From nyphp at websapp.com  Fri Aug  1 08:03:15 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Fri, 1 Aug 2003 08:03:15 -0400
Subject: [nycphp-talk] RE: [nycphp-dev] SESSIONS & COOKIES
In-Reply-To: <001c01c3580c$a9613dc0$c801a8c0@dj>
Message-ID: <KHEIIHMNNIFIGCMGGFDJKEKEKJAA.nyphp@websapp.com>

If your session is dependent on the status of a cookie, you need to set your
cookie to expire when the browser is closed (i.e. ccokie lifetime = 0). You
can put a timestamp in the session and manualy kill the session if it was
created more than 20 minutes ago.

--Daniel

 -----Original Message-----
From: dev-bounces at lists.nyphp.org [mailto:dev-bounces at lists.nyphp.org]On
Behalf Of Donald J. Organ IV
Sent: Friday, August 01, 2003 5:10 AM
To: talk at lists.nyphp.org; NYPHP Development
Subject: [nycphp-dev] SESSIONS & COOKIES


  Does anyone know of a way to not only have the session expire when the
cookies do when also when the browser closes, right now I am using:
session_set_cookie_params( 1200,"/","dorgan.serveftp.net");

  Now I know that, will make the session expire after 20 minutes but how do
I have the session expire not only after 20 minutes but when the browser is
closed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030801/e5a65130/attachment.html>

From shiflett at php.net  Fri Aug  1 10:38:48 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 1 Aug 2003 07:38:48 -0700 (PDT)
Subject: [nycphp-talk] Re: [nycphp-dev] SESSIONS & COOKIES
In-Reply-To: <001c01c3580c$a9613dc0$c801a8c0@dj>
Message-ID: <20030801143848.62659.qmail@web14310.mail.yahoo.com>

--- "Donald J. Organ IV" <dorgan at optonline.net> wrote:
> Does anyone know of a way to not only have the session expire when the
> cookies do when also when the browser closes

I'm sure there are creative ways of having a cookie expiration date *and*
terminate the session when the browser closes, but it's much simpler to just
have the cookie expire when the browser closes (by putting no expiration date).
Does this help, or do you really need both?

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From wfan at encogent.com  Fri Aug  1 13:26:00 2003
From: wfan at encogent.com (Wellington Fan)
Date: Fri, 1 Aug 2003 13:26:00 -0400
Subject: [nycphp-talk] Multi part related emails
In-Reply-To: <20030801143848.62659.qmail@web14310.mail.yahoo.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHECELBEAAA.wfan@encogent.com>

Hello all!

I'm wondering if anyone has experience with multipart-related html emails.

I'd like to send out an html email with embedded images, that do NOT reference
an external img src, but rather another "part" of the email.

For eaxample, the first part is the html code, which references an image
thusly (it's quoted-printable):
*************************************************
<IMG src=3D"file:email2.gif">
*************************************************

as a second part, the image is encoded:
*************************************************
------=_NextPart_000_0000_01C35826.C5C0BC10
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-Location: file:email2.gif

R0lGODlh8wF3AdUAAP///wAAAP8B/wAA/wD/AP8AAAH///7/AKWlpUNDQzHDw39/f/+5uf96eqam
<snip>
*************************************************

My questions are:
1. Does anyone know how well supported across email clients
"multipart-related" emails are?

2. Does anyone know of a freely available script for authoring these?

Thanks all!

--
WF



From mjdewitt at alexcommgrp.com  Fri Aug  1 13:39:34 2003
From: mjdewitt at alexcommgrp.com (DeWitt, Michael)
Date: Fri, 1 Aug 2003 13:39:34 -0400 
Subject: [nycphp-talk] Multi part related emails
Message-ID: <BCF799A6B63DD411985D00805F9F903390B67E@mail.alexcommgrp.com>

I had this same need and found this bit of code on the web which I modified
a bit to suit my need.  I can't remember where I got it, and I would like to
give credit back to the original author, but they didn't put anything into
the comments.

The function should send any kind of file as part of a multi-part email.  I
used it for a gif.  In testing it, it seemed to work fine.  In terms of
compatibility, I did find that one webmail client (IMP) didn't handle the
attachment correctly, but forwarding it to another mail client from IMP was
fine.  Outlook 97 handles it fine.

Hope this helps.

Mike

Here it is.

<?php 
// Read POST request params into global vars 

function mail_attachment
($to,$from,$subject,$message,$file_location,$filename) {

/*
if you want to play with the function, just uncomment what you want from
this section and shove some values in.

$to      = $_POST['to']; 
$from    = $_POST['from']; 
$subject = $_POST['subject']; 
$message = $_POST['message'];

$to="someone at somewhere.com";
$subject="test attachment";
$message="this is just a test.";
$file_location="/www/yourserver/somewhere/";
$filename="yourfile.gif";
*/


//File uploads in PHP 4.1 are placed in a special $_FILES array, so we fetch
the values we need out of it:

// Obtain file upload vars 
$fileatt      = $_FILES['fileatt']['tmp_name']; 
$fileatt_type = $_FILES['fileatt']['type']; 
$fileatt_name = $_FILES['fileatt']['name'];

//For the sake of brevity, we'll assume that the required parameters ($to
and $from) now have valid values (email addresses) in them. Normally we
would check their format with regular expressions.

//Next, we use the $from value to begin building the extra headers for the
email:

$headers = "From: $from";

//Next we check the $fileatt variable, which may or may not contain the path
and filename to an uploaded file attachment. We use PHP's is_uploaded_file
function to find out:

if (file_exists($file_location.$filename)) { 
 // Read the file to be attached ('rb' = read binary) 
 $file = fopen($file_location.$filename,'rb'); 
 $data = fread($file,filesize($file_location.$filename)); 
 fclose($file);

//Having read in the data for the file attachment, we need to set up the
message headers to send a multipart/mixed message:

 // Generate a boundary string 
 $semi_rand = md5(time()); 
 $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; 
  
 // Add the headers for a file attachment 
 $headers .= "\nMIME-Version: 1.0\n" . 
             "Content-Type: multipart/mixed;\n" . 
             " boundary=\"{$mime_boundary}\"";

//Now for the message body itself. This works just as we saw for the text
part of a mixed message in the previous section:

 // Add a multipart boundary above the plain message 
 $message = "This is a multi-part message in MIME format.\n\n" . 
            "--{$mime_boundary}\n" . 
            "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . 
            "Content-Transfer-Encoding: 7bit\n\n" . 
            $message . "\n\n";

//Now, to allow for binary file types, we need to use Base64 encoding to
convert the (possibly binary) file attachment data to a text-only format
suitable for sending by email. All email programs in popular use support
Base64 encoding of file attachments, so this is the best way to go.
Fortunately, PHP provides a function for Base64 encoding:

 // Base64 encode the file data 
 $data = chunk_split(base64_encode($data));

//We now have everything we need to write the portion of the message that
contains the file attachment. Here's the code:

 // Add file attachment to the message 
 $message .= "--{$mime_boundary}\n" . 
             "Content-Type: {$fileatt_type};\n" . 
             " name=\"{$filename}\"\n" . 
             "Content-Disposition: attachment;\n" . 
             " filename=\"{$filename}\"\n" . 
             "Content-Transfer-Encoding: base64\n\n" . 
             $data . "\n\n" . 
             "--{$mime_boundary}--\n"; 
}

//That completes the modifications necessary to accommodate a file
attachment. We can now send the message with a quick call to mail:

// Send the message 
$ok = @mail($to, $subject, $message, $headers); 
/*if ($ok) { 
 echo "<p>Mail sent! Yay PHP!</p>"; 
} else { 
 echo "<p>Mail could not be sent. Sorry!</p>"; 
} 
*/
return $ok;
} //end of function
?>
 


> Hello all!
> 
> I'm wondering if anyone has experience with multipart-related html emails.
> 
> I'd like to send out an html email with embedded images, that do NOT
> reference
> an external img src, but rather another "part" of the email.
> 
> For eaxample, the first part is the html code, which references an image
> thusly (it's quoted-printable):
> *************************************************
>                              
> *************************************************
> 
> as a second part, the image is encoded:
> *************************************************
> ------=_NextPart_000_0000_01C35826.C5C0BC10
> Content-Type: image/gif
> Content-Transfer-Encoding: base64
> Content-Location: file:email2.gif
> 
> R0lGODlh8wF3AdUAAP///wAAAP8B/wAA/wD/AP8AAAH///7/AKWlpUNDQzHDw39/f/+5uf96eq
> am
> <snip>
> *************************************************
> 
> My questions are:
> 1. Does anyone know how well supported across email clients
> "multipart-related" emails are?
> 
> 2. Does anyone know of a freely available script for authoring these?
> 
> Thanks all!
> 
> --
> WF
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk


From bpang at bpang.com  Fri Aug  1 14:01:54 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 01 Aug 2003 14:01:54 -0400
Subject: [nycphp-talk] Multi part related emails
Message-ID: <E19ieDy-0000xW-2T@rslrs1-server.com>

This looks similar enough to one that I worked up... although mine seems
to have some unknown problem with Lotus Notes (1 client uses that so I
had to go with a PERL module solution for their site instead).

However, I found that the chunk_split() would insert a literal space
every chucklen (default of 76) which was totally screwing everything up.

So I just nixed the chunk_split() and it worked ok, except for Lotus
Notes.. but who cares about that ;)



> I had this same need and found this bit of code on the web which I
modified
> a bit to suit my need.  I can't remember where I got it, and I would
like to
> give credit back to the original author, but they didn't put anything into
> the comments.
> 
> The function should send any kind of file as part of a multi-part
email.  I
> used it for a gif.  In testing it, it seemed to work fine.  In terms of
> compatibility, I did find that one webmail client (IMP) didn't handle the
> attachment correctly, but forwarding it to another mail client from
IMP was
> fine.  Outlook 97 handles it fine.
> 
> Hope this helps.
> 
> Mike
> 
> Here it is.
> 
> <?php 
> // Read POST request params into global vars 
> 
> function mail_attachment
> ($to,$from,$subject,$message,$file_location,$filename) {
> 
> /*
> if you want to play with the function, just uncomment what you want from
> this section and shove some values in.
> 
> $to      = $_POST['to']; 
> $from    = $_POST['from']; 
> $subject = $_POST['subject']; 
> $message = $_POST['message'];
> 
> $to="someone at somewhere.com";
> $subject="test attachment";
> $message="this is just a test.";
> $file_location="/www/yourserver/somewhere/";
> $filename="yourfile.gif";
> */
> 
> 
> //File uploads in PHP 4.1 are placed in a special $_FILES array, so we
fetch
> the values we need out of it:
> 
> // Obtain file upload vars 
> $fileatt      = $_FILES['fileatt']['tmp_name']; 
> $fileatt_type = $_FILES['fileatt']['type']; 
> $fileatt_name = $_FILES['fileatt']['name'];
> 
> //For the sake of brevity, we'll assume that the required parameters ($to
> and $from) now have valid values (email addresses) in them. Normally we
> would check their format with regular expressions.
> 
> //Next, we use the $from value to begin building the extra headers for the
> email:
> 
> $headers = "From: $from";
> 
> //Next we check the $fileatt variable, which may or may not contain
the path
> and filename to an uploaded file attachment. We use PHP's is_uploaded_file
> function to find out:
> 
> if (file_exists($file_location.$filename)) { 
>  // Read the file to be attached ('rb' = read binary) 
>  $file = fopen($file_location.$filename,'rb'); 
>  $data = fread($file,filesize($file_location.$filename)); 
>  fclose($file);
> 
> //Having read in the data for the file attachment, we need to set up the
> message headers to send a multipart/mixed message:
> 
>  // Generate a boundary string 
>  $semi_rand = md5(time()); 
>  $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; 
>   
>  // Add the headers for a file attachment 
>  $headers .= "\nMIME-Version: 1.0\n" . 
>              "Content-Type: multipart/mixed;\n" . 
>              " boundary=\"{$mime_boundary}\"";
> 
> //Now for the message body itself. This works just as we saw for the text
> part of a mixed message in the previous section:
> 
>  // Add a multipart boundary above the plain message 
>  $message = "This is a multi-part message in MIME format.\n\n" . 
>             "--{$mime_boundary}\n" . 
>             "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . 
>             "Content-Transfer-Encoding: 7bit\n\n" . 
>             $message . "\n\n";
> 
> //Now, to allow for binary file types, we need to use Base64 encoding to
> convert the (possibly binary) file attachment data to a text-only format
> suitable for sending by email. All email programs in popular use support
> Base64 encoding of file attachments, so this is the best way to go.
> Fortunately, PHP provides a function for Base64 encoding:
> 
>  // Base64 encode the file data 
>  $data = chunk_split(base64_encode($data));
> 
> //We now have everything we need to write the portion of the message that
> contains the file attachment. Here's the code:
> 
>  // Add file attachment to the message 
>  $message .= "--{$mime_boundary}\n" . 
>              "Content-Type: {$fileatt_type};\n" . 
>              " name=\"{$filename}\"\n" . 
>              "Content-Disposition: attachment;\n" . 
>              " filename=\"{$filename}\"\n" . 
>              "Content-Transfer-Encoding: base64\n\n" . 
>              $data . "\n\n" . 
>              "--{$mime_boundary}--\n"; 
> }
> 
> //That completes the modifications necessary to accommodate a file
> attachment. We can now send the message with a quick call to mail:
> 
> // Send the message 
> $ok = @mail($to, $subject, $message, $headers); 
> /*if ($ok) { 
>  echo "<p>Mail sent! Yay PHP!</p>"; 
> } else { 
>  echo "<p>Mail could not be sent. Sorry!</p>"; 
> } 
> */
> return $ok;
> } //end of function
> ?>
>  
> 
> 
> > Hello all!
> > 
> > I'm wondering if anyone has experience with multipart-related html
emails.
> > 
> > I'd like to send out an html email with embedded images, that do NOT
> > reference
> > an external img src, but rather another "part" of the email.
> > 
> > For eaxample, the first part is the html code, which references an image
> > thusly (it's quoted-printable):
> > *************************************************
> >                              
> > *************************************************
> > 
> > as a second part, the image is encoded:
> > *************************************************
> > ------=_NextPart_000_0000_01C35826.C5C0BC10
> > Content-Type: image/gif
> > Content-Transfer-Encoding: base64
> > Content-Location: file:email2.gif
> > 
> >
R0lGODlh8wF3AdUAAP///wAAAP8B/wAA/wD/AP8AAAH///7/AKWlpUNDQzHDw39/f/+5uf96eq
> > am
> > <snip>
> > *************************************************
> > 
> > My questions are:
> > 1. Does anyone know how well supported across email clients
> > "multipart-related" emails are?
> > 
> > 2. Does anyone know of a freely available script for authoring these?
> > 
> > Thanks all!
> > 
> > --
> > WF
> > 
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From bpang at bpang.com  Fri Aug  1 14:03:27 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 01 Aug 2003 14:03:27 -0400
Subject: [nycphp-talk] eating cookies in IE on XP?
Message-ID: <E19ieFT-00018R-9U@rslrs1-server.com>

Does anyone know of an issue with (php) cookies in IE on XP (at least I
think it's XP, it's not my machine, it's a remote client's) where if the
cookie's expiration is set to sometime in the past it is still somehow
returns true for
isset($_COOKIE['foo']);

It doesn't happen to me with Mozilla/Linux and I don'to have an XP box
to test with.

I'm guessing that I if I have to, changing the value of the cookie to a
string I can check, like $_COOKIE['foo'] = "EXPIRE", will be a
reasonable workaround.

Thanks....












From wfan at encogent.com  Fri Aug  1 14:23:06 2003
From: wfan at encogent.com (Wellington Fan)
Date: Fri, 1 Aug 2003 14:23:06 -0400
Subject: [nycphp-talk] Multi part related emails
In-Reply-To: <BCF799A6B63DD411985D00805F9F903390B67E@mail.alexcommgrp.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHEEELEEAAA.wfan@encogent.com>

Mike,

Thanks very much! Just after I sent my message to the list I found a great
script for sending complex emails called PHPMailer
<http://phpmailer.sourceforge.net/>

Below is the code that I used to send an HTML email with an embedded image.
Note the src value of the image -- it uses a "protocol" called "cid:" which I
must investigate. Seems like that must refer to another "part" in the
multipart message....

********************************************

<?php
require("class.phpmailer.php");
$mail = new PHPMailer();
$mail->From     = "sender at mydomain.com";
$mail->FromName = "Sample Name";
$mail->Host     = "smtp.mydomain.com";
$mail->Mailer   = "smtp";
$mail->IsHTML(true);
$mail->AddEmbeddedImage("foo.gif", "my-attach", "foo.gif");
$mail->Body = 'Embedded Image: <img alt="PHPMailer" src="cid:my-attach"> Here
is an image!';

$mail->AddAddress("recipient at example.com");
if(!$mail->Send()){
   echo "Message was not sent";
   echo "Mailer Error: " . $mail->ErrorInfo;
}else{
   echo "Message has been sent";
}
?>

-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of DeWitt, Michael
Sent: Friday, August 01, 2003 1:40 PM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Multi part related emails


I had this same need and found this bit of code on the web which I modified
a bit to suit my need...
<snip>



From shiflett at php.net  Fri Aug  1 14:28:28 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 1 Aug 2003 11:28:28 -0700 (PDT)
Subject: [nycphp-talk] eating cookies in IE on XP?
In-Reply-To: <E19ieFT-00018R-9U@rslrs1-server.com>
Message-ID: <20030801182828.96062.qmail@web14310.mail.yahoo.com>

--- Brian Pang <bpang at bpang.com> wrote:
> Does anyone know of an issue with (php) cookies in IE on XP
> (at least I think it's XP, it's not my machine, it's a remote
> client's) where if the cookie's expiration is set to sometime
> in the past it is still somehow returns true for
> isset($_COOKIE['foo']);

Do you understand how cookies work? If you answer yes, then I can skip a whole
bunch of questions. :-)

If not, at what point after "setting" the cookie's expiration date to an
expired date are you checking for its existance?

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From wfan at encogent.com  Fri Aug  1 14:29:28 2003
From: wfan at encogent.com (Wellington Fan)
Date: Fri, 1 Aug 2003 14:29:28 -0400
Subject: [nycphp-talk] Multi part related emails
In-Reply-To: <NGBBIDLNCJJKIBJPNEHEEELEEAAA.wfan@encogent.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHEOELEEAAA.wfan@encogent.com>

For the interested parties, the cid: (and mid:) URL schemes are specified
here:

http://www.ietf.org/rfc/rfc2111.txt


Enjoy!

--
WF



From bpang at bpang.com  Fri Aug  1 14:31:44 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 01 Aug 2003 14:31:44 -0400
Subject: [nycphp-talk] eating cookies in IE on XP?
Message-ID: <E19iegq-0003lA-Qw@rslrs1-server.com>

yes, I understand how cookies work... I assume you are asking if I know
that the changes won't take effect until the next page load.

I'm checking on subsequent pages after changing the expiration... 


> --- Brian Pang <bpang at bpang.com> wrote:
> > Does anyone know of an issue with (php) cookies in IE on XP
> > (at least I think it's XP, it's not my machine, it's a remote
> > client's) where if the cookie's expiration is set to sometime
> > in the past it is still somehow returns true for
> > isset($_COOKIE['foo']);
> 
> Do you understand how cookies work? If you answer yes, then I can skip
a whole
> bunch of questions. :-)
> 
> If not, at what point after "setting" the cookie's expiration date to an
> expired date are you checking for its existance?
> 
> Chris
> 
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From bpang at bpang.com  Fri Aug  1 14:34:19 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 01 Aug 2003 14:34:19 -0400
Subject: [nycphp-talk] eating cookies in IE on XP?
Message-ID: <E19iejL-0003yX-AF@rslrs1-server.com>

yes, I understand how cookies work... I assume you are asking if I know
that the changes won't take effect until the next page load.

I'm checking on subsequent pages after changing the expiration... 


> --- Brian Pang <bpang at bpang.com> wrote:
> > Does anyone know of an issue with (php) cookies in IE on XP
> > (at least I think it's XP, it's not my machine, it's a remote
> > client's) where if the cookie's expiration is set to sometime
> > in the past it is still somehow returns true for
> > isset($_COOKIE['foo']);
> 
> Do you understand how cookies work? If you answer yes, then I can skip
a whole
> bunch of questions. :-)
> 
> If not, at what point after "setting" the cookie's expiration date to an
> expired date are you checking for its existance?
> 
> Chris
> 
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 











From shiflett at php.net  Fri Aug  1 14:46:58 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 1 Aug 2003 11:46:58 -0700 (PDT)
Subject: [nycphp-talk] eating cookies in IE on XP?
In-Reply-To: <E19iejL-0003yX-AF@rslrs1-server.com>
Message-ID: <20030801184658.80874.qmail@web14305.mail.yahoo.com>

--- Brian Pang <bpang at bpang.com> wrote:
> yes, I understand how cookies work... I assume you are asking
> if I know that the changes won't take effect until the next page
> load.

Well, that and a dozen other questions, yes. I didn't want to offend you by
asking a bunch of questions that were not the least bit helpful or insulted
your intelligence. I'm just trying to gauge the question.

Given that, there are a few methods of getting a closer look into what is going
on. If you have ethereal, tcpdump, or something like that, you can snoop the
HTTP transaction(s) in question. Because "setting" a cookie really just means
that you send a Set-Cookie response header in your HTTP response, it is
possible that you are actually setting a different cookie that is immediately
expired rather than modifying the existing cookie. The browser determines
whether the cookie identified in the Set-Cookie header is a new cookie or the
same old one, so that might account for some slight differences with regard to
different browsers, platforms, etc.

Another thing that would be helpful to do would be to examine the cookie store
of the browser. Instead of trying to expire the cookie, change the date you are
sending to be in the future (rather than the past - use the same exact code
otherwise). If the browser is in fact updating the existing cookie like you
want, you should be able to observe the change in expiration. Otherwise, there
should be an additional cookie created (which you wouldn't notice if it was
immediately expired), and you'll know that some of the cookie restrictions
aren't matching up, so the browser considers it a new cookie.

Those are some ideas. Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From ttoomey at ydnt.com  Fri Aug  1 15:34:05 2003
From: ttoomey at ydnt.com (Tim Toomey)
Date: Fri, 1 Aug 2003 14:34:05 -0500
Subject: [nycphp-talk] automatically parse breaks
Message-ID: <000c01c35863$e1fe4590$7600a8c0@timmerslaptop>

I want to make it so that people here at the company can edit info on our website, and i want to make it so that if they hit the return key within a text field, a new line will be parsed. So that instead of having to learn how to use <br> and html they will just hit the <return> key and php will know to make a new line.

Does anyone know the code for this?

-timmy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030801/15d21027/attachment.html>

From shiflett at php.net  Fri Aug  1 15:37:16 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 1 Aug 2003 12:37:16 -0700 (PDT)
Subject: [nycphp-talk] automatically parse breaks
In-Reply-To: <000c01c35863$e1fe4590$7600a8c0@timmerslaptop>
Message-ID: <20030801193716.4938.qmail@web14310.mail.yahoo.com>

--- Tim Toomey <ttoomey at ydnt.com> wrote:
> I want to make it so that people here at the company can edit
> info on our website, and i want to make it so that if they hit
> the return key within a text field, a new line will be parsed.

http://labs.google.com/glossary?q=parse&btnG=Google+Glossary+Search

http://www.php.net/nl2br

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From dorgan at optonline.net  Fri Aug  1 17:04:33 2003
From: dorgan at optonline.net (Donald J. Organ IV)
Date: Fri, 01 Aug 2003 17:04:33 -0400
Subject: [nycphp-talk] automatically parse breaks
References: <000c01c35863$e1fe4590$7600a8c0@timmerslaptop>
Message-ID: <001d01c35870$82759030$c801a8c0@dj>

when displaying the information on the site use nl2br();  and then when editing the information in a text box or text area use nl2br() and then htmlspecialchars();
  ----- Original Message ----- 
  From: Tim Toomey 
  To: talk at lists.nyphp.org 
  Sent: Friday, August 01, 2003 3:34 PM
  Subject: [nycphp-talk] automatically parse breaks


  I want to make it so that people here at the company can edit info on our website, and i want to make it so that if they hit the return key within a text field, a new line will be parsed. So that instead of having to learn how to use <br> and html they will just hit the <return> key and php will know to make a new line.

  Does anyone know the code for this?

  -timmy


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030801/28e01f94/attachment.html>

From soazine at erols.com  Fri Aug  1 23:23:35 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 1 Aug 2003 23:23:35 -0400
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
References: <000c01c35863$e1fe4590$7600a8c0@timmerslaptop>
	<001d01c35870$82759030$c801a8c0@dj>
Message-ID: <00be01c358a5$755b9450$67a76244@philofsoa>

// PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
  header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
  header("Cache-Control: post-check=0, pre-check=0", false);
  header("Pragma: no-cache");                          // HTTP/1.0

I am using the following commands to force the PHP script to not cache; however, it still does cache.  Browser settings were checked and corrected; yet it still caches.

Suggestions?

Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030801/aab6e6bf/attachment.html>

From pat at vote.com  Fri Aug  1 23:41:26 2003
From: pat at vote.com (Patrick Hunt)
Date: Fri, 01 Aug 2003 23:41:26 -0400
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <00be01c358a5$755b9450$67a76244@philofsoa>
Message-ID: <20030802034018.5A6DAA85EA@virtu.nyphp.org>

Phil,
I've had EXTREMELY mixed results with the 'replace' parameter of
the header function, so I suspect it's broken in some versions of
PHP. I've had good results with combining all the Cache-Control
directives into one call to header(). I'd also add 'private' to the
list of Cache-Control params.


--Original Message Text---
From: Phil Powell
Date: Fri, 1 Aug 2003 23:23:35 -0400

// PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in
the past
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); //
always modified
  header("Cache-Control: no-store, no-cache, must-revalidate");  //
HTTP/1.1
  header("Cache-Control: post-check=0, pre-check=0", false);
  header("Pragma: no-cache");                          // HTTP/1.0 
 
I am using the following commands to force the PHP script to not
cache; however, it still does cache.  Browser settings were checked
and corrected; yet it still caches. 
 
Suggestions? 
 
Phil 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030801/f746fb9a/attachment.html>

From shiflett at php.net  Sat Aug  2 01:01:07 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 1 Aug 2003 22:01:07 -0700 (PDT)
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <20030802034018.5A6DAA85EA@virtu.nyphp.org>
Message-ID: <20030802050107.81242.qmail@web14307.mail.yahoo.com>

--- Patrick Hunt <pat at vote.com> wrote:
> I've had EXTREMELY mixed results with the 'replace' parameter of
> the header function, so I suspect it's broken in some versions of
> PHP. I've had good results with combining all the Cache-Control
> directives into one call to header().

I was going to make the same suggestion.

> I'd also add 'private' to the list of Cache-Control params.

Actually, "no-store" is the most extreme anti-caching directive for the
Cache-Control header, so it alone should suffice. I've always coupled it with
"no-cache" just in case some browsers misinterpret one or the other (which some
do).

Try just those two first - no sense in beating a dead horse. :-) Throw in the
"Pragma: no-cache" to prevent caching from HTTP/1.0 agents that don't
understand Cache-Control.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From chendry at nyc.rr.com  Sat Aug  2 02:58:48 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Sat, 2 Aug 2003 02:58:48 -0400
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <20030802050107.81242.qmail@web14307.mail.yahoo.com>
Message-ID: <JMEHLOIOFHBEJDCDJNLOOEKBDEAA.chendry@nyc.rr.com>

I may have a beer or two in me, but isn't cacheing a client (or proxy) side
thing, thus independent of PHP?

I've heard/seen some not so pleasant cacheing stuff from IE, whereas Mozilla
seems to respond to cache-control quite well.

Correct me, please, if I'm off base here.

C

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Chris Shiflett
-> Sent: Saturday, August 02, 2003 1:01 AM
-> To: NYPHP Talk; Phil Powell
-> Subject: Re: [nycphp-talk] PHP pages cache in spite of header() - ideas?
->
->
-> --- Patrick Hunt <pat at vote.com> wrote:
-> > I've had EXTREMELY mixed results with the 'replace' parameter of
-> > the header function, so I suspect it's broken in some versions of
-> > PHP. I've had good results with combining all the Cache-Control
-> > directives into one call to header().
->
-> I was going to make the same suggestion.
->
-> > I'd also add 'private' to the list of Cache-Control params.
->
-> Actually, "no-store" is the most extreme anti-caching directive for the
-> Cache-Control header, so it alone should suffice. I've always
-> coupled it with
-> "no-cache" just in case some browsers misinterpret one or the
-> other (which some
-> do).
->
-> Try just those two first - no sense in beating a dead horse. :-)
-> Throw in the
-> "Pragma: no-cache" to prevent caching from HTTP/1.0 agents that don't
-> understand Cache-Control.
->
-> Chris
->
-> =====
-> Become a better Web developer with the HTTP Developer's Handbook
-> http://httphandbook.org/
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk
->




From wfan at encogent.com  Sat Aug  2 10:16:51 2003
From: wfan at encogent.com (Wellington Fan)
Date: Sat, 2 Aug 2003 10:16:51 -0400
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <JMEHLOIOFHBEJDCDJNLOOEKBDEAA.chendry@nyc.rr.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHEIELLEAAA.wfan@encogent.com>

There are other kinds of caching besides browser (client-side) caching.

This: http://www.mnot.net/cache_docs/#KINDS is an  excellent article about all
kinds of caching.

--
Wellington


-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Christopher Hendry
Sent: Saturday, August 02, 2003 2:59 AM
To: NYPHP Talk
Subject: RE: [nycphp-talk] PHP pages cache in spite of header() - ideas?


I may have a beer or two in me, but isn't cacheing a client (or proxy) side
thing, thus independent of PHP?



From chendry at nyc.rr.com  Sat Aug  2 10:59:09 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Sat, 2 Aug 2003 10:59:09 -0400
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <NGBBIDLNCJJKIBJPNEHEIELLEAAA.wfan@encogent.com>
Message-ID: <JMEHLOIOFHBEJDCDJNLOCEKMDEAA.chendry@nyc.rr.com>

thanks Wellington - 

I should know better than to drunk email the list  :)

C

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Wellington Fan
-> Sent: Saturday, August 02, 2003 10:17 AM
-> To: NYPHP Talk
-> Subject: RE: [nycphp-talk] PHP pages cache in spite of header() - ideas?
-> 
-> 
-> There are other kinds of caching besides browser (client-side) caching.
-> 
-> This: http://www.mnot.net/cache_docs/#KINDS is an  excellent 
-> article about all
-> kinds of caching.
-> 
-> --
-> Wellington
-> 
-> 
-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Christopher Hendry
-> Sent: Saturday, August 02, 2003 2:59 AM
-> To: NYPHP Talk
-> Subject: RE: [nycphp-talk] PHP pages cache in spite of header() - ideas?
-> 
-> 
-> I may have a beer or two in me, but isn't cacheing a client (or 
-> proxy) side
-> thing, thus independent of PHP?
-> 
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk
-> 



From shiflett at php.net  Sat Aug  2 12:56:04 2003
From: shiflett at php.net (Chris Shiflett)
Date: Sat, 2 Aug 2003 09:56:04 -0700 (PDT)
Subject: [nycphp-talk] PHP pages cache in spite of header() - ideas?
In-Reply-To: <JMEHLOIOFHBEJDCDJNLOOEKBDEAA.chendry@nyc.rr.com>
Message-ID: <20030802165604.12433.qmail@web14305.mail.yahoo.com>

--- Christopher Hendry <chendry at nyc.rr.com> wrote:
> I may have a beer or two in me

So things should make more sense to you than the rest of us. :-)

> isn't cacheing a client (or proxy) side thing, thus
> independent of PHP?

Any Web agent can cache resources, so caching can be on the client, server, or
any intermediary (such as a proxy). Even with client caching, PHP can play a
significant role, because it allows you to modify the HTTP headers sent in the
response. Whether interpreted correctly or not, the HTTP headers in the
response are what these agents use to determine whether to cache the response.

Pertaining to your comment about the differences between Mozilla and IE, I sent
an email to this list a few months ago where I speculated about one legitimate
reason for such discrepancies. You can read it here:

http://lists.nyphp.org/pipermail/talk/2003-March/002828.html

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From dmintz at panix.com  Sat Aug  2 13:04:27 2003
From: dmintz at panix.com (David Mintz)
Date: Sat, 2 Aug 2003 13:04:27 -0400 (EDT)
Subject: [nycphp-talk] array_diff that works both ways ?
In-Reply-To: <JMEHLOIOFHBEJDCDJNLOCEKMDEAA.chendry@nyc.rr.com>
References: <JMEHLOIOFHBEJDCDJNLOCEKMDEAA.chendry@nyc.rr.com>
Message-ID: <Pine.NEB.4.56.0308021249510.9266@panix5.panix.com>


I'm wondering what's the most efficient way to find out if $array1 and
$array2 contain exactly the same elements, without regard to order.
array_diff(array1,array2) "returns an array containing all the values of
array1  that are not present in any of the other arguments." according to
TFM. Assuming

$array1 = array(1,2,3);
$array2 = array(2,3,4);

then array_diff($array1,$array2) would return an array containing 1. I'd
like to get one containing (1,4). I know I could sort them both and then
test them for equality. I just wonder if there's a more efficient
technique or if I'm overlooking some native function that does this.

(FWIW, it's for a home-grown shopping cart kind of thing and the objective
is to detect whether the array of product ids they just POSTed is any
different from its counterpart in $_SESSION, to avoid doing needless
database calls).

Always gratefully,


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

Decibels of sound pressure employed by a new "thermoacoustic" refrigerator: 190
Decibels of sound pressure sufficient to ignite a person's hair: 165

	-- Harper's Index, February 2003


From jonbaer at jonbaer.net  Sat Aug  2 16:23:04 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Sat, 2 Aug 2003 13:23:04 -0700
Subject: [nycphp-talk] array_diff that works both ways ?
References: <JMEHLOIOFHBEJDCDJNLOCEKMDEAA.chendry@nyc.rr.com>
	<Pine.NEB.4.56.0308021249510.9266@panix5.panix.com>
Message-ID: <000901c35933$e120e760$6500a8c0@THINKPAD>

dont think u need to sort, u could just merge results:

$array1 = array(1,2,3);
$array2 = array(2,3,4);
$array3 = array_merge(array_diff($array1, $array2), array_diff($array2,
$array1));
print_r($array3);

but i think u r right there should be a "array_diff_recursive" method or
something.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: "David Mintz" <dmintz at panix.com>
To: <chendry at nyc.rr.com>; "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Saturday, August 02, 2003 10:04 AM
Subject: [nycphp-talk] array_diff that works both ways ?


>
> I'm wondering what's the most efficient way to find out if $array1 and
> $array2 contain exactly the same elements, without regard to order.
> array_diff(array1,array2) "returns an array containing all the values of
> array1  that are not present in any of the other arguments." according to
> TFM. Assuming
>
> $array1 = array(1,2,3);
> $array2 = array(2,3,4);
>
> then array_diff($array1,$array2) would return an array containing 1. I'd
> like to get one containing (1,4). I know I could sort them both and then
> test them for equality. I just wonder if there's a more efficient
> technique or if I'm overlooking some native function that does this.
>
> (FWIW, it's for a home-grown shopping cart kind of thing and the objective
> is to detect whether the array of product ids they just POSTed is any
> different from its counterpart in $_SESSION, to avoid doing needless
> database calls).
>
> Always gratefully,
>
>
> ---
> David Mintz
> http://davidmintz.org/
> Email: See http://dmintzweb.com/whitelist.php first!
>
> Decibels of sound pressure employed by a new "thermoacoustic"
refrigerator: 190
> Decibels of sound pressure sufficient to ignite a person's hair: 165
>
> -- Harper's Index, February 2003
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From hans at nyphp.org  Sat Aug  2 15:15:50 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Sat, 02 Aug 2003 15:15:50 -0400
Subject: [nycphp-talk] NYPHP: Oracle Developer Days
In-Reply-To: <LBEDJMJGLEPEKJAJMHBDKEPEFHAA.tom@supertom.com>
References: <LBEDJMJGLEPEKJAJMHBDKEPEFHAA.tom@supertom.com>
Message-ID: <3F2C0DE6.80101@nyphp.org>


Hey Tom et al,

tom at supertom.com wrote:
> OK, I am registered and looking forward to it.  Where is everyone going to
> meet?

I'll post something exact Wednesday, but we'll be meeting at Penn station somewhere.  Anyone have a good meeting spot in or around Penn station?  Also, with us Friday will be some New Brunswick old timers, so the trip out should be smooth.

Looking forward to it,

H




From dmintz at panix.com  Sat Aug  2 15:34:51 2003
From: dmintz at panix.com (David Mintz)
Date: Sat, 2 Aug 2003 15:34:51 -0400 (EDT)
Subject: [nycphp-talk] array_diff that works both ways ?
In-Reply-To: <000901c35933$e120e760$6500a8c0@THINKPAD>
References: <JMEHLOIOFHBEJDCDJNLOCEKMDEAA.chendry@nyc.rr.com>
	<Pine.NEB.4.56.0308021249510.9266@panix5.panix.com>
	<000901c35933$e120e760$6500a8c0@THINKPAD>
Message-ID: <Pine.NEB.4.56.0308021530060.20280@panix5.panix.com>

On Sat, 2 Aug 2003, Jon Baer wrote:

> dont think u need to sort, u could just merge results:
>
> $array1 = array(1,2,3);
> $array2 = array(2,3,4);
> $array3 = array_merge(array_diff($array1, $array2), array_diff($array2,
> $array1));
> print_r($array3);
>
> but i think u r right there should be a "array_diff_recursive" method or
> something.

that makes sense. I ended up doing this, because all i really need is a
boolean

function isDifferent($array1,$array2) {
    return sizeof(array_diff($array1,$array2)) +
        sizeof(array_diff($array2,$array1)) > 0 ;
}

and I guess that's sane... Sane Enough, to coin a phrase

thanks!


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

Decibels of sound pressure employed by a new "thermoacoustic" refrigerator: 190
Decibels of sound pressure sufficient to ignite a person's hair: 165

	-- Harper's Index, February 2003


From jonbaer at jonbaer.net  Sat Aug  2 18:43:18 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Sat, 2 Aug 2003 15:43:18 -0700
Subject: [nycphp-talk] good articles on mysql subqueries ...
Message-ID: <002001c35947$77de6700$6500a8c0@THINKPAD>

just thought id pass these along ...

http://www.devshed.com/Server_Side/MySQL/MySQL_Subqueries/print_html
http://www.devshed.com/Server_Side/MySQL/MySQL_Subqueries2/print_html

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




From chendry at nyc.rr.com  Sun Aug  3 00:42:55 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Sun, 3 Aug 2003 00:42:55 -0400
Subject: [nycphp-talk] fsockopen and SSL (was POST via PHP)
In-Reply-To: <20030801025943.GC28066@panix.com>
Message-ID: <JMEHLOIOFHBEJDCDJNLOEELNDEAA.chendry@nyc.rr.com>

ok, so my POST needs to go to a secure server, and although fsockopen has
SSL support in PHP 4.3.0+, I have to make this happen in a couple of hosted
environments which are all 4.2.* ...

Before I go and mess about with cURL (which seems a bit hefty) or - dare I
say it - use perl, does anyone have any suggestions for using fsockopen or
another option which would use PHP to send POST data to a secure server?

Thanks.
C

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Analysis & Solutions
-> Sent: Thursday, July 31, 2003 11:00 PM
-> To: NYPHP Talk
-> Subject: Re: [nycphp-talk] POST via PHP
->
->
-> Hi Christopher:
->
-> Try the post to host scripts here:
->
-> http://www.php-faq.com/postToHost.html
-> http://dodds.net/~cardinal/sendtohost.txt
->
-> Enjoy,
->
-> --Dan
->
-> --
->      FREE scripts that make web and database programming easier
->            http://www.analysisandsolutions.com/software/
->  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
->  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk
->




From hans at nyphp.org  Sun Aug  3 10:56:43 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Sun, 03 Aug 2003 10:56:43 -0400
Subject: [nycphp-talk] fsockopen and SSL (was POST via PHP)
In-Reply-To: <JMEHLOIOFHBEJDCDJNLOEELNDEAA.chendry@nyc.rr.com>
References: <JMEHLOIOFHBEJDCDJNLOEELNDEAA.chendry@nyc.rr.com>
Message-ID: <3F2D22AB.9080703@nyphp.org>



Christopher Hendry wrote:

> ok, so my POST needs to go to a secure server, and although fsockopen has
> SSL support in PHP 4.3.0+, I have to make this happen in a couple of hosted
> environments which are all 4.2.* ...
> 
> Before I go and mess about with cURL (which seems a bit hefty) or - dare I
> say it - use perl, does anyone have any suggestions for using fsockopen or
> another option which would use PHP to send POST data to a secure server?

I'd go with curl, especially if you're stuck with an oldish version of PHP.  Perl isn't going to gain you anything and curl is better suited for this type of thing anyway.

H





From stephen at musgrave.org  Sun Aug  3 11:50:21 2003
From: stephen at musgrave.org (Stephen Musgrave)
Date: Sun, 03 Aug 2003 11:50:21 -0400
Subject: [nycphp-talk] Removing email addresses from DB from bounced emails
Message-ID: <BB52A77D.E502%stephen@musgrave.org>


Ok, so in the fury of development, I have been a bit lazy in managing the
table that holds all of the email addresses for my eNewsletter.  I know
there are scripts out there that 'listen' to the inbox and removes the email
address of any bounced messages.

I'm interested to know if there are any recommendations, lessons learned,
advice, etc before I delve into this project.

Thanks,

Stephen

        ***
        *** stephen at musgrave.org
        *** http://musgrave.org
        *** http://orangeAge.com/nuuk
        *** 
        *** "The conscious and intelligent manipulation of the
        *** organized habits and opinions of the masses is an
        *** important element in democratic society."
        ***
        ***     - Edward Bernays
        ***



From rolan at datawhorehouse.com  Sun Aug  3 14:28:31 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Sun, 03 Aug 2003 14:28:31 -0400
Subject: [nycphp-talk] Removing email addresses from DB from bounced emails
In-Reply-To: <BB52A77D.E502%stephen@musgrave.org>
References: <BB52A77D.E502%stephen@musgrave.org>
Message-ID: <3F2D544F.4010307@datawhorehouse.com>

The email list software, Mailman, can be configured so that it
only sends out emails (newsletter style). Mailman automatically
handles subscribes, unsubscribes, and bounces.

~Rolan

Stephen Musgrave wrote:

>Ok, so in the fury of development, I have been a bit lazy in managing the
>table that holds all of the email addresses for my eNewsletter.  I know
>there are scripts out there that 'listen' to the inbox and removes the email
>address of any bounced messages.
>
>I'm interested to know if there are any recommendations, lessons learned,
>advice, etc before I delve into this project.
>
>Thanks,
>
>Stephen
>
>        ***
>        *** stephen at musgrave.org
>        *** http://musgrave.org
>        *** http://orangeAge.com/nuuk
>        *** 
>        *** "The conscious and intelligent manipulation of the
>        *** organized habits and opinions of the masses is an
>        *** important element in democratic society."
>        ***
>        ***     - Edward Bernays
>        ***
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>



From jhorsman at dds.nl  Mon Aug  4 07:39:43 2003
From: jhorsman at dds.nl (Jan Horsman)
Date: Mon, 4 Aug 2003 13:39:43 +0200
Subject: [nycphp-talk] Removing email addresses from DB from bounced emails
In-Reply-To: <BB52A77D.E502%stephen@musgrave.org>
Message-ID: <HGEBIHMLGOALGNGPGFHAAEADCAAA.jhorsman@dds.nl>

You could start with manually gathering bounced messages. Then look for
common used words in these messages (such as bounced, warning, unknows
address). Based on a few rules you can determine wich mails are bounced
e-mails, there is no standarisation on bounced e-mails. To determine to
which account or e-mail address the bounced message belongs, I would put an
unique id in the header of the eNewsletter and store thus id in the
database.

Using this method you can nog filter all bounced messages, but depending on
the rules you used, filter a lot of them.

Succes, Jan



-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Stephen Musgrave
Sent: zondag 3 augustus 2003 17:50
To: nyPHP - Talk Talk
Subject: [nycphp-talk] Removing email addresses from DB from bounced
emails



Ok, so in the fury of development, I have been a bit lazy in managing the
table that holds all of the email addresses for my eNewsletter.  I know
there are scripts out there that 'listen' to the inbox and removes the email
address of any bounced messages.

I'm interested to know if there are any recommendations, lessons learned,
advice, etc before I delve into this project.

Thanks,

Stephen

        ***
        *** stephen at musgrave.org
        *** http://musgrave.org
        *** http://orangeAge.com/nuuk
        ***
        *** "The conscious and intelligent manipulation of the
        *** organized habits and opinions of the masses is an
        *** important element in democratic society."
        ***
        ***     - Edward Bernays
        ***

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From psaw at pswebcode.com  Mon Aug  4 07:42:15 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Mon, 4 Aug 2003 07:42:15 -0400
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
Message-ID: <000a01c35a7d$76ac96e0$68e4a144@bronco>

Good Day:

I'm looking for suggestions. I want to give a client:
1) ability to have online IM/chat-style meetings
2) ability to create/post a topic and have associates make suggestions and
updates

Optionally, ability to print history of an IM exchange and/or threaded
topic.

Should be opensource PHP/MySQL project. Flash okay too.

I'm sifting through the collaborative, whiteboard, shout, chat, threaded
message projects out there. Most have way too many bells and whistles like
avatars, private rooms, blacklists... 

I'm seeking a basic project for use on controlled, private, business level.

Warmest regards,

Peter Sawczynec, Technology Director
PSWebcode -- Web Development and 
Site Architecture
psaw at pswebcode.com
www.pswebcode.com
718.543.3240



From hans at nyphp.org  Mon Aug  4 11:27:13 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 04 Aug 2003 11:27:13 -0400
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
In-Reply-To: <000a01c35a7d$76ac96e0$68e4a144@bronco>
References: <000a01c35a7d$76ac96e0$68e4a144@bronco>
Message-ID: <3F2E7B51.8060708@nyphp.org>


Hey Peter,

I'm just throwing a couple things out here...

> 1) ability to have online IM/chat-style meetings

Hmm, in AMP?  Jabber, or even AIM itself, might be the way to go, especially if it needs to be realtime.  Otherwise, perhaps a PHP forum of sorts, but I don't know of a realtime chat system in PHP.  Although, you mention Flash, so maybe an AMP backed system with a Flash frontend does exist... would be cool.

> 2) ability to create/post a topic and have associates make suggestions and
> updates

Some flavor of wiki I suppose, although I'm not a big fan either.


H



From nyphp at websapp.com  Mon Aug  4 11:30:34 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Mon, 4 Aug 2003 11:30:34 -0400
Subject: [nycphp-talk] OT Javascript Question
Message-ID: <OKEHLLMAFAOHECBMOGEPEEPLEOAA.nyphp@websapp.com>

To all those JS gurus out there (Krook!),

Is there a way to get the HTML source of a page into a javascipt variable
(on the same page)?

Thanks,
Daniel




From shiflett at php.net  Mon Aug  4 12:18:22 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 4 Aug 2003 09:18:22 -0700 (PDT)
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
In-Reply-To: <3F2E7B51.8060708@nyphp.org>
Message-ID: <20030804161822.13211.qmail@web14311.mail.yahoo.com>

--- Hans Zaunere <hans at nyphp.org> wrote:
> Otherwise, perhaps a PHP forum of sorts, but I don't know of a
> realtime chat system in PHP.

There's IRCG, which uses IRC somehow to provide real-time streaming to
PHP-enabled Web sites. There is a related project called TitanChat that I think
uses IRCG somehow. I know very little about it other than that, but you can
read more about it here:

http://schumann.cx/ircg/

A few years ago, I wrote a simple script to demonstrate how to control the size
of chunks when using chunked transfer encoding. Combined with a persistent
connection, this is how you can make "chat rooms" and the like with PHP. You
can check out my (rather lame, now that I look back at it) example here:

http://shiflett.org/tutorials/php_flush.php

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From David.SextonJr at ubs.com  Mon Aug  4 12:33:53 2003
From: David.SextonJr at ubs.com (Sexton, David)
Date: Mon, 4 Aug 2003 12:33:53 -0400 
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
Message-ID: <18D7B8CAA5284F478470828806DB124603789F0F@psle01.xchg.pwj.com>

I can't seem to get this (your flush example) to work on Win32. I've heard
that some versions of IE output 1 byte at a time, but it works fine from
your host with IE6. Anyone know how to get this to work with IIS? Thanks.

-----Original Message-----
From: Chris Shiflett [mailto:shiflett at php.net]
Sent: Monday, August 04, 2003 12:18 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd
Suggestion


--- Hans Zaunere <hans at nyphp.org> wrote:
> Otherwise, perhaps a PHP forum of sorts, but I don't know of a
> realtime chat system in PHP.

There's IRCG, which uses IRC somehow to provide real-time streaming to
PHP-enabled Web sites. There is a related project called TitanChat that I
think
uses IRCG somehow. I know very little about it other than that, but you can
read more about it here:

http://schumann.cx/ircg/

A few years ago, I wrote a simple script to demonstrate how to control the
size
of chunks when using chunked transfer encoding. Combined with a persistent
connection, this is how you can make "chat rooms" and the like with PHP. You
can check out my (rather lame, now that I look back at it) example here:

http://shiflett.org/tutorials/php_flush.php

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.



From shiflett at php.net  Mon Aug  4 13:05:56 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 4 Aug 2003 10:05:56 -0700 (PDT)
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
In-Reply-To: <18D7B8CAA5284F478470828806DB124603789F0F@psle01.xchg.pwj.com>
Message-ID: <20030804170556.25103.qmail@web14304.mail.yahoo.com>

--- "Sexton, David" <David.SextonJr at ubs.com> wrote:
> I can't seem to get this (your flush example) to work on Win32.
> I've heard that some versions of IE output 1 byte at a time, but
> it works fine from your host with IE6. Anyone know how to get
> this to work with IIS? Thanks.

So you copy/pasted the code and tried it on IIS? I just want to make sure I
understand what isn't working.

That being the case, there are several things that can make flush() not work
like you want (even with Apache). Basically, any buffering is going to screw it
up, unless you can control the buffering also. For example, with ob_start() and
friends, you can ob_flush() and then flush(), and you're fine. Of course, with
Web server buffering, it's not as easy to force it to flush when you want. With
Web client buffering (like some versions of IE use to make it look like they
render faster), I've heard of some "tricks" you can use like generating a bunch
of whitespace output first.

http://www.php.net/flush has this to say:

"Several servers, especially on Win32, will still buffer the output from your
script until it terminates before transmitting the results to the browser."

So, it looks like you might be out of luck on Win32, but maybe Apache still
works, even on Windows.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From David.SextonJr at ubs.com  Mon Aug  4 14:03:33 2003
From: David.SextonJr at ubs.com (Sexton, David)
Date: Mon, 4 Aug 2003 14:03:33 -0400 
Subject: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd Suggestion
Message-ID: <18D7B8CAA5284F478470828806DB124603789F11@psle01.xchg.pwj.com>

>"Several servers, especially on Win32, will still buffer the output from
your
>script until it terminates before transmitting the results to the browser."
>
>So, it looks like you might be out of luck on Win32, but maybe Apache still
>works, even on Windows.



Yes, unfortunately it does look that way, unless there is a way to
"convince" IIS into behaving differently. I just wanted to make sure I
wasn't overlooking anything from a PHP perspective. Thanks for the insight.



-----Original Message-----
From: Chris Shiflett [mailto:shiflett at php.net]
Sent: Monday, August 04, 2003 1:06 PM
To: Sexton, David; 'NYPHP Talk'
Subject: RE: [nycphp-talk] Seeking Basic PHP IM/Threaded Msg Bd
Suggestion


--- "Sexton, David" <David.SextonJr at ubs.com> wrote:
> I can't seem to get this (your flush example) to work on Win32.
> I've heard that some versions of IE output 1 byte at a time, but
> it works fine from your host with IE6. Anyone know how to get
> this to work with IIS? Thanks.

So you copy/pasted the code and tried it on IIS? I just want to make sure I
understand what isn't working.

That being the case, there are several things that can make flush() not work
like you want (even with Apache). Basically, any buffering is going to screw
it
up, unless you can control the buffering also. For example, with ob_start()
and
friends, you can ob_flush() and then flush(), and you're fine. Of course,
with
Web server buffering, it's not as easy to force it to flush when you want.
With
Web client buffering (like some versions of IE use to make it look like they
render faster), I've heard of some "tricks" you can use like generating a
bunch
of whitespace output first.

http://www.php.net/flush has this to say:

"Several servers, especially on Win32, will still buffer the output from
your
script until it terminates before transmitting the results to the browser."

So, it looks like you might be out of luck on Win32, but maybe Apache still
works, even on Windows.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.



From andrew at digitalpulp.com  Mon Aug  4 15:58:01 2003
From: andrew at digitalpulp.com (Andrew Yochum)
Date: Mon, 4 Aug 2003 15:58:01 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <OKEHLLMAFAOHECBMOGEPEEPLEOAA.nyphp@websapp.com>
References: <OKEHLLMAFAOHECBMOGEPEEPLEOAA.nyphp@websapp.com>
Message-ID: <20030804195754.GH1128@localhost.localdomain>

On Mon, Aug 04, 2003 at 11:30:34AM -0400, Daniel Kushner wrote:
> To all those JS gurus out there (Krook!),
> 
> Is there a way to get the HTML source of a page into a javascipt variable
> (on the same page)?

Something like this should do it:
    try {
        // For IE
        htmlsource = document.body.innerHTML
    } catch (e) {
        // For Mozilla et. all
        htmlsource = document.body.value
    }

> 
> Thanks,
> Daniel

-- 
Andrew Yochum
Digital Pulp, Inc.
212.679.0676x255
andrew at digitalpulp.com


From dkrook at hotmail.com  Mon Aug  4 16:04:57 2003
From: dkrook at hotmail.com (D C Krook)
Date: Mon, 04 Aug 2003 16:04:57 -0400
Subject: [nycphp-talk] OT Javascript Question
Message-ID: <BAY2-F360goZolmRBaY00005ea9@hotmail.com>

Kushner,

I don't think it's possible to simply get the contents of the file, but you 
can get the innerText and innerHTML of many elements by tag or id.  That 
process is pretty finicky too as it requires a cutting edge browser and well 
formed HTML.

