said nntp was deliberately throttled to discourage its use... :) As part of the bug report I included a link to an image of my nntp config. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
On Mon, Sep 13, 2010 at 19:51, MikeB mpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
On 09/13/2010 06:51 PM, MikeB wrote: Daniel Brown wrote: I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? yes, NNTP. You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. If this persists, I'll look into the alternatives you suggest, but that's another hill to climb when all I'm trying to do is learn PHP and web and mySQL and javascrip and... :) (not complaining, just that right now I've got a lot on my plate and the scope of new things just seem to keep expanding faster than I can get a handle on it). In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Thanks, I did that. In the process I found a 2005 bug report that said nntp was deliberately throttled to discourage its use... :) As part of the bug report I included a link to an image of my nntp config. I have had this problem every day for years. I can read a message and then click another one and it times out. It does this for hours at a time. Also, many times when sending a reply it times out. Just learned to live with it because I don't want mailing list mails either. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 19:51, MikeBmpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. That is much appreciated. I can understand the situation, mostly I just wanted to know that it wasn't something I'm doing wrong. ANything you can do to improve it is, of course, appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Joshua Kehn wrote:
I'm working on creating a compiled extension for some code I've written. Mostly
it's manipulating a very large multi-demensional array of values. This is some
pseudo code for the array.
// Imagine this but much much bigger
$big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' = array('4' = 3, '5' = 10'));
Currently I'm traversing this with
foreach($array as $key1 = $value)
{
foreach($value as $key2 = $value)
{
Well, I hope you are not using it this way.
The above will overwrite your $value variable set by the first foreach
Maybe you had a cut/paste error with the $value1 $value2 portion...
// Use $key1, $key2, and $value here
}
}
My question is how does this translate into the C code I will have to write?
My suggestion would be to download the source code and find a comparable
array function and see how they do it.
If anyone has a decent extension building tutorial that would be great too.
First google result for php extension tutorial
http://devzone.zend.com/article/1021
http://www.talkphp.com/vbarticles.php?do=articlearticleid=49title=creating-custom-php-extensions
http://www.php.net/~wez/extending-php.pdf
Just to list a few...
Jim
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Jim-
Yes, that was a typo. The issues was I didn't cut / paste and instead retyped
it. Should be
foreach($array as $key1 = $list)
{
foreach($list as $key2 = $value)
I will check those links out, I had the first one not the second.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
On Sep 5, 2010, at 12:32 AM, Jim Lucas wrote:
Joshua Kehn wrote:
I'm working on creating a compiled extension for some code I've written.
Mostly it's manipulating a very large multi-demensional array of values.
This is some pseudo code for the array.
// Imagine this but much much bigger
$big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' =
array('4' = 3, '5' = 10')); Currently I'm traversing this with
foreach($array as $key1 = $value)
{
foreach($value as $key2 = $value)
{
Well, I hope you are not using it this way.
The above will overwrite your $value variable set by the first foreach
Maybe you had a cut/paste error with the $value1 $value2 portion...
// Use $key1, $key2, and $value here
}
}
My question is how does this translate into the C code I will have to write?
My suggestion would be to download the source code and find a comparable
array function and see how they do it.
If anyone has a decent extension building tutorial that would be great too.
First google result for php extension tutorial
http://devzone.zend.com/article/1021
http://www.talkphp.com/vbarticles.php?do=articlearticleid=49title=creating-custom-php-extensions
http://www.php.net/~wez/extending-php.pdf
Just to list a few...
Jim
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
RE: [PHP] question about compiling a portable web server for linux
From: Ashley Sheridan On Sat, 2010-08-07 at 10:43 +0800, lainme wrote: thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? You can't compile to be architecture independent. The best you can do is convert a language to a byte-code, like java. To expand on this, just a little, once you compile an application, you have locked it in to a specific CPU, OS and versions of the requisite dynamic libraries. The compiler options and your tool set define which range of each of those it will actually run on. The only way to make something completely independent of the architecture is to distribute it in source code form. In this case, you are probably better off defining minimum versions for the web server and PHP module that is required and allow the user to install those on his own. Most distributions already have those components packaged in an easy to manage kit. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about compiling a portable web server for linux
On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] question about compiling a portable web server for linux
thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] question about compiling a portable web server for linux
On Sat, 2010-08-07 at 10:43 +0800, lainme wrote: thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk You can't compile to be architecture independent. The best you can do is convert a language to a byte-code, like java. Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Question about SQL and Graph nodel trees
-Original Message- From: Tim Gallagher [mailto:tgallag...@danati.com] Sent: Wednesday, July 21, 2010 12:49 PM To: Andrew Ballard Cc: php-general@lists.php.net Subject: RE: [PHP] Question about SQL and Graph nodel trees Thank you for the informaiton. I did see that code but it looks like it is formatted for MSSQL and was unable to get it to work for Mysql. Tim @Tim, You'll have to migrate the stored procedures (SP) from MSSQL to MySQL (aka stored programs). Each DBMS have their own way of implementing the SP. http://dev.mysql.com/doc/refman/5.1/en/stored-programs-views.html @Andrew, interesting link! Thanks! Regards, Tommy From: Andrew Ballard [aball...@gmail.com] Sent: Wednesday, July 21, 2010 11:40 AM To: Tim Gallagher Cc: php-general@lists.php.net Subject: Re: [PHP] Question about SQL and Graph nodel trees On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.a spx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about SQL and Graph nodel trees
On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.aspx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about SQL and Graph nodel trees
Thank you for the informaiton. I did see that code but it looks like it is formatted for MSSQL and was unable to get it to work for Mysql. Tim From: Andrew Ballard [aball...@gmail.com] Sent: Wednesday, July 21, 2010 11:40 AM To: Tim Gallagher Cc: php-general@lists.php.net Subject: Re: [PHP] Question about SQL and Graph nodel trees On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.aspx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about the Board
On 7/5/10, Gary[1] wrote: The last few times I have posted to the board, I recieved an email, which has the subject line of ??? ??? and is written in what appears to be greek Ukrainian or Russian I would guess, looking at the headers. Anyone else have this happen? Yes. Either some spammer harvesting addresses, or some setting up filters on his email and getting it wrong. [1] Another Gary, not this one :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about the Board
On Tue, 2010-07-06 at 11:00 +0200, Gary . wrote: On 7/5/10, Gary[1] wrote: The last few times I have posted to the board, I recieved an email, which has the subject line of ??? ??? and is written in what appears to be greek Ukrainian or Russian I would guess, looking at the headers. Anyone else have this happen? Yes. Either some spammer harvesting addresses, or some setting up filters on his email and getting it wrong. [1] Another Gary, not this one :) I have had a couple such emails, requesting me to log in somewhere in order to have my address 'validated' as non-spam, but I ignored it and nothing bad has happened to me yet! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about the Board
On 7/6/10, Ashley Sheridan wrote: I have had a couple such emails, requesting me to log in somewhere in order to have my address 'validated' as non-spam, but I ignored it and nothing bad has happened to me yet! Not yet. *hides cattle prod behind back* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about logins and locking
-Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 10:06 PM To: PHP-General List Subject: Re: [PHP] Question about logins and locking Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James Forgot 1 more thing, if you really want to be strict about security, you can set a very highly secured permanent cookie on the user's system on the first initial login. You can send them a confirmation code, that it's really who they say they are, to the email address. Then the user will need to submit that confirmation code along with the current password as part of the initial logon process. So if a hijacker or eaves dropper try to logon with your user's info on another system, a new confirmation code would be sent to your user's email address. Your user would then know their identity has be stolen. Setting this up will entail slight modification to your app and DB design but will have better overall security. Again, evaluate your needs and services ;) Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about logins and locking
On 23 June 2010 07:44, Tommy Pham tommy...@gmail.com wrote: -Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 10:06 PM To: PHP-General List Subject: Re: [PHP] Question about logins and locking Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James Forgot 1 more thing, if you really want to be strict about security, you can set a very highly secured permanent cookie on the user's system on the first initial login. You can send them a confirmation code, that it's really who they say they are, to the email address. Then the user will need to submit that confirmation code along with the current password as part of the initial logon process. So if a hijacker or eaves dropper try to logon with your user's info on another system, a new confirmation code would be sent to your user's email address. Your user would then know their identity has be stolen. Setting this up will entail slight modification to your app and DB design but will have better overall security. Again, evaluate your needs and services ;) Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php There is a project dealing with creating a secure login for a web site. It is being developed multi-lingually and across multiple languages (PHP, VB.net, etc.). Take a look at https://code.google.com/p/loginsystem-rd/ -- - Richard Quadling Standing on the shoulders of some very clever giants! EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about logins and locking
-Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 2:29 PM To: php-general@lists.php.net Subject: [PHP] Question about logins and locking Hey everyone, I have a question about logins. Let's say that I want to allow each user account to login only once at a time. I would then need some kind of locking mechanism to make sure that the same user can't login again somewhere else until first logging off. What's a good way to achieve this? I want to be able to handle situations in which the user closes their browser without first logging off, where I would want to count that as a logout. Perhaps I could do some kind of periodic polling in Javascript, combined with a query to the database that sets a value when the user logs in and when the user logs out? I'm just looking for some conceptual ideas. Thanks everyone! James James, 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about logins and locking
Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 16:51, Al n...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote: On 20 May 2010 16:51, Al n...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 21 May 2010 14:21, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. We don't know what the use case is. It's likely that HTML is a fixed requirement here. In any case, stripping the HTML from a post and leaving just the BBCode is almost as difficult as stripping out all tags except p. There are so many text encodings and weird quirks out there that I wouldn't trust any code I'd written myself to do it. HTMLPurifier is widely adopted and tested, and actively maintained. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 9:21 AM, Ashley Sheridan wrote: On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. Thanks, Ash http://www.ashleysheridan.co.uk I've used BBcode several times in the pass for this reason. But, found I was forever having to add new ones for special situations that could easily be handled with plain old HTML elements. Some of my users have a rudimentary knowledge of html so they can use it. Most just use my proxy tags e.g., a partial list:; Text Emphasis = bluefoo/blue, boldfoo/bold, greenfoo/green,... Titles and Headers = blue-titlefoo/blue-title, blue-subtitle.. Containers = container location; width; borderany content/container Lists = list*foo...*foo/list Horiz and Blank Lines, etc. = black-line, blue-line, blank-line, URL and email Links = url www.foo.comLabel/url; [w/wo http:], Images = image position width% relPathcaption/image; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
Al wrote: On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. Do you actually show them the error. That would give away your mystical powers of detection... :) -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 10:36 AM, Jim Lucas wrote: Al wrote: On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. Do you actually show them the error. That would give away your mystical powers of detection... :) Keep in mind that my users are authenticated before being allowed access. So, I'm covering the situations where my user's PW has been stolen or the hacker got past the auth. Fact is, I mainly want to prevent malicious scripts from being placed on my pages rendered as HTML. I just spent some time helping a website I designed some years ago, but have not been involved for two years, investigate a hacking. The folks maintaining the site ignored all of my recommendations for good security practices. Bottom line: 920 html and php files that generate html have a script that sends every visitor's IP and the page's URL to a website in RU. I don't know why they want this info, the site belongs to a running club. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 14:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. Here are my regex patterns. I tried finding a complete list of browser executables; but was unsuccessful, probably because I didn't use the right key words. Anyone have suggestions for additional patterns? $securityPatternsArray=array( \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. ); Rolling your own when it comes to this is a very bad idea: chances are you'll miss something even if asking a list like this. Much better to use an existing tool like htmlpurifier. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 13:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote: On 20 May 2010 13:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. I agree wth Peter and David, it's not generally a good idea to roll your own in this case, as the repercussions can be quite large if things go wrong! If you absolutely must though, don't allow any HTML at all, and use BBCode instead, which you can replace afterwards. Before entering the data into a database run it through mysql_real_escape_string(), and if you are displaying any user-entered data, run that through htmlentities() or something similar. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/20/2010 10:07 AM, Ashley Sheridan wrote: On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote: On 20 May 2010 13:53, Aln...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g.,p,b,table, etc. e.g., noembed...script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. I agree wth Peter and David, it's not generally a good idea to roll your own in this case, as the repercussions can be quite large if things go wrong! If you absolutely must though, don't allow any HTML at all, and use BBCode instead, which you can replace afterwards. Before entering the data into a database run it through mysql_real_escape_string(), and if you are displaying any user-entered data, run that through htmlentities() or something similar. Thanks, Ash http://www.ashleysheridan.co.uk I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The blacklist is sort of a backup and won't even save the entry. The user's entry has no ability to affect anything outside of the stuff within the body tags, including the css file. Thanks for the heads up about htmlpurifier. I'll take a more detailed look. I briefly looked at it earlier; but, found it was gross overkill for my needs. My objective is to not let bad stuff into my server to start with, and not to parse existing html and css files. The ha.hackers site is most interesting. I plan to work with it in detail. Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 15:52, Al n...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklisted iframe
IMG SRC=javascript:alert('XSS'); would sail straight through that list.