The easiest way that I can think to approach the problem (depending on 
whether you can use PHP or whether your page content is determined before or 
after page pre-processing) is to dump the results of a PHP readfile into the 
JavaScript variable:

var pageContents = <? addslashes(readfile($_SERVER['PHP_SELF'])) ?>

If all else fails, this guide is pretty handy for JS DOM element reading:

http://krook.org/jsdom/





>To all those JS gurus out there (Krook!),
>
>Is there a way to get the HTML source of a page into a javascipt variable
>(on the same page)?
>
>Thanks,
>Daniel

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus



From nyphp at websapp.com  Mon Aug  4 16:14:04 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Mon, 4 Aug 2003 16:14:04 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <BAY2-F360goZolmRBaY00005ea9@hotmail.com>
Message-ID: <OKEHLLMAFAOHECBMOGEPEEAHEPAA.nyphp@websapp.com>

> The easiest way that I can think to approach the problem (depending on
> whether you can use PHP or whether your page content is
> determined before or
> after page pre-processing) is to dump the results of a PHP
> readfile into the
> JavaScript variable:
>
> var pageContents = <? addslashes(readfile($_SERVER['PHP_SELF'])) ?>


Unfortunately this isn't the case. The dynamically created page belongs to a
third party and the maximum they can do is stick in some JavaScript and
Oddcast's VHost. The VHost flash component will send parts of the HTML (that
it is embedded in) to our servers for further processing.

--Daniel





From andrew at digitalpulp.com  Mon Aug  4 16:21:36 2003
From: andrew at digitalpulp.com (Andrew Yochum)
Date: Mon, 4 Aug 2003 16:21:36 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <BAY2-F360goZolmRBaY00005ea9@hotmail.com>
References: <BAY2-F360goZolmRBaY00005ea9@hotmail.com>
Message-ID: <20030804202128.GJ1128@localhost.localdomain>

On Mon, Aug 04, 2003 at 04:04:57PM -0400, D C Krook wrote:
> Kushner,
> 
> I don't think it's possible to simply get the contents of the file, but you 
> can get the innerText and innerHTML of many elements by tag or id.  That 
> process is pretty finicky too as it requires a cutting edge browser and 
> well formed HTML.
> 
> The easiest way that I can think to approach the problem (depending on 
> whether you can use PHP or whether your page content is determined before 
> or after page pre-processing) is to dump the results of a PHP readfile into 
> the JavaScript variable:
> 
> var pageContents = <? addslashes(readfile($_SERVER['PHP_SELF'])) ?>

Beware of the recursion problem this introduces... you could easily bring a
server to its knees if that isn't corrected.

> If all else fails, this guide is pretty handy for JS DOM element reading:
> 
> http://krook.org/jsdom/
> 
> 
> 
> 
> 
> >To all those JS gurus out there (Krook!),
> >
> >Is there a way to get the HTML source of a page into a javascipt variable
> >(on the same page)?
> >
> >Thanks,
> >Daniel

-- 
Andrew Yochum
Digital Pulp, Inc.
212.679.0676x255
andrew at digitalpulp.com


From chendry at nyc.rr.com  Mon Aug  4 16:54:54 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Mon, 4 Aug 2003 16:54:54 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <BAY2-F360goZolmRBaY00005ea9@hotmail.com>
Message-ID: <JMEHLOIOFHBEJDCDJNLOEEPODEAA.chendry@nyc.rr.com>

->
-> If all else fails, this guide is pretty handy for JS DOM element reading:
->
-> http://krook.org/jsdom/
->

Thank you Krook!  I've been looking for something like this for a while (and
never felt like doing it myself)...

This will save me much digging time.

- Chendry




From danielc at analysisandsolutions.com  Mon Aug  4 20:02:47 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 4 Aug 2003 20:02:47 -0400
Subject: [nycphp-talk] php lowlights from SecurityFocus Newsletter #208
Message-ID: <20030805000247.GA26136@panix.com>

e107 Website System HTML Injection Vulnerability
http://www.securityfocus.com/bid/8279

PBLang Bulletin Board System HTML Injection Vulnerability
http://www.securityfocus.com/bid/8284

PBLang Bulletin Board System IMG Tag HTML Injection Vulnerability
http://www.securityfocus.com/bid/8286

Gallery Search Engine Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/8288

Enjoy, and code correctly,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From webapprentice at onemain.com  Mon Aug  4 23:05:38 2003
From: webapprentice at onemain.com (Webapprentice)
Date: Mon, 04 Aug 2003 23:05:38 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <JMEHLOIOFHBEJDCDJNLOEEPODEAA.chendry@nyc.rr.com>
References: <JMEHLOIOFHBEJDCDJNLOEEPODEAA.chendry@nyc.rr.com>
Message-ID: <3F2F1F02.1090101@onemain.com>

Wow, javadoc-based documentation of Javascript DOM!

I am in awe....


Christopher Hendry wrote:

> ->
> -> If all else fails, this guide is pretty handy for JS DOM element reading:
> ->
> -> http://krook.org/jsdom/
> ->
> 
> Thank you Krook!  I've been looking for something like this for a while (and
> never felt like doing it myself)...
> 
> This will save me much digging time.
> 
> - Chendry
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 




From dkrook at hotmail.com  Mon Aug  4 23:39:39 2003
From: dkrook at hotmail.com (D C Krook)
Date: Mon, 04 Aug 2003 23:39:39 -0400
Subject: [nycphp-talk] OT Javascript Question
Message-ID: <BAY2-F847GIBjhyMVYU000071a5@hotmail.com>

Heh, I wish I had written it myself.

It's actually something I discovered packaged along with Parasoft's WebKing 
tool.  I found it a pretty handy reference so I posted it on my development 
server for easy reference.


>Wow, javadoc-based documentation of Javascript DOM!
>
>I am in awe....

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail



From chendry at nyc.rr.com  Mon Aug  4 23:49:16 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Mon, 4 Aug 2003 23:49:16 -0400
Subject: [nycphp-talk] OT Javascript Question
In-Reply-To: <BAY2-F847GIBjhyMVYU000071a5@hotmail.com>
Message-ID: <JMEHLOIOFHBEJDCDJNLOIEANDFAA.chendry@nyc.rr.com>

dang, give Krook a little credit and he's all over the place...

:)   

- 'night all

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of D C Krook
-> Sent: Monday, August 04, 2003 11:40 PM
-> To: talk at lists.nyphp.org
-> Subject: Re: [nycphp-talk] OT Javascript Question
-> 
-> 
-> Heh, I wish I had written it myself.
-> 
-> It's actually something I discovered packaged along with 
-> Parasoft's WebKing 
-> tool.  I found it a pretty handy reference so I posted it on my 
-> development 
-> server for easy reference.
-> 
-> 
-> >Wow, javadoc-based documentation of Javascript DOM!
-> >
-> >I am in awe....
-> 
-> _________________________________________________________________
-> The new MSN 8: advanced junk mail protection and 2 months FREE* 
-> http://join.msn.com/?page=features/junkmail
-> 
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk



From webmaster at localnotion.com  Tue Aug  5 08:29:39 2003
From: webmaster at localnotion.com (webmaster at localnotion.com)
Date: Tue,  5 Aug 2003 12:29:39 +0000
Subject: [nycphp-talk] p_connect
Message-ID: <1060086579.79aefe0455fa4@webmail.localnotion.com>

Anyone know why you wouldn't use p_connect to make a connection to a database?
It seems like it would be better than regular connect in every case.

Or at least does anyone know of any problems with it?

Matt Terenzio




From nyphp at websapp.com  Tue Aug  5 08:40:04 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Tue, 5 Aug 2003 08:40:04 -0400
Subject: [nycphp-talk] p_connect
In-Reply-To: <1060086579.79aefe0455fa4@webmail.localnotion.com>
Message-ID: <KHEIIHMNNIFIGCMGGFDJEEAPKKAA.nyphp@websapp.com>

Hi Matt,

The main reason would be if you have more Web processes than Database
connections. There just wouldn't be enough to go around :(

-Daniel


> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of
> webmaster at localnotion.com
> Sent: Tuesday, August 05, 2003 8:30 AM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] p_connect
>
>
> Anyone know why you wouldn't use p_connect to make a connection
> to a database?
> It seems like it would be better than regular connect in every case.
>
> Or at least does anyone know of any problems with it?
>
> Matt Terenzio
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>




From hans at nyphp.org  Tue Aug  5 09:14:00 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 09:14:00 -0400
Subject: [nycphp-talk] p_connect
In-Reply-To: <KHEIIHMNNIFIGCMGGFDJEEAPKKAA.nyphp@websapp.com>
References: <KHEIIHMNNIFIGCMGGFDJEEAPKKAA.nyphp@websapp.com>
Message-ID: <3F2FAD98.8030008@nyphp.org>



Daniel Kushner wrote:
> Hi Matt,
> 
> The main reason would be if you have more Web processes than Database
> connections. There just wouldn't be enough to go around :(
>>
>>Anyone know why you wouldn't use p_connect to make a connection
>>to a database?
>>It seems like it would be better than regular connect in every case.
>>
>>Or at least does anyone know of any problems with it?

It depends on the DB for the most part.  PHP's integration with some APIs, like OCI8 isn't 100% from what I've seen, and you can get stale connections or other odd behavior.  On Oracle, this is important, since creating and tearing down connections are extremely expensive.  With MySQL, connections open and close very quickly, and I've found it rare to see much benefit from persistent connections.

H




From nyphp at jimbishop.org  Tue Aug  5 09:16:12 2003
From: nyphp at jimbishop.org (jim.bishop)
Date: Tue, 5 Aug 2003 06:16:12 -0700 (PDT)
Subject: [nycphp-talk] [OffTopic] database design question
In-Reply-To: <1060086579.79aefe0455fa4@webmail.localnotion.com>
References: <1060086579.79aefe0455fa4@webmail.localnotion.com>
Message-ID: <Pine.LNX.4.50.0308050551100.26188-100000@typhoon.he.net>


I'm designing a new user database for a personal project, and I was toying
with a different method of storing the data than I have used before.
Usually I create tables with logical column names that reference the data
in the column.

For Example:

---------------
| User        |
---------------
| id          |
| first_name  |
| last_name   |
| email       |

...
---------------

But this becomes cumbersome when you have to add fields to the table.  I
have designed a new table structure that looks like this:


---------------
| User        |
---------------
| uid         |
---------------

-----------------
| UserAttribute |
-----------------
| attribute_id  |
| uid_fk        | * foreign key to user table
| attribute     |
| value         |
-----------------

Okay.  So I've built many user databases before and never employed the
system below.  Has anyone else?  Besides the requisit JOIN that has to be
called with every SELECT, what is the downsides to using this kind of
architecture?




From hans at nyphp.org  Tue Aug  5 09:37:22 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 09:37:22 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
Message-ID: <3F2FB312.9030606@nyphp.org>


Bonjour,


I've got a strange situation here, and I'm hoping it's something I'm overlooking, rather than a bug.


The setup:

MySQL 4.0.13-max-log
PHP 4.3.2 running as a DSO under Apache 1.3.28
FreeBSD 4.8-STABLE 

MySQL is the mysql.com binary package; everything else is compiled from source


The table:  

CREATE TABLE `links` (
  `linkid` int(10) unsigned NOT NULL auto_increment,
  `link` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`linkid`),
  UNIQUE KEY `link` (`link`)
) TYPE=MyISAM;


The code:

<?php
$MYDB = mysql_connect('localhost','xxx','xxx');


$links = array('http://hans.zaunere.com',
               'http://zaunere.com',
               'http://hans.zaunere.com',
               'http://nyphp.org',
               'http://lists.nyphp.org',
               'http://nyphp.org'
              );


foreach( $links as $key => $link ) {

   $tmp = mysql_escape_string($link);

   mysql_query("INSERT INTO xxx.links (linkid,link)
                VALUES (NULL,'$tmp')", $MYDB);

   $R_linkid = mysql_insert_id($MYDB);

   if( !$R_linkid ) {
      $result = mysql_query("SELECT linkid FROM xxx.links WHERE link='$tmp'", $MYDB);
      echo '<pre>Selected '.mysql_num_rows($result).' rows.</pre>';
      $R_linkid = (int) mysql_result($result,0,0);
   }

   echo "<pre>Array key: $key <br>Link: $link <br>Linkid: $R_linkid </pre><br><br>";
}



The output:

Array key: 0 
Link: http://hans.zaunere.com 
Linkid: 1 

Array key: 1 
Link: http://zaunere.com 
Linkid: 2 

Array key: 2 
Link: http://hans.zaunere.com 
Linkid: 2 

Array key: 3 
Link: http://nyphp.org 
Linkid: 3 

Array key: 4 
Link: http://lists.nyphp.org 
Linkid: 4 

Array key: 5 
Link: http://nyphp.org 
Linkid: 4 


The problem:

It seems that mysql_insert_id() returns the inserted ID from the previous 'successful' INSERT query, rather than it getting reset to 0 since the immedieately previous INSERT fails to produce an AUTO_INCREMENT ID (as it's documented).  I sure hope I'm missing something; otherwise this bug is burning me in ways I have yet to discover.

Thanks,

H




From rsd at electronink.com  Tue Aug  5 09:38:47 2003
From: rsd at electronink.com (Russ Demarest)
Date: Tue, 5 Aug 2003 09:38:47 -0400
Subject: [nycphp-talk] [OffTopic] database design question
In-Reply-To: <Pine.LNX.4.50.0308050551100.26188-100000@typhoon.he.net>
Message-ID: <24189DB0-C74A-11D7-BC4F-000A957E8754@electronink.com>

I believe the best way to normalize your tables is to apply the concept 
of wether the information is related to that ID and is not going to 
change or need to be archived. For example the users first and last 
name and username/password and date of birth, etc are only related to 
this user and there is no reason to have additional tables, Addresses 
on the other hand can change and history can be important depending on 
your project so a separate table for them is appropriate.

Your structure is good for random data that will change or be added 
later but for specific data that is unique to that ID and not going to 
change your prior table structure is the most efficient and easiest to 
code. Having over normalized (still up for debate) previous databases 
the data is nice and makes sense but writing extensive joins down the 
road become gruesome. I would recommend a blend of these two techniques.

Planning out your database with a nice entity diagram will make your 
life much easier and you should have the fields defined pretty well 
before you create your first table. Of course this is the old boring 
way but elliminates mistakes that will haunt you down the road.

Hope this helps.

On Tuesday, August 5, 2003, at 09:16 AM, jim.bishop wrote:

>
> I'm designing a new user database for a personal project, and I was 
> toying
> with a different method of storing the data than I have used before.
> Usually I create tables with logical column names that reference the 
> data
> in the column.
>
> For Example:
>
> ---------------
> | User        |
> ---------------
> | id          |
> | first_name  |
> | last_name   |
> | email       |
>
> ...
> ---------------
>
> But this becomes cumbersome when you have to add fields to the table.  
> I
> have designed a new table structure that looks like this:
>
>
> ---------------
> | User        |
> ---------------
> | uid         |
> ---------------
>
> -----------------
> | UserAttribute |
> -----------------
> | attribute_id  |
> | uid_fk        | * foreign key to user table
> | attribute     |
> | value         |
> -----------------
>
> Okay.  So I've built many user databases before and never employed the
> system below.  Has anyone else?  Besides the requisit JOIN that has to 
> be
> called with every SELECT, what is the downsides to using this kind of
> architecture?
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From rsd at electronink.com  Tue Aug  5 09:45:15 2003
From: rsd at electronink.com (Russ Demarest)
Date: Tue, 5 Aug 2003 09:45:15 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <3F2FB312.9030606@nyphp.org>
Message-ID: <0AF323D0-C74B-11D7-BC4F-000A957E8754@electronink.com>

There are a couple strange things, I am not accustom to.

Why do you define the link column as NOT NULL and then default to ''? 
Is this not the equivalent of a contradiction? I doubt this is related.

Maybe I am old school or something but I normally set my mysql_query() 
equal to something like so

$sql = "INSERT into table blah blah";
$res = mysql_query($sql) or die("Error insert");
$new_id = mysql_insert_id($res); 	# The $res is not needed, it default 
to the last result set returned.

This is a little different than you have it. Maybe try it and see what 
happens.

Good Luck

On Tuesday, August 5, 2003, at 09:37 AM, Hans Zaunere wrote:

>
> Bonjour,
>
>
> I've got a strange situation here, and I'm hoping it's something I'm 
> overlooking, rather than a bug.
>
>
> The setup:
>
> MySQL 4.0.13-max-log
> PHP 4.3.2 running as a DSO under Apache 1.3.28
> FreeBSD 4.8-STABLE
> MySQL is the mysql.com binary package; everything else is compiled 
> from source
>
>
> The table:
> CREATE TABLE `links` (
>  `linkid` int(10) unsigned NOT NULL auto_increment,
>  `link` varchar(255) NOT NULL default '',
>  PRIMARY KEY  (`linkid`),
>  UNIQUE KEY `link` (`link`)
> ) TYPE=MyISAM;
>
>
> The code:
>
> <?php
> $MYDB = mysql_connect('localhost','xxx','xxx');
>
>
> $links = array('http://hans.zaunere.com',
>               'http://zaunere.com',
>               'http://hans.zaunere.com',
>               'http://nyphp.org',
>               'http://lists.nyphp.org',
>               'http://nyphp.org'
>              );
>
>
> foreach( $links as $key => $link ) {
>
>   $tmp = mysql_escape_string($link);
>
>   mysql_query("INSERT INTO xxx.links (linkid,link)
>                VALUES (NULL,'$tmp')", $MYDB);
>
>   $R_linkid = mysql_insert_id($MYDB);
>
>   if( !$R_linkid ) {
>      $result = mysql_query("SELECT linkid FROM xxx.links WHERE 
> link='$tmp'", $MYDB);
>      echo '<pre>Selected '.mysql_num_rows($result).' rows.</pre>';
>      $R_linkid = (int) mysql_result($result,0,0);
>   }
>
>   echo "<pre>Array key: $key <br>Link: $link <br>Linkid: $R_linkid 
> </pre><br><br>";
> }
>
>
>
> The output:
>
> Array key: 0 Link: http://hans.zaunere.com Linkid: 1
> Array key: 1 Link: http://zaunere.com Linkid: 2
> Array key: 2 Link: http://hans.zaunere.com Linkid: 2
> Array key: 3 Link: http://nyphp.org Linkid: 3
> Array key: 4 Link: http://lists.nyphp.org Linkid: 4
> Array key: 5 Link: http://nyphp.org Linkid: 4
>
> The problem:
>
> It seems that mysql_insert_id() returns the inserted ID from the 
> previous 'successful' INSERT query, rather than it getting reset to 0 
> since the immedieately previous INSERT fails to produce an 
> AUTO_INCREMENT ID (as it's documented).  I sure hope I'm missing 
> something; otherwise this bug is burning me in ways I have yet to 
> discover.
>
> Thanks,
>
> H
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From nyphp at jimbishop.org  Tue Aug  5 09:47:58 2003
From: nyphp at jimbishop.org (jim.bishop)
Date: Tue, 5 Aug 2003 06:47:58 -0700 (PDT)
Subject: [nycphp-talk] [OffTopic] database design question
In-Reply-To: <24189DB0-C74A-11D7-BC4F-000A957E8754@electronink.com>
References: <24189DB0-C74A-11D7-BC4F-000A957E8754@electronink.com>
Message-ID: <Pine.LNX.4.50.0308050646330.26188-100000@typhoon.he.net>

> I believe the best way to normalize your tables is to apply the concept
> of wether the information is related to that ID and is not going to
> change or need to be archived. For example the users first and last name
> and username/password and date of birth, etc are only related to this
> user and there is no reason to have additional tables, Addresses on the
> other hand can change and history can be important depending on your
> project so a separate table for them is appropriate.


i had been thinking of that as well.  i think you're right about the JOIN
nightmare to follow.  i just wanted someone else to tell me that it would
be a nightmare, so i wasn't not trying it because it seemed too abastract.

thanks!



>
> Your structure is good for random data that will change or be added
> later but for specific data that is unique to that ID and not going to
> change your prior table structure is the most efficient and easiest to
> code. Having over normalized (still up for debate) previous databases
> the data is nice and makes sense but writing extensive joins down the
> road become gruesome. I would recommend a blend of these two techniques.
>
> Planning out your database with a nice entity diagram will make your
> life much easier and you should have the fields defined pretty well
> before you create your first table. Of course this is the old boring
> way but elliminates mistakes that will haunt you down the road.
>
> Hope this helps.
>
> On Tuesday, August 5, 2003, at 09:16 AM, jim.bishop wrote:
>
> >
> > I'm designing a new user database for a personal project, and I was
> > toying
> > with a different method of storing the data than I have used before.
> > Usually I create tables with logical column names that reference the
> > data
> > in the column.
> >
> > For Example:
> >
> > ---------------
> > | User        |
> > ---------------
> > | id          |
> > | first_name  |
> > | last_name   |
> > | email       |
> >
> > ...
> > ---------------
> >
> > But this becomes cumbersome when you have to add fields to the table.
> > I
> > have designed a new table structure that looks like this:
> >
> >
> > ---------------
> > | User        |
> > ---------------
> > | uid         |
> > ---------------
> >
> > -----------------
> > | UserAttribute |
> > -----------------
> > | attribute_id  |
> > | uid_fk        | * foreign key to user table
> > | attribute     |
> > | value         |
> > -----------------
> >
> > Okay.  So I've built many user databases before and never employed the
> > system below.  Has anyone else?  Besides the requisit JOIN that has to
> > be
> > called with every SELECT, what is the downsides to using this kind of
> > architecture?
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>




 -------------------------------------------------------
 -------------------------------------------------------
 -> the syntax of cummings, the absurdity of faulkner <-
 || jimbishop.org  ||   jim.bishop   ||  i heart n y  ||
 -------------------------------------------------------
 -------------------------------------------------------


From hans at nyphp.org  Tue Aug  5 09:59:08 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 09:59:08 -0400
Subject: [nycphp-talk] [OffTopic] database design question
In-Reply-To: <Pine.LNX.4.50.0308050551100.26188-100000@typhoon.he.net>
References: <1060086579.79aefe0455fa4@webmail.localnotion.com>
	<Pine.LNX.4.50.0308050551100.26188-100000@typhoon.he.net>
Message-ID: <3F2FB82C.8060302@nyphp.org>



jim.bishop wrote:

> I'm designing a new user database for a personal project, and I was toying
> with a different method of storing the data than I have used before.
> Usually I create tables with logical column names that reference the data
> in the column.
> 
> For Example:
> 
> ---------------
> | User        |
> ---------------
> | id          |
> | first_name  |
> | last_name   |
> | email       |
> 
> ...
> ---------------
> 
> But this becomes cumbersome when you have to add fields to the table.  I
> have designed a new table structure that looks like this:
> 
> 
> ---------------
> | User        |
> ---------------
> | uid         |
> ---------------
> 
> -----------------
> | UserAttribute |
> -----------------
> | attribute_id  |
> | uid_fk        | * foreign key to user table
> | attribute     |
> | value         |
> -----------------
> 
> Okay.  So I've built many user databases before and never employed the
> system below.  Has anyone else?  Besides the requisit JOIN that has to be
> called with every SELECT, what is the downsides to using this kind of
> architecture?

I've done the "normalize to the point of abnormality" and personally don't find it worth; especially in this type of situation.  Normalization can be cumbersome in its own way and every environment (and developer) warrants a balance between the two.

H




From bpang at bpang.com  Tue Aug  5 09:59:48 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 05 Aug 2003 09:59:48 -0400
Subject: [nycphp-talk] p_connect
Message-ID: <E19k2Ls-0007LD-G3@rslrs1-server.com>

I've always used mysql_pconnect and haven't had any problems with it,
perhaps because, as you say, it works very quickly. I guess I copped the
pconnect style from original db connect scripts when I was first
learning and, since it wasn't broke, never thought about it again.


off the subject... maybe I should just DL my own copy of the PHP manual,
but is it me or is the php.net site really slow right now?

> 
> 
> Daniel Kushner wrote:
> > Hi Matt,
> > 
> > The main reason would be if you have more Web processes than Database
> > connections. There just wouldn't be enough to go around :(
> >>
> >>Anyone know why you wouldn't use p_connect to make a connection
> >>to a database?
> >>It seems like it would be better than regular connect in every case.
> >>
> >>Or at least does anyone know of any problems with it?
> 
> It depends on the DB for the most part.  PHP's integration with some
APIs, like OCI8 isn't 100% from what I've seen, and you can get stale
connections or other odd behavior.  On Oracle, this is important, since
creating and tearing down connections are extremely expensive.  With
MySQL, connections open and close very quickly, and I've found it rare
to see much benefit from persistent connections.
> 
> H
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From hans at nyphp.org  Tue Aug  5 10:08:22 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 10:08:22 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <0AF323D0-C74B-11D7-BC4F-000A957E8754@electronink.com>
References: <0AF323D0-C74B-11D7-BC4F-000A957E8754@electronink.com>
Message-ID: <3F2FBA56.1080808@nyphp.org>



Russ Demarest wrote:

> There are a couple strange things, I am not accustom to.
> 
> Why do you define the link column as NOT NULL and then default to ''? Is 
> this not the equivalent of a contradiction? I doubt this is related.

Defaulting to '' means it'll default to the empty string, which is different from a NULL column.  You're right as in this case it probably isn't related, but I'm not a fan of NULL columns :)

> Maybe I am old school or something but I normally set my mysql_query() 
> equal to something like so
> 
> $sql = "INSERT into table blah blah";
> $res = mysql_query($sql) or die("Error insert");
> $new_id = mysql_insert_id($res);     # The $res is not needed, it 
> default to the last result set returned.

Hmm, I'd take another look here.  For INSERT statements, mysql_query() will only return TRUE or FALSE; not a result resource.  Furthermore, mysql_insert_id() takes a link resource; not a result resource.  Nevertheless, still no joy in trying the code.

Thanks,

H


> 
> This is a little different than you have it. Maybe try it and see what 
> happens.
> 
> Good Luck
> 
> On Tuesday, August 5, 2003, at 09:37 AM, Hans Zaunere wrote:
> 
>>
>> Bonjour,
>>
>>
>> I've got a strange situation here, and I'm hoping it's something I'm 
>> overlooking, rather than a bug.
>>
>>
>> The setup:
>>
>> MySQL 4.0.13-max-log
>> PHP 4.3.2 running as a DSO under Apache 1.3.28
>> FreeBSD 4.8-STABLE
>> MySQL is the mysql.com binary package; everything else is compiled 
>> from source
>>
>>
>> The table:
>> CREATE TABLE `links` (
>>  `linkid` int(10) unsigned NOT NULL auto_increment,
>>  `link` varchar(255) NOT NULL default '',
>>  PRIMARY KEY  (`linkid`),
>>  UNIQUE KEY `link` (`link`)
>> ) TYPE=MyISAM;
>>
>>
>> The code:
>>
>> <?php
>> $MYDB = mysql_connect('localhost','xxx','xxx');
>>
>>
>> $links = array('http://hans.zaunere.com',
>>               'http://zaunere.com',
>>               'http://hans.zaunere.com',
>>               'http://nyphp.org',
>>               'http://lists.nyphp.org',
>>               'http://nyphp.org'
>>              );
>>
>>
>> foreach( $links as $key => $link ) {
>>
>>   $tmp = mysql_escape_string($link);
>>
>>   mysql_query("INSERT INTO xxx.links (linkid,link)
>>                VALUES (NULL,'$tmp')", $MYDB);
>>
>>   $R_linkid = mysql_insert_id($MYDB);
>>
>>   if( !$R_linkid ) {
>>      $result = mysql_query("SELECT linkid FROM xxx.links WHERE 
>> link='$tmp'", $MYDB);
>>      echo '<pre>Selected '.mysql_num_rows($result).' rows.</pre>';
>>      $R_linkid = (int) mysql_result($result,0,0);
>>   }
>>
>>   echo "<pre>Array key: $key <br>Link: $link <br>Linkid: $R_linkid 
>> </pre><br><br>";
>> }
>>
>>
>>
>> The output:
>>
>> Array key: 0 Link: http://hans.zaunere.com Linkid: 1
>> Array key: 1 Link: http://zaunere.com Linkid: 2
>> Array key: 2 Link: http://hans.zaunere.com Linkid: 2
>> Array key: 3 Link: http://nyphp.org Linkid: 3
>> Array key: 4 Link: http://lists.nyphp.org Linkid: 4
>> Array key: 5 Link: http://nyphp.org Linkid: 4
>>
>> The problem:
>>
>> It seems that mysql_insert_id() returns the inserted ID from the 
>> previous 'successful' INSERT query, rather than it getting reset to 0 
>> since the immedieately previous INSERT fails to produce an 
>> AUTO_INCREMENT ID (as it's documented).  I sure hope I'm missing 
>> something; otherwise this bug is burning me in ways I have yet to 
>> discover.
>>
>> Thanks,
>>
>> H
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nyphp.org
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Tue Aug  5 10:09:57 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 10:09:57 -0400
Subject: [nycphp-talk] p_connect
In-Reply-To: <E19k2Ls-0007LD-G3@rslrs1-server.com>
References: <E19k2Ls-0007LD-G3@rslrs1-server.com>
Message-ID: <3F2FBAB5.10101@nyphp.org>



Brian Pang wrote:

> I've always used mysql_pconnect and haven't had any problems with it,
> perhaps because, as you say, it works very quickly. I guess I copped the
> pconnect style from original db connect scripts when I was first
> learning and, since it wasn't broke, never thought about it again.
> 
> 
> off the subject... maybe I should just DL my own copy of the PHP manual,
> but is it me or is the php.net site really slow right now?

Yeah, it's always slow  :)

http://us2.php.net/ is always pretty snappy for me.

H



> 
> 
>>
>>Daniel Kushner wrote:
>>
>>>Hi Matt,
>>>
>>>The main reason would be if you have more Web processes than Database
>>>connections. There just wouldn't be enough to go around :(
>>>
>>>>Anyone know why you wouldn't use p_connect to make a connection
>>>>to a database?
>>>>It seems like it would be better than regular connect in every case.
>>>>
>>>>Or at least does anyone know of any problems with it?
>>
>>It depends on the DB for the most part.  PHP's integration with some
> 
> APIs, like OCI8 isn't 100% from what I've seen, and you can get stale
> connections or other odd behavior.  On Oracle, this is important, since
> creating and tearing down connections are extremely expensive.  With
> MySQL, connections open and close very quickly, and I've found it rare
> to see much benefit from persistent connections.
> 
>>H
>>
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>
>>
> 
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From bpang at bpang.com  Tue Aug  5 10:11:49 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 05 Aug 2003 10:11:49 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
Message-ID: <E19k2XV-0008GF-IP@rslrs1-server.com>

I usually send 0 to the primary key


using the mysql client, are you able to replicate the problem? meaning,
do you get the right mysql_insert_id when performing inserts in the
mysql client

from the mysql manual:
"mysql_insert_id() is updated after INSERT and UPDATE statements that
generate an AUTO_INCREMENT value or that set a column value to
LAST_INSERT_ID(expr). See section 6.3.6.2 Miscellaneous Functions.

Also note that the value of the SQL LAST_INSERT_ID() function always
contains the most recently generated AUTO_INCREMENT value, and is not
reset between queries because the value of that function is maintained
in the server."

They say it doesn't get reset [to zero?]

still can't get into the php.net site to look at the php manual :(  so I
can't cross check exactly what php's mysql_insert_id() is doing or for
an alternative




> 
> 
> Russ Demarest wrote:
> 
> > There are a couple strange things, I am not accustom to.
> > 
> > Why do you define the link column as NOT NULL and then default to
''? Is 
> > this not the equivalent of a contradiction? I doubt this is related.
> 
> Defaulting to '' means it'll default to the empty string, which is
different from a NULL column.  You're right as in this case it probably
isn't related, but I'm not a fan of NULL columns :)
> 
> > Maybe I am old school or something but I normally set my mysql_query() 
> > equal to something like so
> > 
> > $sql = "INSERT into table blah blah";
> > $res = mysql_query($sql) or die("Error insert");
> > $new_id = mysql_insert_id($res);     # The $res is not needed, it 
> > default to the last result set returned.
> 
> Hmm, I'd take another look here.  For INSERT statements, mysql_query()
will only return TRUE or FALSE; not a result resource.  Furthermore,
mysql_insert_id() takes a link resource; not a result resource. 
Nevertheless, still no joy in trying the code.
> 
> Thanks,
> 
> H
> 
> 
> > 
> > This is a little different than you have it. Maybe try it and see what 
> > happens.
> > 
> > Good Luck
> > 
> > On Tuesday, August 5, 2003, at 09:37 AM, Hans Zaunere wrote:
> > 
> >>
> >> Bonjour,
> >>
> >>
> >> I've got a strange situation here, and I'm hoping it's something I'm 
> >> overlooking, rather than a bug.
> >>
> >>
> >> The setup:
> >>
> >> MySQL 4.0.13-max-log
> >> PHP 4.3.2 running as a DSO under Apache 1.3.28
> >> FreeBSD 4.8-STABLE
> >> MySQL is the mysql.com binary package; everything else is compiled 
> >> from source
> >>
> >>
> >> The table:
> >> CREATE TABLE `links` (
> >>  `linkid` int(10) unsigned NOT NULL auto_increment,
> >>  `link` varchar(255) NOT NULL default '',
> >>  PRIMARY KEY  (`linkid`),
> >>  UNIQUE KEY `link` (`link`)
> >> ) TYPE=MyISAM;
> >>
> >>
> >> The code:
> >>
> >> <?php
> >> $MYDB = mysql_connect('localhost','xxx','xxx');
> >>
> >>
> >> $links = array('http://hans.zaunere.com',
> >>               'http://zaunere.com',
> >>               'http://hans.zaunere.com',
> >>               'http://nyphp.org',
> >>               'http://lists.nyphp.org',
> >>               'http://nyphp.org'
> >>              );
> >>
> >>
> >> foreach( $links as $key => $link ) {
> >>
> >>   $tmp = mysql_escape_string($link);
> >>
> >>   mysql_query("INSERT INTO xxx.links (linkid,link)
> >>                VALUES (NULL,'$tmp')", $MYDB);
> >>
> >>   $R_linkid = mysql_insert_id($MYDB);
> >>
> >>   if( !$R_linkid ) {
> >>      $result = mysql_query("SELECT linkid FROM xxx.links WHERE 
> >> link='$tmp'", $MYDB);
> >>      echo '<pre>Selected '.mysql_num_rows($result).' rows.</pre>';
> >>      $R_linkid = (int) mysql_result($result,0,0);
> >>   }
> >>
> >>   echo "<pre>Array key: $key <br>Link: $link <br>Linkid: $R_linkid 
> >> </pre><br><br>";
> >> }
> >>
> >>
> >>
> >> The output:
> >>
> >> Array key: 0 Link: http://hans.zaunere.com Linkid: 1
> >> Array key: 1 Link: http://zaunere.com Linkid: 2
> >> Array key: 2 Link: http://hans.zaunere.com Linkid: 2
> >> Array key: 3 Link: http://nyphp.org Linkid: 3
> >> Array key: 4 Link: http://lists.nyphp.org Linkid: 4
> >> Array key: 5 Link: http://nyphp.org Linkid: 4
> >>
> >> The problem:
> >>
> >> It seems that mysql_insert_id() returns the inserted ID from the 
> >> previous 'successful' INSERT query, rather than it getting reset to 0 
> >> since the immedieately previous INSERT fails to produce an 
> >> AUTO_INCREMENT ID (as it's documented).  I sure hope I'm missing 
> >> something; otherwise this bug is burning me in ways I have yet to 
> >> discover.
> >>
> >> Thanks,
> >>
> >> H
> >>
> >>
> >> _______________________________________________
> >> talk mailing list
> >> talk at lists.nyphp.org
> >> http://lists.nyphp.org/mailman/listinfo/talk
> >>
> > 
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From nyphp at NewAgeWeb.com  Tue Aug  5 10:15:34 2003
From: nyphp at NewAgeWeb.com (Jerry Kapron)
Date: Tue, 05 Aug 2003 10:15:34 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
Message-ID: <007f01c35b5c$0a1d0a20$de01a8c0@duron.lan.newageweb.com>

Russ Demarest wrote:
>$sql = "INSERT into table blah blah";
>$res = mysql_query($sql) or die("Error insert");
>$new_id = mysql_insert_id($res); # The $res is not needed, it default 
>to the last result set returned.

Russ,
That's wrong. The optional parameter that mysql_insert_id() takes should be the database connection identifier and NOT the result resource returned by the mysql_query() function.

Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/ab091d11/attachment.html>

From cahoyos at us.ibm.com  Tue Aug  5 11:20:26 2003
From: cahoyos at us.ibm.com (Carlos A Hoyos)
Date: Tue, 5 Aug 2003 11:20:26 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <3F2FB312.9030606@nyphp.org>
Message-ID: <OFF4B83EEE.46E3E557-ON85256D79.00503DB0-85256D79.00543E65@us.ibm.com>







It's just ambiguous in the documentation, but mysql_insert_id() doesn't
default to 0 for this insert fail.

It's safer to check the return value of mysql_query in this case (will
return false if insertion fails).

Looking at the source code (file php-4.3.2/ext/mysql/php_mysql.c), the
insert_id value gets set under the "get_info:" label in the
mysql_read_query_result function, there's no variable reset on error, so
what you describe is the expected behavior (codewise).

Using LAST_INSERT_ID() in SQL can also be misleading, as it gets calculated
before insertion (and thus key validation), so it might increase even if
the query fails.


Carlos


                                                                                                                                       
                      Hans Zaunere                                                                                                     
                      <hans at nyphp.org>         To:       talk at lists.nyphp.org                                                          
                      Sent by:                 cc:                                                                                     
                      talk-bounces at list        Subject:  [nycphp-talk] mysql_insert_id Strangeness                                      
                      s.nyphp.org                                                                                                      
                                                                                                                                       
                                                                                                                                       
                      08/05/2003 09:37                                                                                                 
                      AM                                                                                                               
                      Please respond to                                                                                                
                      NYPHP Talk                                                                                                       
                                                                                                                                       




Bonjour,


I've got a strange situation here, and I'm hoping it's something I'm
overlooking, rather than a bug.


The setup:

MySQL 4.0.13-max-log
PHP 4.3.2 running as a DSO under Apache 1.3.28
FreeBSD 4.8-STABLE

MySQL is the mysql.com binary package; everything else is compiled from
source


The table:

CREATE TABLE `links` (
  `linkid` int(10) unsigned NOT NULL auto_increment,
  `link` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`linkid`),
  UNIQUE KEY `link` (`link`)
) TYPE=MyISAM;


The code:

<?php
$MYDB = mysql_connect('localhost','xxx','xxx');


$links = array('http://hans.zaunere.com',
               'http://zaunere.com',
               'http://hans.zaunere.com',
               'http://nyphp.org',
               'http://lists.nyphp.org',
               'http://nyphp.org'
              );


foreach( $links as $key => $link ) {

   $tmp = mysql_escape_string($link);

   mysql_query("INSERT INTO xxx.links (linkid,link)
                VALUES (NULL,'$tmp')", $MYDB);

   $R_linkid = mysql_insert_id($MYDB);

   if( !$R_linkid ) {
      $result = mysql_query("SELECT linkid FROM xxx.links WHERE
link='$tmp'", $MYDB);
      echo '<pre>Selected '.mysql_num_rows($result).' rows.</pre>';
      $R_linkid = (int) mysql_result($result,0,0);
   }

   echo "<pre>Array key: $key <br>Link: $link <br>Linkid: $R_linkid
</pre><br><br>";
}



The output:

Array key: 0
Link: http://hans.zaunere.com
Linkid: 1

Array key: 1
Link: http://zaunere.com
Linkid: 2

Array key: 2
Link: http://hans.zaunere.com
Linkid: 2

Array key: 3
Link: http://nyphp.org
Linkid: 3

Array key: 4
Link: http://lists.nyphp.org
Linkid: 4

Array key: 5
Link: http://nyphp.org
Linkid: 4


The problem:

It seems that mysql_insert_id() returns the inserted ID from the previous
'successful' INSERT query, rather than it getting reset to 0 since the
immedieately previous INSERT fails to produce an AUTO_INCREMENT ID (as it's
documented).  I sure hope I'm missing something; otherwise this bug is
burning me in ways I have yet to discover.

Thanks,

H


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk




From hans at nyphp.org  Tue Aug  5 12:29:09 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 12:29:09 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <E19k2XV-0008GF-IP@rslrs1-server.com>
References: <E19k2XV-0008GF-IP@rslrs1-server.com>
Message-ID: <3F2FDB55.3070002@nyphp.org>


> using the mysql client, are you able to replicate the problem? meaning,
> do you get the right mysql_insert_id when performing inserts in the
> mysql client

An illustrative C program (below) shows the same behavior, so it doesn't seem to be anything with PHP.

And even the MySQL documentation says something different than the behavior, from: http://www.mysql.com/doc/en/mysql_insert_id.html

"Note that mysql_insert_id() returns 0 if the previous query does not generate an AUTO_INCREMENT value..."

As Carlos pointed out, this is a gross documentation ambiguity.  The statement above is false according to the actual behavior, since an INSERT that fails because of a UNIQUE index doesn't generate an AUTO_INCREMENT value, yet mysql_insert_id() doesn't return 0.  This seems like a new quirk, although I could be wrong.

I'm going to bounce this off the mysql guys and see what they say.

H





#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "mysql/mysql.h"

MYSQL mysql;
MYSQL_RES *mysql_result;
MYSQL_ROW mysql_row;

char *links[6] = {"http://hans.zaunere.com",
                  "http://zaunere.com",
                  "http://hans.zaunere.com",
                  "http://nyphp.org",
                  "http://lists.nyphp.org",
                  "http://nyphp.org"};


int main(void) {

   int i,R_linkid;
   char insert_string[255];

   mysql_init(&mysql);

   mysql_real_connect(&mysql,"localhost","ptips","ptips--",NULL,0,NULL,0);

   for( i = 0; i < 6; ++i ) {
      printf("\nLink %d: %s\n", i,links[i]);
      sprintf(insert_string, "INSERT INTO ptips.links (linkid,link)
                              VALUES(NULL,'%s')",links[i]);

      mysql_real_query(&mysql,insert_string,sizeof(insert_string));

      R_linkid = mysql_insert_id(&mysql);

      printf("\nR_linkid: %d\n",R_linkid);
   }

}






From bpang at bpang.com  Tue Aug  5 12:26:33 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 05 Aug 2003 12:26:33 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
Message-ID: <E19k4dt-0001eM-Md@rslrs1-server.com>

ok, the C code is good for comparison and isolating where the problem
might be, or at least not with PHP...
good luck


> 
> > using the mysql client, are you able to replicate the problem? meaning,
> > do you get the right mysql_insert_id when performing inserts in the
> > mysql client
> 
> An illustrative C program (below) shows the same behavior, so it
doesn't seem to be anything with PHP.
> 
> And even the MySQL documentation says something different than the
behavior, from: http://www.mysql.com/doc/en/mysql_insert_id.html
> 
> "Note that mysql_insert_id() returns 0 if the previous query does not
generate an AUTO_INCREMENT value..."
> 
> As Carlos pointed out, this is a gross documentation ambiguity.  The
statement above is false according to the actual behavior, since an
INSERT that fails because of a UNIQUE index doesn't generate an
AUTO_INCREMENT value, yet mysql_insert_id() doesn't return 0.  This
seems like a new quirk, although I could be wrong.
> 
> I'm going to bounce this off the mysql guys and see what they say.
> 
> H
> 
> 
> 
> 
> 
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
> #include "mysql/mysql.h"
> 
> MYSQL mysql;
> MYSQL_RES *mysql_result;
> MYSQL_ROW mysql_row;
> 
> char *links[6] = {"http://hans.zaunere.com",
>                   "http://zaunere.com",
>                   "http://hans.zaunere.com",
>                   "http://nyphp.org",
>                   "http://lists.nyphp.org",
>                   "http://nyphp.org"};
> 
> 
> int main(void) {
> 
>    int i,R_linkid;
>    char insert_string[255];
> 
>    mysql_init(&mysql);
> 
>    mysql_real_connect(&mysql,"localhost","ptips","ptips--",NULL,0,NULL,0);
> 
>    for( i = 0; i < 6; ++i ) {
>       printf("\nLink %d: %s\n", i,links[i]);
>       sprintf(insert_string, "INSERT INTO ptips.links (linkid,link)
>                               VALUES(NULL,'%s')",links[i]);
> 
>       mysql_real_query(&mysql,insert_string,sizeof(insert_string));
> 
>       R_linkid = mysql_insert_id(&mysql);
> 
>       printf("\nR_linkid: %d\n",R_linkid);
>    }
> 
> }
> 
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From joshmccormack at travelersdiary.com  Tue Aug  5 13:18:11 2003
From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com)
Date: Tue, 5 Aug 2003 12:18:11 -0500 (CDT)
Subject: [nycphp-talk] mysql_fetch_array question (was off-topic database...)
In-Reply-To: <Pine.LNX.4.50.0308050646330.26188-100000@typhoon.he.net>
Message-ID: <Pine.LNX.4.44.0308051215160.9623-100000@westhost39.westhost.net>

On the subject of PHP, SQL, joins and the like, I encountered something a bit weird and wanted to see what all of you had to say on it.

 This is from the manual:

"mysql_fetch_array() is an extended version of mysql_fetch_row(). In
 addition to storing the data in the numeric indices of the result array,
 it also stores the data in associative indices, using the field names as
 keys.

  If two or more columns of the result have the same field names, the
 last column will take precedence. To access the other column(s) of the
 same name, you must use the numeric index of the column or make an alias
 for the column. For aliased columns, you cannot access the contents with
 the original column name (by using 'field' in this example)."




  so I have address fields, for example, that overwrite eachother. I
 either have to make up wacky names for the database columns, or I have
 to write out AS names for each (so using Select * is out). Now why
 wouldn't they throw in an option so your results have table names in
 front? So client.zip, owner.zip, etc. could all coexist? Doesn't that
 seem reasonable?


Josh



On Tue, 5 Aug 2003, jim.bishop wrote:

> > I believe the best way to normalize your tables is to apply the concept
> > of wether the information is related to that ID and is not going to
> > change or need to be archived. For example the users first and last name
> > and username/password and date of birth, etc are only related to this
> > user and there is no reason to have additional tables, Addresses on the
> > other hand can change and history can be important depending on your
> > project so a separate table for them is appropriate.
> 
> 
> i had been thinking of that as well.  i think you're right about the JOIN
> nightmare to follow.  i just wanted someone else to tell me that it would
> be a nightmare, so i wasn't not trying it because it seemed too abastract.
> 
> thanks!
> 
> 
> 
> >
> > Your structure is good for random data that will change or be added
> > later but for specific data that is unique to that ID and not going to
> > change your prior table structure is the most efficient and easiest to
> > code. Having over normalized (still up for debate) previous databases
> > the data is nice and makes sense but writing extensive joins down the
> > road become gruesome. I would recommend a blend of these two techniques.
> >
> > Planning out your database with a nice entity diagram will make your
> > life much easier and you should have the fields defined pretty well
> > before you create your first table. Of course this is the old boring
> > way but elliminates mistakes that will haunt you down the road.
> >
> > Hope this helps.
> >
> > On Tuesday, August 5, 2003, at 09:16 AM, jim.bishop wrote:
> >
> > >
> > > I'm designing a new user database for a personal project, and I was
> > > toying
> > > with a different method of storing the data than I have used before.
> > > Usually I create tables with logical column names that reference the
> > > data
> > > in the column.
> > >
> > > For Example:
> > >
> > > ---------------
> > > | User        |
> > > ---------------
> > > | id          |
> > > | first_name  |
> > > | last_name   |
> > > | email       |
> > >
> > > ...
> > > ---------------
> > >
> > > But this becomes cumbersome when you have to add fields to the table.
> > > I
> > > have designed a new table structure that looks like this:
> > >
> > >
> > > ---------------
> > > | User        |
> > > ---------------
> > > | uid         |
> > > ---------------
> > >
> > > -----------------
> > > | UserAttribute |
> > > -----------------
> > > | attribute_id  |
> > > | uid_fk        | * foreign key to user table
> > > | attribute     |
> > > | value         |
> > > -----------------
> > >
> > > Okay.  So I've built many user databases before and never employed the
> > > system below.  Has anyone else?  Besides the requisit JOIN that has to
> > > be
> > > called with every SELECT, what is the downsides to using this kind of
> > > architecture?
> > >
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> > >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> 
> 
> 
> 
>  -------------------------------------------------------
>  -------------------------------------------------------
>  -> the syntax of cummings, the absurdity of faulkner <-
>  || jimbishop.org  ||   jim.bishop   ||  i heart n y  ||
>  -------------------------------------------------------
>  -------------------------------------------------------
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From shiflett at php.net  Tue Aug  5 13:33:32 2003
From: shiflett at php.net (Chris Shiflett)
Date: Tue, 5 Aug 2003 10:33:32 -0700 (PDT)
Subject: [nycphp-talk] mysql_fetch_array question (was off-topic
	database...)
In-Reply-To: <Pine.LNX.4.44.0308051215160.9623-100000@westhost39.westhost.net>
Message-ID: <20030805173332.186.qmail@web14305.mail.yahoo.com>

--- joshmccormack at travelersdiary.com wrote:
>  so I have address fields, for example, that overwrite eachother. I
>  either have to make up wacky names for the database columns, or I have
>  to write out AS names for each (so using Select * is out). Now why
>  wouldn't they throw in an option so your results have table names in
>  front? So client.zip, owner.zip, etc. could all coexist? Doesn't that
>  seem reasonable?

I suppose. I bet most people in your situation either use "wacky" names such as
client_zip and owner_zip, or they alias them in the query. I see no benefit in
$foo['client.zip'] instead of $foo['client_zip'] myself. Plus, you can always
just use the enumerated array instead of the associative one.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From soazine at erols.com  Tue Aug  5 13:42:02 2003
From: soazine at erols.com (Phil Powell)
Date: Tue, 5 Aug 2003 13:42:02 -0400
Subject: [nycphp-talk] PHP and PayPal
Message-ID: <008501c35b78$e0d6c300$67a76244@philofsoa>

This might have been asked here before, but I was curious, what parameters would I need in order to set up a link to allow people to contribute to a PayPal account? 

I was not sure but I thought the account had to be at least Business for it to be set up, but is that true? Can General accounts also have that kind of access, and does PHP have anything built-in to handle PayPal?

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/1232fe44/attachment.html>

From Ed at ComSimplicity.com  Tue Aug  5 13:45:37 2003
From: Ed at ComSimplicity.com (Ed McCarroll)
Date: Tue, 5 Aug 2003 10:45:37 -0700
Subject: [nycphp-talk] [OffTopic] database design question
In-Reply-To: <Pine.LNX.4.50.0308050551100.26188-100000@typhoon.he.net>
Message-ID: <NDBBLLCLKJDNHHNPAAHHIEMIFHAA.Ed@ComSimplicity.com>

IMHO, you'd be causing more trouble than you'd be solving.  Think
about the kind of join required to do the equivalent of:

SELECT * FROM User WHERE last_name = "Smith" AND zip_code = "90210";

(assuming last_name and zip_code are moved into UserAttribute)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ed McCarroll                          MailTo:Ed at ComSimplicity.com
ComSimplicity                                      (310) 838-4330
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 



From bpang at bpang.com  Tue Aug  5 13:45:54 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 05 Aug 2003 13:45:54 -0400
Subject: [nycphp-talk] mysql_fetch_array question (was off-topic
	database...)
Message-ID: <E19k5sg-0000B9-G2@rslrs1-server.com>

Here are the basics of my way of dealing with this... I use this all the
time, so hopefully peer review won't expose some serious flaw! :)
(besides you often end up defining a bunch of variables you don't
actually need, but, you're smart, you can figure out how to change that)


$fooFields = array("foo.id", "foo.bar");
$barFields = array("bar.id", "bar.foo");

$result = mysql_query("select * from foo, bar");

$fields = array_merge($fooFields, $barFields);

while ($content = mysql_fetch_array($result)) {
    for ($f = 0; $f < count($fields); $f++) {
            ${str_replace(".", "__", $fields[$f])} = $content[$f];
    }
    echo("
        foo.id: $foo__id<br>
        foo.bar: $foo__bar<br>
        bar.id: $bar__id<br>
        foo.id: $bar__foo<br>
}


I dunno if you would consider the double-underscore to be wacky variable
names or not. For me, since I use it so frequently, it works well and I
always know which table the data is coming from.
You can, of course, change the table/column separator to whatever you
like. I found __ to be unique enough to not conflict with anything else.
The "automation" of it is also really handy when dealing with lots of
fields.

enjoy


> On the subject of PHP, SQL, joins and the like, I encountered
something a bit weird and wanted to see what all of you had to say on it.
> 
>  This is from the manual:
> 
> "mysql_fetch_array() is an extended version of mysql_fetch_row(). In
>  addition to storing the data in the numeric indices of the result array,
>  it also stores the data in associative indices, using the field names as
>  keys.
> 
>   If two or more columns of the result have the same field names, the
>  last column will take precedence. To access the other column(s) of the
>  same name, you must use the numeric index of the column or make an alias
>  for the column. For aliased columns, you cannot access the contents with
>  the original column name (by using 'field' in this example)."
> 
> 
> 
> 
>   so I have address fields, for example, that overwrite eachother. I
>  either have to make up wacky names for the database columns, or I have
>  to write out AS names for each (so using Select * is out). Now why
>  wouldn't they throw in an option so your results have table names in
>  front? So client.zip, owner.zip, etc. could all coexist? Doesn't that
>  seem reasonable?
> 
> 
> Josh
> 
> 
> 
> On Tue, 5 Aug 2003, jim.bishop wrote:
> 
> > > I believe the best way to normalize your tables is to apply the
concept
> > > of wether the information is related to that ID and is not going to
> > > change or need to be archived. For example the users first and
last name
> > > and username/password and date of birth, etc are only related to this
> > > user and there is no reason to have additional tables, Addresses
on the
> > > other hand can change and history can be important depending on your
> > > project so a separate table for them is appropriate.
> > 
> > 
> > i had been thinking of that as well.  i think you're right about the
JOIN
> > nightmare to follow.  i just wanted someone else to tell me that it
would
> > be a nightmare, so i wasn't not trying it because it seemed too
abastract.
> > 
> > thanks!
> > 
> > 
> > 
> > >
> > > Your structure is good for random data that will change or be added
> > > later but for specific data that is unique to that ID and not going to
> > > change your prior table structure is the most efficient and easiest to
> > > code. Having over normalized (still up for debate) previous databases
> > > the data is nice and makes sense but writing extensive joins down the
> > > road become gruesome. I would recommend a blend of these two
techniques.
> > >
> > > Planning out your database with a nice entity diagram will make your
> > > life much easier and you should have the fields defined pretty well
> > > before you create your first table. Of course this is the old boring
> > > way but elliminates mistakes that will haunt you down the road.
> > >
> > > Hope this helps.
> > >
> > > On Tuesday, August 5, 2003, at 09:16 AM, jim.bishop wrote:
> > >
> > > >
> > > > I'm designing a new user database for a personal project, and I was
> > > > toying
> > > > with a different method of storing the data than I have used before.
> > > > Usually I create tables with logical column names that reference the
> > > > data
> > > > in the column.
> > > >
> > > > For Example:
> > > >
> > > > ---------------
> > > > | User        |
> > > > ---------------
> > > > | id          |
> > > > | first_name  |
> > > > | last_name   |
> > > > | email       |
> > > >
> > > > ...
> > > > ---------------
> > > >
> > > > But this becomes cumbersome when you have to add fields to the
table.
> > > > I
> > > > have designed a new table structure that looks like this:
> > > >
> > > >
> > > > ---------------
> > > > | User        |
> > > > ---------------
> > > > | uid         |
> > > > ---------------
> > > >
> > > > -----------------
> > > > | UserAttribute |
> > > > -----------------
> > > > | attribute_id  |
> > > > | uid_fk        | * foreign key to user table
> > > > | attribute     |
> > > > | value         |
> > > > -----------------
> > > >
> > > > Okay.  So I've built many user databases before and never
employed the
> > > > system below.  Has anyone else?  Besides the requisit JOIN that
has to
> > > > be
> > > > called with every SELECT, what is the downsides to using this
kind of
> > > > architecture?
> > > >
> > > >
> > > > _______________________________________________
> > > > talk mailing list
> > > > talk at lists.nyphp.org
> > > > http://lists.nyphp.org/mailman/listinfo/talk
> > > >
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > 
> > 
> > 
> > 
> >  -------------------------------------------------------
> >  -------------------------------------------------------
> >  -> the syntax of cummings, the absurdity of faulkner <-
> >  || jimbishop.org  ||   jim.bishop   ||  i heart n y  ||
> >  -------------------------------------------------------
> >  -------------------------------------------------------
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> > 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From csnyder at chxo.com  Tue Aug  5 13:47:12 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 05 Aug 2003 13:47:12 -0400
Subject: [nycphp-talk] PHP and PayPal
In-Reply-To: <008501c35b78$e0d6c300$67a76244@philofsoa>
References: <008501c35b78$e0d6c300$67a76244@philofsoa>
Message-ID: <3F2FEDA0.4010002@chxo.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/5fbba8db/attachment.html>

From danielc at analysisandsolutions.com  Tue Aug  5 14:02:34 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 5 Aug 2003 14:02:34 -0400
Subject: [nycphp-talk] to rewrite or not to rewrite URLs...
In-Reply-To: <Pine.NEB.4.55.0307181444070.10664@panix5.panix.com>
References: <20030718040053.GA28919@panix.com>
	<002301c34d53$e8fd3b00$6500a8c0@THINKPAD>
	<Pine.NEB.4.55.0307181444070.10664@panix5.panix.com>
Message-ID: <20030805180233.GA2133@panix.com>

Hi Folks:

On Fri, Jul 18, 2003 at 02:53:35PM -0400, David Mintz wrote:
> 
> Do you guys use URL rewriting to ensure that the session id is propagated
> from page to page even if the user refuses your cookie?

Yes.  It guarantees access to your resources.  I don't even bother with 
cookies, because managing them differs slightly from browser to browser.  
Even if users accept one cookie from you, there's no guarantee they'll 
continue to do so, thus, it's difficult to manage sessions reliably with 
them.


> I've read somewhere that it can cause 'confusion' or 'problems' if the
> user bookmarks a URL with a session id in the query string, and tries to
> access the page after the session is over, but those readings did not say
> whether you should really worry about it or what the worst case scenario
> is.

This can happen with cookie based sessions too if the cookie hasn't 
expired or been deleted by the next time the user arrives.

It's not a problem if you structure your system effectively.  The way to
handle situations like these is to have your session system keep track of
the last time the session was used.  If it's longer than your timeout,
kill the old session and start a new one... and if the current page
requires authorization, don't show them the stuff.

I just whipped up a new session manager which takes advantage of PHP's 
transparent session id propagation, plus some other handy tricks.  It's 
available on my website:
   http://www.analysisandsolutions.com/software/session-simple/

I'd love to get some peer review on the program, so please check it out.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From winston at xylophage.com  Tue Aug  5 14:40:01 2003
From: winston at xylophage.com (Winston Churchill-Joell)
Date: Tue, 5 Aug 2003 14:40:01 -0400
Subject: [nycphp-talk] Hypothetical caching question
Message-ID: <38A2E050-C774-11D7-87D5-003065569500@xylophage.com>

I'm running a templated PHP-driven site and it dawned no me the other 
day that my template's modified date is almost  a year old. Of course, 
some of the files that get included are modified almost daily.

So, does PHP modify the HTTP headers to reflect the "last modified" 
dates of any files included, or am I reaching here?



From nestorflorez at earthlink.net  Tue Aug  5 14:49:37 2003
From: nestorflorez at earthlink.net (Nestor Florez)
Date: Tue, 5 Aug 2003 11:49:37 -0700 (GMT)
Subject: [nycphp-talk] PHP and PayPal
Message-ID: <5739312.1060109545360.JavaMail.nobody@grover.psp.pas.earthlink.net>

paypal provides some php or perl code that you can add to your site.

I was working on something simmilar at one point and I was pull away from the project (I do not remember much now!).  We would keep track of the user that came into our site before we send them to paypal.  We add the user to the DB and put up a flag about the user.  When paypal send us information on payment we would autmatically remnove the flag from the db as he had paid.  

It gets tricky because once the user is sent to paypal, paypal just returns a couple of field info.  YOu got to look at the php paypal code.  A couple of the fields that paypal returned to us we used to identiy the client in our DB

Good luck,

Nestor :-)
-------Original Message-------
From: Chris Snyder <csnyder at chxo.com>
Sent: 08/05/03 10:47 AM
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] PHP and PayPal

> 
> _______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/bf6a265d/attachment.html>

From jonbaer at jonbaer.net  Tue Aug  5 18:00:16 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 5 Aug 2003 15:00:16 -0700
Subject: [nycphp-talk] PHP and PayPal
References: <008501c35b78$e0d6c300$67a76244@philofsoa>
	<3F2FEDA0.4010002@chxo.com>
Message-ID: <014e01c35b9c$f4141b10$6500a8c0@THINKPAD>

the way u talk to paypal is through their IPN notifications ...

http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside#php

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/06689632/attachment.html>

From danielc at analysisandsolutions.com  Tue Aug  5 15:00:52 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 5 Aug 2003 15:00:52 -0400
Subject: [nycphp-talk] Hypothetical caching question
In-Reply-To: <38A2E050-C774-11D7-87D5-003065569500@xylophage.com>
References: <38A2E050-C774-11D7-87D5-003065569500@xylophage.com>
Message-ID: <20030805190052.GA8887@panix.com>

On Tue, Aug 05, 2003 at 02:40:01PM -0400, Winston Churchill-Joell wrote:

> So, does PHP modify the HTTP headers to reflect the "last modified" 
> dates of any files included, or am I reaching here?

Why don't you tell us.  Most browsers have a feature that lets you examine 
the present page's information.  In that list of info is the last modified 
field.  So, whip up some tests and tell us what you find.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From danielc at analysisandsolutions.com  Tue Aug  5 15:09:26 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 5 Aug 2003 15:09:26 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <0AF323D0-C74B-11D7-BC4F-000A957E8754@electronink.com>
References: <3F2FB312.9030606@nyphp.org>
	<0AF323D0-C74B-11D7-BC4F-000A957E8754@electronink.com>
Message-ID: <20030805190925.GB8887@panix.com>

Folks:

On Tue, Aug 05, 2003 at 09:45:15AM -0400, Russ Demarest wrote:
> 
> Why do you define the link column as NOT NULL and then default to ''? 
> Is this not the equivalent of a contradiction? I doubt this is related.

Doing so saves one byte per record and it saves time when doing queries
since you only have to check for WHERE Field='' rather than having to also
do a WHERE Field IS NULL.

... snipity, snip, snip.  the friendly way to post...

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From kenrbnsn at rbnsn.com  Tue Aug  5 15:09:37 2003
From: kenrbnsn at rbnsn.com (Ken Robinson)
Date: Tue, 05 Aug 2003 15:09:37 -0400
Subject: [nycphp-talk] PHP and PayPal
In-Reply-To: <014e01c35b9c$f4141b10$6500a8c0@THINKPAD>
References: <008501c35b78$e0d6c300$67a76244@philofsoa>
	<3F2FEDA0.4010002@chxo.com>
Message-ID: <5.2.1.1.2.20030805150510.05b51e70@mail.rbnsn.com>

At 03:00 PM 8/5/2003 -0700, you wrote:

>the way u talk to paypal is through their IPN notifications ...
>
><http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside#php>http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside#php
>
>- jon

You don't need to use IPN. I have a site that uses PayPal to purchase gift 
certificates. On the page where the "Paypal" button is, I store the 
variables I will need in Session variable and set the "Paypal Success URL" 
to my success PHP page. When Paypal invokes my page, I get everything I 
need from the Session variables.  Works very well.

Ken Robinson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/f4f16d03/attachment.html>

From jonbaer at jonbaer.net  Tue Aug  5 18:20:12 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 5 Aug 2003 15:20:12 -0700
Subject: [nycphp-talk] PHP and PayPal
References: <008501c35b78$e0d6c300$67a76244@philofsoa><3F2FEDA0.4010002@chxo.com>
	<5.2.1.1.2.20030805150510.05b51e70@mail.rbnsn.com>
Message-ID: <016a01c35b9f$bd68de40$6500a8c0@THINKPAD>

i think its primarily used in the cases of where someone might not have come in off a website (thus no success url) ... but to allow all notifications anyway since u can provide it in ur account settings ... 

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


  ----- Original Message ----- 
  From: Ken Robinson 
  To: NYPHP Talk 
  Sent: Tuesday, August 05, 2003 12:09 PM
  Subject: Re: [nycphp-talk] PHP and PayPal


  At 03:00 PM 8/5/2003 -0700, you wrote:


    the way u talk to paypal is through their IPN notifications ...
     
    http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside#php
     
    - jon

  You don't need to use IPN. I have a site that uses PayPal to purchase gift certificates. On the page where the "Paypal" button is, I store the variables I will need in Session variable and set the "Paypal Success URL" to my success PHP page. When Paypal invokes my page, I get everything I need from the Session variables.  Works very well.

  Ken Robinson



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/bfd24f49/attachment.html>

From soazine at erols.com  Tue Aug  5 15:42:44 2003
From: soazine at erols.com (Phil Powell)
Date: Tue, 5 Aug 2003 15:42:44 -0400
Subject: [nycphp-talk] PHP and PayPal
References: <008501c35b78$e0d6c300$67a76244@philofsoa><3F2FEDA0.4010002@chxo.com>
	<5.2.1.1.2.20030805150510.05b51e70@mail.rbnsn.com>
Message-ID: <015b01c35b89$bd9e4820$67a76244@philofsoa>

Thanx I was not sure if you needed a specific type of account for that, though..

Phil
  ----- Original Message ----- 
  From: Ken Robinson 
  To: NYPHP Talk 
  Sent: Tuesday, August 05, 2003 3:09 PM
  Subject: Re: [nycphp-talk] PHP and PayPal


  At 03:00 PM 8/5/2003 -0700, you wrote:


    the way u talk to paypal is through their IPN notifications ...
     
    http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside#php
     
    - jon

  You don't need to use IPN. I have a site that uses PayPal to purchase gift certificates. On the page where the "Paypal" button is, I store the variables I will need in Session variable and set the "Paypal Success URL" to my success PHP page. When Paypal invokes my page, I get everything I need from the Session variables.  Works very well.

  Ken Robinson



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/0296a109/attachment.html>

From hans at nyphp.org  Tue Aug  5 16:08:38 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 16:08:38 -0400
Subject: [nycphp-talk] [Fwd: Invitation to participate in Apache J2EE efforts]
Message-ID: <3F300EC6.9090201@nyphp.org>


I know this is a PHP list, but hey; it's Apache!


-------- Original Message --------
Subject: Invitation to participate in Apache J2EE efforts
Date: Tue, 5 Aug 2003 08:58:25 -0700
From: Greg Stein <gstein at apache.org>


As you may have heard by now, the Apache Software Foundation has initiated a
project to develop an open source, Apache-licensed implementation of the
J2EE specification. In addition, the project is committed to certifying the
implementation as J2EE compliant. This is an ambitious goal and will present
a formidable challenge for the people involved, given the wide range of
technologies covered by the specification.

The project (tentatively named "Apache Geronimo") builds upon the many Java
projects at the Apache Software Foundation. In addition, the project is
bringing together leading members of the Castor, JBoss, MX4J and OpenEJB
communities. We would like to extend an open invitation to everyone involved
in the J2EE space, both commercial entities and talented individuals, to
join the community and build a world-class J2EE implementation.

The Apache Software Foundation is in a unique position to build a J2EE
compliant platform. Our non-profit, charity status, and our relationship
with Sun Microsystems, provides the Foundation with access to the J2EE TCKs,
making it possible to achieve certification. In addition, our flexible and
unrestrictive licensing makes it possible for a wide variety of participants
to assist in the development of Apache Geronimo, and to build their own
solutions upon the platform.

Apache Geronimo has been launched within the Apache Incubator. You can find
more information about the Incubator at http://incubator.apache.org/. To
find out more about this project or if you would like to become involved,
please send email to the incubator mailing list: general at incubator.apache.org


    On behalf of the Apache Geronimo Team,

    Greg Stein,
    Chairman of the Apache Software Foundation

-- 
gstein at apache.org ... ASF Chairman ... http://www.apache.org/





From jonbaer at jonbaer.net  Tue Aug  5 19:33:55 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 5 Aug 2003 16:33:55 -0700
Subject: [nycphp-talk] [Fwd: Invitation to participate in Apache J2EE
	efforts]
References: <3F300EC6.9090201@nyphp.org>
Message-ID: <01a801c35baa$091d50f0$6500a8c0@THINKPAD>

this is probably one of the bigger reasons for my switch to php, the fact
that there is no rather expensive certification procedure for any apps u do
build, much of the dictation on items u wanted to build into an enterprise
app had to wait for finalization from sun (a rather long time for some apis)
and then go through the j2ee process.

id really wonder how all the other companies which did have to license j2ee
to the max feel about this ... (http://java.sun.com/j2ee/compatibility.html)

not to mention the fact that php folks would not have to send a nice letter
:-)

http://java.sun.com/j2ee/vendorltr.html

i still think java is a solid well rounded robust language, but im not sure
i agree w/ the j2ee process.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: "Hans Zaunere" <hans at nyphp.org>
To: <talk at lists.nyphp.org>
Sent: Tuesday, August 05, 2003 1:08 PM
Subject: [nycphp-talk] [Fwd: Invitation to participate in Apache J2EE
efforts]


>
> I know this is a PHP list, but hey; it's Apache!
>
>
> -------- Original Message --------
> Subject: Invitation to participate in Apache J2EE efforts
> Date: Tue, 5 Aug 2003 08:58:25 -0700
> From: Greg Stein <gstein at apache.org>
>
>
> As you may have heard by now, the Apache Software Foundation has initiated
a
> project to develop an open source, Apache-licensed implementation of the
> J2EE specification. In addition, the project is committed to certifying
the
> implementation as J2EE compliant. This is an ambitious goal and will
present
> a formidable challenge for the people involved, given the wide range of
> technologies covered by the specification.
>
> The project (tentatively named "Apache Geronimo") builds upon the many
Java
> projects at the Apache Software Foundation. In addition, the project is
> bringing together leading members of the Castor, JBoss, MX4J and OpenEJB
> communities. We would like to extend an open invitation to everyone
involved
> in the J2EE space, both commercial entities and talented individuals, to
> join the community and build a world-class J2EE implementation.
>
> The Apache Software Foundation is in a unique position to build a J2EE
> compliant platform. Our non-profit, charity status, and our relationship
> with Sun Microsystems, provides the Foundation with access to the J2EE
TCKs,
> making it possible to achieve certification. In addition, our flexible and
> unrestrictive licensing makes it possible for a wide variety of
participants
> to assist in the development of Apache Geronimo, and to build their own
> solutions upon the platform.
>
> Apache Geronimo has been launched within the Apache Incubator. You can
find
> more information about the Incubator at http://incubator.apache.org/. To
> find out more about this project or if you would like to become involved,
> please send email to the incubator mailing list:
general at incubator.apache.org
>
>
>     On behalf of the Apache Geronimo Team,
>
>     Greg Stein,
>     Chairman of the Apache Software Foundation
>
> -- 
> gstein at apache.org ... ASF Chairman ... http://www.apache.org/
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From nestorflorez at earthlink.net  Tue Aug  5 16:32:20 2003
From: nestorflorez at earthlink.net (Nestor Florez)
Date: Tue, 5 Aug 2003 13:32:20 -0700 (GMT)
Subject: [nycphp-talk] PHP and PayPal
Message-ID: <3300800.1060115705362.JavaMail.nobody@grover.psp.pas.earthlink.net>

Phil,

I though paypal only allowed you pass them 2 special variables.

How do you manage to pass all of your session variables to your success page. When you give control to the paypal page and paypal does not keep track of session variables, when it returns to your sucess page?

I am just curious, I am not working on this stuff any more.

Thanks,

Nestor :-)

Original message attached.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030805/d5c15457/attachment.html>

From danielc at analysisandsolutions.com  Tue Aug  5 17:08:44 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 5 Aug 2003 17:08:44 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <OFF4B83EEE.46E3E557-ON85256D79.00503DB0-85256D79.00543E65@us.ibm.com>
References: <3F2FB312.9030606@nyphp.org>
	<OFF4B83EEE.46E3E557-ON85256D79.00503DB0-85256D79.00543E65@us.ibm.com>
Message-ID: <20030805210843.GA22136@panix.com>

Hey Folks:

On Tue, Aug 05, 2003 at 11:20:26AM -0400, Carlos A Hoyos wrote:
> 
> It's safer to check the return value of mysql_query in this case (will
> return false if insertion fails).

Yep.  When mysql_query() fails, I check the value of mysql_errno().  Error 
numbers 1022 and 1062 have to do with duplicate keys on (if I recall 
correctly) primary keys and duplicate keys (or if I recall incorrectly, 
insert vs update queries).

switch ( @mysql_errno($Connection) ) {
    case 1022:
    case 1062:
        # Couldn't insert/update record due to duplicate key.
        break;

    default:
        # Some other database error.  Trap it.
        echo @mysql_error($this->SQLConnection);
        exit;
}

... snipping out old, irrelevant parts... the friendly way to post...

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From dan at mx2pro.com  Tue Aug  5 17:13:03 2003
From: dan at mx2pro.com (Dan Horning)
Date: Tue, 5 Aug 2003 17:13:03 -0400
Subject: [nycphp-talk] PHP and PayPal
In-Reply-To: <015b01c35b89$bd9e4820$67a76244@philofsoa>
Message-ID: <000e01c35b96$5d09c810$6f62ca42@dwchome>

You don't need to use IPN. I have a site that uses PayPal to purchase
gift certificates. On the page where the "Paypal" button is, I store the
variables I will need in Session variable and set the "Paypal Success
URL" to my success PHP page. When Paypal invokes my page, I get
everything I need from the Session variables.  Works very well.

Ken Robinson


Show me your site ... And I could steal a ton from you... Unless you
check the paypal IPN .. You don't really have any real way to verify
that an order has been aproved or declined...

Make sence everyone..???
(unless you want to check every single order personally....)
-dan



From hans at nyphp.org  Tue Aug  5 17:28:24 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 17:28:24 -0400
Subject: [nycphp-talk] mysql_insert_id Strangeness
In-Reply-To: <20030805210843.GA22136@panix.com>
References: <3F2FB312.9030606@nyphp.org>	<OFF4B83EEE.46E3E557-ON85256D79.00503DB0-85256D79.00543E65@us.ibm.com>
	<20030805210843.GA22136@panix.com>
Message-ID: <3F302178.3030706@nyphp.org>



Analysis & Solutions wrote:
> Hey Folks:
> 
> On Tue, Aug 05, 2003 at 11:20:26AM -0400, Carlos A Hoyos wrote:
> 
>>It's safer to check the return value of mysql_query in this case (will
>>return false if insertion fails).

True.  But doing a type-strict comparision on the query itself, seems, well strange somehow.

> Yep.  When mysql_query() fails, I check the value of mysql_errno().  Error 
> numbers 1022 and 1062 have to do with duplicate keys on (if I recall 
> correctly) primary keys and duplicate keys (or if I recall incorrectly, 
> insert vs update queries).

Absolutely; I'll use mysql_errno() when I really need to keep things in line, but I'm almost positive the mysql_insert_id() trick works (or worked).  Especially since it's documented that way.

Oh well.  Still fishing on mysql's lists,

H




From hans at nyphp.org  Tue Aug  5 17:31:47 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 05 Aug 2003 17:31:47 -0400
Subject: [nycphp-talk] [Fwd: Invitation to participate in Apache
	J2EE	efforts]
In-Reply-To: <01a801c35baa$091d50f0$6500a8c0@THINKPAD>
References: <3F300EC6.9090201@nyphp.org>
	<01a801c35baa$091d50f0$6500a8c0@THINKPAD>
Message-ID: <3F302243.8080704@nyphp.org>



Jon Baer wrote:

> this is probably one of the bigger reasons for my switch to php, the fact
> that there is no rather expensive certification procedure for any apps u do
> build, much of the dictation on items u wanted to build into an enterprise
> app had to wait for finalization from sun (a rather long time for some apis)
> and then go through the j2ee process.

You bring up a good point Jon.  While the approval process can be tedious, especially for the developers and tech folk, it fares well with the "higher ups."  Just like the Intel Inside, Windows logos, and now the RedHat logo, they love to see some branding - something that says "we certify this will work, and if it doesn't, it may cost you more money but we'll fix it".

Maybe we should startup the NYPHP p2ee approval process :)

H




From dmintz at panix.com  Tue Aug  5 17:38:02 2003
From: dmintz at panix.com (David Mintz)
Date: Tue, 5 Aug 2003 17:38:02 -0400 (EDT)
Subject: [nycphp-talk] to rewrite or not to rewrite URLs...
In-Reply-To: <20030805180233.GA2133@panix.com>
References: <20030718040053.GA28919@panix.com>
	<002301c34d53$e8fd3b00$6500a8c0@THINKPAD>
	<Pine.NEB.4.55.0307181444070.10664@panix5.panix.com>
	<20030805180233.GA2133@panix.com>
Message-ID: <Pine.NEB.4.56.0308051656160.12459@panix5.panix.com>


Now you got me thinking again (damn!). I have in place right now a sort of
poor-man's de facto session time-out. I am using a private directory to
save sessions (and wrapping the script to run as me in cgi mode, and
setting file permission restrictively, because it's a shared server and
there are security considerations). Old serialized session files
accumulate indefinitely unless I do something. So I have a daily cron
job/shell script that deletes all the session files whose last access
times are greater than x. I figure this is better than nothing. OTOH I
will give your code a look.

Interesting, two of our gurus (Hans and you) take different approaches to
this.  How about a debate, guys?

On Tue, 5 Aug 2003, Analysis & Solutions wrote:

> Hi Folks:
>
> On Fri, Jul 18, 2003 at 02:53:35PM -0400, David Mintz wrote:
> >
> > Do you guys use URL rewriting to ensure that the session id is propagated
> > from page to page even if the user refuses your cookie?
>
> Yes.  It guarantees access to your resources.  I don't even bother with
> cookies, because managing them differs slightly from browser to browser.
> Even if users accept one cookie from you, there's no guarantee they'll
> continue to do so, thus, it's difficult to manage sessions reliably with
> them.
>
>
> > I've read somewhere that it can cause 'confusion' or 'problems' if the
> > user bookmarks a URL with a session id in the query string, and tries to
> > access the page after the session is over, but those readings did not say
> > whether you should really worry about it or what the worst case scenario
> > is.
>
> This can happen with cookie based sessions too if the cookie hasn't
> expired or been deleted by the next time the user arrives.
>
> It's not a problem if you structure your system effectively.  The way to
> handle situations like these is to have your session system keep track of
> the last time the session was used.  If it's longer than your timeout,
> kill the old session and start a new one... and if the current page
> requires authorization, don't show them the stuff.
>
> I just whipped up a new session manager which takes advantage of PHP's
> transparent session id propagation, plus some other handy tricks.  It's
> available on my website:
>    http://www.analysisandsolutions.com/software/session-simple/
>
> I'd love to get some peer review on the program, so please check it out.
>
> Enjoy,
>
> --Dan
>
> --
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

Decibels of sound pressure employed by a new "thermoacoustic" refrigerator: 190
Decibels of sound pressure sufficient to ignite a person's hair: 165

	-- Harper's Index, February 2003


From winston at xylophage.com  Tue Aug  5 17:53:35 2003
From: winston at xylophage.com (Winston Churchill-Joell)
Date: Tue, 5 Aug 2003 17:53:35 -0400
Subject: [nycphp-talk] Hypothetical caching question
In-Reply-To: <20030805190052.GA8887@panix.com>
Message-ID: <43A5717E-C78F-11D7-87D5-003065569500@xylophage.com>

Well, if anyone else is interested in the answer to this question, this 
is what I've found so far:

http://us3.php.net/source.php?url=/index.php

I haven't poked around in all of the inc files that they also link to, 
but this does reveal that the authors go to some trouble to make sure 
the "real" modified date is showing up.

Thought this was interesting enough to share with the group.

Cheers,
Winston

On Tuesday, August 5, 2003, at 03:00  PM, Analysis & Solutions wrote:

> On Tue, Aug 05, 2003 at 02:40:01PM -0400, Winston Churchill-Joell 
> wrote:
>
>> So, does PHP modify the HTTP headers to reflect the "last modified"
>> dates of any files included, or am I reaching here?
>
> Why don't you tell us.  Most browsers have a feature that lets you 
> examine
> the present page's information.  In that list of info is the last 
> modified
> field.  So, whip up some tests and tell us what you find.
>
> --Dan
>
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From hans at nyphp.org  Wed Aug  6 09:45:06 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 06 Aug 2003 09:45:06 -0400
Subject: [nycphp-talk] Ready, Set, Google!
Message-ID: <3F310662.3000305@nyphp.org>


Good morning,

Over the last couple of days I've been playing with trying to provide some search capabilities to the mailing lists, noteably Talk.  Day after day valuable information and URLs are passed around and, for the most part, lost into history.

I tried a couple of things, not finishing any of them, until I finally took the easy way out.  Warning: These are all very rough :)

-- http://lists.nyphp.org/ptips/ scrapes URLs from each NYPHP-Talk message and throws it into a table.  There's of course many improvements that could be made, but it's kind of interesting to see the links people have referred to in the past.  Also, clicking the X will deactive that link (for instance, if you find a shopping.yahoo.com or hotmail.com in the listing).

-- http://lists.nyphp.org/search.php is a full text index of all NYPHP-Talk's mail message.  Yes, it's very rough (I forgot to include the subject of the message in the result listing) but it has potential.

-- http://nyphp.org/google.php is the easy way out.  It's your basic google search of our entire site, including the mailing list archives.  The only drawback is it's not very current.  The searches are always right on (afterall, it's google) but you'll probably have to wait a few weeks to see things get updated.  That said, I made it the primary means for searching our sites, until we get something better online.


So I just thought I'd throw these out there and I'm happy to hear any feedback as to what improvements could be made, what features/functionality people would find useful, etc.

Thanks,

H





From andrew at digitalpulp.com  Wed Aug  6 09:40:47 2003
From: andrew at digitalpulp.com (Andrew Yochum)
Date: Wed, 6 Aug 2003 09:40:47 -0400
Subject: [nycphp-talk] [FWD: [ANNOUNCE] plPHP beta released]
Message-ID: <20030806134040.GE22595@thighmaster.digitalpulp.com>

Just passing this along.

----- Forwarded message from rrussell at commandprompt.com -----

Date: Tue, 5 Aug 2003 22:26:24 -0700 (PDT)
From: rrussell at commandprompt.com
To: pgsql-announce at postgresql.org
Subject: [ANNOUNCE] plPHP beta released
User-Agent: SquirrelMail/1.4.0
Importance: Normal
Precedence: bulk

Command Prompt, Inc. (those who brought you Practical PostgreSQL from
O'Reilly) has released plPHP to the Open Source community under the PHP
license.

PlPHP is great for PHP coders who want to develop PostgreSQL functions in
php code.

Take a look here:
http://www.commandprompt.com/entry.lxp?lxpe=260

-Robby Russell

Programmer
Command Prompt, Inc.
http://www.commandprompt.com/

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faqs/FAQ.html

----- End forwarded message -----

-- 
Andrew Yochum
Digital Pulp, Inc.
212.679.0676x255
andrew at digitalpulp.com


From jlacey at ix.netcom.com  Wed Aug  6 09:43:54 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Wed, 06 Aug 2003 07:43:54 -0600
Subject: [nycphp-talk] Ready, Set, Google!
In-Reply-To: <3F310662.3000305@nyphp.org>
References: <3F310662.3000305@nyphp.org>
Message-ID: <3F31061A.6070708@ix.netcom.com>

Hans Zaunere wrote:

>
> Good morning,
>
> Over the last couple of days I've been playing with trying to provide 
> some search capabilities to the mailing lists, noteably Talk.  Day 
> after day valuable information and URLs are passed around and, for the 
> most part, lost into history. 


wow Hans, I was *just* thinking of this the other day in terms of 
"task/problem" type training.  There is a wealth of info in the lists, 
even tho I've been signed up for only a short time, and I wanted to 
bring some of the issues that are brought up to include these types of 
problems in my PHP/MySQL training curriculum.


thanks,
John


>
>
> I tried a couple of things, not finishing any of them, until I finally 
> took the easy way out.  Warning: These are all very rough :)
>
> -- http://lists.nyphp.org/ptips/ scrapes URLs from each NYPHP-Talk 
> message and throws it into a table.  There's of course many 
> improvements that could be made, but it's kind of interesting to see 
> the links people have referred to in the past.  Also, clicking the X 
> will deactive that link (for instance, if you find a 
> shopping.yahoo.com or hotmail.com in the listing).
>
> -- http://lists.nyphp.org/search.php is a full text index of all 
> NYPHP-Talk's mail message.  Yes, it's very rough (I forgot to include 
> the subject of the message in the result listing) but it has potential.
>
> -- http://nyphp.org/google.php is the easy way out.  It's your basic 
> google search of our entire site, including the mailing list 
> archives.  The only drawback is it's not very current.  The searches 
> are always right on (afterall, it's google) but you'll probably have 
> to wait a few weeks to see things get updated.  That said, I made it 
> the primary means for searching our sites, until we get something 
> better online.
>
>
> So I just thought I'd throw these out there and I'm happy to hear any 
> feedback as to what improvements could be made, what 
> features/functionality people would find useful, etc.
>
> Thanks,
>
> H
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>




From jonbaer at jonbaer.net  Wed Aug  6 13:23:24 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 6 Aug 2003 10:23:24 -0700
Subject: [nycphp-talk] Ready, Set, Google!
References: <3F310662.3000305@nyphp.org>
Message-ID: <003401c35c3f$715e5b10$6500a8c0@THINKPAD>

ok what would be extremely cool is to make ptips integrated *with* a mailing
list.  i attempted this a long time ago w/ alicemail in which ud setup
something like dummy at nyphp.org and have it attempt to help out a user by
attaching urls/info @ the bottom of emails/responses (in terms of faqs).
the hardest part about it i found is visible in ur tests (the
signatures/keys/urls which pertain to nothing in the topic).

does "x"ing a link out remove it from all pertaining links?

very cool hans.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: "Hans Zaunere" <hans at nyphp.org>
To: <talk at lists.nyphp.org>
Sent: Wednesday, August 06, 2003 6:45 AM
Subject: [nycphp-talk] Ready, Set, Google!


>
> Good morning,
>
> Over the last couple of days I've been playing with trying to provide some
search capabilities to the mailing lists, noteably Talk.  Day after day
valuable information and URLs are passed around and, for the most part, lost
into history.
>
> I tried a couple of things, not finishing any of them, until I finally
took the easy way out.  Warning: These are all very rough :)
>
> -- http://lists.nyphp.org/ptips/ scrapes URLs from each NYPHP-Talk message
and throws it into a table.  There's of course many improvements that could
be made, but it's kind of interesting to see the links people have referred
to in the past.  Also, clicking the X will deactive that link (for instance,
if you find a shopping.yahoo.com or hotmail.com in the listing).
>
> -- http://lists.nyphp.org/search.php is a full text index of all
NYPHP-Talk's mail message.  Yes, it's very rough (I forgot to include the
subject of the message in the result listing) but it has potential.
>
> -- http://nyphp.org/google.php is the easy way out.  It's your basic
google search of our entire site, including the mailing list archives.  The
only drawback is it's not very current.  The searches are always right on
(afterall, it's google) but you'll probably have to wait a few weeks to see
things get updated.  That said, I made it the primary means for searching
our sites, until we get something better online.
>
>
> So I just thought I'd throw these out there and I'm happy to hear any
feedback as to what improvements could be made, what features/functionality
people would find useful, etc.
>
> Thanks,
>
> H
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From jonbaer at jonbaer.net  Wed Aug  6 14:11:26 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 6 Aug 2003 11:11:26 -0700
Subject: [nycphp-talk] Humor for the day ...
Message-ID: <00a101c35c46$27397950$6500a8c0@THINKPAD>

http://www.cnn.com/2003/TECH/internet/08/06/chimp.program.ap/index.html

-snip-
DES MOINES, Iowa (AP) -- A Web site that spoofs the computer programming
industry by offering chimpanzees and baboons to work for as little as 50
cents an hour has taken its monkey business too far, according to the Iowa
Primate Learning Sanctuary.
-snip-

scary to think of a monkey programming and understanding regular
expressions.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




From David.SextonJr at ubs.com  Wed Aug  6 12:38:53 2003
From: David.SextonJr at ubs.com (Sexton, David)
Date: Wed, 6 Aug 2003 12:38:53 -0400 
Subject: [nycphp-talk] PHP and framesets
Message-ID: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>

This seems simple enough, but maybe it isn't that simple... Does anyone know
of a way to have PHP return the top level document's location? Basically I
have a script that references PHP_SELF... if you throw it into a frameset,
it naturally returns the frame source URL, not the frameset's.


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.



From hans at nyphp.org  Wed Aug  6 12:54:16 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 06 Aug 2003 12:54:16 -0400
Subject: [nycphp-talk] PHP and framesets
In-Reply-To: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
Message-ID: <3F3132B8.2070202@nyphp.org>



Sexton, David wrote:

> This seems simple enough, but maybe it isn't that simple... Does anyone know
> of a way to have PHP return the top level document's location? Basically I
> have a script that references PHP_SELF... if you throw it into a frameset,
> it naturally returns the frame source URL, not the frameset's.

As far as I know, a frameset is a client-side thing, so PHP wouldn't know anything about it natively.  You could, perhaps, have some kind of Javascript callback to a php script, but I don't really know how you'd do it in JS :)

H




From markert at optonline.net  Wed Aug  6 12:52:27 2003
From: markert at optonline.net (John W. Markert)
Date: Wed, 06 Aug 2003 12:52:27 -0400
Subject: [nycphp-talk] Ready, Set, Google!
References: <3F310662.3000305@nyphp.org>
Message-ID: <003501c35c3b$1ee9f1e0$0200a8c0@dads>

I will be testing the full text search capabilities of MySQL in the near
future and want to explore how Boolean searches and result relevance could
be implemented. Should you need a collaborator, I would be interested in
making the NYPHP-talk searchable. I am interested in how you implemented
your test search; could I see the code for how you implemented this search?

----- Original Message ----- 
From: "Hans Zaunere" <hans at nyphp.org>
To: <talk at lists.nyphp.org>
Sent: Wednesday, August 06, 2003 9:45 AM
Subject: [nycphp-talk] Ready, Set, Google!


>
> Good morning,
>
> Over the last couple of days I've been playing with trying to provide some
search capabilities to the mailing lists, noteably Talk.  Day after day
valuable information and URLs are passed around and, for the most part, lost
into history.
>
> I tried a couple of things, not finishing any of them, until I finally
took the easy way out.  Warning: These are all very rough :)
>
> -- http://lists.nyphp.org/ptips/ scrapes URLs from each NYPHP-Talk message
and throws it into a table.  There's of course many improvements that could
be made, but it's kind of interesting to see the links people have referred
to in the past.  Also, clicking the X will deactive that link (for instance,
if you find a shopping.yahoo.com or hotmail.com in the listing).
>
> -- http://lists.nyphp.org/search.php is a full text index of all
NYPHP-Talk's mail message.  Yes, it's very rough (I forgot to include the
subject of the message in the result listing) but it has potential.
>
> -- http://nyphp.org/google.php is the easy way out.  It's your basic
google search of our entire site, including the mailing list archives.  The
only drawback is it's not very current.  The searches are always right on
(afterall, it's google) but you'll probably have to wait a few weeks to see
things get updated.  That said, I made it the primary means for searching
our sites, until we get something better online.
>
>
> So I just thought I'd throw these out there and I'm happy to hear any
feedback as to what improvements could be made, what features/functionality
people would find useful, etc.
>
> Thanks,
>
> H
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Wed Aug  6 13:03:04 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 06 Aug 2003 13:03:04 -0400
Subject: [nycphp-talk] Ready, Set, Google!
In-Reply-To: <003401c35c3f$715e5b10$6500a8c0@THINKPAD>
References: <3F310662.3000305@nyphp.org>
	<003401c35c3f$715e5b10$6500a8c0@THINKPAD>
Message-ID: <3F3134C8.4030107@nyphp.org>



Jon Baer wrote:

> ok what would be extremely cool is to make ptips integrated *with* a mailing
> list.  i attempted this a long time ago w/ alicemail in which ud setup
> something like dummy at nyphp.org and have it attempt to help out a user by
> attaching urls/info @ the bottom of emails/responses (in terms of faqs).
> the hardest part about it i found is visible in ur tests (the
> signatures/keys/urls which pertain to nothing in the topic).

There's a couple of things along these lines I've been kicking around, including what you mention above.  Without trying to write an AI engine, I suppose you could just search for keywords against some type of fulltext/keyword database.

My ineveitable goal is to have a phpTips database, thus the name /ptips/ in my original post.  evolt.org has something similar, but it could use some improvement.  It basically works by placing tags in your messages when you see something useful, or write something useful yourself; or a combination.  For example:

<ptip subject="removing links" keywords="links remove mysql ptips">

> does "x"ing a link out remove it from all pertaining links?

Yeah, the link won't show up, but it won't remove the whole message (ie, if a message has more than one link).

</ptip>


Something like that.  Then there'd be a full text searchable DB of all these things, which would also link back to the original message.  It wouldn't be very hard to write, and I'd be happy to do it; if people promise to use it   :)

H




From chendry at nyc.rr.com  Wed Aug  6 12:57:46 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Wed, 6 Aug 2003 12:57:46 -0400
Subject: [nycphp-talk] PHP and framesets
In-Reply-To: <3F3132B8.2070202@nyphp.org>
Message-ID: <JMEHLOIOFHBEJDCDJNLOOEEODFAA.chendry@nyc.rr.com>

yeah - what Hans said.

I've had plenty of success dropping PHP into javascript, ie:
<script language='javascript'>
alert('<?=$hello?>');
</script>

One possible solution, though convoluted, would be to have the frameset drop
a cookie with the _top URL and then in the subsequent frame PHP could read
from the same cookie and get the URL.  Otherwise, I often use hidden forms
on the client side and document.submit() the values back into a PHP script -
when I need info from the client-side in the server-side.

I'd love to hear other solutions...

C

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
-> Sent: Wednesday, August 06, 2003 12:54 PM
-> To: NYPHP Talk
-> Subject: Re: [nycphp-talk] PHP and framesets
->
->
->
->
-> Sexton, David wrote:
->
-> > This seems simple enough, but maybe it isn't that simple...
-> Does anyone know
-> > of a way to have PHP return the top level document's location?
-> Basically I
-> > have a script that references PHP_SELF... if you throw it into
-> a frameset,
-> > it naturally returns the frame source URL, not the frameset's.
->
-> As far as I know, a frameset is a client-side thing, so PHP
-> wouldn't know anything about it natively.  You could, perhaps,
-> have some kind of Javascript callback to a php script, but I
-> don't really know how you'd do it in JS :)
->
-> H
->
->
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk
->




From dkrook at hotmail.com  Wed Aug  6 13:00:23 2003
From: dkrook at hotmail.com (D C Krook)
Date: Wed, 06 Aug 2003 13:00:23 -0400
Subject: [nycphp-talk] PHP and framesets
Message-ID: <BAY2-F138ZtORDcsXPL0000c91b@hotmail.com>

Hans is right, PHP wouldn't know that it is in a frameset.  Only the client 
knows that, which is after the PHP is executed.

You can throw around the parent frame's PHP_SELF with something like this:

In the parent frameset declaration page:
-----------------------------------------
<script type="text/javascript">
var self = <?= $_SERVER['PHP_SELF'] ?>;
function getSelf () {
	return self;
}
</script>
<frameset rows="50,20,*">
    <frame name="top" src="top.php" marginwidth="0" marginheight="0" 
scrolling="auto" frameborder="0">
	<frame name="middle" src="middle.php" marginwidth="0" marginheight="0" 
scrolling="auto" frameborder="0">
    <frame name="bottom" src="bottom.php" marginwidth="0" marginheight="0" 
scrolling="auto" frameborder="0">
</frameset>
-----------------------------------------


And in the child, e.g., "top.php":
-----------------------------------------
	<script type="text/javascript">
	var par = window.parent;
	var self = par.getSelf();
	</script>
-----------------------------------------


>>This seems simple enough, but maybe it isn't that simple... Does anyone 
>>know
>>of a way to have PHP return the top level document's location? Basically I
>>have a script that references PHP_SELF... if you throw it into a frameset,
>>it naturally returns the frame source URL, not the frameset's.
>
>As far as I know, a frameset is a client-side thing, so PHP wouldn't know 
>anything about it natively.  You could, perhaps, have some kind of 
>Javascript callback to a php script, but I don't really know how you'd do 
>it in JS :)
>
>H

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail



From hans at nyphp.org  Wed Aug  6 13:11:01 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 06 Aug 2003 13:11:01 -0400
Subject: [nycphp-talk] Ready, Set, Google!
In-Reply-To: <003501c35c3b$1ee9f1e0$0200a8c0@dads>
References: <3F310662.3000305@nyphp.org> <003501c35c3b$1ee9f1e0$0200a8c0@dads>
Message-ID: <3F3136A5.7090207@nyphp.org>



John W. Markert wrote:

> I will be testing the full text search capabilities of MySQL in the near
> future and want to explore how Boolean searches and result relevance could
> be implemented. Should you need a collaborator, I would be interested in
> making the NYPHP-talk searchable. I am interested in how you implemented
> your test search; could I see the code for how you implemented this search?

Sure, see attached, although it's contrived, dirty and without even boolean.  pre.search.php seeds the DB from the HTML archive files, and search.php is the end-user interface.  To take this further, we'd probably want to add booleans and tune the fulltext engine a bit, although the initial test results seemed to produce some reasonable results.

http://www.mysql.com/doc/en/Fulltext_Fine-tuning.html


H

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030806/1bebf213/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030806/1bebf213/attachment-0001.html>

From danielc at analysisandsolutions.com  Wed Aug  6 13:11:01 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 6 Aug 2003 13:11:01 -0400
Subject: [nycphp-talk] PHP and framesets
In-Reply-To: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
Message-ID: <20030806171101.GA2536@panix.com>

David:

On Wed, Aug 06, 2003 at 12:38:53PM -0400, Sexton, David wrote:
> of a way to have PHP return the top level document's location? Basically I
> have a script that references PHP_SELF... if you throw it into a frameset,
> it naturally returns the frame source URL, not the frameset's.

Total guesses...  How about checking $_SERVER['HTTP_REFERER'] in the
frame?  Or, put a query string onto the frameset's call to the frame, 
which you can then read in the frame.

See you,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From nyphp at jimbishop.org  Wed Aug  6 13:18:17 2003
From: nyphp at jimbishop.org (jim.bishop)
Date: Wed, 6 Aug 2003 10:18:17 -0700 (PDT)
Subject: [nycphp-talk] Personalization, Ratings, Suggestions 
In-Reply-To: <20030806171101.GA2536@panix.com>
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
	<20030806171101.GA2536@panix.com>
Message-ID: <Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>

I'm building a system that takes user purchases and turns that information
into a suggested purchases list for other users.  I know Amazon, B&N,
everyone and their dog does it.

Does anyone know of open source packages, online documentation, or howtos
that might help point me in the right direction?  I see several for
purchase products, but I am more interested in doing it myself for the
experience.

Starting from scratch, I figure I'm going to need a database that tracks
user purchases and then software to "score" those purchases for other
users.  It's the scoring portion that I'm finding a little daunting.

Anyone?  Anyone?




From dkrook at hotmail.com  Wed Aug  6 13:22:15 2003
From: dkrook at hotmail.com (D C Krook)
Date: Wed, 06 Aug 2003 13:22:15 -0400
Subject: [nycphp-talk] PHP and framesets
Message-ID: <BAY2-F123c6HJYATwxA0000c951@hotmail.com>

Dan,

That's a pretty clever way to do it and seems to work perfectly.



>Or, put a query string onto the frameset's call to the frame,
>which you can then read in the frame.

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail



From coling at macmicro.com  Wed Aug  6 13:25:43 2003
From: coling at macmicro.com (Colin Goldberg)
Date: Wed, 06 Aug 2003 13:25:43 -0400
Subject: [nycphp-talk] Personalization, Ratings, Suggestions 
In-Reply-To: <Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
References: <20030806171101.GA2536@panix.com>
	<18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
	<20030806171101.GA2536@panix.com>
Message-ID: <5.2.1.1.0.20030806132155.02d388b0@mail.macmicro.com>

You might want to take a look at "Case Based Reasoning" - in which, once 
some "cases" have been stored and verified, later "cases" are compared 
against them. It's been a long time since I looked at this, but if you get 
stuck, let me know and I will try to find resources.

Colin Goldberg
coling at macmicro.com

At 10:18 AM 8/6/03 -0700, you wrote:
>I'm building a system that takes user purchases and turns that information
>into a suggested purchases list for other users.  I know Amazon, B&N,
>everyone and their dog does it.
>
>Does anyone know of open source packages, online documentation, or howtos
>that might help point me in the right direction?  I see several for
>purchase products, but I am more interested in doing it myself for the
>experience.
>
>Starting from scratch, I figure I'm going to need a database that tracks
>user purchases and then software to "score" those purchases for other
>users.  It's the scoring portion that I'm finding a little daunting.
>
>Anyone?  Anyone?
>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk



From MLynn at exchange.ml.com  Wed Aug  6 13:26:58 2003
From: MLynn at exchange.ml.com (Lynn, Michael (IDS DM&DS))
Date: Wed, 6 Aug 2003 13:26:58 -0400
Subject: [nycphp-talk] Personalization, Ratings, Suggestions
Message-ID: <CE0CCF6F9DC4D711AC090002B35EA991457029@ehope16.hew.us.ml.com>

http://www.oscommerce.com/about/features

OS Commerce does most of what you're after... plus its PHP! ;-)

-----Original Message-----
From: jim.bishop [mailto:nyphp at jimbishop.org]
Sent: Wednesday, August 06, 2003 1:18 PM
To: NYPHP Talk
Subject: [nycphp-talk] Personalization, Ratings, Suggestions


I'm building a system that takes user purchases and turns that information
into a suggested purchases list for other users.  I know Amazon, B&N,
everyone and their dog does it.

Does anyone know of open source packages, online documentation, or howtos
that might help point me in the right direction?  I see several for
purchase products, but I am more interested in doing it myself for the
experience.

Starting from scratch, I figure I'm going to need a database that tracks
user purchases and then software to "score" those purchases for other
users.  It's the scoring portion that I'm finding a little daunting.

Anyone?  Anyone?


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From csnyder at chxo.com  Wed Aug  6 13:27:25 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 06 Aug 2003 13:27:25 -0400
Subject: [nycphp-talk] Personalization, Ratings, Suggestions
In-Reply-To: <Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>	<20030806171101.GA2536@panix.com>
	<Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
Message-ID: <3F313A7D.7070303@chxo.com>

jim.bishop wrote:

>Does anyone know of open source packages, online documentation, or howtos
>that might help point me in the right direction?  
>
You might try contacting the oscommerce mailing list to see if someone 
is already working on it for their PHP-based 
catalog/shopping-cart/order-tracking solution. 
http://www.oscommerce.com/community

Seems like a feature they'd definitely want to have.

    chris.



From David.SextonJr at ubs.com  Wed Aug  6 14:37:02 2003
From: David.SextonJr at ubs.com (Sexton, David)
Date: Wed, 6 Aug 2003 14:37:02 -0400 
Subject: [nycphp-talk] PHP and framesets
Message-ID: <18D7B8CAA5284F478470828806DB124603789F17@psle01.xchg.pwj.com>

Thanks for the suggestions everybody. It looks like passing a value (e.g.
the frameset URI) around is the only way to accomplish this, but at least I
now know I'm not overlooking anything obvious.

Thanks again.

-----Original Message-----
From: D C Krook [mailto:dkrook at hotmail.com]
Sent: Wednesday, August 06, 2003 1:22 PM
To: talk at lists.nyphp.org
Subject: Re: [nycphp-talk] PHP and framesets


Dan,

That's a pretty clever way to do it and seems to work perfectly.



>Or, put a query string onto the frameset's call to the frame,
>which you can then read in the frame.

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.



From rdumas at cmj.com  Wed Aug  6 14:57:15 2003
From: rdumas at cmj.com (Robert Dumas)
Date: Wed, 6 Aug 2003 14:57:15 -0400 
Subject: [nycphp-talk] Ready, Set, Google!
Message-ID: <2ADC7BED20C3D711BFF100508B8FA3E307FB7F@webproxy.uat.dbinsight.com>

i think the old #lost weblog (which died just a couple of months ago) did
this, only in IRC. If you can get hold of ryano (good luck), maybe he can
pass on a bit of code.

--RD

-----Original Message-----
From: John Lacey [mailto:jlacey at ix.netcom.com]
Sent: Wednesday, August 06, 2003 9:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Ready, Set, Google!


Hans Zaunere wrote:

>
> Good morning,
>
> Over the last couple of days I've been playing with trying to provide 
> some search capabilities to the mailing lists, noteably Talk.  Day 
> after day valuable information and URLs are passed around and, for the 
> most part, lost into history. 


wow Hans, I was *just* thinking of this the other day in terms of 
"task/problem" type training.  There is a wealth of info in the lists, 
even tho I've been signed up for only a short time, and I wanted to 
bring some of the issues that are brought up to include these types of 
problems in my PHP/MySQL training curriculum.


thanks,
John


>
>
> I tried a couple of things, not finishing any of them, until I finally 
> took the easy way out.  Warning: These are all very rough :)
>
> -- http://lists.nyphp.org/ptips/ scrapes URLs from each NYPHP-Talk 
> message and throws it into a table.  There's of course many 
> improvements that could be made, but it's kind of interesting to see 
> the links people have referred to in the past.  Also, clicking the X 
> will deactive that link (for instance, if you find a 
> shopping.yahoo.com or hotmail.com in the listing).
>
> -- http://lists.nyphp.org/search.php is a full text index of all 
> NYPHP-Talk's mail message.  Yes, it's very rough (I forgot to include 
> the subject of the message in the result listing) but it has potential.
>
> -- http://nyphp.org/google.php is the easy way out.  It's your basic 
> google search of our entire site, including the mailing list 
> archives.  The only drawback is it's not very current.  The searches 
> are always right on (afterall, it's google) but you'll probably have 
> to wait a few weeks to see things get updated.  That said, I made it 
> the primary means for searching our sites, until we get something 
> better online.
>
>
> So I just thought I'd throw these out there and I'm happy to hear any 
> feedback as to what improvements could be made, what 
> features/functionality people would find useful, etc.
>
> Thanks,
>
> H
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030806/301fc241/attachment.html>

From ttoomey at ydnt.com  Wed Aug  6 14:29:46 2003
From: ttoomey at ydnt.com (Tim Toomey)
Date: Wed, 6 Aug 2003 13:29:46 -0500
Subject: [nycphp-talk] Personalization, Ratings, Suggestions 
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com><20030806171101.GA2536@panix.com>
	<Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
Message-ID: <002b01c35c48$b9eca400$7600a8c0@timmerslaptop>

You definetely should check out OScommerce, and if you're not going to use
that check out some of the contributions on "customers who bought this also
bought" type things. Works just like amazon's shopping cart.

-Timmy
----- Original Message ----- 
From: "jim.bishop" <nyphp at jimbishop.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 06, 2003 12:18 PM
Subject: [nycphp-talk] Personalization, Ratings, Suggestions


> I'm building a system that takes user purchases and turns that information
> into a suggested purchases list for other users.  I know Amazon, B&N,
> everyone and their dog does it.
>
> Does anyone know of open source packages, online documentation, or howtos
> that might help point me in the right direction?  I see several for
> purchase products, but I am more interested in doing it myself for the
> experience.
>
> Starting from scratch, I figure I'm going to need a database that tracks
> user purchases and then software to "score" those purchases for other
> users.  It's the scoring portion that I'm finding a little daunting.
>
> Anyone?  Anyone?
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>




From soazine at erols.com  Wed Aug  6 18:48:18 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 6 Aug 2003 18:48:18 -0400
Subject: [nycphp-talk] PHP and PayPal
References: <000e01c35b96$5d09c810$6f62ca42@dwchome>
Message-ID: <061601c35c6c$d46db9d0$67a76244@philofsoa>

I am still not having any luck getting it to work on my site so that someone
could donate via PayPal... here is the source code I'm using, maybe that's
the problem:

<form name=paypalForm action=https://www.paypal.com/cgi/webscr method=post>
...