I can't tell from that list alone, but are your checks
case-insensitive? Because ScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS'); would sail straight through that list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually tells
hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my whitelist
tags. e.g., the two examples you cited were caught by the whitelist parser.
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a bad tag.
My users are only suppose to be entering plain text with some nice highlighting
and lists, etc. The editor will not post anything else.
Al...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 11:51 -0400, Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS'); would sail straight through that list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually
tells
hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist
tags. e.g., the two examples you cited were caught by the whitelist parser.
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a bad
tag.
My users are only suppose to be entering plain text with some nice
highlighting
and lists, etc. The editor will not post anything else.
Al...
How are you matching against your whitelist?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not what you've done. You've blacklisted the following
patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS'); would sail straight through that
list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples you cited were caught by the
whitelist parser.
What exactly does your whitelist parser do?
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a
bad tag. My users are only suppose to be entering plain text with some
nice highlighting and lists, etc. The editor will not post anything else.
But who say I have to use your editor?
Al...
--
Jim Lucas
Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them.
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not what you've done. You've blacklisted the following
patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS'); would sail straight through that
list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples you cited were caught by the
whitelist parser.
What exactly does your whitelist parser do?
It posts an error message that shows the user what the error is [e.g.,
iframe is an invalid tag. Your text cannot posted until all errors are
corrected.
Only when the submitted raw text passes the blacklist and whitelist, will the
raw text be saved and be available for on-the-fly conversion to html.
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a
bad tag. My users are only suppose to be entering plain text with some
nice highlighting and lists, etc. The editor will not post anything else.
But who say I have to use your editor?
No one says you must by my editor.
Al...
I'm methodically going thru ha.ckers tests and so far my filters have caught
everything.
I greatly appreciate everyone's help.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not what you've done. You've blacklisted the following
patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS'); would sail straight through that
list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipT would pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples you cited were caught by the
whitelist parser.
What exactly does your whitelist parser do?
It posts an error message that shows the user what the error is [e.g.,
iframe is an invalid tag. Your text cannot posted until all errors are
corrected.
Only when the submitted raw text passes the blacklist and whitelist, will the
raw text be saved and be available for on-the-fly conversion to html.
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a
bad tag. My users are only suppose to be entering plain text with some
nice highlighting and lists, etc. The editor will not post anything else.
But who say I have to use your editor?
No one says you must by my editor.
Al...
I'm methodically going thru ha.ckers tests and so far my filters have caught
everything.
I greatly appreciate everyone's help.
I think Jim meant how is your whitelist operating, not what it does to
the user. Posting a message saying that iframe tags are not allowed
sounds more like a blacklist type of behaviour.
A whitelist should consider the data sent from the user as bad, and only
allow it through if it meets certain criteria. By checking specifically
for an iframe tag and being able to warn the user specifically, you're
just using a blacklist not a whitelist.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/20/2010 12:43 PM, Ashley Sheridan wrote:
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.orgwrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not what you've done. You've blacklisted the following
patterns:
\script\x20,
\embed\x20,
\object\x20,
'language=javascript',
'type=text/javascript',
'language=vbscript\',
'type=text/vbscript',
'language=vbscript',
'type=text/tcl',
error_reporting\(0\),//Most hacks I've seen make certain they turn
of error reporting
\?php,//Here for the heck of it.
and allowed everything else. A couple of examples:
You haven't blacklistediframe
IMG SRC=javascript:alert('XSS');would sail straight through that
list.
I can't tell from that list alone, but are your checks
case-insensitive? BecauseScRipTwould pass through a case-sensitive
check.
We can go on like this all day, and at the end of it you still won't
be sure you've blacklisted everything.
The first answer at
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags
is related, also.
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples you cited were caught by the
whitelist parser.
What exactly does your whitelist parser do?
It posts an error message that shows the user what the error is [e.g.,
iframe is an invalid tag. Your text cannot posted until all errors are
corrected.
Only when the submitted raw text passes the blacklist and whitelist, will the
raw text be saved and be available for on-the-fly conversion to html.
And yes, I'm using preg_match() with the i arg.
Note, my blacklist is not looking for tags per se, just the start of a
bad tag. My users are only suppose to be entering plain text with some
nice highlighting and lists, etc. The editor will not post anything else.
But who say I have to use your editor?
No one says you must by my editor.
Al...
I'm methodically going thru ha.ckers tests and so far my filters have caught
everything.
I greatly appreciate everyone's help.
I think Jim meant how is your whitelist operating, not what it does to
the user. Posting a message saying thatiframe tags are not allowed
sounds more like a blacklist type of behaviour.
A whitelist should consider the data sent from the user as bad, and only
allow it through if it meets certain criteria. By checking specifically
for aniframe tag and being able to warn the user specifically, you're
just using a blacklist not a whitelist.