  <!-- PAYPAL DONATION BUTTON FORM -->

   <input type=hidden name=cmd value=\"p/ema/index-outside\">
   <input type=hidden name=receiver_email value=\"$myEmail\">
   <input type=hidden name=currency_code value=USD>
   <input type=submit name=submit value=\"Donate to V&#228;l via PayPal\"
class=yellow_button
    onClick=sendPayPalDonation()>
   <input type=hidden name=refURL value=\"[

  if {![regexp {menubar\.cgi} $env(REQUEST_URI)]} {
   set x $env(REQUEST_URI)
  } else {
   set x {NON_CGI_REQUEST_URI}; # PUT UP A FLAG TO USE TO REPLACE THIS
CONSTANT
  }

]\">
  </form>


Phil
----- Original Message -----
From: "Dan Horning" <dan at mx2pro.com>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Tuesday, August 05, 2003 5:13 PM
Subject: RE: [nycphp-talk] PHP and PayPal


> You don't need to use IPN. I have a site that uses PayPal to purchase
> gift certificates. On the page where the "Paypal" button is, I store the
> variables I will need in Session variable and set the "Paypal Success
> URL" to my success PHP page. When Paypal invokes my page, I get
> everything I need from the Session variables.  Works very well.
>
> Ken Robinson
>
>
> Show me your site ... And I could steal a ton from you... Unless you
> check the paypal IPN .. You don't really have any real way to verify
> that an order has been aproved or declined...
>
> Make sence everyone..???
> (unless you want to check every single order personally....)
> -dan
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From andrew at digitalpulp.com  Thu Aug  7 09:42:12 2003
From: andrew at digitalpulp.com (Andrew Yochum)
Date: Thu, 7 Aug 2003 09:42:12 -0400
Subject: [nycphp-talk] Personalization, Ratings, Suggestions
In-Reply-To: <Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
References: <18D7B8CAA5284F478470828806DB124603789F16@psle01.xchg.pwj.com>
	<20030806171101.GA2536@panix.com>
	<Pine.LNX.4.50.0308061013490.713-100000@typhoon.he.net>
Message-ID: <20030807134204.GF22595@thighmaster.digitalpulp.com>

On Wed, Aug 06, 2003 at 10:18:17AM -0700, jim.bishop wrote:
> I'm building a system that takes user purchases and turns that information
> into a suggested purchases list for other users.  I know Amazon, B&N,
> everyone and their dog does it.
> 
> Does anyone know of open source packages, online documentation, or howtos
> that might help point me in the right direction?  I see several for
> purchase products, but I am more interested in doing it myself for the
> experience.

There was an article in Dr. Dobbs journal sometime in the Fall on
personalization that you might check out.  I believe it was called "Adaptive
Resonance Theory"... a fancy name for just what you want to do.

> Starting from scratch, I figure I'm going to need a database that tracks
> user purchases and then software to "score" those purchases for other
> users.  It's the scoring portion that I'm finding a little daunting.

I've had good success with doing all of the computation in the database,
leaving nothing for PHP to do but display the results.  I use a combination of
aggregate (SUM & COUNT) functions with a CASE statement for the weighting to
give me a scoring and then order the result by that.

> Anyone?  Anyone?
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk

-- 
Andrew Yochum
Digital Pulp, Inc.
212.679.0676x255
andrew at digitalpulp.com


From crisscott at netzero.com  Thu Aug  7 10:56:03 2003
From: crisscott at netzero.com (crisscott at netzero.com)
Date: Thu, 7 Aug 2003 14:56:03 GMT
Subject: [nycphp-talk] Forcing page refresh
Message-ID: <20030807.075610.16315.1104826@webmail02.lax.untd.com>


I am trying to figure out if it is possible to force a page refresh for all users viewing a page at the same time.  I want all users to see a new page when one user submits info via a form.  I am picturing something along the lines of:

if(submit)
{
   write_to_file($POST[new info]);
   foreach($ip_addr in $ip_addr_list)
   {
     fsockopen($ip);
     fputs(headers to refresh page);
     fclose();
   }
}
else
{
   echo read_from_file();
}

My question is, can I send headers to an ip address and expect the web browser to refresh even though the user at that address hasn't done anything?  


From jonbaer at jonbaer.net  Thu Aug  7 11:18:14 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 7 Aug 2003 08:18:14 -0700
Subject: [nycphp-talk] Forcing page refresh
References: <20030807.075610.16315.1104826@webmail02.lax.untd.com>
Message-ID: <003b01c35cf7$1f87d920$6500a8c0@THINKPAD>

you could probably get away using a hidden frame on each of the viewers
client and occasionally polling a queue on the server ... let the submit
write the text to the queue/text/db file and then let the viewers poll it
for changes and if changes are made using javascript to reload the
corresponding window ...

i did this once w/ a java applet but i think u can get away w/ a simple php
script ...

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47


----- Original Message ----- 
From: <crisscott at netzero.com>
To: <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 7:56 AM
Subject: [nycphp-talk] Forcing page refresh


>
> I am trying to figure out if it is possible to force a page refresh for
all users viewing a page at the same time.  I want all users to see a new
page when one user submits info via a form.  I am picturing something along
the lines of:
>
> if(submit)
> {
>    write_to_file($POST[new info]);
>    foreach($ip_addr in $ip_addr_list)
>    {
>      fsockopen($ip);
>      fputs(headers to refresh page);
>      fclose();
>    }
> }
> else
> {
>    echo read_from_file();
> }
>
> My question is, can I send headers to an ip address and expect the web
browser to refresh even though the user at that address hasn't done
anything?
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From jsiegel1 at optonline.net  Thu Aug  7 11:31:36 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Thu, 07 Aug 2003 11:31:36 -0400
Subject: [nycphp-talk] Smarty template problem - creating directories
Message-ID: <005001c35cf8$fde47b00$6501a8c0@EZDSDELL>

Hope someone has some experience with Smarty. I'm getting the following
error message. Note the double forward slashes. Any know how to solve
this one?

Warning: Smarty error: problem creating directory
"/tmp/disk/home/webmaster/Files/WWW/tff_pref/templates/templates_c//%%-1
1/%%-1167457344" 

Jeff



From shiflett at php.net  Thu Aug  7 11:32:15 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 7 Aug 2003 08:32:15 -0700 (PDT)
Subject: [nycphp-talk] Forcing page refresh
In-Reply-To: <20030807.075610.16315.1104826@webmail02.lax.untd.com>
Message-ID: <20030807153215.43312.qmail@web14311.mail.yahoo.com>

--- crisscott at netzero.com wrote:
> I am trying to figure out if it is possible to force a page refresh
> for all users viewing a page at the same time.

Not exactly, but you can have pages that represent states in a state machine.

1. Regular page - has a Refresh header to refresh itself every 30 seconds
2. New Page - has a Refresh header to refresh itself every 30 seconds

When you want everyone to see the new page, you change the URL in the Refresh
header in state 1 to point to state 2.

I'm sure there are better examples of a state machine, but that just came to
mind. Keep in mind that this is not completely reliable and that you're
generating a lot of unnecessary traffic (and load) on your Web server to do
something that seems very unimportant.

> I want all users to see a new page when one user submits info via a form.

Can you explain what you're trying to do? Surely there is a better path to
take.

>  I am picturing something along the lines of:
> 
> if(submit)
> {
>    write_to_file($POST[new info]);
>    foreach($ip_addr in $ip_addr_207.18.113.234?list)
>    {
>      fsockopen($ip);
>      fputs(headers to refresh page);
>      fclose();
>    }
> }
> else
> {
>    echo read_from_file();
> }
> 
> My question is, can I send headers to an ip address and expect the web
> browser to refresh even though the user at that address hasn't done
> anything?

Nope. Imagine how awful that would be. Web browsers are HTTP clients, not
servers.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From andrew at digitalpulp.com  Thu Aug  7 11:34:20 2003
From: andrew at digitalpulp.com (Andrew Yochum)
Date: Thu, 7 Aug 2003 11:34:20 -0400
Subject: [nycphp-talk] Smarty template problem - creating directories
In-Reply-To: <005001c35cf8$fde47b00$6501a8c0@EZDSDELL>
References: <005001c35cf8$fde47b00$6501a8c0@EZDSDELL>
Message-ID: <20030807153420.GI22595@thighmaster.digitalpulp.com>

On Thu, Aug 07, 2003 at 11:31:36AM -0400, Jeff wrote:
> Hope someone has some experience with Smarty. I'm getting the following
> error message. Note the double forward slashes. Any know how to solve
> this one?
> 
> Warning: Smarty error: problem creating directory
> "/tmp/disk/home/webmaster/Files/WWW/tff_pref/templates/templates_c//%%-1
> 1/%%-1167457344" 

The double slashes should be fine, I think.  You probably have an unnecessary
trailing / in a config file somewhere.

Have you checked the permissions on the containing directory?  Does the user
the script is running as have permission to write to it?

-- 
Andrew Yochum
Digital Pulp, Inc.
212.679.0676x255
andrew at digitalpulp.com


From crisscott at netzero.com  Thu Aug  7 11:48:28 2003
From: crisscott at netzero.com (crisscott at netzero.com)
Date: Thu, 7 Aug 2003 15:48:28 GMT
Subject: [nycphp-talk] Forcing page refresh
Message-ID: <20030807.084851.16315.1105753@webmail02.lax.untd.com>


I am trying to figure out if there is a good way to make an instant messaging/chat program in php.  I don't want to create all of that traffic with unnecessary refreshes.  There is no point in updating the page if nobody has anything to say.  At the same time, I don't want users to have to wait 30 seconds between messages.  If I could get the users browser to refresh on my command that would pervent all of the unnecessary traffic.  I figure that any reasonably secure browser would ignore any headers it wasn't expecting, but is there a way to make the browser sit and wait for my command?  Or am I trying to do something browser developers spend all day trying to prevent?


From shiflett at php.net  Thu Aug  7 12:04:42 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 7 Aug 2003 09:04:42 -0700 (PDT)
Subject: [nycphp-talk] Forcing page refresh
In-Reply-To: <20030807.084851.16315.1105753@webmail02.lax.untd.com>
Message-ID: <20030807160442.58618.qmail@web14304.mail.yahoo.com>

--- crisscott at netzero.com wrote:
> I am trying to figure out if there is a good way to make an
> instant messaging/chat program in php.

This is very different. You see, you don't need a new page; you just need a new
message added to the existing page.

This can be done using a chunked transfer encoding. So long as your Web server
(and your users' Web clients) does not buffer, the flush() function can be used
to output the next "chunk" to the user.

I wrote a (very poor) example of this a few years ago. This is the second time
I've mentioned it on a mailing list recently, so I'm feeling pressure to write
a simple chat-room example now. :-) Anyway, you can have a look and see if it
helps explain anything:

http://shiflett.org/tutorials/php_flush.php

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From David.SextonJr at ubs.com  Thu Aug  7 12:05:21 2003
From: David.SextonJr at ubs.com (Sexton, David)
Date: Thu, 7 Aug 2003 12:05:21 -0400 
Subject: [nycphp-talk] Forcing page refresh
Message-ID: <18D7B8CAA5284F478470828806DB124603789F19@psle01.xchg.pwj.com>

The only thing I can think of using a standard web browser is to setting the
timeout to 0 (set_time_limit (0);) and using some combination of flush/sleep
functions to continuously poll and update the display frame... I have no
idea how it would behave or if it would slam your server with all the
concurrent connections, but an applet sounds like a better solution for
something like this.

-----Original Message-----
From: crisscott at netzero.com [mailto:crisscott at netzero.com]
Sent: Thursday, August 07, 2003 11:48 AM
To: shiflett at php.net; talk at lists.nyphp.org
Subject: Re: [nycphp-talk] Forcing page refresh



I am trying to figure out if there is a good way to make an instant
messaging/chat program in php.  I don't want to create all of that traffic
with unnecessary refreshes.  There is no point in updating the page if
nobody has anything to say.  At the same time, I don't want users to have to
wait 30 seconds between messages.  If I could get the users browser to
refresh on my command that would pervent all of the unnecessary traffic.  I
figure that any reasonably secure browser would ignore any headers it wasn't
expecting, but is there a way to make the browser sit and wait for my
command?  Or am I trying to do something browser developers spend all day
trying to prevent?
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


Please do not transmit orders or instructions regarding a UBS account by
email. The information provided in this email or any attachments is not an
official transaction confirmation or account statement. For your protection,
do not include account numbers, Social Security numbers, credit card
numbers, passwords or other non-public information in your email. Because
the information contained in this message may be privileged, confidential,
proprietary or otherwise protected from disclosure, please notify us
immediately by replying to this message and deleting it from your computer
if you have received this communication in error.  Thank you.

UBS Financial Services Inc.
UBS International Inc.



From soazine at erols.com  Thu Aug  7 12:16:20 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 7 Aug 2003 12:16:20 -0400
Subject: [nycphp-talk] How can PHP extract a pattern from a string into
	another string?
Message-ID: <025101c35cff$3cff5c50$67a76244@philofsoa>

Once again I have to go with my native "language", TCL:

regexp {^a=([^\n]+)\n$} $stuff {} myExtractedStuff

How can PHP do the same thing? I want to extract a specific pattern match from a body into another variable.  What does that in PHP, the manual does not make it clear to me?

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030807/68f39b94/attachment.html>

From keremtuzemen at hotmail.com  Thu Aug  7 12:29:26 2003
From: keremtuzemen at hotmail.com (Kerem Tuzemen)
Date: Thu, 7 Aug 2003 12:29:26 -0400
Subject: [nycphp-talk] Smarty template problem - creating directories
References: <005001c35cf8$fde47b00$6501a8c0@EZDSDELL>
	<20030807153420.GI22595@thighmaster.digitalpulp.com>
Message-ID: <Law14-OE16YAPNXRPmc00015707@hotmail.com>

Jeff,

You have templates_c directory (used for caching templates) created, right?
If not, create it in the same folder that your templates directory exists.
This one is explained in the installation part of Smarty manual.

okt


----- Original Message ----- 
From: "Andrew Yochum" <andrew at digitalpulp.com>
To: "Jeff" <jsiegel1 at optonline.net>
Cc: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 11:34 AM
Subject: Re: [nycphp-talk] Smarty template problem - creating directories


> On Thu, Aug 07, 2003 at 11:31:36AM -0400, Jeff wrote:
> > Hope someone has some experience with Smarty. I'm getting the following
> > error message. Note the double forward slashes. Any know how to solve
> > this one?
> >
> > Warning: Smarty error: problem creating directory
> > "/tmp/disk/home/webmaster/Files/WWW/tff_pref/templates/templates_c//%%-1
> > 1/%%-1167457344"
>
> The double slashes should be fine, I think.  You probably have an
unnecessary
> trailing / in a config file somewhere.
>
> Have you checked the permissions on the containing directory?  Does the
user
> the script is running as have permission to write to it?
>
> -- 
> Andrew Yochum
> Digital Pulp, Inc.
> 212.679.0676x255
> andrew at digitalpulp.com
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>


From dmintz at panix.com  Thu Aug  7 12:36:34 2003
From: dmintz at panix.com (David Mintz)
Date: Thu, 7 Aug 2003 12:36:34 -0400 (EDT)
Subject: [nycphp-talk] How can PHP extract a pattern from a string into
	another string?
In-Reply-To: <025101c35cff$3cff5c50$67a76244@philofsoa>
References: <025101c35cff$3cff5c50$67a76244@philofsoa>
Message-ID: <Pine.NEB.4.56.0308071232260.22972@panix5.panix.com>


Have you had a look at
http://www.php.net/manual/en/function.preg-match.php ? Note example 3 in
particular.

On Thu, 7 Aug 2003, Phil Powell wrote:

> Once again I have to go with my native "language", TCL:
>
> regexp {^a=([^\n]+)\n$} $stuff {} myExtractedStuff
>
> How can PHP do the same thing? I want to extract a specific pattern match from a body into another variable.  What does that in PHP, the manual does not make it clear to me?
>
> Thanx
> Phil
>


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

Decibels of sound pressure employed by a new "thermoacoustic" refrigerator: 190
Decibels of sound pressure sufficient to ignite a person's hair: 165

	-- Harper's Index, February 2003


From soazine at erols.com  Thu Aug  7 12:51:41 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 7 Aug 2003 12:51:41 -0400
Subject: [nycphp-talk] How can PHP extract a pattern from a string
	intoanother string?
References: <025101c35cff$3cff5c50$67a76244@philofsoa>
	<Pine.NEB.4.56.0308071232260.22972@panix5.panix.com>
Message-ID: <026501c35d04$2d09dfa0$67a76244@philofsoa>

I noted, however, it wasn't intuitive to me until I read further about
$matches.

Thanx, I dare not ask what you thought of my inquiry.

Phil
----- Original Message -----
From: "David Mintz" <dmintz at panix.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 12:36 PM
Subject: Re: [nycphp-talk] How can PHP extract a pattern from a string
intoanother string?


>
> Have you had a look at
> http://www.php.net/manual/en/function.preg-match.php ? Note example 3 in
> particular.
>
> On Thu, 7 Aug 2003, Phil Powell wrote:
>
> > Once again I have to go with my native "language", TCL:
> >
> > regexp {^a=([^\n]+)\n$} $stuff {} myExtractedStuff
> >
> > How can PHP do the same thing? I want to extract a specific pattern
match from a body into another variable.  What does that in PHP, the manual
does not make it clear to me?
> >
> > Thanx
> > Phil
> >
>
>
> ---
> David Mintz
> http://davidmintz.org/
> Email: See http://dmintzweb.com/whitelist.php first!
>
> Decibels of sound pressure employed by a new "thermoacoustic"
refrigerator: 190
> Decibels of sound pressure sufficient to ignite a person's hair: 165
>
> -- Harper's Index, February 2003
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Thu Aug  7 13:04:02 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Thu, 07 Aug 2003 13:04:02 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
Message-ID: <3F328682.4030307@nyphp.org>


[I might have messed up the first time - apologies if this is a double-post]


Tomorrow's the big day!

Here's the plan for tomorrow morning:

-- Meet at Penn Station at 6:30am to catch the 7:03 train to New Brunswick (Northeast Corridor Line)
  -- After trying to figure out a good place to meet, I'll say the corner of 7th Ave and 33rd Street (this is corner across from the huge Farley post office, right?).  It's actually shockingly difficult to find a good map: http://www.citidex.com/map/penn.html.  If I'm in the wrong here, please tell me!  


So how do we find each other?  It should be early enough in the morning that there won't be *too* many people around, but we'll try to speak loudly about computers and PHP.  And, my cell number is 646 242 4101.

If you are planning on coming, please send a quick note to rsvp at nyphp.org so we know who to wait for, etc.

See everyone tomorrow!

Hans





From pl at eskimo.com  Thu Aug  7 13:05:57 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Thu, 7 Aug 2003 13:05:57 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
References: <3F328682.4030307@nyphp.org>
Message-ID: <009c01c35d06$2e7c7080$ac5aba8c@default>

Why don't we just meet in Penn Station itself under the big train schedule
board. BTW, I think the post office is on 8th Ave.

Peter Lehrer
----- Original Message -----
From: "Hans Zaunere" <hans at nyphp.org>
To: <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 1:04 PM
Subject: [nycphp-talk] Oracle Developer Days Details


>
> [I might have messed up the first time - apologies if this is a
double-post]
>
>
> Tomorrow's the big day!
>
> Here's the plan for tomorrow morning:
>
> -- Meet at Penn Station at 6:30am to catch the 7:03 train to New Brunswick
(Northeast Corridor Line)
>   -- After trying to figure out a good place to meet, I'll say the corner
of 7th Ave and 33rd Street (this is corner across from the huge Farley post
office, right?).  It's actually shockingly difficult to find a good map:
http://www.citidex.com/map/penn.html.  If I'm in the wrong here, please tell
me!
>
>
> So how do we find each other?  It should be early enough in the morning
that there won't be *too* many people around, but we'll try to speak loudly
about computers and PHP.  And, my cell number is 646 242 4101.
>
> If you are planning on coming, please send a quick note to rsvp at nyphp.org
so we know who to wait for, etc.
>
> See everyone tomorrow!
>
> Hans
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From shiflett at php.net  Thu Aug  7 13:13:58 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 7 Aug 2003 10:13:58 -0700 (PDT)
Subject: [nycphp-talk] Re: [nycphp-dev] Oracle Developer Days Details
In-Reply-To: <3F32855D.4030402@nyphp.org>
Message-ID: <20030807171358.58619.qmail@web14311.mail.yahoo.com>

--- Hans Zaunere <hans at nyphp.org> wrote:
> -- After trying to figure out a good place to meet, I'll say the
> corner of 7th Ave and 33rd Street (this is corner across from the
> huge Farley post office, right?).

Well, the Post Office is between 8th and 9th, so not exactly. That's basically
the NE corner of Madison Square Garden, if I'm not mistaken.

Chris

P.S. I'm not going - just responding since I live right there

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From hans at nyphp.org  Thu Aug  7 13:20:45 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Thu, 07 Aug 2003 13:20:45 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <20030807171358.58619.qmail@web14311.mail.yahoo.com>
References: <20030807171358.58619.qmail@web14311.mail.yahoo.com>
Message-ID: <3F328A6D.3080802@nyphp.org>



Chris Shiflett wrote:

> --- Hans Zaunere <hans at nyphp.org> wrote:
> 
>>-- After trying to figure out a good place to meet, I'll say the
>>corner of 7th Ave and 33rd Street (this is corner across from the
>>huge Farley post office, right?).
> 
> 
> Well, the Post Office is between 8th and 9th, so not exactly. That's basically
> the NE corner of Madison Square Garden, if I'm not mistaken.

Hmm, well so much for me picking a good meeting spot.  Yeah, NE corner is where I planned, but I could have sworn that would be 7th Avenue.

Anyway, I'm actually on my way to an area somewhat close to there, so I'll pin it down (a digital camera would certainly be handy right about now :)

H




From jsiegel1 at optonline.net  Thu Aug  7 13:33:58 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Thu, 07 Aug 2003 13:33:58 -0400
Subject: [nycphp-talk] Smarty template problem - creating directories
In-Reply-To: <Law14-OE16YAPNXRPmc00015707@hotmail.com>
Message-ID: <006e01c35d0a$15841660$6501a8c0@EZDSDELL>

I'm waiting to hear back from the client to verify that the subdir
exists.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Kerem Tuzemen
Sent: Thursday, August 07, 2003 11:29 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Smarty template problem - creating directories


Jeff,

You have templates_c directory (used for caching templates) created,
right?
If not, create it in the same folder that your templates directory
exists.
This one is explained in the installation part of Smarty manual.

okt


----- Original Message ----- 
From: "Andrew Yochum" <andrew at digitalpulp.com>
To: "Jeff" <jsiegel1 at optonline.net>
Cc: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 11:34 AM
Subject: Re: [nycphp-talk] Smarty template problem - creating directories


> On Thu, Aug 07, 2003 at 11:31:36AM -0400, Jeff wrote:
> > Hope someone has some experience with Smarty. I'm getting the
following
> > error message. Note the double forward slashes. Any know how to
solve
> > this one?
> >
> > Warning: Smarty error: problem creating directory
> >
"/tmp/disk/home/webmaster/Files/WWW/tff_pref/templates/templates_c//%%-1
> > 1/%%-1167457344"
>
> The double slashes should be fine, I think.  You probably have an
unnecessary
> trailing / in a config file somewhere.
>
> Have you checked the permissions on the containing directory?  Does
the
user
> the script is running as have permission to write to it?
>
> -- 
> Andrew Yochum
> Digital Pulp, Inc.
> 212.679.0676x255
> andrew at digitalpulp.com
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jonbaer at jonbaer.net  Thu Aug  7 14:17:11 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 7 Aug 2003 11:17:11 -0700
Subject: [nycphp-talk] providing patches for php apps ...
Message-ID: <004e01c35d10$1f6c5880$6500a8c0@THINKPAD>

greetings ...

im just curious how everyone might apply patches to php apps (for example if
u took a pretty old open php app and adjusted a few files, .php, .sql) and u
wanted to just provide the patch file, is there a common way to do this?

diff ~/dev/file.1php ~/tmp/file1.php > patch
patch < patch

is the sufficient/common?

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




From jonbaer at jonbaer.net  Thu Aug  7 14:21:58 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 7 Aug 2003 11:21:58 -0700
Subject: [nycphp-talk] bare minimum for cli apps ...
Message-ID: <005401c35d10$ca2e07a0$6500a8c0@THINKPAD>

does anyone know if there is a packager or a method for creating bare
minimum (w/ a few libs like php_socket, php_wpcap, etc) distro of php or
what the dependencies r for php.exe to run a few script files?  is just
.exe, php4ts.dll, .ini, and a few .dlls ok or does anything need to be
registered in order for cli to work ...

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




From shiflett at php.net  Thu Aug  7 14:23:41 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 7 Aug 2003 11:23:41 -0700 (PDT)
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <3F328A6D.3080802@nyphp.org>
Message-ID: <20030807182341.31363.qmail@web14310.mail.yahoo.com>

--- Hans Zaunere <hans at nyphp.org> wrote:
> Hmm, well so much for me picking a good meeting spot. Yeah, NE
> corner is where I planned, but I could have sworn that would be
> 7th Avenue.

You're right about that, just not about it being across the street from the big
Post Office building.

> Anyway, I'm actually on my way to an area somewhat close to there,
> so I'll pin it down (a digital camera would certainly be handy right
> about now :)

I've got a camera, and that's basically where I live, so I can take some
pictures if you want (or you can drop by and borrow the camera).

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From shiflett at php.net  Thu Aug  7 14:25:48 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 7 Aug 2003 11:25:48 -0700 (PDT)
Subject: [nycphp-talk] Fwd: Undelivered Mail Returned to Sender
Message-ID: <20030807182548.31680.qmail@web14310.mail.yahoo.com>

--- crisscott at netzero.com wrote:
> That is helpful. I obviously wasn't looking at this from the right
> angle. But like David mentioned, I would think that having lots
> users sleeping and polling would cause some strain on the server.

Well, it wouldn't cause much strain at all, since it's only having to send a
little chunk every time someone sends a message.

What it does do is tie up connections. Most people who do this consider the
Web server to be a chat server and dedicate it to that purpose (or, at least
dedicate some Web server to the purpose, perhaps listening on an alternate
port). Because the strain is very little, you can increase your maximum
number of child processes/threads/whatever a ton without increasing your load
too much (this tuning requires a bit of experience with tuning Web servers, but
trial an error is also very educational). You just need to be able to support a
connection for every user in a chat.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From jsiegel1 at optonline.net  Thu Aug  7 15:11:10 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Thu, 07 Aug 2003 15:11:10 -0400
Subject: [nycphp-talk] Smarty template problem - creating directories
In-Reply-To: <Law14-OE16YAPNXRPmc00015707@hotmail.com>
Message-ID: <007e01c35d17$a9b70240$6501a8c0@EZDSDELL>

The problem, it turned out, was permissions.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Kerem Tuzemen
Sent: Thursday, August 07, 2003 11:29 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Smarty template problem - creating directories


Jeff,

You have templates_c directory (used for caching templates) created,
right?
If not, create it in the same folder that your templates directory
exists.
This one is explained in the installation part of Smarty manual.

okt


----- Original Message ----- 
From: "Andrew Yochum" <andrew at digitalpulp.com>
To: "Jeff" <jsiegel1 at optonline.net>
Cc: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Thursday, August 07, 2003 11:34 AM
Subject: Re: [nycphp-talk] Smarty template problem - creating directories


> On Thu, Aug 07, 2003 at 11:31:36AM -0400, Jeff wrote:
> > Hope someone has some experience with Smarty. I'm getting the
following
> > error message. Note the double forward slashes. Any know how to
solve
> > this one?
> >
> > Warning: Smarty error: problem creating directory
> >
"/tmp/disk/home/webmaster/Files/WWW/tff_pref/templates/templates_c//%%-1
> > 1/%%-1167457344"
>
> The double slashes should be fine, I think.  You probably have an
unnecessary
> trailing / in a config file somewhere.
>
> Have you checked the permissions on the containing directory?  Does
the
user
> the script is running as have permission to write to it?
>
> -- 
> Andrew Yochum
> Digital Pulp, Inc.
> 212.679.0676x255
> andrew at digitalpulp.com
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Thu Aug  7 15:31:08 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Thu, 07 Aug 2003 15:31:08 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <20030807182341.31363.qmail@web14310.mail.yahoo.com>
References: <20030807182341.31363.qmail@web14310.mail.yahoo.com>
Message-ID: <3F32A8FC.4030105@nyphp.org>



Chris Shiflett wrote:

> --- Hans Zaunere <hans at nyphp.org> wrote:
> 
>>Hmm, well so much for me picking a good meeting spot. Yeah, NE
>>corner is where I planned, but I could have sworn that would be
>>7th Avenue.
> 
> 
> You're right about that, just not about it being across the street from the big
> Post Office building.

Yeah, I have now seen it firsthand :)

---  We'll be meeting at 33rd and 8th Avenue.  (NOT 7th)


>>Anyway, I'm actually on my way to an area somewhat close to there,
>>so I'll pin it down (a digital camera would certainly be handy right
>>about now :)
> 
> I've got a camera, and that's basically where I live, so I can take some
> pictures if you want (or you can drop by and borrow the camera).

If you get a chance to take a picture of that corner that be great, but I don't think it should be a problem either way.  I picked this particular corner because it's fairly small and generally easy to see everyone who is standing around.

See everyone tomorrow (at 33rd and 8th at 6:30am)

H



From tom at supertom.com  Thu Aug  7 15:42:40 2003
From: tom at supertom.com (tom at supertom.com)
Date: Thu, 07 Aug 2003 15:42:40 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <3F32A8FC.4030105@nyphp.org>
Message-ID: <LBEDJMJGLEPEKJAJMHBDCEANFJAA.tom@supertom.com>

Ok, 8th and 33rd it is.  See you then.

Tom
www.liphp.org







-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
Sent: Thursday, August 07, 2003 3:31 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Oracle Developer Days Details




Chris Shiflett wrote:

> --- Hans Zaunere <hans at nyphp.org> wrote:
>
>>Hmm, well so much for me picking a good meeting spot. Yeah, NE
>>corner is where I planned, but I could have sworn that would be
>>7th Avenue.
>
>
> You're right about that, just not about it being across the street from
the big
> Post Office building.

Yeah, I have now seen it firsthand :)

---  We'll be meeting at 33rd and 8th Avenue.  (NOT 7th)


>>Anyway, I'm actually on my way to an area somewhat close to there,
>>so I'll pin it down (a digital camera would certainly be handy right
>>about now :)
>
> I've got a camera, and that's basically where I live, so I can take some
> pictures if you want (or you can drop by and borrow the camera).

If you get a chance to take a picture of that corner that be great, but I
don't think it should be a problem either way.  I picked this particular
corner because it's fairly small and generally easy to see everyone who is
standing around.

See everyone tomorrow (at 33rd and 8th at 6:30am)

H

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From kenrbnsn at rbnsn.com  Thu Aug  7 15:52:08 2003
From: kenrbnsn at rbnsn.com (Ken Robinson)
Date: Thu, 07 Aug 2003 15:52:08 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <3F32A8FC.4030105@nyphp.org>
References: <20030807182341.31363.qmail@web14310.mail.yahoo.com>
	<20030807182341.31363.qmail@web14310.mail.yahoo.com>
Message-ID: <6.0.0.14.2.20030807154640.065d5f00@mail.rbnsn.com>

Some FYI's from someone who's not going, but lives in NJ, takes NJ Transit 
and frequents New Brunswick...

Make sure you but your train tickets before getting on the train. If you 
don't you will be charged a $5 surcharge.

The Hyatt is a 2 (longish) block walk North on Albany Street from the train 
station in New Brunswick. If you get to the river, you've walked too far...

Ken Robinson



From chendry at nyc.rr.com  Thu Aug  7 20:12:11 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Thu, 7 Aug 2003 20:12:11 -0400
Subject: [nycphp-talk] Oracle Developer Days Details
In-Reply-To: <3F32A8FC.4030105@nyphp.org>
Message-ID: <JMEHLOIOFHBEJDCDJNLOGEJBDFAA.chendry@nyc.rr.com>

yippie!  I haven't seen 6:30 in years...

-> -----Original Message-----
-> From: talk-bounces at lists.nyphp.org
-> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
-> Sent: Thursday, August 07, 2003 3:31 PM
-> To: NYPHP Talk
-> Subject: Re: [nycphp-talk] Oracle Developer Days Details
-> 
-> 
-> 
-> 
-> Chris Shiflett wrote:
-> 
-> > --- Hans Zaunere <hans at nyphp.org> wrote:
-> > 
-> >>Hmm, well so much for me picking a good meeting spot. Yeah, NE
-> >>corner is where I planned, but I could have sworn that would be
-> >>7th Avenue.
-> > 
-> > 
-> > You're right about that, just not about it being across the 
-> street from the big
-> > Post Office building.
-> 
-> Yeah, I have now seen it firsthand :)
-> 
-> ---  We'll be meeting at 33rd and 8th Avenue.  (NOT 7th)
-> 
-> 
-> >>Anyway, I'm actually on my way to an area somewhat close to there,
-> >>so I'll pin it down (a digital camera would certainly be handy right
-> >>about now :)
-> > 
-> > I've got a camera, and that's basically where I live, so I can 
-> take some
-> > pictures if you want (or you can drop by and borrow the camera).
-> 
-> If you get a chance to take a picture of that corner that be 
-> great, but I don't think it should be a problem either way.  I 
-> picked this particular corner because it's fairly small and 
-> generally easy to see everyone who is standing around.
-> 
-> See everyone tomorrow (at 33rd and 8th at 6:30am)
-> 
-> H
-> 
-> _______________________________________________
-> talk mailing list
-> talk at lists.nyphp.org
-> http://lists.nyphp.org/mailman/listinfo/talk
-> 



From velez at sinu.com  Thu Aug  7 20:48:13 2003
From: velez at sinu.com (Larry Velez)
Date: Thu, 7 Aug 2003 20:48:13 -0400
Subject: [nycphp-talk] Re: IM App
In-Reply-To: <20030807182548.31680.qmail@web14310.mail.yahoo.com>
Message-ID: <000501c35d46$bf6e0be0$0e0ea8c0@therealm>


We built a dedicated chat app for a client's website once.  We used Jabber and a Java client for the front end.  It worked great.
Although they hardly ever had anyone in the chat rooms to really test the system under load.   I know this is not a PHP solution but
I don't think PHP is well suited for a real-time application like IM.

| Larry Velez | http://sinu.com |

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett
Sent: Thursday, August 07, 2003 2:26 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Fwd: Undelivered Mail Returned to Sender


--- crisscott at netzero.com wrote:
> That is helpful. I obviously wasn't looking at this from the right 
> angle. But like David mentioned, I would think that having lots users 
> sleeping and polling would cause some strain on the server.

Well, it wouldn't cause much strain at all, since it's only having to send a little chunk every time someone sends a message.

What it does do is tie up connections. Most people who do this consider the Web server to be a chat server and dedicate it to that
purpose (or, at least dedicate some Web server to the purpose, perhaps listening on an alternate port). Because the strain is very
little, you can increase your maximum number of child processes/threads/whatever a ton without increasing your load too much (this
tuning requires a bit of experience with tuning Web servers, but trial an error is also very educational). You just need to be able
to support a connection for every user in a chat.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/
_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From dmintz at panix.com  Fri Aug  8 07:33:08 2003
From: dmintz at panix.com (David Mintz)
Date: Fri, 8 Aug 2003 07:33:08 -0400 (EDT)
Subject: [nycphp-talk] empty string as array key ?
In-Reply-To: <000501c35d46$bf6e0be0$0e0ea8c0@therealm>
References: <000501c35d46$bf6e0be0$0e0ea8c0@therealm>
Message-ID: <Pine.NEB.4.56.0308080720410.7929@panix5.panix.com>


I just found out that this is legal

$minutes = array(''=>"&nbsp;","00"=>"00","30"=>"30"); //etc

Is this  -- the fact that you can get away with using an
empty string as an array key -- a bug or a feature (or neither)?

I wonder if I can count on this behavior in other PHP versions (mine is
4.3.2 on RH) In this instance it's quite helpful in solving my problem
with sticky dropdowns and the Smarty html_options function ... a problem
too boring and complicated to explain unless someone's interested.

Thanks.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!


From adam at trachtenberg.com  Fri Aug  8 10:21:52 2003
From: adam at trachtenberg.com (Adam Maccabee Trachtenberg)
Date: Fri, 8 Aug 2003 10:21:52 -0400 (EDT)
Subject: [nycphp-talk] empty string as array key ?
In-Reply-To: <Pine.NEB.4.56.0308080720410.7929@panix5.panix.com>
Message-ID: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>

On Fri, 8 Aug 2003, David Mintz wrote:

> I just found out that this is legal
> 
> $minutes = array(''=>"&nbsp;","00"=>"00","30"=>"30"); //etc
> 
> Is this  -- the fact that you can get away with using an
> empty string as an array key -- a bug or a feature (or neither)?

I believe it is a feature. The empty string is a valid string and
differentiable from NULL. In fact, if you are creative enough, you can
name variables (or array elements) all sorts of stupid names:

${"\n"} = 'return';
$a = compact("\n");
print_r($a);

Array
(
    [
] => return
)

-adam

-- 
adam at trachtenberg.com
author of o'reilly's php cookbook
avoid the holiday rush, buy your copy today!



From csnyder at chxo.com  Fri Aug  8 10:23:08 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Fri, 08 Aug 2003 10:23:08 -0400
Subject: [nycphp-talk] request for comment: pWhiteboard
Message-ID: <3F33B24C.5060002@chxo.com>

If anyone is curious about a php-based html whiteboard (a single-page 
Wiki, really) with built-in wysiwyg editing, check out 
http://chxo.com/pWhiteboard/index.html  -- and feel free to edit the 
demo page. Mozilla 1.4 / IE 5.5 required.

If you build or maintain a content management system or blogging tool, I 
recommend checking out htmlArea -- it's in a buggy alpha state at the 
moment, but it works well enough. Just being able to copy-and-paste from 
other websites is a godsend. It's free under a BSD-ish license. 
http://www.interactivetools.com/products/htmlarea/

Now if only it worked in Safari...

   



From csnyder at chxo.com  Fri Aug  8 10:33:41 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Fri, 08 Aug 2003 10:33:41 -0400
Subject: [nycphp-talk] empty string as array key ?
In-Reply-To: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>
References: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>
Message-ID: <3F33B4C5.3070507@chxo.com>

Adam Maccabee Trachtenberg wrote:

> In fact, if you are creative enough, you can
>
>name variables (or array elements) all sorts of stupid names:
>
An mp3 id3v2 tag decoder I worked on was quite fond of producing object 
attributes with unrenderable names from binary data.




From dmintz at panix.com  Fri Aug  8 17:12:12 2003
From: dmintz at panix.com (David Mintz)
Date: Fri, 8 Aug 2003 17:12:12 -0400 (EDT)
Subject: [nycphp-talk] cookbook: gpg (was Re: empty string as array key)
In-Reply-To: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>
References: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>
Message-ID: <Pine.NEB.4.56.0308081604080.14998@panix5.panix.com>

On Fri, 8 Aug 2003, Adam Maccabee Trachtenberg wrote:

> adam at trachtenberg.com
> author of o'reilly's php cookbook
> avoid the holiday rush, buy your copy today!

oh -- ~that~ Adam Maccabee Trachtenberg! <fawn>Love that Cookbook!</fawn>.
Now let me ask you (or anybody) a question about 14:11 a/k/a Encrypting
Email with GPG.

If you're an ordinary user on a shared server, what is the best strategy
for GPG-encrypting data? I have figured out (stolen) one way to do it, but
it requires wrapping the script with php-cgiwrap and doing something like

$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");


It doesn't work when run as nobody, I presume because nobody doesn't have
permission to get into my .gnupg directory. Perhaps php-cgiwrap is the
answer... ?

btw thanks to all for the discussion re my last Q.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!



From soazine at erols.com  Fri Aug  8 19:58:13 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 8 Aug 2003 19:58:13 -0400
Subject: [nycphp-talk] open_basedir() error in PHP script
Message-ID: <024401c35e08$efa76460$67a76244@philofsoa>

Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0

Warning: Failed opening '/users/ppowell/web/cma/index.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0


I get this error upon opening a PHP script I wrote; however, upon refreshing my browser, the error goes away and usually does not appear again.  The page is not supposed to cache and I have caching turned off on my script:

<?

  // PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
  // HTTP/1.1
  header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
  header("Pragma: no-cache");                          // HTTP/1.0
....

?>

I have no idea why this happens but I can tell you that this script /cma/index.php will go to a TCL CGI script which will go back to /cma/index.php eventually upon form completion or linkage or some user action.

Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030808/d1b41e2b/attachment.html>

From psaw at pswebcode.com  Fri Aug  8 20:32:44 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Fri, 8 Aug 2003 20:32:44 -0400
Subject: [nycphp-talk] open_basedir() error in PHP script
In-Reply-To: <024401c35e08$efa76460$67a76244@philofsoa>
Message-ID: <000d01c35e0d$c2149360$68e4a144@bronco>

Here is a descrip of what the php.ini setting for open_basedir does:
 
Limit the files that can be opened by PHP to the specified directory-tree,
including the file itself. This directive is NOT affected by whether Safe
Mode is turned On or Off. 
When a script tries to open a file with, for example, fopen() or gzopen(),
the location of the file is checked. When the file is outside the specified
directory-tree, PHP will refuse to open it. All symbolic links are resolved,
so it's not possible to avoid this restriction with a symlink. 
The special value . indicates that the directory in which the script is
stored will be used as base-directory. 
Under Windows, separate the directories with a semicolon. On all other
systems, separate the directories with a colon. As an Apache module,
open_basedir paths from parent directories are now automatically inherited. 
The restriction specified with open_basedir is actually a prefix, not a
directory name. This means that "open_basedir = /dir/incl" also allows
access to "/dir/include" and "/dir/incls" if they exist. When you want to
restrict access to only the specified directory, end with a slash. For
example: "open_basedir = /dir/incl/" 
Note: Support for multiple directories was added in 3.0.7. 
The default is to allow all files to be opened. 
 
Run info.php in your site to check for your php.ini settings. You are
dealing with a "safe mode" file restriction. Works with all these types of
settings as below:

safe_mode "0" PHP_INI_SYSTEM 
safe_mode_gid "0" PHP_INI_SYSTEM 
safe_mode_include_dir NULL PHP_INI_SYSTEM 
safe_mode_exec_dir "" PHP_INI_SYSTEM 
safe_mode_allowed_env_vars PHP_ PHP_INI_SYSTEM 
safe_mode_protected_env_vars LD_LIBRARY_PATH PHP_INI_SYSTEM 
open_basedir NULL PHP_INI_SYSTEM 
disable_functions "" PHP_INI_SYSTEM 
disable_classes "" PHP_INI_SYSTEM 
 
PSaw

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Phil Powell
Sent: Friday, August 08, 2003 7:58 PM
To: NYPHP Talk
Subject: [nycphp-talk] open_basedir() error in PHP script


Warning: open_basedir restriction in effect. File is in wrong directory in
Unknown on line 0

Warning: Failed opening '/users/ppowell/web/cma/index.php' for inclusion
(include_path='.:/usr/local/lib/php') in Unknown on line 0

 
I get this error upon opening a PHP script I wrote; however, upon refreshing
my browser, the error goes away and usually does not appear again.  The page
is not supposed to cache and I have caching turned off on my script:
 
<?
 
  // PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always
modified
  // HTTP/1.1
  header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0");
  header("Pragma: no-cache");                          // HTTP/1.0
....
 
?>
 
I have no idea why this happens but I can tell you that this script
/cma/index.php will go to a TCL CGI script which will go back to
/cma/index.php eventually upon form completion or linkage or some user
action.
 
Phil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030808/a69b0784/attachment.html>

From soazine at erols.com  Fri Aug  8 22:53:19 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 8 Aug 2003 22:53:19 -0400
Subject: [nycphp-talk] open_basedir() error in PHP script
References: <000d01c35e0d$c2149360$68e4a144@bronco>
Message-ID: <02e101c35e21$63fc32b0$67a76244@philofsoa>

MessageWhat kind of solution would I have if the machine this is occurring is a remote one and not my own? What do you recommend I do since I do not have any ownership over the box itself?

Phil
  ----- Original Message ----- 
  From: pswebcode, nyc 
  To: 'NYPHP Talk' 
  Sent: Friday, August 08, 2003 8:32 PM
  Subject: RE: [nycphp-talk] open_basedir() error in PHP script


  Here is a descrip of what the php.ini setting for open_basedir does:
   
  Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off. 
  When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. 
  The special value . indicates that the directory in which the script is stored will be used as base-directory. 
  Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited. 
  The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/" 
  Note: Support for multiple directories was added in 3.0.7. 
  The default is to allow all files to be opened. 

  Run info.php in your site to check for your php.ini settings. You are dealing with a "safe mode" file restriction. Works with all these types of settings as below:

  safe_mode "0" PHP_INI_SYSTEM 
  safe_mode_gid "0" PHP_INI_SYSTEM 
  safe_mode_include_dir NULL PHP_INI_SYSTEM 
  safe_mode_exec_dir "" PHP_INI_SYSTEM 
  safe_mode_allowed_env_vars PHP_ PHP_INI_SYSTEM 
  safe_mode_protected_env_vars LD_LIBRARY_PATH PHP_INI_SYSTEM 
  open_basedir NULL PHP_INI_SYSTEM 
  disable_functions "" PHP_INI_SYSTEM 
  disable_classes "" PHP_INI_SYSTEM 

  PSaw
    -----Original Message-----
    From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Phil Powell
    Sent: Friday, August 08, 2003 7:58 PM
    To: NYPHP Talk
    Subject: [nycphp-talk] open_basedir() error in PHP script


    Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0

    Warning: Failed opening '/users/ppowell/web/cma/index.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0


    I get this error upon opening a PHP script I wrote; however, upon refreshing my browser, the error goes away and usually does not appear again.  The page is not supposed to cache and I have caching turned off on my script:

    <?

      // PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
      header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
      header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
      // HTTP/1.1
      header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
      header("Pragma: no-cache");                          // HTTP/1.0
    ....

    ?>

    I have no idea why this happens but I can tell you that this script /cma/index.php will go to a TCL CGI script which will go back to /cma/index.php eventually upon form completion or linkage or some user action.

    Phil


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030808/0974bf36/attachment.html>

From webapprentice at onemain.com  Sat Aug  9 00:42:55 2003
From: webapprentice at onemain.com (Webapprentice)
Date: Sat, 09 Aug 2003 00:42:55 -0400
Subject: [nycphp-talk] OT: Javascript question
In-Reply-To: <Pine.NEB.4.56.0308081604080.14998@panix5.panix.com>
References: <Pine.LNX.4.21.0308081008130.31021-100000@miranda.org>
	<Pine.NEB.4.56.0308081604080.14998@panix5.panix.com>
Message-ID: <3F347BCF.2010307@onemain.com>

Hi,
Could somebody tell me where I can ask this question and get some answers?

I have inherited a small Javascript app that stores pagination 
(next/previous pagination) data via cookies.  The parent window sets 2 
cookies and then opens another window.  The child window is supposed to 
read the cookies to get the default pagination.

//Parent page snippet

var newWindow = '';

newWindow.open("newPage.html");
newWindow.focus();

newWindow.opener = self;
newWindow.document.cookies = "start=ss";
newWindow.document.cookies = "end=ss";

//----------------------------

//Child page snippet:

var ck = document.cookie;

var pos = ck.indexOf("start=");

// etc.


The strange thing is that this works in IE6, but not in NS7.
When I check NS7 and check the cookies in the preferences, the start and 
end cookies are there.

The length of document.cookies is much shorter in NS7 than in IE6.  When 
I print what is in document.cookies, IE6 shows me the 2 cookies, while 
NS7 does not.

How do I make these cookies work in IE5, IE6, NS6, and NS7?

Thank you,
Stephen








From dmintz at panix.com  Sat Aug  9 01:45:38 2003
From: dmintz at panix.com (David Mintz)
Date: Sat, 9 Aug 2003 01:45:38 -0400 (EDT)
Subject: [nycphp-talk] open_basedir() error in PHP script
In-Reply-To: <02e101c35e21$63fc32b0$67a76244@philofsoa>
References: <000d01c35e0d$c2149360$68e4a144@bronco>
	<02e101c35e21$63fc32b0$67a76244@philofsoa>
Message-ID: <Pine.NEB.4.56.0308090138001.28205@panix5.panix.com>

On Fri, 8 Aug 2003, Phil Powell wrote:

> MessageWhat kind of solution would I have if the machine this is
> occurring is a remote one and not my own? What do you recommend I do
> since I do not have any ownership over the box itself?


It looks like we can't override safe_mode with ini_set(). Maybe you can
run php in CGI mode and use your own config file?

Maybe someone else can give you a better idea -- just thought I'd give it
a shot.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

>
> Phil
>   ----- Original Message -----
>   From: pswebcode, nyc
>   To: 'NYPHP Talk'
>   Sent: Friday, August 08, 2003 8:32 PM
>   Subject: RE: [nycphp-talk] open_basedir() error in PHP script
>
>
>   Here is a descrip of what the php.ini setting for open_basedir does:
>
>   Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
>   When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.
>   The special value . indicates that the directory in which the script is stored will be used as base-directory.
>   Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
>   The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
>   Note: Support for multiple directories was added in 3.0.7.
>   The default is to allow all files to be opened.
>
>   Run info.php in your site to check for your php.ini settings. You are dealing with a "safe mode" file restriction. Works with all these types of settings as below:
>
>   safe_mode "0" PHP_INI_SYSTEM
>   safe_mode_gid "0" PHP_INI_SYSTEM
>   safe_mode_include_dir NULL PHP_INI_SYSTEM
>   safe_mode_exec_dir "" PHP_INI_SYSTEM
>   safe_mode_allowed_env_vars PHP_ PHP_INI_SYSTEM
>   safe_mode_protected_env_vars LD_LIBRARY_PATH PHP_INI_SYSTEM
>   open_basedir NULL PHP_INI_SYSTEM
>   disable_functions "" PHP_INI_SYSTEM
>   disable_classes "" PHP_INI_SYSTEM
>
>   PSaw
>     -----Original Message-----
>     From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Phil Powell
>     Sent: Friday, August 08, 2003 7:58 PM
>     To: NYPHP Talk
>     Subject: [nycphp-talk] open_basedir() error in PHP script
>
>
>     Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0
>
>     Warning: Failed opening '/users/ppowell/web/cma/index.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0
>
>
>     I get this error upon opening a PHP script I wrote; however, upon refreshing my browser, the error goes away and usually does not appear again.  The page is not supposed to cache and I have caching turned off on my script:
>
>     <?
>
>       // PREVENT CACHING FIRST BEFORE ANYTHING ELSE!
>       header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
>       header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
>       // HTTP/1.1
>       header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
>       header("Pragma: no-cache");                          // HTTP/1.0
>     ....
>
>     ?>
>
>     I have no idea why this happens but I can tell you that this script /cma/index.php will go to a TCL CGI script which will go back to /cma/index.php eventually upon form completion or linkage or some user action.
>
>     Phil
>
>
> ------------------------------------------------------------------------------
>
>
>   _______________________________________________
>   talk mailing list
>   talk at lists.nyphp.org
>   http://lists.nyphp.org/mailman/listinfo/talk
>


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

Decibels of sound pressure employed by a new "thermoacoustic" refrigerator: 190
Decibels of sound pressure sufficient to ignite a person's hair: 165

	-- Harper's Index, February 2003


From soazine at erols.com  Sat Aug  9 02:33:15 2003
From: soazine at erols.com (Phil Powell)
Date: Sat, 9 Aug 2003 02:33:15 -0400
Subject: [nycphp-talk] Sorting 2-dimensional arrays at 2:00 am - UGH!
Message-ID: <039601c35e40$1d8f6300$67a76244@philofsoa>

$fbArray[$j] = array($feedbackCategoryArray[$i]['attributes']['NAME'] => $feedbackCategoryArray[$i]['attributes']['DISPLAYNAME']);

I can't begin to fathom in my befuddled mind how to sort this array $fbArray into alphabetical order according to $feedbackCategoryArray[$i]['attributes']['NAME'] - I am utterly lost, can someone explain in detail how I would do it and why.

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030809/94899630/attachment.html>

From nyphp at enobrev.com  Sat Aug  9 17:22:18 2003
From: nyphp at enobrev.com (Mark Armendariz)
Date: Sat, 9 Aug 2003 17:22:18 -0400
Subject: [nycphp-talk] Re: IM App
In-Reply-To: <000501c35d46$bf6e0be0$0e0ea8c0@therealm>
Message-ID: <00e401c35ebc$53ca3810$e1951d18@enobrev>

A few months ago, I created a php based socket server app (based in part
on http://www.php-tools.de/site.php socket server class).  For the front
end, I used flash via xml_sockets.  Now in order to add IM-ability to
the chat app, I basically set allow the user to click on a user who is
logged on which will send an "IM" command to the server via the socket,
which in turn sends it to that user via their socket connection.  Then
Using javascript from Flash it open up a new browser window with a new
room with the two members in it for both clients.

Most everything is held in php arrays and the class is continually open
on the server (with a while (1) { // socket commands }).  The only issue
I had was that my hosts's server wouldn't allow the app to run
constantly, so the socket connections would close after 20 minutes.  Now
that they just gave me my own server, I may be able to keep it running
at all times.

I've also done something similar with perl before that, which worked
well, but I've never liked maintaining perl because I'm not strong
enough with it.

I've found that the traffic and processees involved are incredibly
minimal, but it's only been for a group of 30 of us at a time.  The app
also adds all messages to a mysql database for archiving, and besides
the time limit which I'll be working around now, I've had no problems.

Good luck!

Mark

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Larry Velez
Sent: Thursday, August 07, 2003 8:48 PM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Re: IM App



We built a dedicated chat app for a client's website once.  We used
Jabber and a Java client for the front end.  It worked great.
Although they hardly ever had anyone in the chat rooms to really test
the system under load.   I know this is not a PHP solution but
I don't think PHP is well suited for a real-time application like IM.

| Larry Velez | http://sinu.com |

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Chris Shiflett
Sent: Thursday, August 07, 2003 2:26 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Fwd: Undelivered Mail Returned to Sender


--- crisscott at netzero.com wrote:
> That is helpful. I obviously wasn't looking at this from the right
> angle. But like David mentioned, I would think that having lots users 
> sleeping and polling would cause some strain on the server.

Well, it wouldn't cause much strain at all, since it's only having to
send a little chunk every time someone sends a message.

What it does do is tie up connections. Most people who do this consider
the Web server to be a chat server and dedicate it to that purpose (or,
at least dedicate some Web server to the purpose, perhaps listening on
an alternate port). Because the strain is very little, you can increase
your maximum number of child processes/threads/whatever a ton without
increasing your load too much (this tuning requires a bit of experience
with tuning Web servers, but trial an error is also very educational).
You just need to be able to support a connection for every user in a
chat.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/ _______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk






From jonbaer at jonbaer.net  Sat Aug  9 21:53:09 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Sat, 9 Aug 2003 18:53:09 -0700
Subject: [nycphp-talk] low level libpcap w/ php
Message-ID: <007401c35ee2$26b594c0$6500a8c0@THINKPAD>

i had been fiddling w/ winpcap to get an extension running in php for a
php-based wlan mapping application and then found out that the extension
already existed so i thought id pass along the link ...

http://alcane.dune2.info/phpcap/example.php

pretty cool stuff ... enjoy.

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




From sklar at sklar.com  Mon Aug 11 09:12:56 2003
From: sklar at sklar.com (David Sklar)
Date: Mon, 11 Aug 2003 09:12:56 -0400
Subject: [nycphp-talk] cookbook: gpg (was Re: empty string as array key)
Message-ID: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com>

> If you're an ordinary user on a shared server, what is the best
> strategy for GPG-encrypting data? I have figured out (stolen) one way
> to do it, but it requires wrapping the script with php-cgiwrap and
> doing something like
>
> $encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
> --no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
>
> It doesn't work when run as nobody, I presume because nobody doesn't
> have permission to get into my .gnupg directory. Perhaps php-cgiwrap
> is the answer... ?

gpg has to run as a user that has access to your secret key ring.

Doing gpg encryption with a passphrase-protected key on a shared server has
many risks: can anyone else on the server (through misadministration or a
hole in pages on your site) alter any of your cgi-wrapped scripts and do
their own encryption/decryption/steal your key? Separately, putting your
passphrase in a file readable by other users is no better than just having a
passphraseless key.

What are you trying to encrypt?

David



From psaw at pswebcode.com  Mon Aug 11 09:39:10 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Mon, 11 Aug 2003 09:39:10 -0400
Subject: [nycphp-talk] Apcahe and Virtual Hosts Directives Maximum
Message-ID: <001101c3600d$f22072c0$68e4a144@bronco>

I've got a server setting where there are about 40 different domain names 
pointed to a single instance of apache

I'm wondering if anyone has any experience with how many VirtualHosts
directives 
are reasonable within the httpd.conf file before apache may experience a
performance hit.

Or is this processing very trivial? Do I have any reason to be concerned on
this issue?

Warmest regards,

Peter Sawczynec, Technology Director
PSWebcode -- Web Development and 
Site Architecture
psaw at pswebcode.com
www.pswebcode.com
718.543.3240



From dmintz at panix.com  Mon Aug 11 10:13:52 2003
From: dmintz at panix.com (David Mintz)
Date: Mon, 11 Aug 2003 10:13:52 -0400 (EDT)
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com>
References: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com>
Message-ID: <Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>

On Mon, 11 Aug 2003, David Sklar wrote:

> gpg has to run as a user that has access to your secret key ring.
>
> Doing gpg encryption with a passphrase-protected key on a shared server has
> many risks: can anyone else on the server (through misadministration or a
> hole in pages on your site) alter any of your cgi-wrapped scripts and do
> their own encryption/decryption/steal your key? Separately, putting your
> passphrase in a file readable by other users is no better than just having a
> passphraseless key.
>
> What are you trying to encrypt?


Last question first: credit card information, which will then be emailed
and/or written to a database.

As for the first question, well... maybe I'm confused. When I run the
snippet


$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");

from the command line or as a wrapped script, it does not require a
passphrase in order to encrypt. Since gpg needs the user's secret key in
order to encrypt and sign, a copy of that secret key has to live on the
server -- is there any way around that? The permissions are as restrictive
as possible and I guess the key is as safe/vulnerable as anything else in
the house that's similarly chmoded.

The private key for decrypting is not going to be anywhere near the
server, nor will my secret key passphrase.

So how, if at all, does one safely gpg-encrypt on a shared server?

Thanks,

---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!


From hans at nyphp.org  Mon Aug 11 12:35:12 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 11 Aug 2003 12:35:12 -0400
Subject: [nycphp-talk] open_basedir() error in PHP script
In-Reply-To: <02e101c35e21$63fc32b0$67a76244@philofsoa>
References: <000d01c35e0d$c2149360$68e4a144@bronco>
	<02e101c35e21$63fc32b0$67a76244@philofsoa>
Message-ID: <3F37C5C0.3080202@nyphp.org>



Phil Powell wrote:

> What kind of solution would I have if the machine this is occurring is a 
> remote one and not my own? What do you recommend I do since I do not 
> have any ownership over the box itself?

There's no solution.  open_basedir is a preventive security measure, and was set for a reason.  You'll need to talk to the sysadmin to get something worked out.

H



From hans at nyphp.org  Mon Aug 11 12:42:14 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 11 Aug 2003 12:42:14 -0400
Subject: [nycphp-talk] Sorting 2-dimensional arrays at 2:00 am - UGH!
In-Reply-To: <039601c35e40$1d8f6300$67a76244@philofsoa>
References: <039601c35e40$1d8f6300$67a76244@philofsoa>
Message-ID: <3F37C766.2080403@nyphp.org>



Phil Powell wrote:

> $fbArray[$j] = array($feedbackCategoryArray[$i]['attributes']['NAME'] => 
> $feedbackCategoryArray[$i]['attributes']['DISPLAYNAME']);
>  
> I can't begin to fathom in my befuddled mind how to sort this array 
> $fbArray into alphabetical order according to 
> $feedbackCategoryArray[$i]['attributes']['NAME']

I'll throw this function out there as an example:

   function __sortOn( $metadata,$sort_flags,$reverse = FALSE ) {

      if( !isset($this->Listing[0][$metadata]) )
         return FALSE;

      $metakeys = array();
      foreach( $this->Listing as $key => $sorton )
         $metakeys[$key] = $sorton[$metadata];

      if( $reverse )
         arsort($metakeys,$sort_flags);
      else
         asort($metakeys,$sort_flags);

      $tmp = array();
      foreach( $metakeys as $key => $metakey )
         $tmp[] = $this->Listing[$key];

      $this->Listing = $tmp;

      return TRUE;
   }

> - I am utterly lost, 
> can someone explain in detail how I would do it and why.

I have no idea why, but I'd consider rethinking your data structures a bit  :)

H




From hans at nyphp.org  Mon Aug 11 12:47:06 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 11 Aug 2003 12:47:06 -0400
Subject: [nycphp-talk] Apcahe and Virtual Hosts Directives Maximum
In-Reply-To: <001101c3600d$f22072c0$68e4a144@bronco>
References: <001101c3600d$f22072c0$68e4a144@bronco>
Message-ID: <3F37C88A.60800@nyphp.org>



pswebcode, nyc wrote:

> I've got a server setting where there are about 40 different domain names 
> pointed to a single instance of apache
> 
> I'm wondering if anyone has any experience with how many VirtualHosts
> directives 
> are reasonable within the httpd.conf file before apache may experience a
> performance hit.

Hundreds... or more.

> Or is this processing very trivial? Do I have any reason to be concerned on
> this issue?

Negative.  There's even a module to make working with large numbers of vhosts easier:

http://httpd.apache.org/docs/vhosts/mass.html

H



From soazine at erols.com  Mon Aug 11 12:46:24 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 11 Aug 2003 12:46:24 -0400
Subject: [nycphp-talk] Sorting 2-dimensional arrays at 2:00 am - UGH!
References: <039601c35e40$1d8f6300$67a76244@philofsoa>
	<3F37C766.2080403@nyphp.org>
Message-ID: <000701c36028$19f71f50$67a76244@philofsoa>

Oh yeah I got it BTW, at 4:00am

And rethinking my data structures is never an option; I'll just make it even
more complicated by doing so!  In fact, PHP is the saving grace behind the
idea of sorting data that is parsed from an XML file into a TCL
1-dimensional list.  Otherwise, it would never be done at all.

I have this data that consists of feedback information, when users enter
feedback from my site.  The feedback XML row will consist of:

firstname
lastname
email
url
categoryID (feedback category ID maps to feedbackCategories.xml which has
like 1 => "trivia" or 2 => "articles"...)
timeStamp
showEntry (a boolean switch to "delete" this entry upon choice)

I use TCL to parse the XML file (long story, trust me) and it converts it to
a 1-dimensional list.  However, I would need to sort this one-dimensional
list as follows:

1) sort first by ascending category_id
2) sort each separated category_id by descending timestamp order

So, long in short, this is what I came up with:

// FUNCTION TO BE USED IN uksort() TO RETURN A REVERSE-CASE-INSENSITIVE
BOOLEAN FOR REVERSE SORTING
  function strrevcasecmp($a, $b) {
   if (strcasecmp($a, $b) == 0) return 0;
   return (strcasecmp($a, $b) > 0) ? -1 : 1;
  }

...// reparse the original feedback.xml file instead of using the TCL list
(the TCL script will have updated the existing XML file if need be prior to
calling this PHP script)

// SORT THE OUTER ARRAY FIRST IN CATEGORY_ID ASC AND THEN EACH INNER ARRAY
BY TIME DESC
   // BE SURE TO SUPPRESS WARNINGS IF NO DATA IS FOUND IN fbArray
   @ksort($fbArray);
   if (sizeof($fbArray) > 0) {
    foreach ($fbArray as $key => $val) {
     @uksort($val, "strrevcasecmp");
     $fbArray[$key] = $val;
    }
   }

And there you have it, an overcomplicated solution, once again, possibly an
extremely simpler solution out there that I simply can't fathom. :(

Phil
----- Original Message -----
From: "Hans Zaunere" <hans at nyphp.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 11, 2003 12:42 PM
Subject: Re: [nycphp-talk] Sorting 2-dimensional arrays at 2:00 am - UGH!


>
>
> Phil Powell wrote:
>
> > $fbArray[$j] = array($feedbackCategoryArray[$i]['attributes']['NAME'] =>
> > $feedbackCategoryArray[$i]['attributes']['DISPLAYNAME']);
> >
> > I can't begin to fathom in my befuddled mind how to sort this array
> > $fbArray into alphabetical order according to
> > $feedbackCategoryArray[$i]['attributes']['NAME']
>
> I'll throw this function out there as an example:
>
>    function __sortOn( $metadata,$sort_flags,$reverse = FALSE ) {
>
>       if( !isset($this->Listing[0][$metadata]) )
>          return FALSE;
>
>       $metakeys = array();
>       foreach( $this->Listing as $key => $sorton )
>          $metakeys[$key] = $sorton[$metadata];
>
>       if( $reverse )
>          arsort($metakeys,$sort_flags);
>       else
>          asort($metakeys,$sort_flags);
>
>       $tmp = array();
>       foreach( $metakeys as $key => $metakey )
>          $tmp[] = $this->Listing[$key];
>
>       $this->Listing = $tmp;
>
>       return TRUE;
>    }
>
> > - I am utterly lost,
> > can someone explain in detail how I would do it and why.
>
> I have no idea why, but I'd consider rethinking your data structures a bit
:)
>
> H
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Mon Aug 11 12:58:33 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 11 Aug 2003 12:58:33 -0400
Subject: [nycphp-talk] providing patches for php apps ...
In-Reply-To: <004e01c35d10$1f6c5880$6500a8c0@THINKPAD>
References: <004e01c35d10$1f6c5880$6500a8c0@THINKPAD>
Message-ID: <3F37CB39.9080902@nyphp.org>



Jon Baer wrote:

> greetings ...
> 
> im just curious how everyone might apply patches to php apps (for example if
> u took a pretty old open php app and adjusted a few files, .php, .sql) and u
> wanted to just provide the patch file, is there a common way to do this?
> 
> diff ~/dev/file.1php ~/tmp/file1.php > patch
> patch < patch
> 
> is the sufficient/common?

Probably, although unified diffs are typically a little better because it'll provide some context.  Nothing that I'm aware would be any different from C source to PHP source, etc.  I'm always a fan of FreeBSD docs:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/slow-patch.html
> 
> - jon
> 
> pgp key: http://www.jonbaer.net/jonbaer.asc
> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Mon Aug 11 13:05:53 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 11 Aug 2003 13:05:53 -0400
Subject: [nycphp-talk] request for comment: pWhiteboard
In-Reply-To: <3F33B24C.5060002@chxo.com>
References: <3F33B24C.5060002@chxo.com>
Message-ID: <3F37CCF1.8010809@nyphp.org>



Chris Snyder wrote:

> If anyone is curious about a php-based html whiteboard (a single-page 
> Wiki, really) with built-in wysiwyg editing, check out 
> http://chxo.com/pWhiteboard/index.html  -- and feel free to edit the 
> demo page. Mozilla 1.4 / IE 5.5 required.

I'm pretty shocked, honestly, how well the html editor worked (tested in Mozilla).  Maybe we can get an installation at dev.  :)

H




From danielc at analysisandsolutions.com  Mon Aug 11 13:19:56 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 11 Aug 2003 13:19:56 -0400
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>
References: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com>
	<Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>
Message-ID: <20030811171955.GA5141@panix.com>

On Mon, Aug 11, 2003 at 10:13:52AM -0400, David Mintz wrote:
> 
> $encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
> --no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
> 
> from the command line or as a wrapped script, it does not require a
> passphrase in order to encrypt. Since gpg needs the user's secret key in
> order to encrypt and sign, a copy of that secret key has to live on the
> server -- is there any way around that?

I think you're on the right track.  Encrypting data for a designated user 
doesn't require a password.  Here's something I in a PHP shell script on 
my office computer to encrypt backups:

   exec('c:/progra~1/gnupg/gpg.exe -e -r usr at addr.com file.');

Such procedures use the public key ring, right?  As long as you set the
file permissions so only you can write to it... and you know how to
compose secure web applications -- meaning in this case scripts that don't
allow user input to pick the name of the files they're going to write to,
then everything is fine.

In regards to your last question, I don't believe the secret keyring has
to exist on the server.  So, if you want to tighten things up further, you
can make a separate public key file just for this purpose, chmod it to 444
and then use a flag in your gpg call (--keyring, I believe) to use that
special keyring.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From rolan at datawhorehouse.com  Mon Aug 11 13:41:13 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Mon, 11 Aug 2003 13:41:13 -0400
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>
References: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com>
	<Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>
Message-ID: <3F37D539.8030309@datawhorehouse.com>

This is what I've been using for a while. It's probably dirty and unorthodox
but since I am the only user on the system, I'm not that worried about other
users snooping on the /tmp dir.

Feel free to clean this up, anyone...

~Rolan

<?
function gpgdecrypt($data) {
        $pgp="/usr/local/bin/gpg"; # change to location of your gpg
        $username="login of gpg key owner";
        srand((double)microtime()*1000000);
        $unique_str = md5(rand(0,9999999));
        $file="/tmp/".$unique_str;
        $fp=fopen($file,"w");
        fputs($fp,$data);
        fclose($fp);
        $command = "$pgp -quiet --no-secmem-warning -d $file";
        $oldhome = getEnv("HOME");
        putenv("HOME=/home/$username");
        $result = exec($command, $decrypted, $errorcode);
        unlink($file);
        putenv("HOME=$oldhome");
        $message = implode("\n", $decrypted);
        return ($message);
}
?>

function gpgencrypt($data) {
        $username = "owner of pgp private key";
        $publicuser = "owner of pgp public key";
        $pgp="/usr/local/bin/gpg";  # change to location of your gpg
        srand((double)microtime()*1000000);
        $unique_str = md5(rand(0,9999999));
        $file="/tmp/".$unique_str;
        $fp=fopen($file,"w");
        fputs($fp,$data);
        fclose($fp);
        $command = "cat $file | $pgp --always-trust --batch 
--no-secmem-warning -e -r $publicuser --output $file"."b";
        $oldhome = getEnv("HOME");
        putenv("HOME=/home/$username");
        $result = exec($command, $encrypted, $errorcode);
        $fp=fopen("$file"."b","r");
        $message=fread($fp,9999999);
        fclose($fp);
        unlink($file);
        unlink($file."b");
        putenv("HOME=$oldhome");
        return ($message);
}



David Mintz wrote:

>On Mon, 11 Aug 2003, David Sklar wrote:
>
>  
>
>>gpg has to run as a user that has access to your secret key ring.
>>
>>Doing gpg encryption with a passphrase-protected key on a shared server has
>>many risks: can anyone else on the server (through misadministration or a
>>hole in pages on your site) alter any of your cgi-wrapped scripts and do
>>their own encryption/decryption/steal your key? Separately, putting your
>>passphrase in a file readable by other users is no better than just having a
>>passphraseless key.
>>
>>What are you trying to encrypt?
>>    
>>
>
>
>Last question first: credit card information, which will then be emailed
>and/or written to a database.
>
>As for the first question, well... maybe I'm confused. When I run the
>snippet
>
>
>$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
>--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
>
>from the command line or as a wrapped script, it does not require a
>passphrase in order to encrypt. Since gpg needs the user's secret key in
>order to encrypt and sign, a copy of that secret key has to live on the
>server -- is there any way around that? The permissions are as restrictive
>as possible and I guess the key is as safe/vulnerable as anything else in
>the house that's similarly chmoded.
>
>The private key for decrypting is not going to be anywhere near the
>server, nor will my secret key passphrase.
>
>So how, if at all, does one safely gpg-encrypt on a shared server?
>
>Thanks,
>
>---
>David Mintz
>http://davidmintz.org/
>Email: See http://dmintzweb.com/whitelist.php first!
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>



From danielc at analysisandsolutions.com  Mon Aug 11 13:49:19 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 11 Aug 2003 13:49:19 -0400
Subject: [nycphp-talk] libxml in PHP 5
Message-ID: <20030811174918.GB5141@panix.com>

Hey Folks:

I'm starting to use PHP 5 on my development machine.  The primary XML
parser is changing from expat to libxml.  I was curious about the change,
so sought documentation of the new libxml stuff on the PHP site but
haven't been able to find any.

I know there are folks on this list involved with PHP 5's development.  
Perhaps someone can steer me toward such documentation and/or answer a
question.

I was thinking that the new XML parser would necessitate scripts use
different function calls.  Or will the main functions and behavior remain
the same, but only the library be changed?

If the functions will indeed be different, is there some place to find
docs about these new procedures?  They don't have to be great, just give
me an idea of how to start hacking something simple.

Thanks,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From sklar at sklar.com  Mon Aug 11 15:01:52 2003
From: sklar at sklar.com (David Sklar)
Date: Mon, 11 Aug 2003 15:01:52 -0400
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <20030811171955.GA5141@panix.com>
Message-ID: <NFBBJNKBNKCIKGKJIFPJGEFMGIAA.sklar@sklar.com>


>> $encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
>> --no-secmem-warning --homedir /my/.gnupg -ear
>> recipient at example.com");
>>
>> from the command line or as a wrapped script, it does not require a
>> passphrase in order to encrypt. Since gpg needs the user's secret
>> key in order to encrypt and sign, a copy of that secret key has to
>> live on the server -- is there any way around that?
>
> I think you're on the right track.  Encrypting data for a designated
> user doesn't require a password.  Here's something I in a PHP shell
> script on my office computer to encrypt backups:
>
>    exec('c:/progra~1/gnupg/gpg.exe -e -r usr at addr.com file.');
>
> Such procedures use the public key ring, right?

To encrypt only, yes, you just need the public key of the recipient. To
encrypt and sign, you need the private key of the signer as well.

So if you're just encrypting the credit card data with a public key and
storing it in a place where the corresponding private key isn't, then you
should be protected against someone retrieving the encrypted data and then
decrypting it.

You aren't protected against someone injecting false data that's correctly
encrypted into the system (via a hole in your app). This may not be such a
big concern.

David



From fb at intldef.org  Mon Aug 11 17:57:30 2003
From: fb at intldef.org (FB`)
Date: Mon, 11 Aug 2003 17:57:30 -0400
Subject: [nycphp-talk] strange regex problem
References: <NFBBJNKBNKCIKGKJIFPJOEEPGIAA.sklar@sklar.com><Pine.NEB.4.56.0308110949260.9153@panix5.panix.com>
	<20030811171955.GA5141@panix.com>
Message-ID: <012801c36053$901d3090$1901a8c0@ybsweb>

I have an apparently valid regular expression,
^.*<title>([^<]*)</title>.*$
that works well in one site, but causes the server hosting a different site
to grind its teeth to nubs on it - consistently exceeding max ex time...

the full line goes like this:
    $text_a_title =
eregi_replace("^.*<title>([^<]+)</title>.*$","\\1",$str);

if i bypass this line, everything else works swimmingly...


any suggestions?
(taking a title from an html file)


TIA

FB`



From sklar at sklar.com  Mon Aug 11 18:34:39 2003
From: sklar at sklar.com (David Sklar)
Date: Mon, 11 Aug 2003 18:34:39 -0400
Subject: [nycphp-talk] strange regex problem
In-Reply-To: <012801c36053$901d3090$1901a8c0@ybsweb>
Message-ID: <NFBBJNKBNKCIKGKJIFPJGEGAGIAA.sklar@sklar.com>

If you just want the title out of the document, try this:

if (preg_match('@<title>(.*?)</title>@i',$str, $matches)) {
    $title = $matches[1];
} else {
    print "There's no title";
}

David


On Monday, August 11, 2003 5:58 PM,  wrote:

> I have an apparently valid regular expression,
> ^.*<title>([^<]*)</title>.*$
> that works well in one site, but causes the server hosting a
> different site to grind its teeth to nubs on it - consistently
> exceeding max ex time... 
> 
> the full line goes like this:
>     $text_a_title =
> eregi_replace("^.*<title>([^<]+)</title>.*$","\\1",$str);
> 
> if i bypass this line, everything else works swimmingly...
> 
> 
> any suggestions?
> (taking a title from an html file)
> 
> 
> TIA
> 
> FB`
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk


From fb at intldef.org  Mon Aug 11 18:57:24 2003
From: fb at intldef.org (FB`)
Date: Mon, 11 Aug 2003 18:57:24 -0400
Subject: [nycphp-talk] strange regex problem
References: <NFBBJNKBNKCIKGKJIFPJGEGAGIAA.sklar@sklar.com>
Message-ID: <013e01c3605b$edf51c20$1901a8c0@ybsweb>

Thanks!

That works nicely.

Any thoughts on what would make previous regex so nasty?

FB`

----- Original Message ----- 
From: "David Sklar" <sklar at sklar.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 11, 2003 6:34 PM
Subject: RE: [nycphp-talk] strange regex problem


> If you just want the title out of the document, try this:
> 
> if (preg_match('@<title>(.*?)</title>@i',$str, $matches)) {
>     $title = $matches[1];
> } else {
>     print "There's no title";
> }
> 
> David
> 
> 
> On Monday, August 11, 2003 5:58 PM,  wrote:
> 
> > I have an apparently valid regular expression,
> > ^.*<title>([^<]*)</title>.*$
> > that works well in one site, but causes the server hosting a
> > different site to grind its teeth to nubs on it - consistently
> > exceeding max ex time... 
> > 
> > the full line goes like this:
> >     $text_a_title =
> > eregi_replace("^.*<title>([^<]+)</title>.*$","\\1",$str);
> > 
> > if i bypass this line, everything else works swimmingly...
> > 
> > 
> > any suggestions?
> > (taking a title from an html file)
> > 
> > 
> > TIA
> > 
> > FB`
> > 
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk


From sklar at sklar.com  Mon Aug 11 19:03:44 2003
From: sklar at sklar.com (David Sklar)
Date: Mon, 11 Aug 2003 19:03:44 -0400
Subject: [nycphp-talk] strange regex problem
In-Reply-To: <013e01c3605b$edf51c20$1901a8c0@ybsweb>
Message-ID: <NFBBJNKBNKCIKGKJIFPJCEGBGIAA.sklar@sklar.com>

A few things make this nasty:

^.*<title>([^<]*)</title>.*$

With the anchors and the leading and trailing .*'s, you are matching against
the entire document. Plus, since * is greedy by default, the initial .* (I
think) has to match the entire document, then backtrack to the last <title>
tag in the doc. Then, the trailing .* has to do some matching after the
</title> tag is found, matching that doesn't affect what gets captured at
all.

David


On Monday, August 11, 2003 6:57 PM,  wrote:

> Thanks!
>
> That works nicely.
>
> Any thoughts on what would make previous regex so nasty?
>
> FB`
>
> ----- Original Message -----
> From: "David Sklar" <sklar at sklar.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Monday, August 11, 2003 6:34 PM
> Subject: RE: [nycphp-talk] strange regex problem
>
>
>> If you just want the title out of the document, try this:
>>
>> if (preg_match('@<title>(.*?)</title>@i',$str, $matches)) {
>> $title = $matches[1]; } else {
>>     print "There's no title";
>> }
>>
>> David
>>
>>
>> On Monday, August 11, 2003 5:58 PM,  wrote:
>>
>>> I have an apparently valid regular expression,
>>> ^.*<title>([^<]*)</title>.*$
>>> that works well in one site, but causes the server hosting a
>>> different site to grind its teeth to nubs on it - consistently
>>> exceeding max ex time...
>>>
>>> the full line goes like this:
>>>     $text_a_title =
>>> eregi_replace("^.*<title>([^<]+)</title>.*$","\\1",$str);
>>>
>>> if i bypass this line, everything else works swimmingly...
>>>
>>>
>>> any suggestions?
>>> (taking a title from an html file)
>>>
>>>
>>> TIA
>>>
>>> FB`
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nyphp.org
>>> http://lists.nyphp.org/mailman/listinfo/talk
>> _______________________________________________
>> talk mailing list
>> talk at lists.nyphp.org
>> http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From pl at eskimo.com  Mon Aug 11 21:40:46 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Mon, 11 Aug 2003 21:40:46 -0400
Subject: [nycphp-talk] off topic - upgrading cpu
Message-ID: <000f01c36072$c5c583e0$d2220f9d@default>

I just upgraded the cpu on my Pentium I from a 133 mhz to a 200 mhz mmx.  Do
I need to get a bigger heat sink and fan for it?

Thanks for you help.

--peter lehrer



From pl at eskimo.com  Mon Aug 11 21:55:14 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Mon, 11 Aug 2003 21:55:14 -0400
Subject: [nycphp-talk] Wednesday,
	August 13 - Intro to TCP/IP by Joshua Birnbaum
Message-ID: <004201c36074$c8b6c580$d2220f9d@default>

    **** Intro to TCP/IP by Joshua Birnbaum  ****

Wednesday 13 August 6:30 PM
The IBM Building
590 Madison Ave.
57th St. and Madison Ave.
(You must RSVP, See "Security Procedures" Below)

We are pleased to announce that this Wednesday August 13th, Joshua
Birnbaum will be presenting an Introduction to  TCP/IP. (See details below
for this meeting.)

TCP/IP, since it's beginnings in the late 1960's, has gone on to become
the predominant way that computers communicate over networks.
Based on open standards, TCP/IP has allowed for the flourishing of the
Internet as well as the ushering in of a communications revolution.

This GNUbies meeting will discuss the history of TCP/IP, how it became
as popular as it is and how it functions as a part of any operating
system that uses it.

We we will examine TCP/IP's design and organization and how these factors
have contributed to it's flexibility and adoption over time.

Speaker BIO:

Joshua Birnbaum is the President and founder of No-Org, Inc.,
(www.noorg.org) a New York based consultancy specializing in
system administration, computer security and networking.
Mr. Birnbaum began his system administration career in 1994
within the advertising industry and, since becoming a consult-
in 1998, has had the opportunity to work in several other
industries.
Most recently, Mr. Birnbaum has started to release Open Source
software. ifchk (short for network interface check), a computer
and network security tool, was released in mid July of 2003.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Meeting Details:
Date:
Wednesday August 13, 2003
6:30-7:00
General Questions and Answers

7:00 Pesentation by Joshua Birnbaum

"Introduction to TCP/IP"

at
The IBM Building
590 Madison Ave
(57th St. and Madison Ave.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As always, the most up-to-date information can be found on o
http://www.gnubies.org or http://www.eskimo.com/~lo/linux

As always, we are grateful to IBM for their generous offer of space for
our meetings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security Procedures:
To attend the meeting you need to bring a photo ID and provide us with
your full name (as it appears in the photo ID) in advance. You can use
the mailto on the web page at http://www.gnubies.org, reply to this email
if you received it directly, or send email to lo+ibm0308 at eskimo.com with
the Subject of August 2003 Gnubies Meeting and with your name in the
message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We look forward to seeing you at the meeting.

Gnubies
The GNU/Linux/Free OS Beginners' Group

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From danielc at analysisandsolutions.com  Tue Aug 12 01:05:34 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 12 Aug 2003 01:05:34 -0400
Subject: [nycphp-talk] php related boo boos in SecurityFocus Newsletter #209
Message-ID: <20030812050534.GA4304@panix.com>

Hey Y'all:

Another week, another set of PHP related vulnerabilities.


Invision Board Overlapping IBF Formatting Tag HTML Injection...
http://www.securityfocus.com/bid/8335

Macromedia Dreamweaver MX PHP User Authentication Suite Cros...
http://www.securityfocus.com/bid/8339

vBulletin Register.PHP HTML Injection Vulnerability
http://www.securityfocus.com/bid/8354

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From csnyder at chxo.com  Tue Aug 12 01:12:45 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 12 Aug 2003 01:12:45 -0400
Subject: [nycphp-talk] request for comment: pWhiteboard
In-Reply-To: <3F37CCF1.8010809@nyphp.org>
References: <3F33B24C.5060002@chxo.com> <3F37CCF1.8010809@nyphp.org>
Message-ID: <3F38774D.40002@chxo.com>

Hans Zaunere wrote:

> Maybe we can get an installation at dev.  :)
>
Sure nuff: http://dev.nyphp.org/pwhiteboard.php



From hans at nyphp.org  Tue Aug 12 09:15:46 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 12 Aug 2003 09:15:46 -0400
Subject: [nycphp-talk] off topic - upgrading cpu
In-Reply-To: <000f01c36072$c5c583e0$d2220f9d@default>
References: <000f01c36072$c5c583e0$d2220f9d@default>
Message-ID: <3F38E882.6070301@nyphp.org>



Peter Lehrer wrote:
> I just upgraded the cpu on my Pentium I from a 133 mhz to a 200 mhz mmx.  Do
> I need to get a bigger heat sink and fan for it?

If the box is well ventilated as a whole, probably not.  But, if the system was running hot to begin with, the upgrade may put it over the top.  That said, it's probably fine to let it ride with the current heat sink and fan, but just keep an eye on it.

H



From jsiegel1 at optonline.net  Tue Aug 12 09:26:55 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 09:26:55 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
Message-ID: <000c01c360d5$66f3f370$6501a8c0@EZDSDELL>

I have a specific subdirectory on my site where users can upload images
files associated with some text stored in a database. The question
concerns deleting those uploaded images. Deleting the record is the easy
part...even deleting the images and subdirectory is easy. However, my
concern is what precautions should I take to make sure that the wrong
subdir (or the whole site!!) doesn't get blown away. In the code below
I'm using file_exists to delete the images and subdir but is there
anything else that I should do to bullet proof the procedure? 

//Note: $sSubDir is the subdirectory path stored in the corresponding
MySQL record.

//Delete images
for($i=0;$i<5;$i++){
		$sImageName = $sSubDir . "image$i.jpg";
		if(file_exists($sImageName)){		
			unlink($sImageName);
		}	
	}
//Delete subdir
if(file_exists($sSubDir)){
	rmdir($sSubDir);
}

Jeff



From psaw at pswebcode.com  Tue Aug 12 09:41:29 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Tue, 12 Aug 2003 09:41:29 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <000c01c360d5$66f3f370$6501a8c0@EZDSDELL>
Message-ID: <000401c360d7$7118ed40$68e4a144@bronco>

//Delete subdir
if(file_exists($sSubDir) && $sSubDir!="." && $sSubDir != ".."){
	rmdir($sSubDir);
}

...better.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Jeff
Sent: Tuesday, August 12, 2003 9:27 AM
To: 'NYPHP Talk'
Subject: [nycphp-talk] Bullet proofing "rmdir" command


I have a specific subdirectory on my site where users can upload images
files associated with some text stored in a database. The question concerns
deleting those uploaded images. Deleting the record is the easy part...even
deleting the images and subdirectory is easy. However, my concern is what
precautions should I take to make sure that the wrong subdir (or the whole
site!!) doesn't get blown away. In the code below I'm using file_exists to
delete the images and subdir but is there anything else that I should do to
bullet proof the procedure? 

//Note: $sSubDir is the subdirectory path stored in the corresponding MySQL
record.

//Delete images
for($i=0;$i<5;$i++){
		$sImageName = $sSubDir . "image$i.jpg";
		if(file_exists($sImageName)){		
			unlink($sImageName);
		}	
	}
//Delete subdir
if(file_exists($sSubDir)){
	rmdir($sSubDir);
}

Jeff

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Tue Aug 12 09:44:39 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 09:44:39 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <000401c360d7$7118ed40$68e4a144@bronco>
Message-ID: <000d01c360d7$e10433d0$6501a8c0@EZDSDELL>

Great! Thanks!

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of pswebcode, nyc
Sent: Tuesday, August 12, 2003 8:41 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Bullet proofing "rmdir" command


//Delete subdir
if(file_exists($sSubDir) && $sSubDir!="." && $sSubDir != ".."){
	rmdir($sSubDir);
}

...better.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On
Behalf Of Jeff
Sent: Tuesday, August 12, 2003 9:27 AM
To: 'NYPHP Talk'
Subject: [nycphp-talk] Bullet proofing "rmdir" command


I have a specific subdirectory on my site where users can upload images
files associated with some text stored in a database. The question
concerns
deleting those uploaded images. Deleting the record is the easy
part...even
deleting the images and subdirectory is easy. However, my concern is
what
precautions should I take to make sure that the wrong subdir (or the
whole
site!!) doesn't get blown away. In the code below I'm using file_exists
to
delete the images and subdir but is there anything else that I should do
to
bullet proof the procedure? 

//Note: $sSubDir is the subdirectory path stored in the corresponding
MySQL
record.

//Delete images
for($i=0;$i<5;$i++){
		$sImageName = $sSubDir . "image$i.jpg";
		if(file_exists($sImageName)){		
			unlink($sImageName);
		}	
	}
//Delete subdir
if(file_exists($sSubDir)){
	rmdir($sSubDir);
}

Jeff

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From sklar at sklar.com  Tue Aug 12 09:56:50 2003
From: sklar at sklar.com (David Sklar)
Date: Tue, 12 Aug 2003 09:56:50 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <000d01c360d7$e10433d0$6501a8c0@EZDSDELL>
Message-ID: <NFBBJNKBNKCIKGKJIFPJOEGHGIAA.sklar@sklar.com>

Where is $sSubDir set? If it's set by users, then before either call to
rmdir() you should canonicalize the pathname with realpath() and then make
sure that the canonicalized pathname has the correct prefix.

For example:

// The directory under which image-storage subdirectories can be created
$sImagePrefix = '/www/some/place/images';

$sSubDir = realpath($sSubDir);
if ($sSubDir && ($sImagePrefix == dirname($sImageName)) {
  for ($i = 0; $i < 5; $i++) {
    $sImageName = $sSubDir . "image$i.jpg";
    if (file_exists($sImageName)) { unlink($sImageName); }
  }
  unlink($sSubDir);
}

realpath() returns false if the canonicalized pathname doesn't exist.

David


On Tuesday, August 12, 2003 9:45 AM,  wrote:

> Great! Thanks!
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of pswebcode, nyc
> Sent: Tuesday, August 12, 2003 8:41 AM To: 'NYPHP Talk'
> Subject: RE: [nycphp-talk] Bullet proofing "rmdir" command
>
>
> //Delete subdir
> if(file_exists($sSubDir) && $sSubDir!="." && $sSubDir != ".."){
> rmdir($sSubDir); }
>
> ...better.
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff
> Sent: Tuesday, August 12, 2003 9:27 AM
> To: 'NYPHP Talk'
> Subject: [nycphp-talk] Bullet proofing "rmdir" command
>
>
> I have a specific subdirectory on my site where users can upload
> images files associated with some text stored in a database. The
> question concerns deleting those uploaded images. Deleting the record
> is the easy part...even deleting the images and subdirectory is easy.
> However, my concern is what precautions should I take to make sure
> that the wrong subdir (or the whole site!!) doesn't get blown away.
> In the code below I'm using file_exists to delete the images and
> subdir but is there anything else that I should do to bullet proof
> the procedure?
>
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.
>
> //Delete images
> for($i=0;$i<5;$i++){
> 		$sImageName = $sSubDir . "image$i.jpg";
> 		if(file_exists($sImageName)){
> 			unlink($sImageName);
> 		}
> 	}
> //Delete subdir
> if(file_exists($sSubDir)){
> 	rmdir($sSubDir);
> }
>
> Jeff
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From pl at eskimo.com  Tue Aug 12 09:53:27 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Tue, 12 Aug 2003 09:53:27 -0400
Subject: [nycphp-talk] off topic - upgrading cpu
References: <000f01c36072$c5c583e0$d2220f9d@default>
	<3F38E882.6070301@nyphp.org>
Message-ID: <004601c360d9$1d9e7700$8a230f9d@default>

It was not running hot to begin with, but the heatsink is very hot now. I
have the case of with an outside fan blowing on it in addition to the fan
attached to heatsink.

Peter
----- Original Message -----
From: "Hans Zaunere" <hans at nyphp.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 12, 2003 9:15 AM
Subject: Re: [nycphp-talk] off topic - upgrading cpu


>
>
> Peter Lehrer wrote:
> > I just upgraded the cpu on my Pentium I from a 133 mhz to a 200 mhz mmx.
Do
> > I need to get a bigger heat sink and fan for it?
>
> If the box is well ventilated as a whole, probably not.  But, if the
system was running hot to begin with, the upgrade may put it over the top.
That said, it's probably fine to let it ride with the current heat sink and
fan, but just keep an eye on it.
>
> H
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From pl at eskimo.com  Tue Aug 12 09:57:19 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Tue, 12 Aug 2003 09:57:19 -0400
Subject: [nycphp-talk] request for comment: pWhiteboard
References: <3F33B24C.5060002@chxo.com> <3F37CCF1.8010809@nyphp.org>
	<3F38774D.40002@chxo.com>
Message-ID: <004d01c360d9$a72fc000$8a230f9d@default>

I tried editing it, but I couldn't type anything in.

Peter Lehrer
----- Original Message ----- 
From: "Chris Snyder" <csnyder at chxo.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 12, 2003 1:12 AM
Subject: Re: [nycphp-talk] request for comment: pWhiteboard


> Hans Zaunere wrote:
> 
> > Maybe we can get an installation at dev.  :)
> >
> Sure nuff: http://dev.nyphp.org/pwhiteboard.php
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From hans at nyphp.org  Tue Aug 12 10:18:32 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 12 Aug 2003 10:18:32 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <000c01c360d5$66f3f370$6501a8c0@EZDSDELL>
References: <000c01c360d5$66f3f370$6501a8c0@EZDSDELL>
Message-ID: <3F38F738.7070706@nyphp.org>



Jeff wrote:

> I have a specific subdirectory on my site where users can upload images
> files associated with some text stored in a database. The question
> concerns deleting those uploaded images. Deleting the record is the easy
> part...even deleting the images and subdirectory is easy. However, my
> concern is what precautions should I take to make sure that the wrong
> subdir (or the whole site!!) doesn't get blown away. In the code below
> I'm using file_exists to delete the images and subdir but is there
> anything else that I should do to bullet proof the procedure? 
> 
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.

is_dir()/is_file() is good for this, since it'll check the inode type and ensure a real path (which may, however, be relative to the current working dir).

for( $i = 0; $i < 5; ++$i ) {
   $sImageName = "{$sSubDir}image{$i}.jpg";
   if( is_file($sImageName) )
      unlink($sImageName);
}

if( is_dir($sSubDir) )
   rmdir($sSubDir);

H





From jsiegel1 at optonline.net  Tue Aug 12 10:28:57 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 10:28:57 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <3F38F738.7070706@nyphp.org>
Message-ID: <001101c360de$1117e250$6501a8c0@EZDSDELL>

Hans,

See my comment to David Sklar. I think this handles the
issue...especially since I'm not using relative dirs.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Hans Zaunere
Sent: Tuesday, August 12, 2003 9:19 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Bullet proofing "rmdir" command




Jeff wrote:

> I have a specific subdirectory on my site where users can upload
images
> files associated with some text stored in a database. The question
> concerns deleting those uploaded images. Deleting the record is the
easy
> part...even deleting the images and subdirectory is easy. However, my
> concern is what precautions should I take to make sure that the wrong
> subdir (or the whole site!!) doesn't get blown away. In the code below
> I'm using file_exists to delete the images and subdir but is there
> anything else that I should do to bullet proof the procedure? 
> 
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.

is_dir()/is_file() is good for this, since it'll check the inode type
and ensure a real path (which may, however, be relative to the current
working dir).

for( $i = 0; $i < 5; ++$i ) {
   $sImageName = "{$sSubDir}image{$i}.jpg";
   if( is_file($sImageName) )
      unlink($sImageName);
}

if( is_dir($sSubDir) )
   rmdir($sSubDir);

H



_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Tue Aug 12 10:28:57 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 10:28:57 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <NFBBJNKBNKCIKGKJIFPJOEGHGIAA.sklar@sklar.com>
Message-ID: <001801c360de$134374e0$6501a8c0@EZDSDELL>

Just to expand a bit, I use a constant for the full path:

define('DEST_PATH','/var/www/html/car_images/') and then create $sSubDir
by concatenating this path with the value in the table which is simply
the subdirectory name, such as "b67783a0ceadaa20bdc17a513d113a42"

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of David Sklar
Sent: Tuesday, August 12, 2003 8:57 AM
To: NYPHP Talk
Subject: RE: [nycphp-talk] Bullet proofing "rmdir" command


Where is $sSubDir set? If it's set by users, then before either call to
rmdir() you should canonicalize the pathname with realpath() and then
make
sure that the canonicalized pathname has the correct prefix.

For example:

// The directory under which image-storage subdirectories can be created
$sImagePrefix = '/www/some/place/images';

$sSubDir = realpath($sSubDir);
if ($sSubDir && ($sImagePrefix == dirname($sImageName)) {
  for ($i = 0; $i < 5; $i++) {
    $sImageName = $sSubDir . "image$i.jpg";
    if (file_exists($sImageName)) { unlink($sImageName); }
  }
  unlink($sSubDir);
}

realpath() returns false if the canonicalized pathname doesn't exist.

David


On Tuesday, August 12, 2003 9:45 AM,  wrote:

> Great! Thanks!
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of pswebcode, nyc
> Sent: Tuesday, August 12, 2003 8:41 AM To: 'NYPHP Talk'
> Subject: RE: [nycphp-talk] Bullet proofing "rmdir" command
>
>
> //Delete subdir
> if(file_exists($sSubDir) && $sSubDir!="." && $sSubDir != ".."){
> rmdir($sSubDir); }
>
> ...better.
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff
> Sent: Tuesday, August 12, 2003 9:27 AM
> To: 'NYPHP Talk'
> Subject: [nycphp-talk] Bullet proofing "rmdir" command
>
>
> I have a specific subdirectory on my site where users can upload
> images files associated with some text stored in a database. The
> question concerns deleting those uploaded images. Deleting the record
> is the easy part...even deleting the images and subdirectory is easy.
> However, my concern is what precautions should I take to make sure
> that the wrong subdir (or the whole site!!) doesn't get blown away.
> In the code below I'm using file_exists to delete the images and
> subdir but is there anything else that I should do to bullet proof
> the procedure?
>
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.
>
> //Delete images
> for($i=0;$i<5;$i++){
> 		$sImageName = $sSubDir . "image$i.jpg";
> 		if(file_exists($sImageName)){
> 			unlink($sImageName);
> 		}
> 	}
> //Delete subdir
> if(file_exists($sSubDir)){
> 	rmdir($sSubDir);
> }
>
> Jeff
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Tue Aug 12 11:11:13 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 12 Aug 2003 11:11:13 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <001801c360de$134374e0$6501a8c0@EZDSDELL>
References: <NFBBJNKBNKCIKGKJIFPJOEGHGIAA.sklar@sklar.com>
	<001801c360de$134374e0$6501a8c0@EZDSDELL>
Message-ID: <20030812151113.GA16227@panix.com>

Hey Jeff:

On Tue, Aug 12, 2003 at 10:28:57AM -0400, Jeff wrote:
> Just to expand a bit, I use a constant for the full path:

If you're using a constant for the path, then all you need to do is make
sure the user input subdirectory name matches an expected pattern.  So,
for example, check to see that $sSubDir has only letters and numbers in
it.  This keeps a jerk from putting in dots and/or slashes to move to 
undesirable locations.  This doesn't obviate the need for is_dir() and 
file_exists() checks, though.

I guess one hitch with all of the approaches discussed so far is they seem 
to be able to allow one users to delete another user's photos.  Thus, you 
might want to include some unique user id in the file/directory naming 
convention.

... snipitty, snip, snip, because, friends don't let friends waste 
disk space or bandwidth...

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From jsiegel1 at optonline.net  Tue Aug 12 11:30:17 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 11:30:17 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <20030812151113.GA16227@panix.com>
Message-ID: <001d01c360e6$a2acbd00$6501a8c0@EZDSDELL>

The subdirectory name should, theoretically, take care of uniqueness.
Here's how I generate the subdir name when someone is uploading pics for
the very first time:

$sTime = microtime();
$iDir = md5($sTime); 

At no time does the user touch the subdir name (that is...it is not
editable). It is generated automatically and stored in the database. The
only time it is visible, however, is on the "public" side of the site
when someone views the images and looks at the html source.


Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Analysis & Solutions
Sent: Tuesday, August 12, 2003 10:11 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Bullet proofing "rmdir" command


Hey Jeff:

On Tue, Aug 12, 2003 at 10:28:57AM -0400, Jeff wrote:
> Just to expand a bit, I use a constant for the full path:

If you're using a constant for the path, then all you need to do is make
sure the user input subdirectory name matches an expected pattern.  So,
for example, check to see that $sSubDir has only letters and numbers in
it.  This keeps a jerk from putting in dots and/or slashes to move to 
undesirable locations.  This doesn't obviate the need for is_dir() and 
file_exists() checks, though.

I guess one hitch with all of the approaches discussed so far is they
seem 
to be able to allow one users to delete another user's photos.  Thus,
you 
might want to include some unique user id in the file/directory naming 
convention.

... snipitty, snip, snip, because, friends don't let friends waste 
disk space or bandwidth...

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Tue Aug 12 11:39:23 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 12 Aug 2003 11:39:23 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <001d01c360e6$a2acbd00$6501a8c0@EZDSDELL>
References: <20030812151113.GA16227@panix.com>
	<001d01c360e6$a2acbd00$6501a8c0@EZDSDELL>
Message-ID: <20030812153923.GA18992@panix.com>

Hey Jeff:

On Tue, Aug 12, 2003 at 11:30:17AM -0400, Jeff wrote:

> At no time does the user touch the subdir name (that is...it is not
> editable).

Good.

So, when you're allowing users to delete directories, what is the input
they're providing?  The name of a subdirectory of under the hash named
dir, which is itself a subdirectory of your graphics directory?  If so, 
great.  Then, as mentioned before, all you need to do is check the user 
input contains only letters and numbers.

Enjoy,

--Dan

... snip ...

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From jsiegel1 at optonline.net  Tue Aug 12 12:00:48 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 12 Aug 2003 12:00:48 -0400
Subject: [nycphp-talk] Bullet proofing "rmdir" command
In-Reply-To: <20030812153923.GA18992@panix.com>
Message-ID: <002501c360ea$e71b5dd0$6501a8c0@EZDSDELL>

Dan,

The subdirectory only gets deleted when a user clicks on the "Delete"
link. The code handles the rest. At no time does the user know the name
of the image subdirectory. All they know is that they are deleting a
record. And as an added safety precaution, though I'm using $_GET to
pass values around (like record ID numbers), the url says something like
"http://mydomain.com/mypage.php?code=YToxOntzOjU6IkRMX0lEIjtzOjM6IjEzNCI
7fQ== with the latter being base 64 encoded and serialized. 

Jeff



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Analysis & Solutions
Sent: Tuesday, August 12, 2003 10:39 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Bullet proofing "rmdir" command


Hey Jeff:

On Tue, Aug 12, 2003 at 11:30:17AM -0400, Jeff wrote:

> At no time does the user touch the subdir name (that is...it is not
> editable).

Good.

So, when you're allowing users to delete directories, what is the input
they're providing?  The name of a subdirectory of under the hash named
dir, which is itself a subdirectory of your graphics directory?  If so, 
great.  Then, as mentioned before, all you need to do is check the user 
input contains only letters and numbers.

Enjoy,

--Dan

... snip ...

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From nestorflorez at earthlink.net  Tue Aug 12 12:05:09 2003
From: nestorflorez at earthlink.net (Nestor Florez)
Date: Tue, 12 Aug 2003 09:05:09 -0700 (GMT)
Subject: [nycphp-talk] MDX  + PHP
Message-ID: <6457332.1060704472898.JavaMail.nobody@skeeter.psp.pas.earthlink.net>

Hello people,

Has any of you ever done any MDX + PHP programming?

Apparantly this entails accessing MSSQL datacube, which I do not have much of a clue, but I was wondering if anyone has ever done anything with MDX using PHP.   

Can you point me to the write place to read info on PHP and MDX?

A guy at work took a class and now they are convince that we should do this using ASP...OH NO!!!!!!  The teacher an MS cronie said that PHP would have problems using MDX.

Thanks,

Nestor :-)


From henry at beewh.com  Tue Aug 12 11:53:33 2003
From: henry at beewh.com (Henry Ponce)
Date: Tue, 12 Aug 2003 12:53:33 -0300
Subject: [nycphp-talk] Wednesday,
	August 13 - Intro to TCP/IP by Joshua Birnbaum
In-Reply-To: <004201c36074$c8b6c580$d2220f9d@default>
References: <004201c36074$c8b6c580$d2220f9d@default>
Message-ID: <200308121253.33803.henry@beewh.com>

I confirm my assistance.

My full name is Henry Ponce.

Thank you....



From adam at trachtenberg.com  Tue Aug 12 14:46:15 2003
From: adam at trachtenberg.com (Adam Maccabee Trachtenberg)
Date: Tue, 12 Aug 2003 14:46:15 -0400 (EDT)
Subject: [nycphp-talk] libxml in PHP 5
In-Reply-To: <20030811174918.GB5141@panix.com>
Message-ID: <Pine.LNX.4.21.0308121443060.26706-100000@miranda.org>

On Mon, 11 Aug 2003, Analysis & Solutions wrote:

> I was thinking that the new XML parser would necessitate scripts use
> different function calls.  Or will the main functions and behavior remain
> the same, but only the library be changed?

The plan is to make the libxml switch seamless and not require any
changes in your XML code. 

> If the functions will indeed be different, is there some place to find
> docs about these new procedures?  They don't have to be great, just give
> me an idea of how to start hacking something simple.

PHP 5 will also have the SimpleXML extension. I believe the C code in
the CVS is also the documentation. (Source code: The ultimate documentation.)

-adam

PS: Sterling is actually banging the drum on lots of this. He'll know
more than I.

-- 
adam at trachtenberg.com
author of o'reilly's php cookbook
avoid the holiday rush, buy your copy today!



From dkrook at hotmail.com  Tue Aug 12 15:24:26 2003
From: dkrook at hotmail.com (D C Krook)
Date: Tue, 12 Aug 2003 15:24:26 -0400
Subject: [nycphp-talk] Localizing Time Zones
Message-ID: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>

We've been looking for a good way to customize a web-based work flow tool so 
that each user who logs in sees the time stamp of events in his own time 
zone, not that of the server.

For example, a developer in India who is given a task can see when it was 
assigned by the project manager in New York displayed in Bangalore time.  
Similarly the PM would see when the work was done relative to New York time. 
  Both users would see GMT as a frame of reference as well.

To implement this functionality, we've taken a look at Adam and David's PHP 
Cookbook where they address this very problem (Chapter 3, Calculating Time 
with Time Zones).

Their solution involves the temporary change of the TZ environment variable:

   "Calling putenv( ) before mktime( ) fools the system functions mktime( )
   uses into thinking they're in a different time zone. After the call to 
mktime( ),
   the correct time zone has to be restored."

   function pc_mktime($tz,$hr,$min,$sec,$mon,$day,$yr) {
       putenv("TZ=$tz");
       $a = mktime($hr,$min,$sec,$mon,$day,$yr);
       putenv('TZ=EST5EDT');   // change EST5EDT to your server's time zone!
       return $a;
   }

This seems to be the solution we're after, but we're concerned about whether 
this is thread safe, particularly in the context of a heavy load server with 
lots of users redefining the TZ environment variable simultaneously.

The documentation of putenv() says the the environment variable will revert 
to its original value after the request, and we understand that explicitly 
resetting it as in the function above will offer a little better protection, 
but should we still worry that one user's putenv will clash with another's?  
If so, what is a better solution to time zone localization?

Thanks in advance,
-Dan





==========================================
Daniel Christer Krook
http://krook.net/ || http://krook.info/
http://civet.net/ || http://dev.krook.org/

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



From sklar at sklar.com  Tue Aug 12 15:49:27 2003
From: sklar at sklar.com (David Sklar)
Date: Tue, 12 Aug 2003 15:49:27 -0400
Subject: [nycphp-talk] Localizing Time Zones
In-Reply-To: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>
Message-ID: <NFBBJNKBNKCIKGKJIFPJEEHAGIAA.sklar@sklar.com>

> This seems to be the solution we're after, but we're concerned about
> whether this is thread safe, particularly in the context of a heavy
> load server with lots of users redefining the TZ environment variable
> simultaneously.

My (Linux 2.4.20) "man putenv" says, in part:

      The  putenv()  function is not required to be reentrant, and the one
in
      libc4, libc5 and glibc2.0 is not, but the glibc2.1 version is.

(PHP's putenv() function calls the underlying putenv() system call.)

What OS and web server are you using?