Thanks,
Ash
http://www.ashleysheridan.co.uk
No, no, it's truly a whitelist. Every tag that is not in the list is designated
as not allowed. If anyone is interested here is my whitelist. I also use these
for html validity and nesting checking, etc. Note, they are listed by html type.
img and a use are very constrained. img can only point to an image file on
the server and a is checked for syntax and even that it points to a valid URL.
//region Usable XHTML elements for user entered raw text [Only these
XHTML tags can be used]
$inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'option', 'select', 'span',
'strong',); //Note img is both empty and inline
$blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p',
'pre',);
$emptyHtmlTagsArray = array('br', 'hr', 'img',);
$listHtmlTagsArray = array('li', 'ol', 'ul');
$tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead',
'tr',);
//endregion
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
Kevin wrote: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. I tried with sqlite3_open() and it gave the same error. THEN ... 'check phpinfo()' Obviously sqlite extension is not actually loaded. You don't aey which OS ... On windows there are a list of extensions in the php.ini file, just 'uncomment' the one(s) you need ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about creating php files from a form
Kevin wrote: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. I tried with sqlite3_open() and it gave the same error. THEN ... 'check phpinfo()' Obviously sqlite extension is not actually loaded. You don't aey which OS ... On windows there are a list of extensions in the php.ini file, just 'uncomment' the one(s) you need ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php __ There is no sqlite3_open() - there is only an OOP interface for php_sqlite3. I wrote to the list in frustration about this choice not too long ago, and concluded that the only way to accomplish this is to: 1.) Use php-sqlite3 extension (not to be confused with the php_sqlite3 - dash vs underscore) - but this isn't a great solution because it would mean you would need to ask your host to enable a custom extension, which they usually don't do. If you're hosting this app on your own server, then give it a bash. 2.) Otherwise, get involved in PECL development and help give php_sqlite3 a procedural interface. Of course, if you're looking for basic database storage, then SQLite2 (php_sqlite) would work fine. Best of luck, Lawrance -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, 2010-05-13 at 23:53 -0400, Kevin wrote: Ashley Sheridan wrote: On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk Thank you Ash for the quick reply. I was actually looking at using a database too... and I am testing out a few different ones (SQLite and MySQL) I appreciate the extra information, it will be helpful in the future :-) /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. /I wanted to try a different approach by just creating the recipes in individual html files for the time being. Do happen to know how to create html files from a php form? Thank you. To create files I'd probably just use fopen() and fwrite(). It's how I always do it. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about creating php files from a form
On 14 May 2010 04:07, Kevin kevin.mailingli...@gmail.com wrote:
Hello All,
I am trying to figure out how to create files when a user submits a form ...
I have seen something about '*fopen*' , is that the direction I should be
going?
Here is what I am trying to accomplish:
I am creating a program to keep track of recipes for my wife. I have have
page set up where she can put the name of the recipe, the ingredients, and
the amounts of each ingredient.
Then she clicks Submit
I would like a html file with the name of the recipe to be created ie
*cookies.html *with a link to the cookies.html created on another page.
*
*I hope this makes sense, and thank you all for your time...
- - Kevin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If you can build the HTML in memory, then you can use ...
file_put_contents('your_file.html', $YourHtml');
--
-
Richard Quadling
Standing on the shoulders of some very clever giants!
EE : http://www.experts-exchange.com/M_248814.html
EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about creating php files from a form
From: Kevin I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. There are already a number of free applications for this. I have reviewed over a dozen of them in the past year. Drupal has a recipe module, Gourmet for Gnome users, Krecipes for KDE users. ReciPants in Perl, Qookbook, to name a few off the top of my head. Some of them will link into the USDA Nutrition Database as well. You may not need to reinvent this particular wheel. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
At 11:07 PM -0400 5/13/10, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin Kevin: Your wife is trying to make cookies? :-) Sorry, I couldn't resist. I recommend the same thing that Ash recommended, namely creating a database where your wife can enter the ingredients via a form and have those recorded in a database -- a database where one can pull the data and show the recipes in any manner you want. Don't look to saving these data as files, or as cookies, but rather as data in a database. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
Paul M Foster wrote: On Thu, May 13, 2010 at 11:53:54PM -0400, Kevin wrote: snip /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. Paul Thanks Paul, I tried with sqlite3_open() and it gave the same error. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about creating php files from a form
Ashley Sheridan wrote: On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk Thank you Ash for the quick reply. I was actually looking at using a database too... and I am testing out a few different ones (SQLite and MySQL) I appreciate the extra information, it will be helpful in the future :-) /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. /I wanted to try a different approach by just creating the recipes in individual html files for the time being. Do happen to know how to create html files from a php form? Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, May 13, 2010 at 11:53:54PM -0400, Kevin wrote: snip /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about using JSON_ENCODE()
Yup,
you put result in an array
$result = array('status' = 'good');
and return encoded string
return Json_Encode($result);
your client will get a string
'{status: good}'
and you use your client tech(eg. javascrpt) to decode this string and finall
get an object
On Fri, Jan 8, 2010 at 3:43 PM, Anthony Papillion papill...@gmail.comwrote:
I'm developing a basic webservice to compliment a mobile application I'm
developing or iPhone. While I know how to encode simple variables and
arrays, I'm not sure how to do what I'm needing to do. Basically, I want to
encode a status message to return to the mobile client. Something like
status good_request
Right now, I'm thinking I should put this in an array and encode/return
that. But is that the right way of thinking? Is there a more correct or
better way to do this?
Thanks!
Anthony
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about using JSON_ENCODE()
Thank you Ruan!
This is just what I was looking for!
Anthony
Ryan Sun ryansu...@gmail.com wrote in message
news:f7f19ac21001081308r4b202d45vedaf3561536ad...@mail.gmail.com...