David



From shiflett at php.net  Tue Aug 12 16:05:33 2003
From: shiflett at php.net (Chris Shiflett)
Date: Tue, 12 Aug 2003 13:05:33 -0700 (PDT)
Subject: [nycphp-talk] Localizing Time Zones
In-Reply-To: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>
Message-ID: <20030812200533.48677.qmail@web14303.mail.yahoo.com>

--- D C Krook <dkrook at hotmail.com> wrote:
> We've been looking for a good way to customize a web-based work
> flow tool so that each user who logs in sees the time stamp of
> events in his own time zone, not that of the server.

I take a slightly different approach than what you mention. I can't say that
I've ever given it a lot of thought, but this is what I do. I begin with some
default variables for the application:

$date_format = 'D, d M Y H:i:s';
$gmt_offset = -4;

If the user logs in, these values are overwritten with the user's session, so
you can let your users choose their preferred date format and time zone.

Then I just do something like this to get a ready-to-display date into a
variable:

$curr_date = gmdate($date_format, time() + $gmt_offset * 3600);

Of course, this demonstrates a date relative to the current time, but this can
be applied to any timestamp.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From dkrook at hotmail.com  Tue Aug 12 16:08:17 2003
From: dkrook at hotmail.com (D C Krook)
Date: Tue, 12 Aug 2003 16:08:17 -0400
Subject: [nycphp-talk] Localizing Time Zones
Message-ID: <BAY2-F86f6SY4BfQMPj0001ec83@hotmail.com>

David,

We're running Apache 1.3.27 with PHP as a DSO on Red Hat 7.3 (2.4.20-18.7)


>(PHP's putenv() function calls the underlying putenv() system call.)
>
>What OS and web server are you using?
>
>David

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus



From hans at nyphp.org  Tue Aug 12 16:33:04 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 12 Aug 2003 16:33:04 -0400
Subject: [nycphp-talk] Localizing Time Zones
In-Reply-To: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>
References: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>
Message-ID: <3F394F00.6060203@nyphp.org>



D C Krook wrote:

> We've been looking for a good way to customize a web-based work flow 
> tool so that each user who logs in sees the time stamp of events in his 
> own time zone, not that of the server.
> 
> For example, a developer in India who is given a task can see when it 
> was assigned by the project manager in New York displayed in Bangalore 
> time.  Similarly the PM would see when the work was done relative to New 
> York time.  Both users would see GMT as a frame of reference as well.
> 
> To implement this functionality, we've taken a look at Adam and David's 
> PHP Cookbook where they address this very problem (Chapter 3, 
> Calculating Time with Time Zones).
> 
> Their solution involves the temporary change of the TZ environment 
> variable:
> 
>   "Calling putenv( ) before mktime( ) fools the system functions mktime( )
>   uses into thinking they're in a different time zone. After the call to 
> mktime( ),
>   the correct time zone has to be restored."
> 
>   function pc_mktime($tz,$hr,$min,$sec,$mon,$day,$yr) {
>       putenv("TZ=$tz");
>       $a = mktime($hr,$min,$sec,$mon,$day,$yr);
>       putenv('TZ=EST5EDT');   // change EST5EDT to your server's time zone!
>       return $a;
>   }

This would work, but also remember that UNIX timestamps aren't timezone aware themselves.  Timezones only come into effect when you convert from the timestamp to a human readable date and time.

http://www.gnu.org/manual/glibc-2.2.5/html_node/Simple-Calendar-Time.html#Simple%20Calendar%20Time

in which case:

http://us4.php.net/manual/en/function.strftime.php
http://us4.php.net/manual/en/function.setlocale.php

might come in handy at some point.

> This seems to be the solution we're after, but we're concerned about 
> whether this is thread safe, particularly in the context of a heavy load 
> server with lots of users redefining the TZ environment variable 
> simultaneously.

Anywho, do you really mean thread-safe?  Unless you're running PHP under a threaded MPM in Apache 2, or IIS or something else, you won't need to worry about threads.  Each Apache child is a full process, and thus has it's own environment (ie, it's own instance of the TZ environment variable) so you should be fine.


H



From sklar at sklar.com  Tue Aug 12 16:28:53 2003
From: sklar at sklar.com (David Sklar)
Date: Tue, 12 Aug 2003 16:28:53 -0400
Subject: [nycphp-talk] Localizing Time Zones
In-Reply-To: <BAY2-F86f6SY4BfQMPj0001ec83@hotmail.com>
Message-ID: <NFBBJNKBNKCIKGKJIFPJIEHBGIAA.sklar@sklar.com>

> D C Krook wrote:
>
> We're running Apache 1.3.27 with PHP as a DSO on Red Hat 7.3
> (2.4.20-18.7)

In this configuration, each apache child is a single-threaded process, so
you shouldn't have any threads-stepping-on-each-other problems. A given
child process (with its own environment) only handles one request at a time.

> Chris Shiflett wrote:
>
> I take a slightly different approach than what you mention. I can't
> say that I've ever given it a lot of thought, but this is what I do.
> I begin with some default variables for the application:
>
> $date_format = 'D, d M Y H:i:s';
> $gmt_offset = -4;
>
> If the user logs in, these values are overwritten with the user's
> session, so you can let your users choose their preferred date format
> and time zone.
>
> Then I just do something like this to get a ready-to-display date
> into a variable:
>
> $curr_date = gmdate($date_format, time() + $gmt_offset * 3600);
>
> Of course, this demonstrates a date relative to the current time, but
> this can be applied to any timestamp.

This works great most of the time, but it gets tripped up by Daylight Saving
Time because some users' GMT offsets change during DST. If you keep track of
the DST observance of a user, then you can adjust the GMT offset when
necessary. However, that "when necessary" can be tricky to figure out. If
you're just handling North American users, then you can switch users DST
status around the time when the server's DST status switches.

To be accurate around the time that DST status switches, however, you need
to adjust the user's DST status switch by the offset between the user's time
zone and the server's time zone. DST switches happen at a given hour in
local time, so at 2am PST, when things jump to 3am PDT (except, for example,
in Dawson Creek, BC, which doesn't observe DST) it's 6am EDT, because the
jump from 2am EST to 3am EDT happened three hours earlier, at 2am EST, which
is 11pm PST.

Other places in the world may switch between standard and summer time at
different times of the year. Some countries occasionally adjust their time
settings to make the Olympics run more smoothly. (see:
http://support.microsoft.com/default.aspx?scid=kb;en-us;257178).

The zoneinfo database knows about all these hinky time zone and DST issues,
which is what makes putenv() and strftime() a breeze. If you don't want to
use environment variables, though, I suppose you could store a zoneinfo zone
for a given user and then calculate the GMT offset for that user by parsing
the appropriate zoneinfo file and finding the DST setting and GMT offsets
that correspond to a particular UTC time. zdump(8) and tzfile(5) would be
helpful for that.

David



From bpang at bpang.com  Tue Aug 12 16:43:37 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 12 Aug 2003 16:43:37 -0400
Subject: [nycphp-talk] OT: click thru count?
Message-ID: <E19mfzV-0008In-LW@rslrs1-server.com>


Sorry for the off-topic post, but this list is so full of knowledgeable
people, I couldn't resist...

pardon me while I first wipe off my nose ;)


I am have a "debate" with an external webmaster about the number of
click-thrus a banner on his site is generating to one of my sites.

He says his logs show over 5,000 click-thrus for a particular month.

My logs show a total of 20 references from his site (yes, I know, not
all browsers send the HTTP_REFERER).

The links on his site are nothing special. No link to a redirecting
script that may increment a counter or anything like that. Just plain
ol' http://www.foo.com (actually, it's a nasty double link, the href
points to an advertiser's site, and an onClick spawns a new window to my
site, but still nothing that I see that might register in his logs).

My suspicion is that his logs are displaying the number of times the
banner image was loaded, not the click-thru count. -OR- He also
mentioned the "Exit" pages statistic and is suggesting that every exit
page was a click-thru to my site.

In the case of the exit pages, I don't think he understands what an
"exit page" really is.

My question, at long last, Is there anything that would show in his logs
that a user clicked the banner to an external link?


Thanks much












From oprusak at trafficmac.com  Tue Aug 12 16:44:08 2003
From: oprusak at trafficmac.com (Ophir Prusak)
Date: Tue, 12 Aug 2003 16:44:08 -0400
Subject: [nycphp-talk] Database code solutions
References: <NFBBJNKBNKCIKGKJIFPJEEHAGIAA.sklar@sklar.com>
Message-ID: <00f501c36112$7a9c38f0$9601a8c0@sparta>

Hi All,

Executive summary:
I'm wondering if anyone here has any recommendations for a solution to
creating database related code.

Background:
I'm currently writing some code for a project and I realize that %80 of my
time is spent on database related code.
This is bad. At the end of the day, manipulation of data in a database is
the same more or less for any project. It comes down to "CRUD" (Creation,
Reading, Updating, Deleting). There must be a better way.

I'm looking for something that will reduce my development time on database
related code.
I know there are several packages, classes, etc that will help with this,
but I don't have time to research all the possibilities and was hoping to
hear from nyphp members their experiences and recommendations (or
non-recommendations).
I'm looking for any solution, commercial or open source.

I looked into phplens which seems to be in the direction of what I'm looking
for.
We're already using smarty so that's an added plus.

Thanx
Ophir







From csnyder at chxo.com  Tue Aug 12 16:52:57 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 12 Aug 2003 16:52:57 -0400
Subject: [nycphp-talk] OT: click thru count?
In-Reply-To: <E19mfzV-0008In-LW@rslrs1-server.com>
References: <E19mfzV-0008In-LW@rslrs1-server.com>
Message-ID: <3F3953A9.7030705@chxo.com>

Brian Pang wrote:

>My question, at long last, Is there anything that would show in his logs
>that a user clicked the banner to an external link?
>  
>
Only if the click sends the browser to a redirection script on his site, 
or at the ad server site (which sends him logs).
There could also be some kind of javascript onclick event that tracks it.

But I think your hunch is right-- if you've only got 20 instances of an 
HTTP_REFERER from his site in your logs, there's probably only been 20 
clicks, and certainly not 5000.

    chris.



From bpang at bpang.com  Tue Aug 12 16:56:19 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 12 Aug 2003 16:56:19 -0400
Subject: [nycphp-talk] OT: click thru count?
Message-ID: <E19mgBn-0003m4-O7@rslrs1-server.com>

Thanks, Chris...

Just needed to make sure I wasn't going crazy or that the way that logs
work didn't change overnight ;)

his site, http://www.maxracks.com
the banner is the "Crunch" banner at the bottom
my site is http://www.maxcards.com
 (cool offer and written all in php)




> Brian Pang wrote:
> 
> >My question, at long last, Is there anything that would show in his logs
> >that a user clicked the banner to an external link?
> >  
> >
> Only if the click sends the browser to a redirection script on his site, 
> or at the ad server site (which sends him logs).
> There could also be some kind of javascript onclick event that tracks it.
> 
> But I think your hunch is right-- if you've only got 20 instances of an 
> HTTP_REFERER from his site in your logs, there's probably only been 20 
> clicks, and certainly not 5000.
> 
>     chris.
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From csnyder at chxo.com  Tue Aug 12 16:57:05 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 12 Aug 2003 16:57:05 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <00f501c36112$7a9c38f0$9601a8c0@sparta>
References: <NFBBJNKBNKCIKGKJIFPJEEHAGIAA.sklar@sklar.com>
	<00f501c36112$7a9c38f0$9601a8c0@sparta>
Message-ID: <3F3954A1.2050808@chxo.com>

I'm sure there are some great classes out there for this, but if you've 
already written the code so many times, why not write your own class or 
functions that duplicate what you already do? Even if you are still 
writing out the SQL for each query, you can consolidate a lot of the 
code around it and save an awful lot of time.

    chris.

Ophir Prusak wrote:

>I'm currently writing some code for a project and I realize that %80 of my
>time is spent on database related code.
>This is bad. At the end of the day, manipulation of data in a database is
>the same more or less for any project. It comes down to "CRUD" (Creation,
>Reading, Updating, Deleting). There must be a better way.
>
>  
>



From dmintz at panix.com  Tue Aug 12 17:29:24 2003
From: dmintz at panix.com (David Mintz)
Date: Tue, 12 Aug 2003 17:29:24 -0400 (EDT)
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <NFBBJNKBNKCIKGKJIFPJGEFMGIAA.sklar@sklar.com>
References: <NFBBJNKBNKCIKGKJIFPJGEFMGIAA.sklar@sklar.com>
Message-ID: <Pine.NEB.4.56.0308121721410.16855@panix5.panix.com>

On Mon, 11 Aug 2003, David Sklar wrote:

>
> To encrypt only, yes, you just need the public key of the recipient. To
> encrypt and sign, you need the private key of the signer as well.
>
> So if you're just encrypting the credit card data with a public key and
> storing it in a place where the corresponding private key isn't, then you
> should be protected against someone retrieving the encrypted data and then
> decrypting it.
>
> You aren't protected against someone injecting false data that's correctly
> encrypted into the system (via a hole in your app). This may not be such a
> big concern.

Thanks.

I'd love to see a snippet showing how user nobody encrypts data without
signing or requiring any secret key. That seems to be where I'm stuck. GPG
needs access to the public keyring containing the recipients public key,
right? If that's under my home directory then I have to open up the
permissions on it so 'nobody' can get in there, no?

---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!


From sklar at sklar.com  Tue Aug 12 17:59:51 2003
From: sklar at sklar.com (David Sklar)
Date: Tue, 12 Aug 2003 17:59:51 -0400
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <Pine.NEB.4.56.0308121721410.16855@panix5.panix.com>
Message-ID: <NFBBJNKBNKCIKGKJIFPJIEHEGIAA.sklar@sklar.com>

> I'd love to see a snippet showing how user nobody encrypts data
> without signing or requiring any secret key. That seems to be where
> I'm stuck. GPG needs access to the public keyring containing the
> recipients public key, right? If that's under my home directory then
> I have to open up the permissions on it so 'nobody' can get in there,
> no?

To sign without encrypting, pass -e without -s to gpg: "gpg -er foo at bar.com"
encrypts for foo at bar.com (and requires only foo at bar.com's public key);
"gpg -ser foo at bar.com" encrypts for foo at bar.com and also signs with the
default local user (and requires that user's private key).

GPG does need access to the public keyring with the recipient's public key.
Since it's a public keyring, it doesn't really matter if the world can see
it. Put the keys in a separate keyring, make that file world-readable
(perhaps putting it outside your home directory), and tell gpg about it
with --keyring.

David



From dkrook at hotmail.com  Tue Aug 12 18:04:52 2003
From: dkrook at hotmail.com (D C Krook)
Date: Tue, 12 Aug 2003 18:04:52 -0400
Subject: [nycphp-talk] Localizing Time Zones
Message-ID: <BAY2-F150JWrGW6Ex3A00007ade@hotmail.com>

Hans, Chris, David,

Thanks for all the tips.  I think the fact that the Apache child process 
runs with its own instance of env variables is just the confirmation we were 
looking for, and we'll keep the other approaches to the problem in mind.

Thanks again,
-Dan

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail



From suzerain at suzerain.com  Tue Aug 12 18:10:35 2003
From: suzerain at suzerain.com (Marc Antony Vose)
Date: Tue, 12 Aug 2003 18:10:35 -0400
Subject: [nycphp-talk] pausing a script...or something
In-Reply-To: <3F394F00.6060203@nyphp.org>
References: <BAY2-F153WOo4SViZ8h0001ec11@hotmail.com>
	<3F394F00.6060203@nyphp.org>
Message-ID: <a06001a0cbb5f150eb492@[192.168.1.44]>

Hi there.

I've got a script that's calling another PHP script which creates a 
TAR archive of some files, then it copies it somewhere, and extracts 
it.

Simple enough.

The thing is, the TAR archive is around 178 MB, so it's kinda on the big side.

So, I have a simple question.

Currently, I am building the command to tar the files, and calling it 
like this:

$cmd = "php -q /some/other/directory/maketar,php &";
if( system($cmd) === false){
  die( "was not able to call the TAR building script");
}
else{
  // do other stuff, like copy it and extract it
}

So, my question is...is the above if then construct sufficient to 
make the calling script wait for the PHP script it is making use of 
before it goes on and attempts to copy the created file.

I'm asking this because, to me, it doesn't seem to be, and I want to 
figure out the "proper" way I can make the script wait for the 
completion of the other script.

-- 
Marc Antony Vose
http://www.suzerain.com/

Into every tidy scheme for arranging the pattern of human life, it is 
necessary to inject a certain dose of anarchism.
-- Bertrand Russell


From bpang at bpang.com  Tue Aug 12 20:18:19 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 12 Aug 2003 20:18:19 -0400
Subject: [nycphp-talk] pausing a script...or something
Message-ID: <E19mjLH-0008Il-AO@rslrs1-server.com>

Try removing the ampersand, &, in your $cmd string.


> Hi there.
> 
> I've got a script that's calling another PHP script which creates a 
> TAR archive of some files, then it copies it somewhere, and extracts 
> it.
> 
> Simple enough.
> 
> The thing is, the TAR archive is around 178 MB, so it's kinda on the
big side.
> 
> So, I have a simple question.
> 
> Currently, I am building the command to tar the files, and calling it 
> like this:
> 
> $cmd = "php -q /some/other/directory/maketar,php &";
> if( system($cmd) === false){
>   die( "was not able to call the TAR building script");
> }
> else{
>   // do other stuff, like copy it and extract it
> }
> 
> So, my question is...is the above if then construct sufficient to 
> make the calling script wait for the PHP script it is making use of 
> before it goes on and attempts to copy the created file.
> 
> I'm asking this because, to me, it doesn't seem to be, and I want to 
> figure out the "proper" way I can make the script wait for the 
> completion of the other script.
> 
> -- 
> Marc Antony Vose
> http://www.suzerain.com/
> 
> Into every tidy scheme for arranging the pattern of human life, it is 
> necessary to inject a certain dose of anarchism.
> -- Bertrand Russell
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From sterling at bumblebury.com  Wed Aug 13 06:32:41 2003
From: sterling at bumblebury.com (Sterling Hughes)
Date: Wed, 13 Aug 2003 10:32:41 -0000
Subject: [nycphp-talk] libxml in PHP 5
In-Reply-To: <Pine.LNX.4.21.0308121443060.26706-100000@miranda.org>
References: <Pine.LNX.4.21.0308121443060.26706-100000@miranda.org>
Message-ID: <1060762608.583.13.camel@hasele>

Am Die, 2003-08-12 um 14.46 schrieb Adam Maccabee Trachtenberg:
> On Mon, 11 Aug 2003, Analysis & Solutions wrote:
> 
> > I was thinking that the new XML parser would necessitate scripts use
> > different function calls.  Or will the main functions and behavior remain
> > the same, but only the library be changed?
> 
> The plan is to make the libxml switch seamless and not require any
> changes in your XML code. 

Yes, and kinda.  The SAX extension (ext/xml) will remain the same.

Code that uses the DOM extension will need to be rewritten.  The DOM
extension has always been experimental, and never really worked.  Now it
will, and it will be 100% DOM 2 (and mostly DOM 3) compliant.  The API
for the XSLT extension is also completely changed.

> 
> > If the functions will indeed be different, is there some place to find
> > docs about these new procedures?  They don't have to be great, just give
> > me an idea of how to start hacking something simple.
> 
> PHP 5 will also have the SimpleXML extension. I believe the C code in
> the CVS is also the documentation. (Source code: The ultimate documentation.)

book.xml
<books>
 <book asin="84343483538">
  <title>Winnie the Pooh</title>
  <author>Arthur Milne</author>
  <description>A true classic</description>
 </book>
 <book asin="838488287773">
  <title>The Grapes of Wrath</title>
  <author>John Steinbeck</author>
  <description>Not bad...</description>
  <note>Its wierd, but not many europeans know john steinbeck, they all 
  know arthur milne.</note>
 </book>
</books>

book.php
<?php
$books = simplexml_load_file('book.xml');
foreach ($books->book as $book) {
?>
  <a href="http://www.amazon.com/<?=$book->asin?>"><?=$book->title?></a>
  <br/>
  <?=$book->author?>
  <br/><br/>
  <?=$book->description?>
  <br/>
  <? if (!empty($book->note)) { ?>
    <b>Note:</b> <?=$book->note?>
  <? } ?>
<?php
}
?>

Yep, that's it.  SimpleXML is actually quite powerful.  For example, I
wrote a full WSDL parser using simplexml.  It supports Xpath, Schema and
the full XML infoset.

-Sterling


-- 
"Backups are for wimps. Real men upload their data to an FTP site and
have everyone else mirror it." 
    - Linus Torvalds


From smanes at magpie.com  Wed Aug 13 07:44:20 2003
From: smanes at magpie.com (Steve Manes)
Date: Wed, 13 Aug 2003 07:44:20 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <00f501c36112$7a9c38f0$9601a8c0@sparta>
References: <NFBBJNKBNKCIKGKJIFPJEEHAGIAA.sklar@sklar.com>
	<00f501c36112$7a9c38f0$9601a8c0@sparta>
Message-ID: <3F3A2494.8080107@magpie.com>

Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on database
> related code.
> I know there are several packages, classes, etc that will help with this,
> but I don't have time to research all the possibilities and was hoping to
> hear from nyphp members their experiences and recommendations (or
> non-recommendations).
> I'm looking for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database 
issues is a good database design tool to help me visualize what's going 
on.  I found something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it. 
The Pro version has a reverse engineering feature that logs into an 
RDBMS and creates a model from an existing database.  I demoed this as 
well and found a couple of things I should have been doing to optimize 
my digest archive.  Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY




From hans at nyphp.org  Wed Aug 13 08:13:28 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 13 Aug 2003 08:13:28 -0400
Subject: [nycphp-talk] request for comment: pWhiteboard
In-Reply-To: <3F38774D.40002@chxo.com>
References: <3F33B24C.5060002@chxo.com> <3F37CCF1.8010809@nyphp.org>
	<3F38774D.40002@chxo.com>
Message-ID: <3F3A2B68.6090801@nyphp.org>



Chris Snyder wrote:

> Hans Zaunere wrote:
> 
>> Maybe we can get an installation at dev.  :)
>>
> Sure nuff: http://dev.nyphp.org/pwhiteboard.php

Sweet... now, what do we do with it? :)  (maybe this thread should be moved to dev at lists.nyphp.org)





From hans at nyphp.org  Wed Aug 13 09:22:52 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 13 Aug 2003 09:22:52 -0400
Subject: [nycphp-talk] [Fwd: Re: mysql_insert_id Bug]
Message-ID: <3F3A3BAC.3060004@nyphp.org>


Just as followup to the mysql_insert_id() issue.  I've also attached the bk commit message that updated the mysql docs, and correctly indicates the actual behavior.

H


-------- Original Message --------
Subject: Re: mysql_insert_id Bug
Date: Wed, 13 Aug 2003 09:19:30 -0400
From: Hans Zaunere <hans at nyphp.org>
To: Boyd Lynn Gerber <bgerber at mysql.com>
CC: bugs at lists.mysql.com
References: <Pine.SC5.4.44.0308121109450.26580-100000 at xenau105.zenez.com>



Boyd Lynn Gerber wrote:

> On Tue, 11 Aug 2003, Hans Zaunere wrote:
> 
>>http://lists.mysql.com/list.php?9:mss:14894:200308:pgbmapllcppekmkmgbak
>>
>>I may have stumbled on some either incorrect, or incorrectly documented,
>>behavior with
>>mysql_insert_id() and I'd like to hear some feedback.
>>
>>>From http://www.mysql.com/doc/en/mysql_insert_id.html:
>>
>>"Note that mysql_insert_id() returns 0 if the previous query does not
>>generate an AUTO_INCREMENT
>>value."
>>
>>However, when inserting a non-unique value into a table with a UNIQUE
>>index, thus making
>>the INSERT fail and no AUTO_INCREMENT value being generated,
>>mysql_insert_id() returns
>>the value of the last successful INSERT statement.  I understand that this
>>is the correct
>>behavior for the SQL function LAST_INSERT_ID() (which is not reset between
>>queries),
>>however not for the C API function mysql_insert_id().
>>
>>Please see below for a C program that illustrates this, as well as my
>>current environment.
>>
>> Any insight would be helpful.  Thanks,
> 
> 
> The documentation is wrong.  We will get it updated

Thanks for looking into this.  I'll report this to the PHPdoc team so they can update as well.

Hans Zaunere
President, New York PHP
http://nyphp.org
hans at nyphp.org


-------------- next part --------------
An embedded message was scrubbed...
From: Sergei Golubchik <serg at mysql.com>
Subject: bk commit - mysqldoc tree (1.697)
Date: 13 Aug 2003 12:29:53 -0000
Size: 3259
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/32425514/attachment.eml>

From psaw at pswebcode.com  Wed Aug 13 10:17:41 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Wed, 13 Aug 2003 10:17:41 -0400
Subject: [nycphp-talk] libxml in PHP 5
In-Reply-To: <1060762608.583.13.camel@hasele>
Message-ID: <000101c361a5$a8b04bd0$68e4a144@bronco>

Looks sleek...  ...but regarding any documentation (full list of functions,
say) for the updated DOM, XSLT and XPATH functionality? 

And if I remember right... SAX, XSLT and DOM XML libs will all be installed
by default on both *nix and Windows?

I have been using DOMXML functions at this time and several web hosts would
not install the library, namely because it is marked as Experimental.

PSaw

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Sterling Hughes
Sent: Wednesday, August 13, 2003 4:17 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] libxml in PHP 5


Am Die, 2003-08-12 um 14.46 schrieb Adam Maccabee Trachtenberg:
> On Mon, 11 Aug 2003, Analysis & Solutions wrote:
> 
> > I was thinking that the new XML parser would necessitate scripts use 
> > different function calls.  Or will the main functions and behavior 
> > remain the same, but only the library be changed?
> 
> The plan is to make the libxml switch seamless and not require any 
> changes in your XML code.

Yes, and kinda.  The SAX extension (ext/xml) will remain the same.

Code that uses the DOM extension will need to be rewritten.  The DOM
extension has always been experimental, and never really worked.  Now it
will, and it will be 100% DOM 2 (and mostly DOM 3) compliant.  The API for
the XSLT extension is also completely changed.

> 
> > If the functions will indeed be different, is there some place to 
> > find docs about these new procedures?  They don't have to be great, 
> > just give me an idea of how to start hacking something simple.
> 
> PHP 5 will also have the SimpleXML extension. I believe the C code in 
> the CVS is also the documentation. (Source code: The ultimate 
> documentation.)

book.xml
<books>
 <book asin="84343483538">
  <title>Winnie the Pooh</title>
  <author>Arthur Milne</author>
  <description>A true classic</description>
 </book>
 <book asin="838488287773">
  <title>The Grapes of Wrath</title>
  <author>John Steinbeck</author>
  <description>Not bad...</description>
  <note>Its wierd, but not many europeans know john steinbeck, they all 
  know arthur milne.</note>
 </book>
</books>

book.php
<?php
$books = simplexml_load_file('book.xml');
foreach ($books->book as $book) {
?>
  <a href="http://www.amazon.com/<?=$book->asin?>"><?=$book->title?></a>
  <br/>
  <?=$book->author?>
  <br/><br/>
  <?=$book->description?>
  <br/>
  <? if (!empty($book->note)) { ?>
    <b>Note:</b> <?=$book->note?>
  <? } ?>
<?php
}
?>

Yep, that's it.  SimpleXML is actually quite powerful.  For example, I wrote
a full WSDL parser using simplexml.  It supports Xpath, Schema and the full
XML infoset.

-Sterling


-- 
"Backups are for wimps. Real men upload their data to an FTP site and have
everyone else mirror it." 
    - Linus Torvalds _______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From psaw at pswebcode.com  Wed Aug 13 10:27:53 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Wed, 13 Aug 2003 10:27:53 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <3F3A2494.8080107@magpie.com>
Message-ID: <000201c361a7$164047d0$68e4a144@bronco>

On this topic, I have recently been using a product called NaviCat found at
http://www.mysqlstudio.com/ 

Provides very nice graphical interface on MySQL servers, including
import/export data transfer of tables and/or whole databases from server to
server, backup and user management. Exposes SQL schema code that makes up
tables. Run queries from Query window.

30-day full-functioning demo.

PSaw


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Steve Manes
Sent: Wednesday, August 13, 2003 7:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions


Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on 
> database related code. I know there are several packages, classes, etc 
> that will help with this, but I don't have time to research all the 
> possibilities and was hoping to hear from nyphp members their 
> experiences and recommendations (or non-recommendations).
> I'm looking for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database 
issues is a good database design tool to help me visualize what's going 
on.  I found something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it. 
The Pro version has a reverse engineering feature that logs into an 
RDBMS and creates a model from an existing database.  I demoed this as 
well and found a couple of things I should have been doing to optimize 
my digest archive.  Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From eric.cogswell at innlink.com  Wed Aug 13 10:42:00 2003
From: eric.cogswell at innlink.com (Cogswell, Eric)
Date: Wed, 13 Aug 2003 09:42:00 -0500
Subject: [nycphp-talk] Database code solutions
Message-ID: <C33C210B505AE448ACDB84D71C45E23D066D7E@shosv2b.sholodge.corp>

I have used NaviCat also, and liked it very much.  Right now, I am using a product from EMS that I also find very nice.  It has all the standard features a MySQL GUI needs, is lightweight, and user friendly.  Overall, a very nice tool.

http://ems-hitech.com/mymanager/index.phtml

-Eric


-----Original Message-----
From: pswebcode, nyc [mailto:psaw at pswebcode.com]
Sent: Wednesday, August 13, 2003 9:28 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Database code solutions


On this topic, I have recently been using a product called NaviCat found at
http://www.mysqlstudio.com/ 

Provides very nice graphical interface on MySQL servers, including
import/export data transfer of tables and/or whole databases from server to
server, backup and user management. Exposes SQL schema code that makes up
tables. Run queries from Query window.

30-day full-functioning demo.

PSaw


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Steve Manes
Sent: Wednesday, August 13, 2003 7:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions


Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on 
> database related code. I know there are several packages, classes, etc 
> that will help with this, but I don't have time to research all the 
> possibilities and was hoping to hear from nyphp members their 
> experiences and recommendations (or non-recommendations).
> I'm looking for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database 
issues is a good database design tool to help me visualize what's going 
on.  I found something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it. 
The Pro version has a reverse engineering feature that logs into an 
RDBMS and creates a model from an existing database.  I demoed this as 
well and found a couple of things I should have been doing to optimize 
my digest archive.  Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


From oprusak at trafficmac.com  Wed Aug 13 12:06:42 2003
From: oprusak at trafficmac.com (Ophir Prusak)
Date: Wed, 13 Aug 2003 12:06:42 -0400
Subject: [nycphp-talk] Database code solutions
References: <C33C210B505AE448ACDB84D71C45E23D066D7E@shosv2b.sholodge.corp>
Message-ID: <006401c361b4$e3325500$9601a8c0@sparta>


back to the subject, I'm not looking for database management / deisgn /
access type tools,
I'm looking for something (classes, packages, products) that will allow me
to concentrate my php programming efforts on the business logic, and not
spend so much time creating the "plumbing" for basic database operations
such as create a new row, edit a row, read a row or delete a row.

phplens is the closest to what I want that I've found so far.
Has anyone here ever used it or heard anything about it ? (other than what's
on the phplens site and the php|arch "review" )

Thanx
Ophir

----- Original Message -----
From: "Cogswell, Eric" <eric.cogswell at innlink.com>
To: <psaw at pswebcode.com>; "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 10:42 AM
Subject: RE: [nycphp-talk] Database code solutions


I have used NaviCat also, and liked it very much.  Right now, I am using a
product from EMS that I also find very nice.  It has all the standard
features a MySQL GUI needs, is lightweight, and user friendly.  Overall, a
very nice tool.

http://ems-hitech.com/mymanager/index.phtml

-Eric


-----Original Message-----
From: pswebcode, nyc [mailto:psaw at pswebcode.com]
Sent: Wednesday, August 13, 2003 9:28 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Database code solutions


On this topic, I have recently been using a product called NaviCat found at
http://www.mysqlstudio.com/

Provides very nice graphical interface on MySQL servers, including
import/export data transfer of tables and/or whole databases from server to
server, backup and user management. Exposes SQL schema code that makes up
tables. Run queries from Query window.

30-day full-functioning demo.

PSaw


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Steve Manes
Sent: Wednesday, August 13, 2003 7:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions


Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on
> database related code. I know there are several packages, classes, etc
> that will help with this, but I don't have time to research all the
> possibilities and was hoping to hear from nyphp members their
> experiences and recommendations (or non-recommendations).
> I'm looking for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database
issues is a good database design tool to help me visualize what's going
on.  I found something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it.
The Pro version has a reverse engineering feature that logs into an
RDBMS and creates a model from an existing database.  I demoed this as
well and found a couple of things I should have been doing to optimize
my digest archive.  Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk




From psaw at pswebcode.com  Wed Aug 13 12:22:04 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Wed, 13 Aug 2003 12:22:04 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <006401c361b4$e3325500$9601a8c0@sparta>
Message-ID: <000501c361b7$09251340$68e4a144@bronco>

Okay. Yeah, the other response was just good  talk. 

But, here is response to your topic.

A php class that does every kind of db access (select, update, etc) (on
every db type: mysql, postgres, oracle) and has it all knocked down to a
couple of terse functions. Lots of documentation too:
http://php.justinvincent.com/

PSaw



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Ophir Prusak
Sent: Wednesday, August 13, 2003 12:07 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions



back to the subject, I'm not looking for database management / deisgn /
access type tools, I'm looking for something (classes, packages, products)
that will allow me to concentrate my php programming efforts on the business
logic, and not spend so much time creating the "plumbing" for basic database
operations such as create a new row, edit a row, read a row or delete a row.

phplens is the closest to what I want that I've found so far. Has anyone
here ever used it or heard anything about it ? (other than what's on the
phplens site and the php|arch "review" )

Thanx
Ophir

----- Original Message -----
From: "Cogswell, Eric" <eric.cogswell at innlink.com>
To: <psaw at pswebcode.com>; "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 10:42 AM
Subject: RE: [nycphp-talk] Database code solutions


I have used NaviCat also, and liked it very much.  Right now, I am using a
product from EMS that I also find very nice.  It has all the standard
features a MySQL GUI needs, is lightweight, and user friendly.  Overall, a
very nice tool.

http://ems-hitech.com/mymanager/index.phtml

-Eric


-----Original Message-----
From: pswebcode, nyc [mailto:psaw at pswebcode.com]
Sent: Wednesday, August 13, 2003 9:28 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Database code solutions


On this topic, I have recently been using a product called NaviCat found at
http://www.mysqlstudio.com/

Provides very nice graphical interface on MySQL servers, including
import/export data transfer of tables and/or whole databases from server to
server, backup and user management. Exposes SQL schema code that makes up
tables. Run queries from Query window.

30-day full-functioning demo.

PSaw


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Steve Manes
Sent: Wednesday, August 13, 2003 7:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions


Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on 
> database related code. I know there are several packages, classes, etc 
> that will help with this, but I don't have time to research all the 
> possibilities and was hoping to hear from nyphp members their 
> experiences and recommendations (or non-recommendations). I'm looking 
> for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database issues is
a good database design tool to help me visualize what's going on.  I found
something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it. The Pro
version has a reverse engineering feature that logs into an RDBMS and
creates a model from an existing database.  I demoed this as well and found
a couple of things I should have been doing to optimize my digest archive.
Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Wed Aug 13 12:33:02 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 13 Aug 2003 12:33:02 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <000501c361b7$09251340$68e4a144@bronco>
References: <006401c361b4$e3325500$9601a8c0@sparta>
	<000501c361b7$09251340$68e4a144@bronco>
Message-ID: <20030813163302.GA19415@panix.com>

Ophir wrote two messages back...
>
> and not spend so much time creating the "plumbing" for basic database
> operations such as create a new row, edit a row, read a row or delete a row.

These operations are handled by simple queries.  There's no way around 
programming that... until artificial intelligence, I guess.

If you want a class that simplifies connecting to, querying and displaying 
resulting output, I have one.  Maybe it'll help.

    http://www.analysisandsolutions.com/software/sql/

--Dan

... Gee, snipping that extra text out didn't seem so hard...

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From psaw at pswebcode.com  Wed Aug 13 12:36:03 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Wed, 13 Aug 2003 12:36:03 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <000501c361b7$09251340$68e4a144@bronco>
Message-ID: <000601c361b8$fd1849d0$68e4a144@bronco>

Alternatively, I found the EZSQL product I mentioned in my previous note to
be a bit "biggie-sized" for a quick job. So, I might suggest this from the
great people at Wrox.

In the book "Professional PHP 4", Chap 17, they build a q quickie class for
PHP to MySQL only. Then give you lots of sample PHP code to execute it with.
You can get the sample code for the entire book from their site Or you can
go to: http://www.pswebcode.com/downloads/ where the only the database class
and all the sample PHP files are zipped.

PSaw


 

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of pswebcode, nyc
Sent: Wednesday, August 13, 2003 12:22 PM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Database code solutions


Okay. Yeah, the other response was just good  talk. 

But, here is response to your topic.

A php class that does every kind of db access (select, update, etc) (on
every db type: mysql, postgres, oracle) and has it all knocked down to a
couple of terse functions. Lots of documentation too:
http://php.justinvincent.com/

PSaw



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Ophir Prusak
Sent: Wednesday, August 13, 2003 12:07 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions



back to the subject, I'm not looking for database management / deisgn /
access type tools, I'm looking for something (classes, packages, products)
that will allow me to concentrate my php programming efforts on the business
logic, and not spend so much time creating the "plumbing" for basic database
operations such as create a new row, edit a row, read a row or delete a row.

phplens is the closest to what I want that I've found so far. Has anyone
here ever used it or heard anything about it ? (other than what's on the
phplens site and the php|arch "review" )

Thanx
Ophir

----- Original Message -----
From: "Cogswell, Eric" <eric.cogswell at innlink.com>
To: <psaw at pswebcode.com>; "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 10:42 AM
Subject: RE: [nycphp-talk] Database code solutions


I have used NaviCat also, and liked it very much.  Right now, I am using a
product from EMS that I also find very nice.  It has all the standard
features a MySQL GUI needs, is lightweight, and user friendly.  Overall, a
very nice tool.

http://ems-hitech.com/mymanager/index.phtml

-Eric


-----Original Message-----
From: pswebcode, nyc [mailto:psaw at pswebcode.com]
Sent: Wednesday, August 13, 2003 9:28 AM
To: 'NYPHP Talk'
Subject: RE: [nycphp-talk] Database code solutions


On this topic, I have recently been using a product called NaviCat found at
http://www.mysqlstudio.com/

Provides very nice graphical interface on MySQL servers, including
import/export data transfer of tables and/or whole databases from server to
server, backup and user management. Exposes SQL schema code that makes up
tables. Run queries from Query window.

30-day full-functioning demo.

PSaw


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Steve Manes
Sent: Wednesday, August 13, 2003 7:44 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions


Ophir Prusak wrote:
> I'm looking for something that will reduce my development time on
> database related code. I know there are several packages, classes, etc 
> that will help with this, but I don't have time to research all the 
> possibilities and was hoping to hear from nyphp members their 
> experiences and recommendations (or non-recommendations). I'm looking 
> for any solution, commercial or open source.

Hey Ophir,

One thing I've found that dramatically helps me deal with database issues is
a good database design tool to help me visualize what's going on.  I found
something recently that I really like, CaseStudio:

http://www.casestudio.com

After a couple of hours learning the demo Lite version, I bought it. The Pro
version has a reverse engineering feature that logs into an RDBMS and
creates a model from an existing database.  I demoed this as well and found
a couple of things I should have been doing to optimize my digest archive.
Supports MySQL 4 and PosgreSQL 7.x too.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk


_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk



From soazine at erols.com  Wed Aug 13 12:50:31 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 13 Aug 2003 12:50:31 -0400
Subject: [nycphp-talk] PHP, PayPal, Authentication and Redirect
Message-ID: <025601c361bb$027f1f50$67a76244@philofsoa>

I am not sure if I have this correct, but if someone were to want registration verification handled through either a check or via PayPal, would that then mean I could still have it set up to send PayPal-related info to PayPal and then redirect to a "Thank for registering and giving us your money" page?

Is it just that simple or am I missing another layer here?  

"We are close.  Only difference is that they can not register themselves.  People will pay me via paypal or check and then I will register them for them.  They then log in and have access to the password protected pages."

Just want to be sure I have the right concept.  Here is a page I developed that does something similar to that:

http://valsignalandet.com/donate/donate.php?cmd=_xclick&business=myemail at myemail.com&no_note=1&currency=USD&tax=0&refURL=/



Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/fb2c3919/attachment.html>

From oprusak at trafficmac.com  Wed Aug 13 13:18:20 2003
From: oprusak at trafficmac.com (Ophir Prusak)
Date: Wed, 13 Aug 2003 13:18:20 -0400
Subject: [nycphp-talk] Database code solutions
References: <006401c361b4$e3325500$9601a8c0@sparta><000501c361b7$09251340$68e4a144@bronco>
	<20030813163302.GA19415@panix.com>
Message-ID: <008601c361be$e505d0f0$9601a8c0@sparta>

I checked our your class and the ezsql class as well.
These are great classes and definitely big helpers but I already have code
that takes care of much of this "low level plumbing".

phplens gives you a web based interface that actually creates the php
necessary for the forms themselves.
It looks like I'll need to play around with it myself and I'll post a
mini-review.

Ophir

> Ophir wrote two messages back...
> >
> > and not spend so much time creating the "plumbing" for basic database
> > operations such as create a new row, edit a row, read a row or delete a
row.
>
> These operations are handled by simple queries.  There's no way around
> programming that... until artificial intelligence, I guess.
>




From sterling at bumblebury.com  Wed Aug 13 14:38:48 2003
From: sterling at bumblebury.com (Sterling Hughes)
Date: Wed, 13 Aug 2003 18:38:48 -0000
Subject: [nycphp-talk] libxml in PHP 5
In-Reply-To: <000101c361a5$a8b04bd0$68e4a144@bronco>
References: <000101c361a5$a8b04bd0$68e4a144@bronco>
Message-ID: <1060791769.1318.23.camel@hasele>

Am Mit, 2003-08-13 um 10.17 schrieb pswebcode, nyc:
> Looks sleek...  ...but regarding any documentation (full list of functions,
> say) for the updated DOM, XSLT and XPATH functionality? 
> 
> And if I remember right... SAX, XSLT and DOM XML libs will all be installed
> by default on both *nix and Windows?
> 
> I have been using DOMXML functions at this time and several web hosts would
> not install the library, namely because it is marked as Experimental.
> 

The DOM, SAX, XPath, Schema and any other extensions that can work with
standard libxml2 will be enabled by default, and stable.

-Sterling
-- 
A debugged program is one for which you have not yet found the
conditions that make it fail. 
  - Jerry Ogdin


From dmintz at panix.com  Wed Aug 13 15:06:06 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 13 Aug 2003 15:06:06 -0400 (EDT)
Subject: [nycphp-talk] cookbook: gpg
In-Reply-To: <NFBBJNKBNKCIKGKJIFPJIEHEGIAA.sklar@sklar.com>
References: <NFBBJNKBNKCIKGKJIFPJIEHEGIAA.sklar@sklar.com>
Message-ID: <Pine.NEB.4.56.0308131504520.26458@panix5.panix.com>



On Tue, 12 Aug 2003, David Sklar wrote:
>
> To sign without encrypting, pass -e without -s to gpg: "gpg -er foo at bar.com"
> encrypts for foo at bar.com (and requires only foo at bar.com's public key);
> "gpg -ser foo at bar.com" encrypts for foo at bar.com and also signs with the
> default local user (and requires that user's private key).
>
> GPG does need access to the public keyring with the recipient's public key.
> Since it's a public keyring, it doesn't really matter if the world can see
> it. Put the keys in a separate keyring, make that file world-readable
> (perhaps putting it outside your home directory), and tell gpg about it
> with --keyring.
>
> David
>

Sounds good. Thank you very much indeed.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

	"D?le p'abajo"

		--Tito Rojas


From soazine at erols.com  Wed Aug 13 18:36:18 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 13 Aug 2003 18:36:18 -0400
Subject: [nycphp-talk] mySQL create table problem
Message-ID: <03bd01c361eb$506019b0$67a76244@philofsoa>

I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...

create table if not exists fs_usermetadata (
 fs_userid int not null,
 primary key(fs_userid),
 fs_username varchar(255) not null,
 fs_password varchar(255) not null,
 fs_user_category_id int not null,
 fs_user_firstname varchar(255),
 fs_user_lastname varchar(255),
 fs_user_address1 varchar(255),
 fs_user_address2 varchar(50),
 fs_user_city varchar(255),
 fs_user_state_province varchar(3),
 fs_user_zip_postal varchar(20),
 fs_user_country varchar(3),
 fs_user_homephone varchar(50),
 fs_user_workphone varchar(50),
 fs_user_fax varchar(50),
 fs_user_isHome varchar(1) not null,
 fs_user_ip varchar(15),
 fs_record_entered datetime default NOW(),
 fs_payment_method varchar(10) not null
);

Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/73f2ce0a/attachment.html>

From louie at zibi.co.il  Wed Aug 13 22:01:26 2003
From: louie at zibi.co.il (louie)
Date: Wed, 13 Aug 2003 19:01:26 -0700
Subject: [nycphp-talk] mySQL create table problem
References: <03bd01c361eb$506019b0$67a76244@philofsoa>
Message-ID: <026a01c36207$f8345c20$7552fea9@shalomssq336e8>

TIMESTAMP DEFAULT 'now()' NOT NULL; //try this
  ----- Original Message ----- 
  From: Phil Powell 
  To: NYPHP Talk 
  Sent: Wednesday, August 13, 2003 3:36 PM
  Subject: [nycphp-talk] mySQL create table problem


  I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...

  create table if not exists fs_usermetadata (
   fs_userid int not null,
   primary key(fs_userid),
   fs_username varchar(255) not null,
   fs_password varchar(255) not null,
   fs_user_category_id int not null,
   fs_user_firstname varchar(255),
   fs_user_lastname varchar(255),
   fs_user_address1 varchar(255),
   fs_user_address2 varchar(50),
   fs_user_city varchar(255),
   fs_user_state_province varchar(3),
   fs_user_zip_postal varchar(20),
   fs_user_country varchar(3),
   fs_user_homephone varchar(50),
   fs_user_workphone varchar(50),
   fs_user_fax varchar(50),
   fs_user_isHome varchar(1) not null,
   fs_user_ip varchar(15),
   fs_record_entered datetime default NOW(),
   fs_payment_method varchar(10) not null
  );

  Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!

  Thanx
  Phil


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/551a4589/attachment.html>

From jonbaer at jonbaer.net  Wed Aug 13 19:16:59 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 13 Aug 2003 19:16:59 -0400
Subject: [nycphp-talk] mySQL create table problem
References: <03bd01c361eb$506019b0$67a76244@philofsoa>
Message-ID: <004b01c361f0$ffaeffd0$6500a8c0@thinkpad>

from what i recall you only need to pass in NULL @ insert time to get the NOW() value ... have you tried that on the server?

- jon
  ----- Original Message ----- 
  From: Phil Powell 
  To: NYPHP Talk 
  Sent: Wednesday, August 13, 2003 6:36 PM
  Subject: [nycphp-talk] mySQL create table problem


  I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...

  create table if not exists fs_usermetadata (
   fs_userid int not null,
   primary key(fs_userid),
   fs_username varchar(255) not null,
   fs_password varchar(255) not null,
   fs_user_category_id int not null,
   fs_user_firstname varchar(255),
   fs_user_lastname varchar(255),
   fs_user_address1 varchar(255),
   fs_user_address2 varchar(50),
   fs_user_city varchar(255),
   fs_user_state_province varchar(3),
   fs_user_zip_postal varchar(20),
   fs_user_country varchar(3),
   fs_user_homephone varchar(50),
   fs_user_workphone varchar(50),
   fs_user_fax varchar(50),
   fs_user_isHome varchar(1) not null,
   fs_user_ip varchar(15),
   fs_record_entered datetime default NOW(),
   fs_payment_method varchar(10) not null
  );

  Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!

  Thanx
  Phil


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/d9723a82/attachment.html>

From lsemel at yahoo.com  Wed Aug 13 19:30:04 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Wed, 13 Aug 2003 16:30:04 -0700 (PDT)
Subject: [nycphp-talk] php scalability
Message-ID: <20030813233004.780.qmail@web14712.mail.yahoo.com>

I am planning an e-commerce site, to be developed either in PHP or Java (preferably the former), but I haven't made my final decision yet.  One of the key issues is the ability to scale the site onto a cluster of servers, as traffic grows.  
 
In Java, it seems that commercial application servers can handle this out of the box.  But I don't see how this can be done on PHP, and I'm wondering if anyone actually does this in a critical production environment.
 
How would you set up load balancing and failover on a PHP site? Is there any particular way you would design the application up front to make this easier?  I'm interesting in hearing your suggestions.
 
Lee
 


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/24eaf935/attachment.html>

From louie at zibi.co.il  Wed Aug 13 22:24:57 2003
From: louie at zibi.co.il (louie)
Date: Wed, 13 Aug 2003 19:24:57 -0700
Subject: [nycphp-talk] mySQL create table problem
References: <03bd01c361eb$506019b0$67a76244@philofsoa>
Message-ID: <02a201c3620b$419b87a0$7552fea9@shalomssq336e8>

fs_record_entered datetime default 'NOW()', /this sould do the job

dont want to confuse you more by mistake i wrote TIMESTAMP

best regards.


  ----- Original Message ----- 
  From: Phil Powell 
  To: NYPHP Talk 
  Sent: Wednesday, August 13, 2003 3:36 PM
  Subject: [nycphp-talk] mySQL create table problem


  I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...

  create table if not exists fs_usermetadata (
   fs_userid int not null,
   primary key(fs_userid),
   fs_username varchar(255) not null,
   fs_password varchar(255) not null,
   fs_user_category_id int not null,
   fs_user_firstname varchar(255),
   fs_user_lastname varchar(255),
   fs_user_address1 varchar(255),
   fs_user_address2 varchar(50),
   fs_user_city varchar(255),
   fs_user_state_province varchar(3),
   fs_user_zip_postal varchar(20),
   fs_user_country varchar(3),
   fs_user_homephone varchar(50),
   fs_user_workphone varchar(50),
   fs_user_fax varchar(50),
   fs_user_isHome varchar(1) not null,
   fs_user_ip varchar(15),
   fs_record_entered datetime default NOW(),
   fs_payment_method varchar(10) not null
  );

  Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!

  Thanx
  Phil


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/74f402c4/attachment.html>

From jonbaer at jonbaer.net  Wed Aug 13 19:42:41 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 13 Aug 2003 19:42:41 -0400
Subject: [nycphp-talk] php scalability
References: <20030813233004.780.qmail@web14712.mail.yahoo.com>
Message-ID: <001401c361f4$96813330$6500a8c0@thinkpad>

i guess you could say if it's good enough for yahoo! its good enough for anyone :-)

http://public.yahoo.com/~radwin/talks/yahoo-phpcon2002.htm

http://www.radwin.org/michael/blog/archives/000255.html

- jon
  ----- Original Message ----- 
  From: Lee Semel 
  To: talk at lists.nyphp.org 
  Sent: Wednesday, August 13, 2003 7:30 PM
  Subject: [nycphp-talk] php scalability


  I am planning an e-commerce site, to be developed either in PHP or Java (preferably the former), but I haven't made my final decision yet.  One of the key issues is the ability to scale the site onto a cluster of servers, as traffic grows.  

  In Java, it seems that commercial application servers can handle this out of the box.  But I don't see how this can be done on PHP, and I'm wondering if anyone actually does this in a critical production environment.

  How would you set up load balancing and failover on a PHP site? Is there any particular way you would design the application up front to make this easier?  I'm interesting in hearing your suggestions.

  Lee



------------------------------------------------------------------------------
  Do you Yahoo!?
  Yahoo! SiteBuilder - Free, easy-to-use web site design software


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/0eaeabc6/attachment.html>

From tim_gales at email.msn.com  Wed Aug 13 20:05:02 2003
From: tim_gales at email.msn.com (Tim Gales)
Date: Wed, 13 Aug 2003 20:05:02 -0400
Subject: [nycphp-talk] mySQL create table problem
In-Reply-To: <03bd01c361eb$506019b0$67a76244@philofsoa>
Message-ID: <001c01c361f7$b5a40eb0$0a01a8c0@OBERON1>

Regarding determining which version of mySQL the client is using:

 

Can you use a query like 'select version()'  

 

On the datetime type - can you use a timestamp which would automatically be
set to the system date/time

 

 

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Phil Powell
Sent: Wednesday, August 13, 2003 6:36 PM
To: NYPHP Talk
Subject: [nycphp-talk] mySQL create table problem

 

I am unable to determine which version of mySQL is running on a remote
server (and the client doesn't know either, and I can't reach the host.. oh
what I'll do for $80)...

 

create table if not exists fs_usermetadata (
 fs_userid int not null,
 primary key(fs_userid),
 fs_username varchar(255) not null,
 fs_password varchar(255) not null,
 fs_user_category_id int not null,
 fs_user_firstname varchar(255),
 fs_user_lastname varchar(255),
 fs_user_address1 varchar(255),
 fs_user_address2 varchar(50),
 fs_user_city varchar(255),
 fs_user_state_province varchar(3),
 fs_user_zip_postal varchar(20),
 fs_user_country varchar(3),
 fs_user_homephone varchar(50),
 fs_user_workphone varchar(50),
 fs_user_fax varchar(50),
 fs_user_isHome varchar(1) not null,
 fs_user_ip varchar(15),
 fs_record_entered datetime default NOW(),
 fs_payment_method varchar(10) not null
);

 

Can any of you determine why the fs_record_entered column call continually
produces a SQL error? I am trying to set it to default to now() and it fails
every time. Augh!

 

Thanx

Phil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/2b06c764/attachment.html>

From jlacey at ix.netcom.com  Wed Aug 13 20:14:15 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Wed, 13 Aug 2003 18:14:15 -0600
Subject: [nycphp-talk] php scalability
In-Reply-To: <20030813233004.780.qmail@web14712.mail.yahoo.com>
References: <20030813233004.780.qmail@web14712.mail.yahoo.com>
Message-ID: <3F3AD457.4010302@ix.netcom.com>

Lee Semel wrote:

> I am planning an e-commerce site, to be developed either in PHP or 
> Java (preferably the former), but I haven't made my final decision 
> yet.  One of the key issues is the ability to scale the site onto a 
> cluster of servers, as traffic grows. 
>  
> In Java, it seems that commercial application servers can handle this 
> out of the box.  But I don't see how this can be done on PHP, and I'm 
> wondering if anyone actually does this in a critical production 
> environment.
>  
> How would you set up load balancing and failover on a PHP site? Is 
> there any particular way you would design the application up front to 
> make this easier?  I'm interesting in hearing your suggestions.
>  
> Lee
>  



take a look at oscommerce

http://www.oscommerce.com/

John



From lsemel at yahoo.com  Wed Aug 13 20:30:53 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Wed, 13 Aug 2003 17:30:53 -0700 (PDT)
Subject: [nycphp-talk] php scalability
In-Reply-To: <001401c361f4$96813330$6500a8c0@thinkpad>
Message-ID: <20030814003053.27843.qmail@web14706.mail.yahoo.com>

Thanks for the link to the updated Yahoo/PHP presentation.  
 
What the presentation doesn't say is how difficult it was for them to get where they are.  How much effort, time and money was spent?  It's possible he had a team of programmers working all year writing custom code, experimenting, and optimizing PHP for the Yahoo environment.  
 
Just because PHP scales for Yahoo, one of the largest web companies with loads of in-house technical talent, doesn't mean it's necessarily easy or cost effective for other businesses.  
 
I'd like to hear other opinions on this.
 
Lee
 
 

Jon Baer <jonbaer at jonbaer.net> wrote:
i guess you could say if it's good enough for yahoo! its good enough for anyone :-)
 
http://public.yahoo.com/~radwin/talks/yahoo-phpcon2002.htm
 
http://www.radwin.org/michael/blog/archives/000255.html
 
- jon
----- Original Message ----- 
From: Lee Semel 
To: talk at lists.nyphp.org 
Sent: Wednesday, August 13, 2003 7:30 PM
Subject: [nycphp-talk] php scalability


I am planning an e-commerce site, to be developed either in PHP or Java (preferably the former), but I haven't made my final decision yet.  One of the key issues is the ability to scale the site onto a cluster of servers, as traffic grows.  
 
In Java, it seems that commercial application servers can handle this out of the box.  But I don't see how this can be done on PHP, and I'm wondering if anyone actually does this in a critical production environment.
 
How would you set up load balancing and failover on a PHP site? Is there any particular way you would design the application up front to make this easier?  I'm interesting in hearing your suggestions.
 
Lee
 


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software 

---------------------------------


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/c6c4ac8b/attachment.html>

From louie at zibi.co.il  Wed Aug 13 23:33:41 2003
From: louie at zibi.co.il (louie)
Date: Wed, 13 Aug 2003 20:33:41 -0700
Subject: [nycphp-talk] php scalability
References: <20030813233004.780.qmail@web14712.mail.yahoo.com>
	<3F3AD457.4010302@ix.netcom.com>
Message-ID: <02f001c36214$db8dd800$7552fea9@shalomssq336e8>

 
> take a look at oscommerce
> 
> http://www.oscommerce.com/
> 
> John
> 


I think OsCommerce ask for register_globals = ON



 _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 



From jonbaer at jonbaer.net  Wed Aug 13 21:30:33 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 13 Aug 2003 21:30:33 -0400
Subject: [nycphp-talk] php scalability
References: <20030814003053.27843.qmail@web14706.mail.yahoo.com>
Message-ID: <003601c36203$a7e480a0$6500a8c0@thinkpad>

>>>> Just because PHP scales for Yahoo, one of the largest web companies with loads of in-house technical talent, doesn't mean it's necessarily easy or cost effective for other businesses. <<<<

wouldn't that really apply to *any* technology you decide to deploy?  + J2EE is not cost effective, app servers come @ a pretty cost in terms of scalability (ie WebLogic, WebSphere, etc).  From what I have *heard*, much can be said in regards to LAMP + things like mod_backhand (http://www.backhand.org/mod_backhand/) that can take you a long way ... (wishing i would have done it instead of being sucked into WebLogic/Oracle during my heyday).  i too am interested in hearing other deployment experiences.

- jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/7c168baf/attachment.html>

From soazine at erols.com  Wed Aug 13 21:56:57 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 13 Aug 2003 21:56:57 -0400
Subject: [nycphp-talk] mySQL create table problem
References: <001c01c361f7$b5a40eb0$0a01a8c0@OBERON1>
Message-ID: <04b201c36207$584c89d0$67a76244@philofsoa>

I tried, that failed too:

select version() LIMIT 0, 30

MySQL said: 


You have an error in your SQL syntax near 'LIMIT 0, 30' at line 1

Back 

I didn't put "LIMIT 0, 30" in my query, that was somehow embedded

Phil
  ----- Original Message ----- 
  From: Tim Gales 
  To: 'NYPHP Talk' 
  Sent: Wednesday, August 13, 2003 8:05 PM
  Subject: RE: [nycphp-talk] mySQL create table problem


  Regarding determining which version of mySQL the client is using:



  Can you use a query like 'select version()'  



  On the datetime type - can you use a timestamp which would automatically be set to the system date/time





  -----Original Message-----
  From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Phil Powell
  Sent: Wednesday, August 13, 2003 6:36 PM
  To: NYPHP Talk
  Subject: [nycphp-talk] mySQL create table problem



  I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...



  create table if not exists fs_usermetadata (
   fs_userid int not null,
   primary key(fs_userid),
   fs_username varchar(255) not null,
   fs_password varchar(255) not null,
   fs_user_category_id int not null,
   fs_user_firstname varchar(255),
   fs_user_lastname varchar(255),
   fs_user_address1 varchar(255),
   fs_user_address2 varchar(50),
   fs_user_city varchar(255),
   fs_user_state_province varchar(3),
   fs_user_zip_postal varchar(20),
   fs_user_country varchar(3),
   fs_user_homephone varchar(50),
   fs_user_workphone varchar(50),
   fs_user_fax varchar(50),
   fs_user_isHome varchar(1) not null,
   fs_user_ip varchar(15),
   fs_record_entered datetime default NOW(),
   fs_payment_method varchar(10) not null
  );



  Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!



  Thanx

  Phil



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/4815e23d/attachment.html>

From soazine at erols.com  Wed Aug 13 21:57:27 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 13 Aug 2003 21:57:27 -0400
Subject: [nycphp-talk] mySQL create table problem
References: <03bd01c361eb$506019b0$67a76244@philofsoa>
	<026a01c36207$f8345c20$7552fea9@shalomssq336e8>
Message-ID: <04c501c36207$6a257a40$67a76244@philofsoa>

fs_record_entered datetime default 'Now()'  worked!

Phil
  ----- Original Message ----- 
  From: louie 
  To: NYPHP Talk 
  Sent: Wednesday, August 13, 2003 10:01 PM
  Subject: Re: [nycphp-talk] mySQL create table problem


  TIMESTAMP DEFAULT 'now()' NOT NULL; //try this
    ----- Original Message ----- 
    From: Phil Powell 
    To: NYPHP Talk 
    Sent: Wednesday, August 13, 2003 3:36 PM
    Subject: [nycphp-talk] mySQL create table problem


    I am unable to determine which version of mySQL is running on a remote server (and the client doesn't know either, and I can't reach the host.. oh what I'll do for $80)...

    create table if not exists fs_usermetadata (
     fs_userid int not null,
     primary key(fs_userid),
     fs_username varchar(255) not null,
     fs_password varchar(255) not null,
     fs_user_category_id int not null,
     fs_user_firstname varchar(255),
     fs_user_lastname varchar(255),
     fs_user_address1 varchar(255),
     fs_user_address2 varchar(50),
     fs_user_city varchar(255),
     fs_user_state_province varchar(3),
     fs_user_zip_postal varchar(20),
     fs_user_country varchar(3),
     fs_user_homephone varchar(50),
     fs_user_workphone varchar(50),
     fs_user_fax varchar(50),
     fs_user_isHome varchar(1) not null,
     fs_user_ip varchar(15),
     fs_record_entered datetime default NOW(),
     fs_payment_method varchar(10) not null
    );

    Can any of you determine why the fs_record_entered column call continually produces a SQL error? I am trying to set it to default to now() and it fails every time. Augh!

    Thanx
    Phil


----------------------------------------------------------------------------


    _______________________________________________
    talk mailing list
    talk at lists.nyphp.org
    http://lists.nyphp.org/mailman/listinfo/talk



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/51814239/attachment.html>

From danielc at analysisandsolutions.com  Wed Aug 13 22:01:42 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 13 Aug 2003 22:01:42 -0400
Subject: [nycphp-talk] php scalability
In-Reply-To: <20030813233004.780.qmail@web14712.mail.yahoo.com>
References: <20030813233004.780.qmail@web14712.mail.yahoo.com>
Message-ID: <20030814020142.GB13591@panix.com>

Lee:

On Wed, Aug 13, 2003 at 04:30:04PM -0700, Lee Semel wrote:

> How would you set up load balancing and failover on a PHP site? Is there
> any particular way you would design the application up front to make 
> this easier?  I'm interesting in hearing your suggestions.

I'm no expert on massive deployments, but from what I understand, the load
balancing has to do with routers and other traffic management
software/hardware.  The scripting language on each server operates
independently, processing the requests that have been directed to it's
server.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From soazine at erols.com  Wed Aug 13 22:08:55 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 13 Aug 2003 22:08:55 -0400
Subject: [nycphp-talk] mySQL is kicking my butt Pt II
Message-ID: <050401c36209$0425f510$67a76244@philofsoa>

alter table fs_usermetadata add foreign key fs_user_category_id 
 references fs_user_category(fs_user_category_id)
 on delete cascade
Isn't this legitimate code to add a foreign key constraint to fs_user_category_id in table fs_usermetadata referencing fs_user_category.fs_user_category_id?or is mySQL the anti-Oracle?Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/5c9d2de7/attachment.html>

From ntang at mail.communityconnect.com  Wed Aug 13 22:20:42 2003
From: ntang at mail.communityconnect.com (Nicholas Tang)
Date: Wed, 13 Aug 2003 22:20:42 -0400
Subject: [nycphp-talk] php scalability
References: <20030813233004.780.qmail@web14712.mail.yahoo.com>
	<20030814020142.GB13591@panix.com>
Message-ID: <000501c3620a$a9dc2dc0$d8482ed8@FOOBAR>

There are several high performance, relatively low-cost hardware
appliance-type solutions, especially if you buy refurbs... Alteon, Cisco,
F5, and a bunch of other vendors make them.  As someone else mentioned,
there are other solutions like mod_backhand and/or wackamole that allow you
to set up dynamically balanced, redundant clusters of webservers.

It's pretty easy to scale LAMP-style setups, honestly.  The place I work now
(CCI) uses PHP/Apache/Linux on the front end and, depending on the app and
how long ago it was written, Oracle or MySQL on the backend.  We do a whole
lot of page views (hundreds of millions) every month so it can certainly be
done.

Nicholas

----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 10:01 PM
Subject: Re: [nycphp-talk] php scalability


> Lee:
>
> On Wed, Aug 13, 2003 at 04:30:04PM -0700, Lee Semel wrote:
>
> > How would you set up load balancing and failover on a PHP site? Is there
> > any particular way you would design the application up front to make
> > this easier?  I'm interesting in hearing your suggestions.
>
> I'm no expert on massive deployments, but from what I understand, the load
> balancing has to do with routers and other traffic management
> software/hardware.  The scripting language on each server operates
> independently, processing the requests that have been directed to it's
> server.
>
> --Dan
>
> --
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>




From lsemel at yahoo.com  Wed Aug 13 22:34:32 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Wed, 13 Aug 2003 19:34:32 -0700 (PDT)
Subject: [nycphp-talk] php scalability
In-Reply-To: <20030814020142.GB13591@panix.com>
Message-ID: <20030814023433.27159.qmail@web14712.mail.yahoo.com>

It's not always the case that load balancing is independent of the scripting language.  Here's a specific example of something that's automatic in Java, but needs to be programmed into the application in PHP: 
 
In a load balanced setting, a user can be switched from one server to another as they use the site.  So the session needs to be available to all servers, and stored in the database.  Java application servers such as JBoss or Weblogic can take care of this automatically, making the session available to all servers without you having to do anything special.  But in PHP, we have to know in advance that this is a problem, so we can set up the session to work this way.
 
Another issue is deploying or upgrading the application on multiple servers, especially if several versions need to be kept around.  I can zip a Java application into a WAR file and send it to all the servers at once, and the configuration and security settings live nicely in a separate web.xml file.  The WAR file can even contain all the automated tasks that would be done by cron jobs.  But in PHP, you need to keep track of all the individual little files in the app, track changes to php.ini files and httpd.conf files, include files, include paths, .htaccess files, PEAR libraries, and cron jobs, all of which can get out of sync and mixed up very easily.  
 
Neither of these is a big deal in itself, but I'm wondering what other red flags there would be to make PHP work in a load balanced setting, so I can get an idea of the relative cost and effort versus Java.  If there are a lot of tricky little things like this, they can add up to a big job.  I'd like to do it in PHP if at all possible.
 

Analysis & Solutions <danielc at analysisandsolutions.com> wrote:
Lee:

On Wed, Aug 13, 2003 at 04:30:04PM -0700, Lee Semel wrote:

> How would you set up load balancing and failover on a PHP site? Is there
> any particular way you would design the application up front to make 
> this easier? I'm interesting in hearing your suggestions.

I'm no expert on massive deployments, but from what I understand, the load
balancing has to do with routers and other traffic management
software/hardware. The scripting language on each server operates
independently, processing the requests that have been directed to it's
server.

--Dan

-- 
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/02a06ea1/attachment.html>

From lsemel at yahoo.com  Wed Aug 13 22:38:27 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Wed, 13 Aug 2003 19:38:27 -0700 (PDT)
Subject: [nycphp-talk] php scalability
In-Reply-To: <000501c3620a$a9dc2dc0$d8482ed8@FOOBAR>
Message-ID: <20030814023827.50072.qmail@web14706.mail.yahoo.com>

I heard that your company is one of the largest users of PHP.  It's good to know you have able to make this work.  I would like to use PHP for our site if it's possible to scale as easily as you described.
 
Is there anything special in the programming of the application that needs to be done to make it amenable to clustering, aside from keeping session state in the database?

Lee
 
 

Nicholas Tang <ntang at mail.communityconnect.com> wrote:
There are several high performance, relatively low-cost hardware
appliance-type solutions, especially if you buy refurbs... Alteon, Cisco,
F5, and a bunch of other vendors make them. As someone else mentioned,
there are other solutions like mod_backhand and/or wackamole that allow you
to set up dynamically balanced, redundant clusters of webservers.

It's pretty easy to scale LAMP-style setups, honestly. The place I work now
(CCI) uses PHP/Apache/Linux on the front end and, depending on the app and
how long ago it was written, Oracle or MySQL on the backend. We do a whole
lot of page views (hundreds of millions) every month so it can certainly be
done.

Nicholas

----- Original Message -----
From: "Analysis & Solutions" 
To: "NYPHP Talk" 
Sent: Wednesday, August 13, 2003 10:01 PM
Subject: Re: [nycphp-talk] php scalability


> Lee:
>
> On Wed, Aug 13, 2003 at 04:30:04PM -0700, Lee Semel wrote:
>
> > How would you set up load balancing and failover on a PHP site? Is there
> > any particular way you would design the application up front to make
> > this easier? I'm interesting in hearing your suggestions.
>
> I'm no expert on massive deployments, but from what I understand, the load
> balancing has to do with routers and other traffic management
> software/hardware. The scripting language on each server operates
> independently, processing the requests that have been directed to it's
> server.
>
> --Dan
>
> --
> FREE scripts that make web and database programming easier
> http://www.analysisandsolutions.com/software/
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/fdd10b7a/attachment.html>

From lsemel at yahoo.com  Wed Aug 13 23:06:12 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Wed, 13 Aug 2003 20:06:12 -0700 (PDT)
Subject: [nycphp-talk] php scalability
In-Reply-To: <003601c36203$a7e480a0$6500a8c0@thinkpad>
Message-ID: <20030814030612.62912.qmail@web14704.mail.yahoo.com>

I agree that Weblogic and Oracle are not cost effective.  What was your experience with Weblogic/Oracle like?


Jon Baer <jonbaer at jonbaer.net> wrote:
>>>> Just because PHP scales for Yahoo, one of the largest web companies with loads of in-house technical talent, doesn't mean it's necessarily easy or cost effective for other businesses. <<<<
 
wouldn't that really apply to *any* technology you decide to deploy?  + J2EE is not cost effective, app servers come @ a pretty cost in terms of scalability (ie WebLogic, WebSphere, etc).  From what I have *heard*, much can be said in regards to LAMP + things like mod_backhand (http://www.backhand.org/mod_backhand/) that can take you a long way ... (wishing i would have done it instead of being sucked into WebLogic/Oracle during my heyday).  i too am interested in hearing other deployment experiences.
 
- jon
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/c6f87fbf/attachment.html>

From southwell at dneba.com  Wed Aug 13 23:08:46 2003
From: southwell at dneba.com (Michael Southwell)
Date: Wed, 13 Aug 2003 23:08:46 -0400
Subject: [nycphp-talk] keeping a file secure
Message-ID: <5.1.0.14.2.20030813222552.00b64008@mail.optonline.net>

A client has asked to use his website as a convenient access point for him 
and a partner to use for transferring very large (presumably too large for 
email) and sensitive (financial) files.

I am thinking that this can be done reasonably safely and very simply via 
ftp as follows:
1.  use the host's ftp password system to secure the connection, and use 
any common ftp program
2.  encrypt the file locally before uploading
3.  upload it, for convenience to a designated subdirectory but I can't see 
that it really matters
4.  then the other guy gets it, decrypts it, changes it, and puts it back, etc.
If anybody were somehow able to deduce the existence of this file and get 
it (which I know is easy; just point a browser at it and if it's not a 
standard type it will be downloaded), it would be incomprehensible.

An alternative would be to write a script using authentication which then 
uses fputs and fgets to move the file back and forth (but I may be 
*seriously* screwed up on this).  There would probably be some issue with 
write permissions on the host.

The first scheme seems much simpler and, as I said, reasonably safe.

Ideas, advice, warnings?

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================




From danielc at analysisandsolutions.com  Wed Aug 13 23:14:59 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 13 Aug 2003 23:14:59 -0400
Subject: [nycphp-talk] keeping a file secure
In-Reply-To: <5.1.0.14.2.20030813222552.00b64008@mail.optonline.net>
References: <5.1.0.14.2.20030813222552.00b64008@mail.optonline.net>
Message-ID: <20030814031458.GA16515@panix.com>

Hi Michael:

On Wed, Aug 13, 2003 at 11:08:46PM -0400, Michael Southwell wrote:
> A client has asked to use his website as a convenient access point for him 
> and a partner to use for transferring very large (presumably too large for 
> email) and sensitive (financial) files.
... snip ...
> 1.  use the host's ftp password system to secure the connection, and use 
> any common ftp program

Use sftp, which forms an ssh connection, so the passwords and files don't 
go through in the clear.


> If anybody were somehow able to deduce the existence of this file and get 
> it (which I know is easy; just point a browser at it and if it's not a 
> standard type it will be downloaded), it would be incomprehensible.

All of the web servers I've been involved with have a user's home dir and 
the user's dir in the web document root.  Keep the stuff in the user dirs, 
not the web dirs.  This way they won't even be accessible via the web.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From velez at sinu.com  Wed Aug 13 23:15:37 2003
From: velez at sinu.com (Larry Velez)
Date: Wed, 13 Aug 2003 23:15:37 -0400
Subject: [nycphp-talk] keeping a file secure
In-Reply-To: <5.1.0.14.2.20030813222552.00b64008@mail.optonline.net>
Message-ID: <004c01c36212$5583cbe0$0e0ea8c0@therealm>


I would recommend Groove (If they use Windows desktops) - http://www.groove.net/ (free for limited use)
It is P2P so file size and firewalls are not an issue, it works offline and it was built with security in mind from the very
beginning, meaning sensitive data is safer than on their own hard drive.   We have used it for 2+ years and love it.

| Larry Velez | http://sinu.com |

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michael Southwell
Sent: Wednesday, August 13, 2003 11:09 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] keeping a file secure


A client has asked to use his website as a convenient access point for him 
and a partner to use for transferring very large (presumably too large for 
email) and sensitive (financial) files.

I am thinking that this can be done reasonably safely and very simply via 
ftp as follows:
1.  use the host's ftp password system to secure the connection, and use 
any common ftp program
2.  encrypt the file locally before uploading
3.  upload it, for convenience to a designated subdirectory but I can't see 
that it really matters
4.  then the other guy gets it, decrypts it, changes it, and puts it back, etc. If anybody were somehow able to deduce the existence
of this file and get 
it (which I know is easy; just point a browser at it and if it's not a 
standard type it will be downloaded), it would be incomprehensible.

An alternative would be to write a script using authentication which then 
uses fputs and fgets to move the file back and forth (but I may be 
*seriously* screwed up on this).  There would probably be some issue with 
write permissions on the host.

The first scheme seems much simpler and, as I said, reasonably safe.

Ideas, advice, warnings?

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com 



From ntang at mail.communityconnect.com  Wed Aug 13 23:26:51 2003
From: ntang at mail.communityconnect.com (Nicholas Tang)
Date: Wed, 13 Aug 2003 23:26:51 -0400
Subject: [nycphp-talk] php scalability
References: <20030814023827.50072.qmail@web14706.mail.yahoo.com>
Message-ID: <000d01c36213$e6fb37b0$d8482ed8@FOOBAR>

Hmmm.  Let me answer that with a "not especially".

>From an operations standpoint, you want to build to (at least semi-) automated standards.  By that I mean simply making sure that each machine is essentially a cookie-cutter replica of the next, which is fairly easy to accomplish on a large scale with a little thought.  It's worth noting that Apache/PHP has no built-in connection pooling, so if you have 10 webservers w/ 100 apache children each, you'll have 1000 connections open to your database.  You should also have a way to distribute content across multiple servers.  rsync works pretty nicely, to a point.

On the app side, as you noted, you have to keep any state in the db, and have to make sure no "webapp" server keeps any session data locally.  This is easy for a lot of people to forget in practice even if they recognize it in theory.  Generally, though, anything else is basically just following good programming habits - designing apps and database schemas so they minimize contention, so that they do as much caching as possible (most data doesn't need to be up-to-the-second dynamic; one of my favorite easy to recognize examples of this was from a company I worked at that used an SSI exec to run the unix command "date" on every page load just to print the date - not even time.  That's data that updates every 24 hours, so running it a few times a second was obviously stupid.), etc.  It's worth bearing in mind that a little extra planning time in the beginning can often make a huge difference in the end results.

Split apps up logically whenever possible.  Scaling is generally cheapest when done horizontally.  If your site(s) can be broken down into logical pieces, each with their own DB and web cluster, that'll help a bunch, since your DB will probably be your bottleneck.  The less you can hit the DB, obviously, the better.  Use separate clusters for purely static content - and consider using something like tux or thttpd or some other high-speed server to serve that content.  No sense in wasting open DB connections to serve that content.

Something you should think about early and address quickly (regardless of which platform) is shared uploaded content, if there will be any - for instance, if users can upload images, or documents, or music, or whatever, you need a way of mounting that upload repository to all of the servers.  The easiest way is just NFS mounting the fileserver across all of the clusters.

Oh, and use something like APC on your php servers.  ( http://pear.php.net/package-info.php?package=APC )  (How shameless can a plug be if it's open source?  ;)  )

I know nothing I said is especially specific, but it's late, I'm tired, and I'm not getting paid.  ;)

Nicholas

P.S.  I'm catching a plane in a few hours so I probably won't be sending any more replies for a while.  ;)

  ----- Original Message ----- 
  From: Lee Semel 
  To: NYPHP Talk ; ntang at mail.communityconnect.com 
  Sent: Wednesday, August 13, 2003 10:38 PM
  Subject: Re: [nycphp-talk] php scalability


  I heard that your company is one of the largest users of PHP.  It's good to know you have able to make this work.  I would like to use PHP for our site if it's possible to scale as easily as you described.

  Is there anything special in the programming of the application that needs to be done to make it amenable to clustering, aside from keeping session state in the database?

  Lee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030813/f1a23edc/attachment.html>

From smanes at magpie.com  Thu Aug 14 07:30:52 2003
From: smanes at magpie.com (Steve Manes)
Date: Thu, 14 Aug 2003 07:30:52 -0400
Subject: [nycphp-talk] php scalability
In-Reply-To: <20030814023827.50072.qmail@web14706.mail.yahoo.com>
References: <20030814023827.50072.qmail@web14706.mail.yahoo.com>
Message-ID: <3F3B72EC.30708@magpie.com>

Lee Semel wrote:
> Is there anything special in the programming of the application that 
> needs to be done to make it amenable to clustering, aside from keeping 
> session state in the database?

Actually, we don't maintain session state in the db.  We maintain very 
little session state other than the fact that the user has logged in and 
is known to the system.  This is carried from request to request in the 
user's encrypted cookie.  To further reduce database overhead, at login 
we load the cookie with most of the personal data the software wants to 
know about you so we don't have to hit the db for stuff like, "Hello, 
Lee".  One of the nice things about the clustering topography that 
Nicholas mentioned is that you can, if need be, maintain cookies 
specific to each named cluster.

As Nicholas said (and he's The Man when it comes to CCI's hardware 
infrastructure), in large scale applications the database is your choke 
point.  Anything you can do to reduce those requests in an environment 
where you might have tens of thousands of concurrent users is a definite 
win -- like for instance populating form pulldown data from web server 
cache rather than from the db.  You can always throw another inexpensive 
commodity web server, or ten, into the network but adding databases is 
more problematic.

---------------------------------------------=o&o>---------
Steve Manes          http://www.magpie.com
Brooklyn, NY




From jonbaer at jonbaer.net  Thu Aug 14 09:01:48 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 14 Aug 2003 09:01:48 -0400
Subject: [nycphp-talk] php scalability
References: <20030814030612.62912.qmail@web14704.mail.yahoo.com>
Message-ID: <004501c36264$3913b3b0$6400a8c0@thinkpad>

pretty terrible ... 

granted it was a complex web app involving nuance and speechobjects it still was not a good thing to see java APIs floating around in limbo @ the time and when you need to hire additional oracle DBAs u go over budget quick (not saying that they are not worth it) but it would have helped to simplify to begin with.  alot of our load balancing was hardware based w/ cisco mnlb @ colo ... which i did not handle (+ by the looks of it very mindboggling process) ... my big *MAIN* issue was how licencing schemes/scams/whatever u want to call it works for multiprocessor systems when it came to app servers.  unfortunately i no longer possess the arch layout or else id gladly pass it along, probably makes a good "what not to do" poster.  

- jon 
  ----- Original Message ----- 
  From: Lee Semel 
  To: NYPHP Talk 
  Sent: Wednesday, August 13, 2003 11:06 PM
  Subject: Re: [nycphp-talk] php scalability


  I agree that Weblogic and Oracle are not cost effective.  What was your experience with Weblogic/Oracle like?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030814/c910287e/attachment.html>

From jonbaer at jonbaer.net  Thu Aug 14 09:24:38 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 14 Aug 2003 09:24:38 -0400
Subject: [nycphp-talk] keeping a file secure
References: <5.1.0.14.2.20030813222552.00b64008@mail.optonline.net>
Message-ID: <007d01c36267$69cc3510$6400a8c0@thinkpad>

a good method is to first secure apache allowing *only* viewing of .pgp
files and then setting up a vpn over an ftp connection (or sftp w/aes).
(the hosts ftp password is worth next to nothing, if the files are deemed
"sensitive" then a vpn is a good investment) and using openssl over apache.

simple automated ssh scripts w/ scp (secure copy) would also be an easy
method.  put the clients pub keys up on the box for quicker access.

- jon

----- Original Message -----
From: "Michael Southwell" <southwell at dneba.com>
To: <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 11:08 PM
Subject: [nycphp-talk] keeping a file secure


> A client has asked to use his website as a convenient access point for him
> and a partner to use for transferring very large (presumably too large for
> email) and sensitive (financial) files.
>
> I am thinking that this can be done reasonably safely and very simply via
> ftp as follows:
> 1.  use the host's ftp password system to secure the connection, and use
> any common ftp program
> 2.  encrypt the file locally before uploading
> 3.  upload it, for convenience to a designated subdirectory but I can't
see
> that it really matters
> 4.  then the other guy gets it, decrypts it, changes it, and puts it back,
etc.
> If anybody were somehow able to deduce the existence of this file and get
> it (which I know is easy; just point a browser at it and if it's not a
> standard type it will be downloaded), it would be incomprehensible.
>
> An alternative would be to write a script using authentication which then
> uses fputs and fgets to move the file back and forth (but I may be
> *seriously* screwed up on this).  There would probably be some issue with
> write permissions on the host.
>
> The first scheme seems much simpler and, as I said, reasonably safe.
>
> Ideas, advice, warnings?
>
> Michael G. Southwell =================================
> DNEBA Enterprises
> 81 South Road
> Bloomingdale, NJ 07403-1419
> 973/492-7873 (voice and fax)
> southwell at dneba.com
> http://www.dneba.com
> ======================================================
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From dkrook at hotmail.com  Thu Aug 14 10:32:19 2003
From: dkrook at hotmail.com (D C Krook)
Date: Thu, 14 Aug 2003 10:32:19 -0400
Subject: [nycphp-talk] mySQL create table problem
Message-ID: <BAY2-F63lVRExYw0fMq00009721@hotmail.com>

I know Phil's problem has been solved, but just an FYI about 'timestamp' 
columns; they get set to system time not only when you INSERT the row, but 
anytime you UPDATE it.

It seems self-evident when you think about the purpose of the column type, 
but it's easy to forget to set the column's value to itself when you want to 
preserve the existing timestamp while doing unrelated administrative work on 
the table.

For that reason, I would recommend sticking with the 'datetime' column and 
manually updating it to NOW() when necessary.

>On the datetime type - can you use a timestamp which would automatically be
>set to the system date/time

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail



From lsemel at yahoo.com  Thu Aug 14 12:01:34 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Thu, 14 Aug 2003 09:01:34 -0700 (PDT)
Subject: [nycphp-talk] php accelerators
Message-ID: <20030814160134.91127.qmail@web14706.mail.yahoo.com>

Has anyone used Zend Accelerator, ionCube, or any other php acceleration software?  Any opinions, good or bad?
 
 


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030814/241723cd/attachment.html>

From csnyder at chxo.com  Thu Aug 14 12:28:27 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Thu, 14 Aug 2003 12:28:27 -0400
Subject: [nycphp-talk] php accelerators
In-Reply-To: <20030814160134.91127.qmail@web14706.mail.yahoo.com>
References: <20030814160134.91127.qmail@web14706.mail.yahoo.com>
Message-ID: <3F3BB8AB.1010000@chxo.com>

Love ionCube (now called php_accelerator). Best ten minutes of code 
optimization I ever spent.

I've seen benchmark test of the various pre-compilers, and the 
conclusion I reached was that if you're really after tip-top performance 
you should do your own benchmarks. But it's definitely the way to go in 
general.

    chris.

Lee Semel wrote:

> Has anyone used Zend Accelerator, ionCube, or any other php 
> acceleration software?  Any opinions, good or bad?
>  




From gw.nyphp at gwprogramming.com  Thu Aug 14 13:25:10 2003
From: gw.nyphp at gwprogramming.com (George Webb)
Date: Thu, 14 Aug 2003 13:25:10 -0400
Subject: [nycphp-talk] Cookies as session database [was php scalability]
Message-ID: <20030814132510.A3385@vtbear.com>

As an offshoot of this topic, what does anyone think of using
HTTP cookies as the session database?

	It seems to me the largest problem with the scalability
issue is allowing the large number of user sessions to persist
across the multiple hosts in the cluster.  So if this session
data came from the user, rather than a central backend database,
then the hosts could operate much more independently.

	Of course some clients (web browsers/users) do not
support HTTP cookies, for various reasons.  So in that case,
the server-side application could allow the conventional server-side
session-hosting.  Such a session mechanism would take effect
only if the client failed to pass a basic HTTP cookie test.

	Also, cookies have limitations, such as data size.  But,
for example, with a shopping cart application (like I am currently
building for high-availiability deployment), such session data could
easily fit within the 4096-byte limit of the latest HTTP Cookie
RFC (2965).

	Thanks for your thoughts.


Regards, George.

George Webb
gw.nyphp at gwprogramming.com


From jeffknight at mac.com  Thu Aug 14 13:24:38 2003
From: jeffknight at mac.com (Jeff Knight)
Date: Thu, 14 Aug 2003 13:24:38 -0400
Subject: [nycphp-talk] php accelerators
In-Reply-To: <3F3BB8AB.1010000@chxo.com>
Message-ID: <2E98EE1F-CE7C-11D7-B438-000393B9FB36@mac.com>

Just bear in mind that if you're going to use the Zend 
Encoder/Safeguard Suite, you're going to have to run Zend Optimizer 
which is incompatible with ionCube (which is so easy to install and 
use, I'd forgotten that I installed it on one of my servers).

On Thursday, August 14, 2003, at 12:28  PM, Chris Snyder wrote:

> Love ionCube (now called php_accelerator). Best ten minutes of code 
> optimization I ever spent.
>
> I've seen benchmark test of the various pre-compilers, and the 
> conclusion I reached was that if you're really after tip-top 
> performance you should do your own benchmarks. But it's definitely the 
> way to go in general.
>
>    chris.
>
> Lee Semel wrote:
>
>> Has anyone used Zend Accelerator, ionCube, or any other php 
>> acceleration software?  Any opinions, good or bad?
>>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
Jeff Knight
jeff at lushmedia.com
212/730-9611 x 203
LUSH media
110 W 40th St #1502
New York, NY 10018



From danielc at analysisandsolutions.com  Thu Aug 14 14:18:51 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Thu, 14 Aug 2003 14:18:51 -0400
Subject: [nycphp-talk] Cookies as session database [was php scalability]
In-Reply-To: <20030814132510.A3385@vtbear.com>
References: <20030814132510.A3385@vtbear.com>
Message-ID: <20030814181850.GA8887@panix.com>

Hi George:

On Thu, Aug 14, 2003 at 01:25:10PM -0400, George Webb wrote:
> As an offshoot of this topic, what does anyone think of using
> HTTP cookies as the session database?
> ... snip ...
> 	Of course some clients (web browsers/users) do not
> support HTTP cookies, for various reasons.  So in that case,
> the server-side application could allow the conventional server-side
> session-hosting.  Such a session mechanism would take effect
> only if the client failed to pass a basic HTTP cookie test.

On this last point, what if the user accepts some of your cookies, but
then gets sick of your intense use of cookies and just gives up.  While
this population is small, it is out there.

More importantly, if you go this route, remember, cookies can be
altered/forged.  Therefore, don't rely on cookies to tell you if the
person's session is valid and/or logged in.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From mz34 at nyu.edu  Thu Aug 14 16:02:19 2003
From: mz34 at nyu.edu (Matthew Zimmerman)
Date: Thu, 14 Aug 2003 16:02:19 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <008601c361be$e505d0f0$9601a8c0@sparta>
Message-ID: <35A3F4B9-CE92-11D7-851D-00039344DCA8@nyu.edu>

If I am not mistaken, Dreamweaver might have this functionality. I know 
it is a pretty heavy commercial product and not sure if they have a 
Linux version, but I remember one of our students using it as a GUI to 
build SQL Queries.


On Wednesday, August 13, 2003, at 01:18  PM, Ophir Prusak wrote:

> I checked our your class and the ezsql class as well.
> These are great classes and definitely big helpers but I already have 
> code
> that takes care of much of this "low level plumbing".
>
> phplens gives you a web based interface that actually creates the php
> necessary for the forms themselves.
> It looks like I'll need to play around with it myself and I'll post a
> mini-review.
>
> Ophir
>
>> Ophir wrote two messages back...
>>>
>>> and not spend so much time creating the "plumbing" for basic database
>>> operations such as create a new row, edit a row, read a row or 
>>> delete a
> row.
>>
>> These operations are handled by simple queries.  There's no way around
>> programming that... until artificial intelligence, I guess.
>>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
MZ
_________________
Matthew Zimmerman
Humanities Computing Group, NYU
Tel: 212.998.3038
Fax: 212.995.4120



From sterling at bumblebury.com  Sun Aug 17 03:58:55 2003
From: sterling at bumblebury.com (Sterling Hughes)
Date: Sun, 17 Aug 2003 03:58:55 -0400
Subject: [nycphp-talk] php accelerators
In-Reply-To: <20030814160134.91127.qmail@web14706.mail.yahoo.com>
References: <20030814160134.91127.qmail@web14706.mail.yahoo.com>
Message-ID: <1061107135.5565.5.camel@hasele>

Use apc.  Its much faster than ionCube (which is closed source), and its
slowly being used everywhere at Yahoo! now.  Zend Accellerator has some
very cool features (like integrated content caching), but the price tag
is a bit high for most people

I've also heard good things about the Turck MMCache, unfortunately its
GPL, which precludes me from using it.

-Sterling

Am Do, 2003-08-14 um 12.01 schrieb Lee Semel:
> Has anyone used Zend Accelerator, ionCube, or any other php
> acceleration software?  Any opinions, good or bad?
>  
>  
> 
> 
> ______________________________________________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> 
> ______________________________________________________________________
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
-- 
I used to be disgusted, now I find I'm just amused. 
  - Elvis Costello


From max at idsociety.com  Mon Aug 18 09:52:31 2003
From: max at idsociety.com (max goldberg)
Date: Mon, 18 Aug 2003 09:52:31 -0400
Subject: [nycphp-talk] php accelerators
In-Reply-To: <2E98EE1F-CE7C-11D7-B438-000393B9FB36@mac.com>
References: <2E98EE1F-CE7C-11D7-B438-000393B9FB36@mac.com>
Message-ID: <3F40DA1F.5000506@idsociety.com>

There was a product I was playing with on Thursday (pre-blackout) called
Turck MMCache (http://www.turcksoft.com/en/e_mmc.htm). The install
seemed pretty straight forward and easy. I haven't looked into the
actual results yet, but if this thread is still going when I do, I will
post again.

-Max


Jeff Knight wrote:
> Just bear in mind that if you're going to use the Zend Encoder/Safeguard
> Suite, you're going to have to run Zend Optimizer which is incompatible
> with ionCube (which is so easy to install and use, I'd forgotten that I
> installed it on one of my servers).
> 
> On Thursday, August 14, 2003, at 12:28  PM, Chris Snyder wrote:
> 
>> Love ionCube (now called php_accelerator). Best ten minutes of code
>> optimization I ever spent.
>>
>> I've seen benchmark test of the various pre-compilers, and the
>> conclusion I reached was that if you're really after tip-top
>> performance you should do your own benchmarks. But it's definitely the
>> way to go in general.
>>
>>    chris.
>>
>> Lee Semel wrote:
>>
>>> Has anyone used Zend Accelerator, ionCube, or any other php
>>> acceleration software?  Any opinions, good or bad?
>>>
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nyphp.org
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>>
> Jeff Knight
> jeff at lushmedia.com
> 212/730-9611 x 203
> LUSH media
> 110 W 40th St #1502
> New York, NY 10018
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From hans at nyphp.org  Mon Aug 18 11:09:02 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 11:09:02 -0400
Subject: [nycphp-talk] mySQL is kicking my butt Pt II
In-Reply-To: <050401c36209$0425f510$67a76244@philofsoa>
References: <050401c36209$0425f510$67a76244@philofsoa>
Message-ID: <3F40EC0E.8060005@nyphp.org>



Phil Powell wrote:

> alter table fs_usermetadata add foreign key fs_user_category_id 
>  references fs_user_category(fs_user_category_id)
>  on delete cascade
> 
> Isn't this legitimate code to add a foreign key constraint to fs_user_category_id in table fs_usermetadata referencing fs_user_category.fs_user_category_id?

MySQL's default table handler, MyISAM, doesn't support foreign keys and so forth.  So, unless this is an InnoDB DB, it won't work.

http://www.mysql.com/doc/en/InnoDB_foreign_key_constraints.html


H



From soazine at erols.com  Sun Aug 17 16:35:30 2003
From: soazine at erols.com (Phil Powell)
Date: Sun, 17 Aug 2003 16:35:30 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
Message-ID: <07d501c364ff$19cb7c70$67a76244@philofsoa>

I am facing a 2 hour deadline (it's 4:30EST right now) and I can't get past this:

Warning: Unable to create '../content/absolutetruthrelativetruth.txt': Permission denied in /home/youth/finesocceryouthsessions-www/include/admin_content.php on line 80

Warning: Unable to move '/tmp/phpYLgpcn' to '../content/absolutetruthrelativetruth.txt' in /home/youth/finesocceryouthsessions-www/include/admin_content.php on line 80

Warning: chmod failed: No such file or directory in /home/youth/finesocceryouthsessions-www/include/admin_content.php on line 86


Please, someone, anyone on earth, HELP! 

Code:

    if ($hasSubmittedContent) {
     $fileName = str_replace(' ', '_', $_FILES['content']['name']);
     // MOVE TO /content folder AND ADD _ TO ANY SPACES IN ORIGINAL NAME
     move_uploaded_file($_FILES['content']['tmp_name'], "$ACTUAL_STARTPATH/content/$fileName");
    }


    if ($hasSubmittedContent) {
     // LOCK THE FILES DOWN AND REMOVE THE TEMP FILES - LOCK TO PREVENT UNPAID USERS FROM VIEWING
     chmod("$ACTUAL_STARTPATH/content/$fileName", 0700);
     echo $font . '<font color=000099>File Uploaded: ' .
          $ACTUAL_STARTPATH . '/content/' . $fileName . '</font></font><p>';
     @unlink($_FILES['content']['tmp_name']); // SUPPRESS POTENTIAL WARNINGS IF !is_uploaded_file
    }



Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030817/d76943fc/attachment.html>

From gw.nyphp at gwprogramming.com  Thu Aug 14 17:48:32 2003
From: gw.nyphp at gwprogramming.com (George Webb)
Date: Thu, 14 Aug 2003 17:48:32 -0400
Subject: [nycphp-talk] mysql_connect() doesn't affect mysql_error()?
Message-ID: <20030814174832.A1245@vtbear.com>

Hi.  I am calling @mysql_connect(...) with the leading '@' in order
to suppress the error messages.  But then if the connect fails, I
want to capture the exact error string of why the connect failed.
(I.e. send it to the admin, rather than to the user.)

	However, it seems that mysql_error() returns empty
after a failed mysql_connect()!  Is this normal?  Has it always
been this way?  I am using PHP 4.3.2.

	Is the only solution, then, to get rid of the leading '@' and
use the output buffering functions to grab the error message?  That
seems ugly.  Is there another way to re-route the error message after
mysql_connect()?

	Thanks!


Sincerely, George.

George Webb
gw.nyphp at gwprogramming.com


From bpang at bpang.com  Mon Aug 18 11:26:10 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 11:26:10 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
Message-ID: <E19olta-0004i3-Vj@rslrs1-server.com>

are you sure that your $ACTUAL_STARTPATH is a full filesystem path?
i.e.   /home/path/to/actual/start/path

the error seems to indicate that you're just trying to move up
relatively to the parent dir

Hopefully you figured it out as I believe that your 2 hour deadline is
long past due :)


> This is a multi-part message in MIME format.
> 
> 
> I am facing a 2 hour deadline (it's 4:30EST right now) and I can't get
past this:
> 
> Warning: Unable to create '../content/absolutetruthrelativetruth.txt':
Permission denied in
/home/youth/finesocceryouthsessions-www/include/admin_content.php on line 80
> 
> Warning: Unable to move '/tmp/phpYLgpcn' to
'../content/absolutetruthrelativetruth.txt' in
/home/youth/finesocceryouthsessions-www/include/admin_content.php on line 80
> 
> Warning: chmod failed: No such file or directory in
/home/youth/finesocceryouthsessions-www/include/admin_content.php on line 86
> 
> 
> Please, someone, anyone on earth, HELP! 
> 
> Code:
> 
>     if ($hasSubmittedContent) {
>      $fileName = str_replace(' ', '_', $_FILES['content']['name']);
>      // MOVE TO /content folder AND ADD _ TO ANY SPACES IN ORIGINAL NAME
>      move_uploaded_file($_FILES['content']['tmp_name'],
"$ACTUAL_STARTPATH/content/$fileName");
>     }
> 
> 
>     if ($hasSubmittedContent) {
>      // LOCK THE FILES DOWN AND REMOVE THE TEMP FILES - LOCK TO
PREVENT UNPAID USERS FROM VIEWING
>      chmod("$ACTUAL_STARTPATH/content/$fileName", 0700);
>      echo $font . '<font color=000099>File Uploaded: ' .
>           $ACTUAL_STARTPATH . '/content/' . $fileName .
'</font></font><p>';
>      @unlink($_FILES['content']['tmp_name']); // SUPPRESS POTENTIAL
WARNINGS IF !is_uploaded_file
>     }
> 
> 
> 
> Phil
> 





From jemaxwell at jaymax.com  Mon Aug 18 11:42:22 2003
From: jemaxwell at jaymax.com (Joseph Maxwell)
Date: Mon, 18 Aug 2003 08:42:22 -0700
Subject: [nycphp-talk] List moderated?
Message-ID: <3F40F3DD.40DCEF7B@jaymax.com>

Hello,
Is this list moderated? sent a Post on Sat & hasn't shown up as yet -
Mon. morning
--  Joe  --



From danielc at analysisandsolutions.com  Mon Aug 18 11:41:24 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 11:41:24 -0400
Subject: [nycphp-talk] mysql_connect() doesn't affect mysql_error()?
In-Reply-To: <20030814174832.A1245@vtbear.com>
References: <20030814174832.A1245@vtbear.com>
Message-ID: <20030818154124.GA19522@panix.com>

Hey George:

On Thu, Aug 14, 2003 at 05:48:32PM -0400, George Webb wrote:
> Hi.  I am calling @mysql_connect(...) with the leading '@' in order
> to suppress the error messages.  But then if the connect fails, I
> want to capture the exact error string of why the connect failed.
> (I.e. send it to the admin, rather than to the user.)

If you have track_errors = on you can use an approach along the lines of 
what's done in my SQL Solution class:

    $this->SQLConnection = @mysql_connect($this->SQLHost,
            $this->SQLUser, $this->SQLPassword) or die
            ( $this->KillQuery($FileName, $FileLine, $php_errormsg) );

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From hans at nyphp.org  Mon Aug 18 11:57:05 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 11:57:05 -0400
Subject: [nycphp-talk] php scalability
In-Reply-To: <20030814023433.27159.qmail@web14712.mail.yahoo.com>
References: <20030814023433.27159.qmail@web14712.mail.yahoo.com>
Message-ID: <3F40F751.5030805@nyphp.org>


Hi Lee,


Lee Semel wrote:

> It's not always the case that load balancing is independent of the 
> scripting language.  Here's a specific example of something that's 
> automatic in Java, but needs to be programmed into the application in PHP: 
>  
> In a load balanced setting, a user can be switched from one server to 
> another as they use the site.  So the session needs to be available to 
> all servers, and stored in the database.  Java application servers such 
> as JBoss or Weblogic can take care of this automatically, making the 
> session available to all servers without you having to do anything 
> special.  But in PHP, we have to know in advance that this is a problem, 
> so we can set up the session to work this way.

Yes and no, and I'd be hesitant to count on one of the mentioned app servers to take care of things automatically, or "automagically."  Regardless, PHP's session handler is module, so a change isn't catastrophic.  If well architected this should be a none issue.

> Another issue is deploying or upgrading the application on multiple 
> servers, especially if several versions need to be kept around.  I can 
> zip a Java application into a WAR file and send it to all the servers at 
> once, and the configuration and security settings live nicely in a 
> separate web.xml file.  The WAR file can even contain all the automated 
> tasks that would be done by cron jobs.  But in PHP, you need to keep 
> track of all the individual little files in the app, track changes to 
> php.ini files and httpd.conf files, include files, include paths, 
> .htaccess files, PEAR libraries, and cron jobs, all of which can get out 
> of sync and mixed up very easily. 

As others have mentioned, rsync, or even CVS can be a solution here - or, regular tar files with a couple scripts (either shell or php itself).  While PHP doesn't have the pre-packaged feel and convienence of a J-based system, this is often good.  For one, I've found pre-packaged things never really do exactly what you need, and convienance is often an illusion which comes back to bite you later on.

> Neither of these is a big deal in itself, but I'm wondering what other 
> red flags there would be to make PHP work in a load balanced setting, so 
> I can get an idea of the relative cost and effort versus Java.  If there 
> are a lot of tricky little things like this, they can add up to a big 
> job.  I'd like to do it in PHP if at all possible.

It comes back to architecture; either system will fallpart in an environment that isn't well layed out and designed.  Granted, with the money poured into Java and the like, some of the work is done, and it can be helpful.  But it can also be illusive and inflexible, whereas PHP (and AMP in general) lends itself to a better designed and customized environment; and certainly a less expensive one.

Lastly, just to touch on Yahoo!'s use of PHP.  True, they do have a great team of talent, money and resources, and they'll be tweaking PHP (as they have FreeBSD, Apache, MySQL and even Oracle) for their environment to meet their needs.  While these "tweaks" are on a much bigger scale than tweaks needed by your typical site, they also have more traffic than your typical site :)

H



From ejp at well.com  Mon Aug 18 11:52:14 2003
From: ejp at well.com (Edward Potter)
Date: Mon, 18 Aug 2003 11:52:14 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
In-Reply-To: <E19olta-0004i3-Vj@rslrs1-server.com>
Message-ID: <EFA5996B-D193-11D7-815A-000393D9EBFA@well.com>

On these kind of bugs, u can try to become the user your web server 
runs as (maybe 'nobody?' if u don't have a shell account for that user, 
u can sudo nobody from root). Then try to move around in the 
directories, and save files at various points along the path.  May help 
find your bug.

- ed


On Monday, August 18, 2003, at 11:26 AM, Brian Pang wrote:

> are you sure that your $ACTUAL_STARTPATH is a full filesystem path?
> i.e.   /home/path/to/actual/start/path
>
> the error seems to indicate that you're just trying to move up
> relatively to the parent dir
>
> Hopefully you figured it out as I believe that your 2 hour deadline is
> long past due :)
>
>
>> This is a multi-part message in MIME format.
>>
>>
>> I am facing a 2 hour deadline (it's 4:30EST right now) and I can't get
> past this:
>>
>> Warning: Unable to create '../content/absolutetruthrelativetruth.txt':
> Permission denied in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on 
> line 80
>>
>> Warning: Unable to move '/tmp/phpYLgpcn' to
> '../content/absolutetruthrelativetruth.txt' in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on 
> line 80
>>
>> Warning: chmod failed: No such file or directory in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on 
> line 86
>>
>>
>> Please, someone, anyone on earth, HELP!
>>
>> Code:
>>
>>     if ($hasSubmittedContent) {
>>      $fileName = str_replace(' ', '_', $_FILES['content']['name']);
>>      // MOVE TO /content folder AND ADD _ TO ANY SPACES IN ORIGINAL 
>> NAME
>>      move_uploaded_file($_FILES['content']['tmp_name'],
> "$ACTUAL_STARTPATH/content/$fileName");
>>     }
>>
>>
>>     if ($hasSubmittedContent) {
>>      // LOCK THE FILES DOWN AND REMOVE THE TEMP FILES - LOCK TO
> PREVENT UNPAID USERS FROM VIEWING
>>      chmod("$ACTUAL_STARTPATH/content/$fileName", 0700);
>>      echo $font . '<font color=000099>File Uploaded: ' .
>>           $ACTUAL_STARTPATH . '/content/' . $fileName .
> '</font></font><p>';
>>      @unlink($_FILES['content']['tmp_name']); // SUPPRESS POTENTIAL
> WARNINGS IF !is_uploaded_file
>>     }
>>
>>
>>
>> Phil
>>
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From hans at nyphp.org  Mon Aug 18 11:59:58 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 11:59:58 -0400
Subject: [nycphp-talk] List moderated?
In-Reply-To: <3F40F3DD.40DCEF7B@jaymax.com>
References: <3F40F3DD.40DCEF7B@jaymax.com>
Message-ID: <3F40F7FE.1000408@nyphp.org>


Hi Joe,

Joseph Maxwell wrote:
> Hello,
> Is this list moderated? sent a Post on Sat & hasn't shown up as yet -
> Mon. morning

This list isn't moderated, but we've had, well - a bit of an electricity problem :)  Chances are, you're post is in bit heaven.  Please repost.

Sorry for the inconvenience,

H



From shiflett at php.net  Mon Aug 18 11:56:01 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 18 Aug 2003 08:56:01 -0700 (PDT)
Subject: [nycphp-talk] Cookies as session database [was php scalability]
In-Reply-To: <20030814132510.A3385@vtbear.com>
Message-ID: <20030818155601.68876.qmail@web14306.mail.yahoo.com>

--- George Webb <gw.nyphp at gwprogramming.com> wrote:
> As an offshoot of this topic, what does anyone think of using
> HTTP cookies as the session database?

My apologies if my response is extremely late; I m just now able to catch up on
things.

I would just like to reiterate the points Dan made, specifically:

1. This approach is less secure.
2. This approach is less efficient.

To explain the first point, consider that you are suggesting storing client
data in cookies. This means that the risk of exposure is insanely high; this
data is being sent across the public Internet for every single transaction.

As for performance, you are adding a significant amount of overheard for every
single transaction. The same characteristic that makes this approach less
secure makes it less efficient. Rather than the client simply having to
identify itself, it is now sending you all session data in every request. In
addtion to this, you are sending back all session data you want to modify.

At any rate, I hope we've talked you out of this approach. :-)

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From mwithington at PLMresearch.com  Sun Aug 17 20:20:30 2003
From: mwithington at PLMresearch.com (Mark L. Withington)
Date: Sun, 17 Aug 2003 20:20:30 -0400
Subject: [nycphp-talk] Database synchronization
In-Reply-To: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE35875FC80@network.PLMresearch.com>
Message-ID: <000201c3651e$89a56cd0$3ed095ce@PLMresearch.com>

Can anyone direct me to php based, mySQL database synchronization tools?
I have two separate databases that I would like to
upload/download/synchronize via a cron job and/or a hyperlink.  Ideally,
I'd like to be able to choose the fields/tables I wish to map.  I
there's some GPL stuff already out there...