Yup,
you put result in an array
$result = array('status' = 'good');
and return encoded string
return Json_Encode($result);
your client will get a string
'{status: good}'
and you use your client tech(eg. javascrpt) to decode this string and
finall
get an object
On Fri, Jan 8, 2010 at 3:43 PM, Anthony Papillion
papill...@gmail.comwrote:
I'm developing a basic webservice to compliment a mobile application I'm
developing or iPhone. While I know how to encode simple variables and
arrays, I'm not sure how to do what I'm needing to do. Basically, I want
to
encode a status message to return to the mobile client. Something like
status good_request
Right now, I'm thinking I should put this in an array and encode/return
that. But is that the right way of thinking? Is there a more correct or
better way to do this?
Thanks!
Anthony
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about includes
On Tue, Nov 24, 2009 at 6:22 AM, Al n...@ridersite.org wrote: This bothers since the current working directory is effectively where my original script resides; is it not? If so, doesn't the include Net/SMTP.php on line 206 look for the path relative to it and not in /home1/youstart/php/? When including a file with a relative path PHP starts at the beginning of the include_path and checks each directory until it finds the file or reaches the end of the list. In this case it will start with the current directory since you've got the . as the first entry in the include path. When using relative paths, it's relative to the script with the include statement. So if you have a script myscript.php that includes mail.php, that include will be relative to myscript.php. Then when you include smtp.php from mail.php, the relative path will be relative to mail.php, not myscript.php. It looks like you're using PEAR classes, but the pear directory isn't in the include path. Try adding that path to your include_path by editing your .htaccess or using ini_set(). HTH, Brady -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about includes
Brady Mitchell wrote: On Tue, Nov 24, 2009 at 6:22 AM, Al n...@ridersite.org wrote: This bothers since the current working directory is effectively where my original script resides; is it not? If so, doesn't the include Net/SMTP.php on line 206 look for the path relative to it and not in /home1/youstart/php/? When including a file with a relative path PHP starts at the beginning of the include_path and checks each directory until it finds the file or reaches the end of the list. In this case it will start with the current directory since you've got the . as the first entry in the include path. When using relative paths, it's relative to the script with the include statement. So if you have a script myscript.php that includes mail.php, that include will be relative to myscript.php. Then when you include smtp.php from mail.php, the relative path will be relative to mail.php, not myscript.php. It looks like you're using PEAR classes, but the pear directory isn't in the include path. Try adding that path to your include_path by editing your .htaccess or using ini_set(). HTH, Brady Thanks Brady. That's a clear explanation and most helpful. The PHP manual could use a better description like your's. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about smarty
I'm not sure where is the problem, but can't you just define every changing
part in your template as variables and assign them as needed from php?
If you need to change the image url, just make it a variable, like in
background:url(images/{$img})
Then you just assign the variable as needed in each file:
//template1.php
$img = 'mi_image_1.gif';
$smarty-assign( 'img', $img );
//template2.php
$img = 'mi_image_2.gif';
$smarty-assign( 'img', $img );
That way you don't need to use the {if} inside smarty and make your template
lighter.
De: Sudhakar sudhakarar...@gmail.com
Para: php-general@lists.php.net
Enviado: vie,6 noviembre, 2009 00:14
Asunto: [PHP] question about smarty
i am using smarty template engine at work place, following is the situation
i already have 1 template that has already been created example =
http://localhost/sites/template1.com this works fine
following is the folder structure i have for smarty on xampp
1. C:\xampp\htdocs\sites\template1.com where i have .htaccess index.php and
siteconf.php
2. C:\xampp\htdocs\sites\_templates\templates\template1
in the siteconf.php file there are all the major variables defined which are
accessed in other tpl file of the templates example in aboutus page,
contactus page etc of this template1
now i have created another template called template2 and this also has the
same structure
1. C:\xampp\htdocs\sites\template2.com where i have .htaccess index.php and
siteconf.php
2. C:\xampp\htdocs\sites\_templates\templates\template2
my question is the look and feel when i access
http://localhost/sites/template1.com and
http://localhost/sites/template2.com
is the same the only thing that needs to be done is for template2 when i
access http://localhost/sites/template2.com ONLY the header image should be
different compared to the header i have for
http://localhost/sites/template1.com this is the only change i need
i am not aware as to the php code i need to write so that when i access
http://localhost/sites/template2.com the header image changes and this new
header image remains for the entire pages of
http://localhost/sites/template2.com
presently in header.tpl of template1 is written as follows
{if strpos($Data.KEYWORD,rv rental) === false}
div class=header
style=background:url(images/header_{$siteData.COUNTRY3}.gif) no-repeat top
left;
{else}
div class=header
style=background:url(images/header_{$siteData.COUNTRY3}_rv.gif) no-repeat
top left;
{/if}
/div
so i need to chane the {if} {else} where i need to mention that if i am
accessing http://localhost/sites/template2.com then the header image should
be different.
any help will be greatly appreciated.
please advice.
thanks.
Re: [PHP] Question about template systems
Marcus Gnaß wrote: like with programming questions in general. Should have read my own post before sending! ;) Should be programming languages! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about template systems
Excellent, thanks for your help guys, you've been really helpful :) On 3 Mar 2009, at 10:20, Marcus Gnaß wrote: Matthew Croud wrote: Hello, First post here, I'm in the process of learning PHP , I'm digesting a few books as we speak. I'm working on a content heavy website that provides a lot of information, a template system would be great and so i've been looking at ways to create dynamic data with a static navigation system. So far, using the require_once(); function seems to fit the bill in order to bring in the same header html file on each page. I've also looked at Smartys template system. I wondered how you folk would go about creating a template system ? Smarty is a good choice, although some people might prefer other templating systems. This is kind of a religious question like with programming questions in general. But I guess that most people would advise you to use an existing templating system instead of writing one on your own. My second question might be me jumping the gun here, I haven't come across this part in my book but i'll ask about it anyway. I often see websites that have a dynamic body and static header, and their web addresses end like this: index.php?id=445 where 445 i presume is some file reference. What is this called ? It seems like the system i'm after but it doesn't appear in my book, If anyone could let me know what this page id subject is called i can do some research on the subject. Have a look at the PHP manual and be sure to bookmark it! ;) http://www.php.net/manual/en/ The ID you mentioned is a query. id=445other_id=653 would be a querystring. To retrieve data passed via this querystring you can use $_GET (http://de.php.net/manual/en/reserved.variables.get.php ). Have fun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about template systems
Hi, First post here, I'm in the process of learning PHP , I'm digesting a few books as we speak. I'm working on a content heavy website that provides a lot of information, a template system would be great and so i've been looking at ways to create dynamic data with a static navigation system. So far, using the require_once(); function seems to fit the bill in order to bring in the same header html file on each page. I've also looked at Smartys template system. If you've looked at require_once() and it fits the bill, then chances are that Smarty might be overkill slightly. I wondered how you folk would go about creating a template system ? I wouldn't (or at least, I wouldn't advise it). Use one that's already out there and save your self some (a lot of) work. My second question might be me jumping the gun here, I haven't come across this part in my book but i'll ask about it anyway. I often see websites that have a dynamic body and static header, and their web addresses end like this: index.php?id=445 where 445 i presume is some file reference. What is this called ? I don't know of the specific name, but the URL is simply passing an identifier (445) to the script (index.php). This ID could be the ID of a record in a database, which is then retrieved and shown to the user. It seems like the system i'm after but it doesn't appear in my book, If anyone could let me know what this page id subject is called i can do some research on the subject. Erm, don't know of the specific name, except that it's a GET parameter (so I guess I do...). Everything following the question mark is collectively known as the query string. You can retrieve these by examining the $_GET variable. You will aalso find some useful things, in $_SERVER. Eg: pre ?php print_r($_GET); print_r($_SERVER); ? -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.net (Updated February 28th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about template systems
Matthew Croud wrote: Hello, First post here, I'm in the process of learning PHP , I'm digesting a few books as we speak. I'm working on a content heavy website that provides a lot of information, a template system would be great and so i've been looking at ways to create dynamic data with a static navigation system. So far, using the require_once(); function seems to fit the bill in order to bring in the same header html file on each page. I've also looked at Smartys template system. I wondered how you folk would go about creating a template system ? Smarty is a good choice, although some people might prefer other templating systems. This is kind of a religious question like with programming questions in general. But I guess that most people would advise you to use an existing templating system instead of writing one on your own. My second question might be me jumping the gun here, I haven't come across this part in my book but i'll ask about it anyway. I often see websites that have a dynamic body and static header, and their web addresses end like this: index.php?id=445 where 445 i presume is some file reference. What is this called ? It seems like the system i'm after but it doesn't appear in my book, If anyone could let me know what this page id subject is called i can do some research on the subject. Have a look at the PHP manual and be sure to bookmark it! ;) http://www.php.net/manual/en/ The ID you mentioned is a query. id=445other_id=653 would be a querystring. To retrieve data passed via this querystring you can use $_GET (http://de.php.net/manual/en/reserved.variables.get.php). Have fun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about template systems
On Tue, Mar 03, 2009 at 09:01:06AM +, Matthew Croud wrote:
Hello,
First post here, I'm in the process of learning PHP , I'm digesting a
few books as we speak.
I'm working on a content heavy website that provides a lot of
information, a template system would be great and so i've been looking
at ways to create dynamic data with a static navigation system.
So far, using the require_once(); function seems to fit the bill in
order to bring in the same header html file on each page.
I've also looked at Smartys template system.
I wondered how you folk would go about creating a template system ?
Here's a simple way of doing this: Set up a full page of HTML, with the
header, footer and all that stuff. But leave the center (content) part
of the page blank. You can call what you just built a template. What
goes in the center could be called a view. In the center of the page,
put a call like this:
include($view_page);
When you go to display the page, do this:
$view_page = 'apples.php';
include('template.php');
When the template page is included, it will, in turn, the view page
(apples.php) will get included. This works well if you want the same
basic look for all the pages of your site.
Just one way to do it.
My second question might be me jumping the gun here, I haven't come
across this part in my book but i'll ask about it anyway. I often see
websites that have a dynamic body and static header, and their web
addresses end like this: index.php?id=445 where 445 i presume is
some file reference.
What is this called ? It seems like the system i'm after but it
doesn't appear in my book, If anyone could let me know what this page
id subject is called i can do some research on the subject.
Most likely, index.php is what is called a front controller (look it
up). The id=445 is a GET variable being passed to index.php. The
index.php file checks this variable and decides which page to display.
It could be a page called anything.php, but index.php knows that when
id = 445, it should display this page.
An awful lot of websites use a model-view-controller (MVC, look it up)
system using a front controller. There are tons of these about. My
personal recommendation for about the lightest weight of these is
CodeIgniter (codeigniter.com). Being lightweight also allows you to look
at its code and easily understand what it's doing and why.
Paul
--
Paul M. Foster
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about template systems
2009/3/3 Matthew Croud m...@obviousdigital.com First post here, I'm in the process of learning PHP , I'm digesting a few books as we speak. I'm working on a content heavy website that provides a lot of information, a template system would be great and so i've been looking at ways to create dynamic data with a static navigation system. So far, using the require_once(); function seems to fit the bill in order to bring in the same header html file on each page. I've also looked at Smartys template system. I wondered how you folk would go about creating a template system ? http://stut.net/blog/2008/10/28/snippet-simple-templates-with-php/ My second question might be me jumping the gun here, I haven't come across this part in my book but i'll ask about it anyway. I often see websites that have a dynamic body and static header, and their web addresses end like this: index.php?id=445 where 445 i presume is some file reference. What is this called ? It seems like the system i'm after but it doesn't appear in my book, If anyone could let me know what this page id subject is called i can do some research on the subject. This could be being handled any number of ways. 445 could refer to a row in a database, a file on disk or a number of other things. All you really need to know is that the script will take $_GET['id'], sanitise it (important!) and use it as a resource identifier in a SQL query, filename or something else. That will give the script the content to display. It would likely then include a file containing the common header HTML, output the retrieved content and then include a file containing the common footer HTML. Even at the simplest level you'd probably call this an instance of the front controller pattern (Google it), but they usually go a lot further than this. As far as templating systems go I personally don't think they add anything to the equation unless you're working with designers who are already familiar with something. Separation of logic and content is important, abstraction away from PHP is not (IMHO). -Stuart -- http://stut.net/
Re: [PHP] Question about template systems
On Tue, 3 Mar 2009 20:46:40 +, stuttle wrote: [...] As far as templating systems go I personally don't think they add anything to the equation unless you're working with designers who are already familiar with something. Separation of logic and content is important, abstraction away from PHP is not (IMHO). Yeah, I've been meaning to ask about that myself - what benefit is there in using something like Smarty, which requires learning yet another set of notation, over just having a class/interface for the page and calling methods on that in plain-old PHP from the template? --- the PHP page (e.g. index.php) --- ?php $page = new YourPageClass(); require_once 'include/template.php'; --- template.php --- html head title?php $page-showPageTitle();?/title ... ?php $page-showCustomHeaders();? /head body ... ?php $page-showMenu();? ... ?php $page-showContent();? ... /body /html --- snip For that matter, why go with Smarty over the more widely supported (across multiple languages) XSL? Maybe I'm missing something, but I don't see the point of special templating systems that require you to know yet another notation set, i.e. abstraction away from PHP as Stuart puts it. -- Ross McKay, Toronto NSW Australia Click me, drag me, treat me like an object -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about version control.. sorta..
I'll put in a +1 for Subversion. I use it and love it. I have the actual repository sitting on a linux box and usually use TortiseSVN to update, and commit to the repository. It's pretty easy to use, and was much easier to setup than I expected. I simply apt-get install svn, and then edited some Apache config files, of which the code is available with a quick google. I keep all the websites I code in the repository and even though I have 3 computers on the same network I'll sometimes commit related files on one PC, and update the local copy on another computer because it's even easier than using windows network file transfer. Plus the fact that I have a script to automatically backup the repository regularly, so once the data is in the repository I'm highly unlikely to loose it (esp as I've got local cached copies on 3 computers). Best of all? IT'S FREE! my 2c. Michael Kubler *G*rey *P*hoenix *P*roductions http://www.greyphoenix.biz TG wrote: So, for my purposes.. after trying a handful of solutions.. open source and commercial.. I think I've decided that Reliable Software's Code Co-op is what's going to work best for me. My trial is almost up, so as soon as my next paycheck comes, I think I'll be purchasing the full version for $150. For me, it's totally worth it. It stores everything in a local database, but allows collaboration if that's what you're into. Via email for the $150 version, via LAN for the $200 version. It lets me add files by type, is easy to check out files. Anyway.. if anyone's looking for an easy Windows version control system, check it out. (no, I don't work for them, just passing along the recommendation since I'm digging this software) Thanks for all the input! -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about version control.. sorta..
So, for my purposes.. after trying a handful of solutions.. open source and commercial.. I think I've decided that Reliable Software's Code Co-op is what's going to work best for me. My trial is almost up, so as soon as my next paycheck comes, I think I'll be purchasing the full version for $150. For me, it's totally worth it. It stores everything in a local database, but allows collaboration if that's what you're into. Via email for the $150 version, via LAN for the $200 version. It lets me add files by type, is easy to check out files. Anyway.. if anyone's looking for an easy Windows version control system, check it out. (no, I don't work for them, just passing along the recommendation since I'm digging this software) Thanks for all the input! -TG - Original Message - From: TG tg-...@gryffyndevelopment.com To: php-general@lists.php.net Date: Wed, 31 Dec 2008 11:40:23 -0500 Subject: [PHP] Question about version control.. sorta.. Ok.. so I know about CVS and SVN and unfortunately haven't had as much experience with them as I'd like. I've used them, but always in a really basic sense and always on systems that have already been set up. A friend recently mentioned GIT ( http://git.or.cz/ ) too. But here's my situation.. I deal with dozens of clients. I usually make a backup copy of their site (at least the files, not usually the DB) so I have the latest copy of the site to make changes to. Usually I'm the only one working on the site, but sometimes other people may make changes too. Not so often than we're conflicting with our changes, or if this is a known issue, we make sure to coordinate. What I'd ideally like to do is be able to use a CVS type system to keep incremental backups of the code. So instead of checking code out of CVS, changing it, then checking it back in... I'd like to just do a mass checkin of the whole site and have changes recorded and the ability to look at previous versions with DIFF and all that. And of course the ability to 'check out' a previous set of files by date or revision maybe. I assume you can do this with one of the major version control systems, but mostly what I see with how to use these systems involves checking code out then checking it back in. That's not really what I want to do. The other issue is that I run Windows. So if there's something nice and WinGUI, that'd be nice. Please no you should be running linux responses. I don't have anything against Linux or Mac, they're great systems. But I have my reasons for running Windows. Also, I realize this is semi-OT for a PHP list, but asking on a CVS list or a SVN list might not give me the more comprehensive/broad experience base I'm looking for. I'd like a semi-unbiased response. :) Thanks in advance! -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about version control.. sorta..
I use GIT and Subversion. Subversion is still a bit hard to use (branching etc) and not distributed but that was before i knew about GIT :-P. You have a central repository that you need to commit to and it's still quite CVS like (which is really confusing and horrible). GIT is nice and fast and also works in a distributed environment. So, it's great when you are the only one working on it or even if you have developers that don't always have broadband and want to commit to the central repository (when they are connected). It also has a windows port that is reasonably easy to install. Check out the cygwin unix on windows port library. It's great when you want the best of both worlds. Git is a package that you can select in there. I use windows at work and cygwin for all the unix stuff i want to do in windows, like perl, bash etc. It's awesome! Spending $150 on this is not really worth it i think and using a database for version control seems a bit odd. They have a database internally anyway which is optimised for the purpose and stored as files. Databases store the data as files (on disk) as well and only have the benefit that some of the data is stored partially in memory (indeces etc) and speeds up data retrieval (and i believe writing it too)... So give GIT a go. It also has a windows shell extension called 'Git Extensions'. Although you might like the GUI stuff, i think it's a lot easier to fire up a console (cmd or bash) and write git init git add . git commit -a -m your msg From then on, you just have to type: git commit -a -m your msg to make commits. There is lots of help for it on the web which you wont get with a proprietary solution. In general Open Source seems to have better support than closed source (simply because there are a lot more people who are willing to help because they want to and not because they get paid). You can create a central repository relatively easy too and push/pull your commits to your local repository ( http://toolmantim.com/articles/setting_up_a_new_remote_git_repository ). You can also use one of the many repositories out there if you don't want to take care of backups etc. BTW, what do you need incremental backups for in a versioning system? A versioning system is an incremental backup (an advanced one)! You might want to backup the whole repository to a different location but you can safely overwrite that. I think Linus Torwalds did a really good job on that :-). Hail Linus (lol). It's versioning as easy as it can get. Hope this helps someone. Regards, Tim Tim-Hinnerk Heuer http://www.ihostnz.com On Fri, Feb 6, 2009 at 3:06 PM, TG tg-...@gryffyndevelopment.com wrote: So, for my purposes.. after trying a handful of solutions.. open source and commercial.. I think I've decided that Reliable Software's Code Co-op is what's going to work best for me. My trial is almost up, so as soon as my next paycheck comes, I think I'll be purchasing the full version for $150. For me, it's totally worth it. It stores everything in a local database, but allows collaboration if that's what you're into. Via email for the $150 version, via LAN for the $200 version. It lets me add files by type, is easy to check out files. Anyway.. if anyone's looking for an easy Windows version control system, check it out. (no, I don't work for them, just passing along the recommendation since I'm digging this software) Thanks for all the input! -TG - Original Message - From: TG tg-...@gryffyndevelopment.com To: php-general@lists.php.net Date: Wed, 31 Dec 2008 11:40:23 -0500 Subject: [PHP] Question about version control.. sorta.. Ok.. so I know about CVS and SVN and unfortunately haven't had as much experience with them as I'd like. I've used them, but always in a really basic sense and always on systems that have already been set up. A friend recently mentioned GIT ( http://git.or.cz/ ) too. But here's my situation.. I deal with dozens of clients. I usually make a backup copy of their site (at least the files, not usually the DB) so I have the latest copy of the site to make changes to. Usually I'm the only one working on the site, but sometimes other people may make changes too. Not so often than we're conflicting with our changes, or if this is a known issue, we make sure to coordinate. What I'd ideally like to do is be able to use a CVS type system to keep incremental backups of the code. So instead of checking code out of CVS, changing it, then checking it back in... I'd like to just do a mass checkin of the whole site and have changes recorded and the ability to look at previous versions with DIFF and all that. And of course the ability to 'check out' a previous set of files by date or revision maybe. I assume you can do this with one of the major version control systems, but mostly what I see with how to use these systems involves checking code out then checking it back in.
Re: [PHP] Question about version control.. sorta..
My two cents, It's not bad, but you need to be aware of collisions. We set it up with a folder for each developer and it contains the main application code. The upside is that we each have our own code base so we don't affect each other when cutting new code. The downside is that we can each have the same file checked out and be working on it. The trouble comes when one deb checks in the file, as occasionally it will duplicate some lines in the code. It can lead to some funky errors. Otherwise, the only other error is the dispatcher going down and not passing the updates in. This does affect all users as the queue gets backed up until the dispatcher is turned back on. Bastien Sent from my iPod On Feb 5, 2009, at 21:06, TG tg-...@gryffyndevelopment.com wrote: So, for my purposes.. after trying a handful of solutions.. open source and commercial.. I think I've decided that Reliable Software's Code Co- op is what's going to work best for me. My trial is almost up, so as soon as my next paycheck comes, I think I'll be purchasing the full version for $150. For me, it's totally worth it. It stores everything in a local database, but allows collaboration if that's what you're into. Via email for the $150 version, via LAN for the $200 version. It lets me add files by type, is easy to check out files. Anyway.. if anyone's looking for an easy Windows version control system, check it out. (no, I don't work for them, just passing along the recommendation since I'm digging this software) Thanks for all the input! -TG - Original Message - From: TG tg-...@gryffyndevelopment.com To: php-general@lists.php.net Date: Wed, 31 Dec 2008 11:40:23 -0500 Subject: [PHP] Question about version control.. sorta.. Ok.. so I know about CVS and SVN and unfortunately haven't had as much experience with them as I'd like. I've used them, but always in a really basic sense and always on systems that have already been set up. A friend recently mentioned GIT ( http://git.or.cz/ ) too. But here's my situation.. I deal with dozens of clients. I usually make a backup copy of their site (at least the files, not usually the DB) so I have the latest copy of the site to make changes to. Usually I'm the only one working on the site, but sometimes other people may make changes too. Not so often than we're conflicting with our changes, or if this is a known issue, we make sure to coordinate. What I'd ideally like to do is be able to use a CVS type system to keep incremental backups of the code. So instead of checking code out of CVS, changing it, then checking it back in... I'd like to just do a mass checkin of the whole site and have changes recorded and the ability to look at previous versions with DIFF and all that. And of course the ability to 'check out' a previous set of files by date or revision maybe. I assume you can do this with one of the major version control systems, but mostly what I see with how to use these systems involves checking code out then checking it back in. That's not really what I want to do. The other issue is that I run Windows. So if there's something nice and WinGUI, that'd be nice. Please no you should be running linux responses. I don't have anything against Linux or Mac, they're great systems. But I have my reasons for running Windows. Also, I realize this is semi-OT for a PHP list, but asking on a CVS list or a SVN list might not give me the more comprehensive/broad experience base I'm looking for. I'd like a semi-unbiased response. :) Thanks in advance! -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