Thanks,

Mark  

--------------------------
Mark L. Withington
PLMresearch
"eBusiness for the Midsize Enterprise"
PO Box 1354
Plymouth, MA  02362
o: 800-310-3992
f: 508-746-4973
v: 508-746-2383
m: 508-801-0181
http://www.PLMresearch.com
Netscape/AOL/MSN IM: PLMresearch
mwithington at plmresearch.com
Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc
Calendar: http://www.plmresearch.com/calendar.php





From csnyder at chxo.com  Mon Aug 18 12:30:47 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 12:30:47 -0400
Subject: [nycphp-talk] Finding current status of httpd
Message-ID: <3F40FF37.1030407@chxo.com>

Without compiling in mod_status support, which I will do in absence of a
quicker fix, is there any way to tell what request a particular httpd
process is serving?

Googlebot is using up 100% of my CPU, I'm curious to see what it is
getting hung up on.

By the way, I've tried lsof -p <pid of process> but it doesn't tell me
what file is being served, it just lists all the logs and the connection
to the Googlebot.

    chris.




From soazine at erols.com  Fri Aug 15 01:29:47 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 15 Aug 2003 01:29:47 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
Message-ID: <022b01c362ee$3dd89b10$67a76244@philofsoa>

 have written a function that is supposed to compare the first three nodes of an IP address, but it is riddled with errors that I have given up trying to figure out.

Is there an existing function out there that can do this? I want to compare "127.0.0.1" with "127.0.0.100" and come with as a "match", or "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and "127.255.0.0".

Here is what I have:

/*--------------------------------------------------------------------------------------------
    This function will compare the first three instances of an IP address by splitting apart,
    gathering into a string the first three IP address nodes, and then returning strcmp of the
    two.  Will return a 1 if they are identical, otherwise, will return a 0.
  ---------------------------------------------------------------------------------------------*/
  function ip_isThreeNodeIdentical($ip1, $ip2) {
   if (!preg_match('/^([0-9]+\.)+[0-9]+$/i', $ip1) || !preg_match('/^([0-9]+\.)+[0-9]+$/i', $ip2)) {
    return 0;
   } else {
    $ip_array1 = explode('.', $ip1); $ip_array2 = explode('.', $ip2);
    foreach (array('1', '2') as $key => $val) {
     $ipArrayVal = 'ip_array' . $val; $ipCompareVal = 'ipCompare' . $val;
     for ($i = 0; $i < sizeof(${$ipArrayVal}) - 1; $i++) 
      ${ipCompareVal} .= ${ipArrayVal}[$i] . '.';
     ${ipCompareVal} = substr(${ipCompareVal}, 0, strrpos(${ipCompareVal), '.') - 1); 
    }
    return (strcmp($ipCompare1, $ipCompare2) == 0) ? 1 : 0;
   }
  }

I tried. :(

Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030815/a670fae1/attachment.html>

From hans at nyphp.org  Mon Aug 18 12:48:20 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 12:48:20 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <022b01c362ee$3dd89b10$67a76244@philofsoa>
References: <022b01c362ee$3dd89b10$67a76244@philofsoa>
Message-ID: <3F410354.3070002@nyphp.org>



Phil Powell wrote:

>  have written a function that is supposed to compare the first three 
> nodes of an IP address, but it is riddled with errors that I have given 
> up trying to figure out.
>  
> Is there an existing function out there that can do this? I want to 
> compare "127.0.0.1" with "127.0.0.100" and come with as a "match", or 
> "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and 
> "127.255.0.0".

IPs are really just long ints.

This should take care of things:

http://us4.php.net/ip2long


H



From hans at nyphp.org  Mon Aug 18 12:54:21 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 12:54:21 -0400
Subject: [nycphp-talk] Finding current status of httpd
In-Reply-To: <3F40FF37.1030407@chxo.com>
References: <3F40FF37.1030407@chxo.com>
Message-ID: <3F4104BD.5080703@nyphp.org>



Chris Snyder wrote:

> Without compiling in mod_status support, which I will do in absence of a
> quicker fix, is there any way to tell what request a particular httpd
> process is serving?

Not that I know - at least not as complete as mod_status provides.  There is a scoreboard file, which I haven't played around with much, but might help.

> Googlebot is using up 100% of my CPU, I'm curious to see what it is
> getting hung up on.
> 
> By the way, I've tried lsof -p <pid of process> but it doesn't tell me
> what file is being served, it just lists all the logs and the connection
> to the Googlebot.

Hmm, I think it should.  What about some of the other flags, like -d and so forth?  But I'd just go ahead load mod_status up :)

H




From rolan at datawhorehouse.com  Mon Aug 18 12:48:55 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Mon, 18 Aug 2003 12:48:55 -0400
Subject: [nycphp-talk] Finding current status of httpd
In-Reply-To: <3F40FF37.1030407@chxo.com>
References: <3F40FF37.1030407@chxo.com>
Message-ID: <3F410377.7030001@datawhorehouse.com>

You can go into the http logs and grep for the process number.
That might give a clue.
Do something like a "tail -100 access_log | grep <pid that is hogging 
all cpu>"



Chris Snyder wrote:

> Without compiling in mod_status support, which I will do in absence of a
> quicker fix, is there any way to tell what request a particular httpd
> process is serving?
>
> Googlebot is using up 100% of my CPU, I'm curious to see what it is
> getting hung up on.
>
> By the way, I've tried lsof -p <pid of process> but it doesn't tell me
> what file is being served, it just lists all the logs and the connection
> to the Googlebot.
>
>    chris.
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From shiflett at php.net  Mon Aug 18 12:51:36 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 18 Aug 2003 09:51:36 -0700 (PDT)
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <022b01c362ee$3dd89b10$67a76244@philofsoa>
Message-ID: <20030818165136.49598.qmail@web14305.mail.yahoo.com>

--- Phil Powell <soazine at erols.com> wrote:
> have written a function that is supposed to compare the first three
> nodes of an IP address, but it is riddled with errors that I have
> given up trying to figure out.
> 
> Is there an existing function out there that can do this? I want to
> compare "127.0.0.1" with "127.0.0.100" and come with as a "match",
> or "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and
> "127.255.0.0".

This probably isn't the best solution, since it's just ad hoc email coding
(untested, etc.), but it seems a bit better than what you were trying:

$ip1 = '127.0.0.1';
$ip2 = '127.0.0.2';

$ip1_array = explode('.', $ip1);
$ip2_array = explode('.', $ip2);

$ip1_array['3'] = '';
$ip2_array['3'] = '';

$ip1 = implode('.', $ip1_array);
$ip2 = implode('.', $ip2_array);

if ($ip1 == $ip2)
{
     echo "First three octets are identical\n";
}

I'm sure there is a cooler way to compare the two using logical bitwise stuff,
but this might be easier to understand.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From rolan at datawhorehouse.com  Mon Aug 18 13:03:19 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Mon, 18 Aug 2003 13:03:19 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <3F410354.3070002@nyphp.org>
References: <022b01c362ee$3dd89b10$67a76244@philofsoa>
	<3F410354.3070002@nyphp.org>
Message-ID: <3F4106D7.1070306@datawhorehouse.com>

or the ghetto way:

function compareip($ipa,$ipb) {
    if (stristr(strrev($ipa),".")==stristr(strrev($ipb),".")) {return true;}
    else {return false;}
}

~Rolan

Hans Zaunere wrote:

>
>
> Phil Powell wrote:
>
>>  have written a function that is supposed to compare the first three 
>> nodes of an IP address, but it is riddled with errors that I have 
>> given up trying to figure out.
>>  
>> Is there an existing function out there that can do this? I want to 
>> compare "127.0.0.1" with "127.0.0.100" and come with as a "match", or 
>> "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and 
>> "127.255.0.0".
>
>
> IPs are really just long ints.
>
> This should take care of things:
>
> http://us4.php.net/ip2long
>
>
> H
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From nyphp at websapp.com  Mon Aug 18 13:17:01 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Mon, 18 Aug 2003 13:17:01 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <3F4106D7.1070306@datawhorehouse.com>
Message-ID: <OKEHLLMAFAOHECBMOGEPCEOJEPAA.nyphp@websapp.com>

> or the ghetto way:
>
> function compareip($ipa,$ipb) {
>     if (stristr(strrev($ipa),".")==stristr(strrev($ipb),"."))
> {return true;}
>     else {return false;}
> }

In general, it is good practice to return the Boolean evaluation in such
cases:

function compareip($ipa,$ipb) {
    return stristr(strrev($ipa),".")==stristr(strrev($ipb),".");
}


Best,
Daniel Kushner




From rolan at datawhorehouse.com  Mon Aug 18 13:19:35 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Mon, 18 Aug 2003 13:19:35 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <OKEHLLMAFAOHECBMOGEPCEOJEPAA.nyphp@websapp.com>
References: <OKEHLLMAFAOHECBMOGEPCEOJEPAA.nyphp@websapp.com>
Message-ID: <3F410AA7.6060607@datawhorehouse.com>

even better! :)

Daniel Kushner wrote:

>>or the ghetto way:
>>
>>function compareip($ipa,$ipb) {
>>    if (stristr(strrev($ipa),".")==stristr(strrev($ipb),"."))
>>{return true;}
>>    else {return false;}
>>}
>>    
>>
>
>In general, it is good practice to return the Boolean evaluation in such
>cases:
>
>function compareip($ipa,$ipb) {
>    return stristr(strrev($ipa),".")==stristr(strrev($ipb),".");
>}
>
>
>Best,
>Daniel Kushner
>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>



From psaw at pswebcode.com  Fri Aug 15 10:17:23 2003
From: psaw at pswebcode.com (pswebcode, nyc)
Date: Fri, 15 Aug 2003 10:17:23 -0400
Subject: [nycphp-talk] Hope you are okay
Message-ID: <000101c36337$f29c3360$68e4a144@bronco>

Lights are on, but it is uniquely quiet. 

Warmest regards,

Peter Sawczynec, Technology Director
PSWebcode -- Web Development and 
Site Architecture
psaw at pswebcode.com
www.pswebcode.com
718.543.3240



From soazine at erols.com  Mon Aug 18 13:29:34 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 13:29:34 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
References: <E19olta-0004i3-Vj@rslrs1-server.com>
Message-ID: <0aca01c365ae$4b2b9c50$67a76244@philofsoa>

That was a lot of fun, and I missed the deadline by a good 6 hours.  It's
still buggy inasmuch as they can view documents without password protection,
but if I tighten the folder any, nobody can view any.

Suggestions are helpful, I've run out.

Phil
----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 11:26 AM
Subject: Re: [nycphp-talk] 2 hour EMERGENCY HELP!


> are you sure that your $ACTUAL_STARTPATH is a full filesystem path?
> i.e.   /home/path/to/actual/start/path
>
> the error seems to indicate that you're just trying to move up
> relatively to the parent dir
>
> Hopefully you figured it out as I believe that your 2 hour deadline is
> long past due :)
>
>
> > This is a multi-part message in MIME format.
> >
> >
> > I am facing a 2 hour deadline (it's 4:30EST right now) and I can't get
> past this:
> >
> > Warning: Unable to create '../content/absolutetruthrelativetruth.txt':
> Permission denied in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on line
80
> >
> > Warning: Unable to move '/tmp/phpYLgpcn' to
> '../content/absolutetruthrelativetruth.txt' in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on line
80
> >
> > Warning: chmod failed: No such file or directory in
> /home/youth/finesocceryouthsessions-www/include/admin_content.php on line
86
> >
> >
> > Please, someone, anyone on earth, HELP!
> >
> > Code:
> >
> >     if ($hasSubmittedContent) {
> >      $fileName = str_replace(' ', '_', $_FILES['content']['name']);
> >      // MOVE TO /content folder AND ADD _ TO ANY SPACES IN ORIGINAL NAME
> >      move_uploaded_file($_FILES['content']['tmp_name'],
> "$ACTUAL_STARTPATH/content/$fileName");
> >     }
> >
> >
> >     if ($hasSubmittedContent) {
> >      // LOCK THE FILES DOWN AND REMOVE THE TEMP FILES - LOCK TO
> PREVENT UNPAID USERS FROM VIEWING
> >      chmod("$ACTUAL_STARTPATH/content/$fileName", 0700);
> >      echo $font . '<font color=000099>File Uploaded: ' .
> >           $ACTUAL_STARTPATH . '/content/' . $fileName .
> '</font></font><p>';
> >      @unlink($_FILES['content']['tmp_name']); // SUPPRESS POTENTIAL
> WARNINGS IF !is_uploaded_file
> >     }
> >
> >
> >
> > Phil
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From soazine at erols.com  Mon Aug 18 13:32:46 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 13:32:46 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
References: <022b01c362ee$3dd89b10$67a76244@philofsoa><3F410354.3070002@nyphp.org>
	<3F4106D7.1070306@datawhorehouse.com>
Message-ID: <0adb01c365ae$bd5ed710$67a76244@philofsoa>

I'm from Southeast DC, Rolan, so everything I do is ghetto: ;)

function is_identicalThreeNodeIP($ip1, $ip2) {
 return (substr($ip1, 0, strrpos($ip1, '.')) === substr($ip2, 0,
strrpos($ip2, '.'))) ? '1' : '0';
}

Phil
----- Original Message ----- 
From: "Rolan" <rolan at datawhorehouse.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 1:03 PM
Subject: Re: [nycphp-talk] I need a function that will compare IP addresses


> or the ghetto way:
>
> function compareip($ipa,$ipb) {
>     if (stristr(strrev($ipa),".")==stristr(strrev($ipb),".")) {return
true;}
>     else {return false;}
> }
>
> ~Rolan
>
> Hans Zaunere wrote:
>
> >
> >
> > Phil Powell wrote:
> >
> >>  have written a function that is supposed to compare the first three
> >> nodes of an IP address, but it is riddled with errors that I have
> >> given up trying to figure out.
> >>
> >> Is there an existing function out there that can do this? I want to
> >> compare "127.0.0.1" with "127.0.0.100" and come with as a "match", or
> >> "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and
> >> "127.255.0.0".
> >
> >
> > IPs are really just long ints.
> >
> > This should take care of things:
> >
> > http://us4.php.net/ip2long
> >
> >
> > H
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From soazine at erols.com  Mon Aug 18 13:33:36 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 13:33:36 -0400
Subject: [nycphp-talk] mySQL is kicking my butt Pt II
References: <050401c36209$0425f510$67a76244@philofsoa>
	<3F40EC0E.8060005@nyphp.org>
Message-ID: <0ae101c365ae$dae7b900$67a76244@philofsoa>

So I found out.  How in the world then do you constrain your fields and do
cascade deletes?

Phil
----- Original Message ----- 
From: "Hans Zaunere" <hans at nyphp.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 11:09 AM
Subject: Re: [nycphp-talk] mySQL is kicking my butt Pt II


>
>
> Phil Powell wrote:
>
> > alter table fs_usermetadata add foreign key fs_user_category_id
> >  references fs_user_category(fs_user_category_id)
> >  on delete cascade
> >
> > Isn't this legitimate code to add a foreign key constraint to
fs_user_category_id in table fs_usermetadata referencing
fs_user_category.fs_user_category_id?
>
> MySQL's default table handler, MyISAM, doesn't support foreign keys and so
forth.  So, unless this is an InnoDB DB, it won't work.
>
> http://www.mysql.com/doc/en/InnoDB_foreign_key_constraints.html
>
>
> H
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From csnyder at chxo.com  Mon Aug 18 13:42:48 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 13:42:48 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
In-Reply-To: <0aca01c365ae$4b2b9c50$67a76244@philofsoa>
References: <E19olta-0004i3-Vj@rslrs1-server.com>
	<0aca01c365ae$4b2b9c50$67a76244@philofsoa>
Message-ID: <3F411018.90502@chxo.com>

Try to rewrite it using absolute paths rather than relative, then check 
and recheck directory permissions. If PHP is moving a file somewhere, 
the target directory must be writeable by "nobody" or whomever the 
webserver runs as.

Whenever I need to do that kind of thing I set the group ownership of 
the target directory to nobody, then chmod 770. I figure it's a shade 
better than world-writeable, but not much.

Lately I've been trying to move files around with FTP instead so that 
they have the proper ownership, but that's a whole other ball of wax.

    chris.

Phil Powell wrote:

>Suggestions are helpful, I've run out.
>
>Phil
>
>  
>



From danielc at analysisandsolutions.com  Mon Aug 18 14:41:49 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 14:41:49 -0400
Subject: [nycphp-talk] 2 hour EMERGENCY HELP!
In-Reply-To: <3F411018.90502@chxo.com>
References: <E19olta-0004i3-Vj@rslrs1-server.com>
	<0aca01c365ae$4b2b9c50$67a76244@philofsoa>
	<3F411018.90502@chxo.com>
Message-ID: <20030818184149.GA6890@panix.com>

On Mon, Aug 18, 2003 at 01:42:48PM -0400, Chris Snyder wrote:
> If PHP is moving a file somewhere, 
> the target directory must be writeable by "nobody" or whomever the 
> webserver runs as.

Run the script as a CGI.  Then the process and the files it creates will
run as your user id.  Therefore, you can set the permissions on the
directories and files to 700 so only the script and you can access them.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From soazine at erols.com  Mon Aug 18 15:04:00 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 15:04:00 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewing non-ASCII
Message-ID: <0b8401c365bb$7c135f80$67a76244@philofsoa>

This challenge is beyond me, as it seems to be the case.

I am having to set up a user-authentication script that is basic logon/registration process.  mySQL db captures username, password, and other important fields such as their payment category and isAdmin (if they are an admin on the site).  Once stored they will be able to login once payment category is '4' (which means 'PAID').  

Upon being able to login, one of the features any user, admin or not, can do is to view restricted files in the /web/contents folder.  They can view the list or click onto a link and view the file itself (assuming it's a url-friendly file like .txt or .doc or .pdf or something).

Here's where I am totally stuck.

The /web/contents folder must be locked down so that the outside world cannot view it; only authenticated users must view it.  Problem is, by doing that I force a double-login since that would involve using .htaccess on the folder.  (Note, I was told mySQL has a means of interfacing with .htacesss, however, that too would fail because the requirements for login involve username, password, isAdmin and payment_category all being set to certain values).

I thought of locking down the folder to 700 and each script uploaded to 600 (using TCL CGI instead of PHP to do the actual uploading), however, how would I be able to allow for users to VIEW non-ASCII files (like .doc or .pdf)?

Has anyone faced anything like that, if so, please let me know.

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030818/5fb8d20e/attachment.html>

From wfan at encogent.com  Mon Aug 18 15:18:47 2003
From: wfan at encogent.com (Wellington Fan)
Date: Mon, 18 Aug 2003 15:18:47 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <3F410354.3070002@nyphp.org>
Message-ID: <NGBBIDLNCJJKIBJPNEHEGEAIEBAA.wfan@encogent.com>

Folks!

Try this:

<?php
function compareIPs($ip1,$ip2,$subnet='255.255.255.0') {
	$ip1quads = explode('.',$ip1);
	$ip2quads = explode('.',$ip2);
	$snquads = explode('.',$subnet);

	$identical = true;
	foreach( $snquads as $i => $mask) {
		$masked1 = (int) $ip1quads[$i] & (int) $mask;
		$masked2 = (int) $ip2quads[$i] & (int) $mask;
		$identical &= ($masked1 == $masked2 ? true:false);
	}

	return $identical;
}


echo '<li>'.compareIPs('192.168.0.3','192.168.0.4');
echo '<li>'.compareIPs('192.168.1.3','192.168.0.4');
echo '<li>'.compareIPs('192.168.1.3','192.168.0.4','255.255.0.0');
echo '<li>'.compareIPs('10.0.0.1','10.0.0.2','255.0.0.0');

?>


compareIPs will take 2 or 3 parameters; each is a dotted quad passed in as a
string.

The last parameter is the subnet mask (or netmask), and the default value is
'255.255.255.0' which ignores the last quad when comparing.

--
Wellington




From bpang at bpang.com  Mon Aug 18 15:26:26 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 15:26:26 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewing non-ASCII
Message-ID: <E19ope6-0006up-Ha@rslrs1-server.com>

I use a function which invokes fpassthru

first I check to make sure the user has the right priviledges, if so,
then pass the file thru...

the link to the file might end up being something like

fileGetter.php?filename=word.doc

just remember to properly set the headers





> This is a multi-part message in MIME format.
> 
> 
> This challenge is beyond me, as it seems to be the case.
> 
> I am having to set up a user-authentication script that is basic
logon/registration process.  mySQL db captures username, password, and
other important fields such as their payment category and isAdmin (if
they are an admin on the site).  Once stored they will be able to login
once payment category is '4' (which means 'PAID').  
> 
> Upon being able to login, one of the features any user, admin or not,
can do is to view restricted files in the /web/contents folder.  They
can view the list or click onto a link and view the file itself
(assuming it's a url-friendly file like .txt or .doc or .pdf or something).
> 
> Here's where I am totally stuck.
> 
> The /web/contents folder must be locked down so that the outside world
cannot view it; only authenticated users must view it.  Problem is, by
doing that I force a double-login since that would involve using
.htaccess on the folder.  (Note, I was told mySQL has a means of
interfacing with .htacesss, however, that too would fail because the
requirements for login involve username, password, isAdmin and
payment_category all being set to certain values).
> 
> I thought of locking down the folder to 700 and each script uploaded
to 600 (using TCL CGI instead of PHP to do the actual uploading),
however, how would I be able to allow for users to VIEW non-ASCII files
(like .doc or .pdf)?
> 
> Has anyone faced anything like that, if so, please let me know.
> 
> Thanx
> Phil
> 





From csnyder at chxo.com  Mon Aug 18 15:28:36 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 15:28:36 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,	PHP and viewing
	non-ASCII
In-Reply-To: <0b8401c365bb$7c135f80$67a76244@philofsoa>
References: <0b8401c365bb$7c135f80$67a76244@philofsoa>
Message-ID: <3F4128E4.3080609@chxo.com>

One way to do it is to store the locked-down content outside of the 
document root, and then use a php script as a gatekeeper-- if a user 
requests a file, the script checks authentication, sends an appropriate 
Content-type header, and then outputs the file.

If you decide to go that route, you need to figure out how to call the 
gatekeeper script:

Easy way:
http://example.com/gatekeeper.php?file=realtive/path/to/file.pdf 

Harder, using Apache location directive (see below):
http://example.com/gatekeeper/path/to/file.pdf

For the second example to work, you'd need the following in httpd.conf 
(Location directives aren't allowed in htaccess):
<Location /gatekeeper>
    ForceType application/x-httpd-php
</Location>

Warning-- make sure your gatekeeper script doesn't allow the user to 
access a file outside of the content directory. Always prepend a content 
root and reject any paths with .. in them, otherwise you may end up with 
someone asking for ../../../etc/passwd

    chris.

Phil Powell wrote:

> This challenge is beyond me, as it seems to be the case.
>  
> I am having to set up a user-authentication script that is basic 
> logon/registration process.  mySQL db captures username, password, and 
> other important fields such as their payment category and isAdmin (if 
> they are an admin on the site).  Once stored they will be able to 
> login once payment category is '4' (which means 'PAID'). 
>  
> Upon being able to login, one of the features any user, admin or not, 
> can do is to view restricted files in the /web/contents folder.  They 
> can view the list or click onto a link and view the file itself 
> (assuming it's a url-friendly file like .txt or .doc or .pdf or 
> something).
>  
> Here's where I am totally stuck.
>  
> The /web/contents folder must be locked down so that the outside world 
> cannot view it; only authenticated users must view it.  Problem is, by 
> doing that I force a double-login since that would involve using 
> .htaccess on the folder.  (Note, I was told mySQL has a means of 
> interfacing with .htacesss, however, that too would fail because the 
> requirements for login involve username, password, isAdmin and 
> payment_category all being set to certain values).
>  
> I thought of locking down the folder to 700 and each script uploaded 
> to 600 (using TCL CGI instead of PHP to do the actual uploading), 
> however, how would I be able to allow for users to VIEW non-ASCII 
> files (like .doc or .pdf)?
>  
> Has anyone faced anything like that, if so, please let me know.
>  
> Thanx
> Phil
>
>------------------------------------------------------------------------
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>  
>



From soazine at erols.com  Mon Aug 18 15:30:17 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 15:30:17 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewing non-ASCII
References: <E19ope6-0006up-Ha@rslrs1-server.com>
Message-ID: <0bc101c365bf$2808a540$67a76244@philofsoa>

I looked up fpassthru online and how to set the headers.  Your solution
sounds fine for hopefully viewing a single file, but how about producing a
list of files for display?

Thanx
Phil

----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 3:26 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and viewing
non-ASCII


> I use a function which invokes fpassthru
>
> first I check to make sure the user has the right priviledges, if so,
> then pass the file thru...
>
> the link to the file might end up being something like
>
> fileGetter.php?filename=word.doc
>
> just remember to properly set the headers
>
>
>
>
>
> > This is a multi-part message in MIME format.
> >
> >
> > This challenge is beyond me, as it seems to be the case.
> >
> > I am having to set up a user-authentication script that is basic
> logon/registration process.  mySQL db captures username, password, and
> other important fields such as their payment category and isAdmin (if
> they are an admin on the site).  Once stored they will be able to login
> once payment category is '4' (which means 'PAID').
> >
> > Upon being able to login, one of the features any user, admin or not,
> can do is to view restricted files in the /web/contents folder.  They
> can view the list or click onto a link and view the file itself
> (assuming it's a url-friendly file like .txt or .doc or .pdf or
something).
> >
> > Here's where I am totally stuck.
> >
> > The /web/contents folder must be locked down so that the outside world
> cannot view it; only authenticated users must view it.  Problem is, by
> doing that I force a double-login since that would involve using
> .htaccess on the folder.  (Note, I was told mySQL has a means of
> interfacing with .htacesss, however, that too would fail because the
> requirements for login involve username, password, isAdmin and
> payment_category all being set to certain values).
> >
> > I thought of locking down the folder to 700 and each script uploaded
> to 600 (using TCL CGI instead of PHP to do the actual uploading),
> however, how would I be able to allow for users to VIEW non-ASCII files
> (like .doc or .pdf)?
> >
> > Has anyone faced anything like that, if so, please let me know.
> >
> > Thanx
> > Phil
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From csnyder at chxo.com  Mon Aug 18 15:33:59 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 15:33:59 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,	PHP and viewing
	non-ASCII
In-Reply-To: <0bc101c365bf$2808a540$67a76244@philofsoa>
References: <E19ope6-0006up-Ha@rslrs1-server.com>
	<0bc101c365bf$2808a540$67a76244@philofsoa>
Message-ID: <3F412A27.9000809@chxo.com>

Check out the directory() functions.


Phil Powell wrote:

>I looked up fpassthru online and how to set the headers.  Your solution
>sounds fine for hopefully viewing a single file, but how about producing a
>list of files for display?
>
>Thanx
>Phil
>
>
>  
>



From soazine at erols.com  Mon Aug 18 15:51:16 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 15:51:16 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>
	<3F412A27.9000809@chxo.com>
Message-ID: <0be201c365c2$165f7000$67a76244@philofsoa>

I have that already:

if (!($dirID = opendir($ACTUAL_STARTPATH . '/content/')) && $hasCookie) {
   $html .= $font . '<font color=cc0000><li>Could not open files in content
folder</li></font></font><p>';
  } else if ($hasCookie) {

   clearstatcache(); // CLEAR THE STATUS CACHE FOR is_file() TO PROPERLY
DETERMINE FILE STATUS
   $html .= $font . 'Contents: <p>';
   while (($file = readdir($dirID)) !== false) {
    if (is_file($file) || !preg_match('/^\./', $file)) {
     $html .= "\n<br><a href=/content/" . substr($file, strrpos('/', $file),
strlen($file)) .
              '>' . substr($file, strrpos('/', $file), strlen($file)) .
"</a><p>\n";
    }
   }
  }

However, this only works if the directory has permissions of at least 755
and each file at 777.  But that's not what the client wants, he wants it to
be set to permissions that the "outside world" can't view unless they log in
and are authenticated beforehand.

Phil
----- Original Message ----- 
From: "Chris Snyder" <csnyder at chxo.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 3:33 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
viewingnon-ASCII


> Check out the directory() functions.
>
>
> Phil Powell wrote:
>
> >I looked up fpassthru online and how to set the headers.  Your solution
> >sounds fine for hopefully viewing a single file, but how about producing
a
> >list of files for display?
> >
> >Thanx
> >Phil
> >
> >
> >
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Mon Aug 18 16:07:25 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 16:07:25 -0400
Subject: [nycphp-talk] php problems from SecurityFocus Newsletter # 210
Message-ID: <20030818200724.GA9441@panix.com>

Hey Folks:

Last weeks lull has been more than made up by this weeks flood, including 
a vulnerability in PHP itself...

---------------------------
A PROBLEM IN PHP ITSELF !!!
---------------------------
PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
http://www.securityfocus.com/bid/8405

A problem has been reported in the dlopen function of PHP when used with
the Apache web server.  Because of this, an attacker may be able to gain
unauthorized access to potentially sensitive information.

The problem is in the ability to access the memory of the calling process.
When a PHP script is executed by an Apache process, it is possible to
dump the contents of the Apache process memory to a text file.  This could
be used by an attacker to gain access to potentially sensitive information
which could include authentication credentials.  The function may also
permit other attacks, such as allowing an attacker to deliver different
content other than what the server is configured to serve.


-----------------------------
PROBLEMS IN APPS THAT USE PHP
-----------------------------
[Yet more] PostNuke Downloads / Web_Links Modules TTitle Cross-site Scr...
http://www.securityfocus.com/bid/8374

Multiple geeeekShop Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/8380

Invision Power Board Admin.PHP Cross-Site Scripting Vulnerab...
http://www.securityfocus.com/bid/8381

DCForum+ Subject Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/8384
[This issue is exposed through the dcboard.php script.]

Better Basket Pro Store Builder Remote Path Disclosure Vulne...
http://www.securityfocus.com/bid/8386

PHPOutSourcing Zorum Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/8388

News Wizard Path Disclosure Vulnerability
http://www.securityfocus.com/bid/8389

PHP Website Calendar Module SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/8390

PHP Website Multiple Module Cross-Site Scripting Vulnerabili...
http://www.securityfocus.com/bid/8393

PHPOutsourcing Zorum Path Disclosure Vulnerability
http://www.securityfocus.com/bid/8396

Horde Application Framework Account Hijacking Vulnerability
http://www.securityfocus.com/bid/8399

HostAdmin Path Disclosure Vulnerability
http://www.securityfocus.com/bid/8401

Xoops BBCode HTML Injection Vulnerability
http://www.securityfocus.com/bid/8414

HolaCMS HTMLtags.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/8416


Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From bpang at bpang.com  Mon Aug 18 16:08:42 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 16:08:42 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
Message-ID: <E19oqJ0-0001tR-6y@rslrs1-server.com>



How do you guys/gals deal with the IE Page Expired page which is
generated if you use the back button to return to a page which had form
POST information in it originally?

For example:
  formPage.php - Fill out a form and submit (method is POST) to
formResult.php
  formResult.php - Shows the result of the form submission/post; i.e.
"Your order has been placed" or "Thank you for contacting us" etc...

  from formResult.php the user clicks a link back to the homepage.
  from the homepage, the user hits the back button.

Netscape and Mozilla give the little popup window warning/notice and ask
if you want to resubmit/resend the information.

Internet Explorer shows the nasty "Warning Page Expired" page, which, if
you refresh, then brings up a prompt similar to Netscape/Mozilla.


The little prompt to resubmit info isn't ideal, either, but at least
it's not the Warning Page Expired page.

Short of not using POST (which would be unreasonable) or page redirects
(nearly as undesirable), has anyone figured out a good clean way to get
around this?

thanks

p.s. of course, assume that the pages have adequate navigation, etc, so
that users are REQUIRED to hit the back button. :)



From danielc at analysisandsolutions.com  Mon Aug 18 16:09:43 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 16:09:43 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
In-Reply-To: <0be201c365c2$165f7000$67a76244@philofsoa>
References: <3F412A27.9000809@chxo.com>
	<0be201c365c2$165f7000$67a76244@philofsoa>
Message-ID: <20030818200943.GB9441@panix.com>

Phil:

On Mon, Aug 18, 2003 at 03:51:16PM -0400, Phil Powell wrote:
> 
> However, this only works if the directory has permissions of at least 755
> and each file at 777.

Guess you didn't see my posting on this subject saying in situations like 
the one you're coding for, it's best to run the scripts as CGI's.

Later,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From danielc at analysisandsolutions.com  Mon Aug 18 16:11:51 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 16:11:51 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <E19oqJ0-0001tR-6y@rslrs1-server.com>
References: <E19oqJ0-0001tR-6y@rslrs1-server.com>
Message-ID: <20030818201151.GC9441@panix.com>

Brian:

On Mon, Aug 18, 2003 at 04:08:42PM -0400, Brian Pang wrote:
> 
> How do you guys/gals deal with the IE Page Expired page which is
> generated if you use the back button to return to a page which had form
> POST information in it originally?

Sounds like you/your server is setting cache headers.  Don't.  Then your
problems will disappear.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From csnyder at chxo.com  Mon Aug 18 16:12:52 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 16:12:52 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
In-Reply-To: <0be201c365c2$165f7000$67a76244@philofsoa>
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>	<3F412A27.9000809@chxo.com>
	<0be201c365c2$165f7000$67a76244@philofsoa>
Message-ID: <3F413344.7040205@chxo.com>

True about the permissions -- the webserver user has to be able to read 
the files (though not necessarily write or execute them in this case).

But if the /content directory is outside of the webserver's document 
root, then someone would need another means of access to the server in 
order to read the files-- they couldn't get at them via http.

As was suggested before, some of these issues go away if you use PHP in 
CGI mode, because then PHP runs as your UID.
They also go away a little bit if you change the ownership on the 
content directory so that it is group nobody-- at least then only you 
and the webserver can get to the files, and not other users (unless 
they're in the webserver's group of course).

But if you're really concerned about other users on the server, you 
probably need your own box.

    chris.

Phil Powell wrote:

>I have that already:
>
>[snip]
>
>However, this only works if the directory has permissions of at least 755
>and each file at 777.  But that's not what the client wants, he wants it to
>be set to permissions that the "outside world" can't view unless they log in
>and are authenticated beforehand.
>
>Phil
>----- Original Message ----- 
>From: "Chris Snyder" <csnyder at chxo.com>
>To: "NYPHP Talk" <talk at lists.nyphp.org>
>Sent: Monday, August 18, 2003 3:33 PM
>Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
>viewingnon-ASCII
>
>
>  
>
>>Check out the directory() functions.
>>
>>
>>Phil Powell wrote:
>>
>>    
>>
>>>I looked up fpassthru online and how to set the headers.  Your solution
>>>sounds fine for hopefully viewing a single file, but how about producing
>>>      
>>>
>a
>  
>
>>>list of files for display?
>>>
>>>Thanx
>>>Phil
>>>
>>>
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>    
>>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>  
>



From bpang at bpang.com  Mon Aug 18 16:29:58 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 16:29:58 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
Message-ID: <E19oqda-0003f3-QF@rslrs1-server.com>

great.. thanks..

session_cache_limiter()

which setting do you recommend.. it looks like, from comments, to use
'private' or are you suggesting 'none' ?





> Brian:
> 
> On Mon, Aug 18, 2003 at 04:08:42PM -0400, Brian Pang wrote:
> > 
> > How do you guys/gals deal with the IE Page Expired page which is
> > generated if you use the back button to return to a page which had form
> > POST information in it originally?
> 
> Sounds like you/your server is setting cache headers.  Don't.  Then your
> problems will disappear.
> 
> Enjoy,
> 
> --Dan
> 
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From shiflett at php.net  Mon Aug 18 16:35:04 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 18 Aug 2003 13:35:04 -0700 (PDT)
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <E19oqJ0-0001tR-6y@rslrs1-server.com>
Message-ID: <20030818203504.38190.qmail@web14302.mail.yahoo.com>

--- Brian Pang <bpang at bpang.com> wrote:
> How do you guys/gals deal with the IE Page Expired page which is
> generated if you use the back button to return to a page which had
> form POST information in it originally?

To answer your immediate question, you can do either of the following:

1. Allow caching
2. Use an intermediate URL for processing

To explain why browsers seem to behave differently, read on...

If you will look at section 13.13 of RFC 2616
(http://www.ietf.org/rfc/rfc2616.txt), you will see the following statement:

"In particular history mechanisms SHOULD NOT try to show a semantically
transparent view of the current state of a resource. Rather, a history
mechanism is meant to show exactly what the user saw at the time when the
resource was retrieved."

It sounds like whether you allow caching should make no difference, right? The
back button (history mechanism) should not ask the user to repost data, because
it should be displaying exactly what it did before. This is how lynx works, if
you're familiar with using it.

In most cases, your PHP applications are going to send a Cache-Control header
that includes the no-store directive (unless you are controlling your headers
more specifically than most developers). In section 14.9.2, the no-store
directive of the Cache-Control header is explained:

"If sent in a request, a cache MUST NOT store any part of either this request
or any response to it. If sent in a response, a cache MUST NOT store any part
of either this response or the request that elicited it."

Thus, depending on how your interpret these statements, it seems quite likely
that you might come to very different conclusions about how to implement a
history mechanism. This might account for the discrepancies in implementation.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From bpang at bpang.com  Mon Aug 18 16:52:56 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 16:52:56 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
Message-ID: <E19oqzo-0005dX-UX@rslrs1-server.com>

thanks, Chris..

I used set_cache_limiter('private')... I think it is working the way I
want it to.

The history mechanism is fine, with no resubmission/post of data.

All I really about care in this case is getting my client off my back
about the Warning Page Expired page. :-D

your detailed information is still appreciated and will be helpful in
the future when I care more about the data's shelf-life




> --- Brian Pang <bpang at bpang.com> wrote:
> > How do you guys/gals deal with the IE Page Expired page which is
> > generated if you use the back button to return to a page which had
> > form POST information in it originally?
> 
> To answer your immediate question, you can do either of the following:
> 
> 1. Allow caching
> 2. Use an intermediate URL for processing
> 
> To explain why browsers seem to behave differently, read on...
> 
> If you will look at section 13.13 of RFC 2616
> (http://www.ietf.org/rfc/rfc2616.txt), you will see the following
statement:
> 
> "In particular history mechanisms SHOULD NOT try to show a semantically
> transparent view of the current state of a resource. Rather, a history
> mechanism is meant to show exactly what the user saw at the time when the
> resource was retrieved."
> 
> It sounds like whether you allow caching should make no difference,
right? The
> back button (history mechanism) should not ask the user to repost
data, because
> it should be displaying exactly what it did before. This is how lynx
works, if
> you're familiar with using it.
> 
> In most cases, your PHP applications are going to send a Cache-Control
header
> that includes the no-store directive (unless you are controlling your
headers
> more specifically than most developers). In section 14.9.2, the no-store
> directive of the Cache-Control header is explained:
> 
> "If sent in a request, a cache MUST NOT store any part of either this
request
> or any response to it. If sent in a response, a cache MUST NOT store
any part
> of either this response or the request that elicited it."
> 
> Thus, depending on how your interpret these statements, it seems quite
likely
> that you might come to very different conclusions about how to implement a
> history mechanism. This might account for the discrepancies in
implementation.
> 
> Hope that helps.
> 
> Chris
> 
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From danielc at analysisandsolutions.com  Mon Aug 18 16:58:40 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 18 Aug 2003 16:58:40 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <E19oqda-0003f3-QF@rslrs1-server.com>
References: <E19oqda-0003f3-QF@rslrs1-server.com>
Message-ID: <20030818205840.GA12776@panix.com>

Hi Brian:

On Mon, Aug 18, 2003 at 04:29:58PM -0400, Brian Pang wrote:
>
> session_cache_limiter()
> 
> which setting do you recommend.. it looks like, from comments, to use
> 'private' or are you suggesting 'none' ?

Depends on the behavior you want.  I'd guess as long as it's not 
"nocache," you'll be fine.  Do some hacking and let us know what works for 
you.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From bpang at bpang.com  Mon Aug 18 17:08:00 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 17:08:00 -0400
Subject: [nycphp-talk] dsl line speeds today?
Message-ID: <E19orEO-0006xs-PQ@rslrs1-server.com>


Is it just me or is anyone else experiencing slow(er) connection speeds
today?

I'm in Brooklyn Heights if location helps at all.

thanks


From soazine at erols.com  Mon Aug 18 17:11:49 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 17:11:49 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>	<3F412A27.9000809@chxo.com><0be201c365c2$165f7000$67a76244@philofsoa>
	<3F413344.7040205@chxo.com>
Message-ID: <0c4e01c365cd$5708ee50$67a76244@philofsoa>

I am thinking of doing CGI as a good interim solution for the /content
problem, however, there is one area I cannot figure out.

Whereas I could use CGI to display a list of files, and CGI to view an
ASCII-based file (.txt, .html, .php, etc.) and display within the CGI
wrapper, what would I do about non-ASCII files such as .doc or .pdf  or even
.jpg?

Phil
----- Original Message ----- 
From: "Chris Snyder" <csnyder at chxo.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 4:12 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
viewingnon-ASCII


> True about the permissions -- the webserver user has to be able to read
> the files (though not necessarily write or execute them in this case).
>
> But if the /content directory is outside of the webserver's document
> root, then someone would need another means of access to the server in
> order to read the files-- they couldn't get at them via http.
>
> As was suggested before, some of these issues go away if you use PHP in
> CGI mode, because then PHP runs as your UID.
> They also go away a little bit if you change the ownership on the
> content directory so that it is group nobody-- at least then only you
> and the webserver can get to the files, and not other users (unless
> they're in the webserver's group of course).
>
> But if you're really concerned about other users on the server, you
> probably need your own box.
>
>     chris.
>
> Phil Powell wrote:
>
> >I have that already:
> >
> >[snip]
> >
> >However, this only works if the directory has permissions of at least 755
> >and each file at 777.  But that's not what the client wants, he wants it
to
> >be set to permissions that the "outside world" can't view unless they log
in
> >and are authenticated beforehand.
> >
> >Phil
> >----- Original Message ----- 
> >From: "Chris Snyder" <csnyder at chxo.com>
> >To: "NYPHP Talk" <talk at lists.nyphp.org>
> >Sent: Monday, August 18, 2003 3:33 PM
> >Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
> >viewingnon-ASCII
> >
> >
> >
> >
> >>Check out the directory() functions.
> >>
> >>
> >>Phil Powell wrote:
> >>
> >>
> >>
> >>>I looked up fpassthru online and how to set the headers.  Your solution
> >>>sounds fine for hopefully viewing a single file, but how about
producing
> >>>
> >>>
> >a
> >
> >
> >>>list of files for display?
> >>>
> >>>Thanx
> >>>Phil
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>_______________________________________________
> >>talk mailing list
> >>talk at lists.nyphp.org
> >>http://lists.nyphp.org/mailman/listinfo/talk
> >>
> >>
> >
> >_______________________________________________
> >talk mailing list
> >talk at lists.nyphp.org
> >http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Mon Aug 18 17:14:20 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 17:14:20 -0400
Subject: [nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from
 SecurityFocus Newsletter # 210
In-Reply-To: <20030818200724.GA9441@panix.com>
References: <20030818200724.GA9441@panix.com>
Message-ID: <3F4141AC.7090000@nyphp.org>


> ---------------------------
> A PROBLEM IN PHP ITSELF !!!
> ---------------------------
> PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
> http://www.securityfocus.com/bid/8405
> 
> A problem has been reported in the dlopen function of PHP when used with
> the Apache web server.  Because of this, an attacker may be able to gain
> unauthorized access to potentially sensitive information.
> 
> The problem is in the ability to access the memory of the calling process.
> When a PHP script is executed by an Apache process, it is possible to
> dump the contents of the Apache process memory to a text file.  This could
> be used by an attacker to gain access to potentially sensitive information
> which could include authentication credentials.  The function may also
> permit other attacks, such as allowing an attacker to deliver different
> content other than what the server is configured to serve.

Hmm... does this strike anyone else as an odd report?  The report must be referring to mod_php and since it's loaded directly into Apache, of course it can read the memory - as can any Apache module...  any thoughts from those with more Apache/PHP internal knowledge than I?

Seems like a "duh" report and a false-positive,

H



From wheelie at acedsl.com  Mon Aug 18 17:16:18 2003
From: wheelie at acedsl.com (Joshua Glenn)
Date: Mon, 18 Aug 2003 17:16:18 -0400
Subject: [nycphp-talk] dsl line speeds today?
In-Reply-To: <E19orEO-0006xs-PQ@rslrs1-server.com>
Message-ID: <IJELJIKLMLIOAJFOEKKFKEPFCEAA.wheelie@acedsl.com>

yeah. i actually just got off the phone with my dsl provider, acedsl, and
the tech told me i was the 6th complaint today and all the complaints were
hooked up to the same central office of verizon. so he opened a trouble
ticket with verizon for me.

-josh

-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Brian Pang
Sent: Monday, August 18, 2003 5:08 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] dsl line speeds today?



Is it just me or is anyone else experiencing slow(er) connection speeds
today?

I'm in Brooklyn Heights if location helps at all.

thanks



From hans at nyphp.org  Mon Aug 18 17:17:40 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Mon, 18 Aug 2003 17:17:40 -0400
Subject: [nycphp-talk] dsl line speeds today?
In-Reply-To: <E19orEO-0006xs-PQ@rslrs1-server.com>
References: <E19orEO-0006xs-PQ@rslrs1-server.com>
Message-ID: <3F414274.4000804@nyphp.org>



Brian Pang wrote:

> Is it just me or is anyone else experiencing slow(er) connection speeds
> today?

Well now that my DSL is finally back online (only as of about 4:30pm today) it seems fine.  Although, I've heard that Verizon is going through some tough times, so it may be related.

H




From bpang at bpang.com  Mon Aug 18 17:17:42 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 17:17:42 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewing non-ASCII
Message-ID: <E19orNm-0007u0-0K@rslrs1-server.com>

try using readdir() after making the same authentication checks

note: you would probably want to have the files and directory outside of
the httpd directories so that noone would be able to access them by
directly inputting the path and filename.

and, when returning the results of readdir(), exclude the parent dir
(..) so people won't have a way to work their way up the tree, etc...
(unless you want them to)



> I looked up fpassthru online and how to set the headers.  Your solution
> sounds fine for hopefully viewing a single file, but how about producing a
> list of files for display?
> 
> Thanx
> Phil
> 
> ----- Original Message ----- 
> From: "Brian Pang" <bpang at bpang.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Monday, August 18, 2003 3:26 PM
> Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and viewing
> non-ASCII
> 
> 
> > I use a function which invokes fpassthru
> >
> > first I check to make sure the user has the right priviledges, if so,
> > then pass the file thru...
> >
> > the link to the file might end up being something like
> >
> > fileGetter.php?filename=word.doc
> >
> > just remember to properly set the headers
> >
> >
> >
> >
> >
> > > This is a multi-part message in MIME format.
> > >
> > >
> > > This challenge is beyond me, as it seems to be the case.
> > >
> > > I am having to set up a user-authentication script that is basic
> > logon/registration process.  mySQL db captures username, password, and
> > other important fields such as their payment category and isAdmin (if
> > they are an admin on the site).  Once stored they will be able to login
> > once payment category is '4' (which means 'PAID').
> > >
> > > Upon being able to login, one of the features any user, admin or not,
> > can do is to view restricted files in the /web/contents folder.  They
> > can view the list or click onto a link and view the file itself
> > (assuming it's a url-friendly file like .txt or .doc or .pdf or
> something).
> > >
> > > Here's where I am totally stuck.
> > >
> > > The /web/contents folder must be locked down so that the outside world
> > cannot view it; only authenticated users must view it.  Problem is, by
> > doing that I force a double-login since that would involve using
> > .htaccess on the folder.  (Note, I was told mySQL has a means of
> > interfacing with .htacesss, however, that too would fail because the
> > requirements for login involve username, password, isAdmin and
> > payment_category all being set to certain values).
> > >
> > > I thought of locking down the folder to 700 and each script uploaded
> > to 600 (using TCL CGI instead of PHP to do the actual uploading),
> > however, how would I be able to allow for users to VIEW non-ASCII files
> > (like .doc or .pdf)?
> > >
> > > Has anyone faced anything like that, if so, please let me know.
> > >
> > > Thanx
> > > Phil
> > >
> >
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From bpang at bpang.com  Mon Aug 18 17:26:47 2003
From: bpang at bpang.com (Brian Pang)
Date: Mon, 18 Aug 2003 17:26:47 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
Message-ID: <E19orWZ-0000DV-Be@rslrs1-server.com>

you are probably going to have to do your own MIME typing and
appropriate setting of headers...

unless you want them all to force download, you can use
  header("Content-type: application/octet-stream");

at least that's what I use... there was a discussion about all of this a
while ago about forcing downloads, I can't remember what the final
consensus was

maybe you could even come up with some creative solution using a custom
404 error page which is actually a php page that looks for the file in
question, after checking user authentication (cookies, I assume), and if
it finds it initiates the download... and maybe that would then take
advantage of apache's MIME settings since you called the file as
domain.com/file.doc
I dunno if that would actually work... would have to be tried


> I am thinking of doing CGI as a good interim solution for the /content
> problem, however, there is one area I cannot figure out.
> 
> Whereas I could use CGI to display a list of files, and CGI to view an
> ASCII-based file (.txt, .html, .php, etc.) and display within the CGI
> wrapper, what would I do about non-ASCII files such as .doc or .pdf 
or even
> .jpg?
> 
> Phil
> ----- Original Message ----- 
> From: "Chris Snyder" <csnyder at chxo.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Monday, August 18, 2003 4:12 PM
> Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
> viewingnon-ASCII
> 
> 
> > True about the permissions -- the webserver user has to be able to read
> > the files (though not necessarily write or execute them in this case).
> >
> > But if the /content directory is outside of the webserver's document
> > root, then someone would need another means of access to the server in
> > order to read the files-- they couldn't get at them via http.
> >
> > As was suggested before, some of these issues go away if you use PHP in
> > CGI mode, because then PHP runs as your UID.
> > They also go away a little bit if you change the ownership on the
> > content directory so that it is group nobody-- at least then only you
> > and the webserver can get to the files, and not other users (unless
> > they're in the webserver's group of course).
> >
> > But if you're really concerned about other users on the server, you
> > probably need your own box.
> >
> >     chris.
> >
> > Phil Powell wrote:
> >
> > >I have that already:
> > >
> > >[snip]
> > >
> > >However, this only works if the directory has permissions of at
least 755
> > >and each file at 777.  But that's not what the client wants, he
wants it
> to
> > >be set to permissions that the "outside world" can't view unless
they log
> in
> > >and are authenticated beforehand.
> > >
> > >Phil
> > >----- Original Message ----- 
> > >From: "Chris Snyder" <csnyder at chxo.com>
> > >To: "NYPHP Talk" <talk at lists.nyphp.org>
> > >Sent: Monday, August 18, 2003 3:33 PM
> > >Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
> > >viewingnon-ASCII
> > >
> > >
> > >
> > >
> > >>Check out the directory() functions.
> > >>
> > >>
> > >>Phil Powell wrote:
> > >>
> > >>
> > >>
> > >>>I looked up fpassthru online and how to set the headers.  Your
solution
> > >>>sounds fine for hopefully viewing a single file, but how about
> producing
> > >>>
> > >>>
> > >a
> > >
> > >
> > >>>list of files for display?
> > >>>
> > >>>Thanx
> > >>>Phil
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>_______________________________________________
> > >>talk mailing list
> > >>talk at lists.nyphp.org
> > >>http://lists.nyphp.org/mailman/listinfo/talk
> > >>
> > >>
> > >
> > >_______________________________________________
> > >talk mailing list
> > >talk at lists.nyphp.org
> > >http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From csnyder at chxo.com  Mon Aug 18 17:29:05 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 17:29:05 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
In-Reply-To: <0c4e01c365cd$5708ee50$67a76244@philofsoa>
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>	<3F412A27.9000809@chxo.com><0be201c365c2$165f7000$67a76244@philofsoa>	<3F413344.7040205@chxo.com>
	<0c4e01c365cd$5708ee50$67a76244@philofsoa>
Message-ID: <3F414521.9060901@chxo.com>

Any reason why header("Content-type: image/jpeg") wouldn't work with CGI?

Phil Powell wrote:

>I am thinking of doing CGI as a good interim solution for the /content
>problem, however, there is one area I cannot figure out.
>
>Whereas I could use CGI to display a list of files, and CGI to view an
>ASCII-based file (.txt, .html, .php, etc.) and display within the CGI
>wrapper, what would I do about non-ASCII files such as .doc or .pdf  or even
>.jpg?
>
>
>  
>



From gw.nyphp at gwprogramming.com  Mon Aug 18 18:00:04 2003
From: gw.nyphp at gwprogramming.com (George Webb)
Date: Mon, 18 Aug 2003 18:00:04 -0400
Subject: [nycphp-talk] Cookies as session database [was php scalability]
Message-ID: <20030818180003.B15193@vtbear.com>

--- On Mon, 18 Aug 2003 11:56:01am Chris Shiflett wrote:
> I would just like to reiterate the points Dan made, specifically:
> 
> 1. This approach is less secure.
> 2. This approach is less efficient.


Thanks for these important observations.  Please allow me to
address them both:

	Security:  assuming that SSL is *not* in use, the cookie
data can be seen by third parties, as we all know.  But some data
does not need to be secure, like shopping cart contents.  Am I
mistaken in believing that the item(s) in a customers shopping
cart must be secured?  At least in the early stages of a shopping
experience, the only exposed data would be the URL's requested,
user's IP address, and the shopping cart contents.

	Later when a user enters their personal information
such as addresses, security seems to become more important.  And
when they enter their billing information (ie. credit card #)
obviously the connection *must* be secure.

	So my question is, for a shopping cart application, what
user data items really need to be secure?


	Efficiency:  as Chris knows since he wrote the book on
HTTP, the HTTP cookie specifications (both Netscape's as well as
the "version 2") allow for such cookie data to be transported among
only a subset of viewed pages on a web site.  Therefore, in this
same shopping cart example, the application can efficiently direct
the HTTP client (web browser) to send the cookie data to only the
URLs that will need to see it.  For example, the application could
set the "cart contents" cookie to have a "path" value of "/cart/"
and the "personal info" cookie to have a path value of "/cart/secure/"
and a secure flag of 1.  Such a setup seems like it would satisfy
both issues, don't you think?

	Another efficiency issue relates to the size of the HTTP
cookies.  To this end we could specially format and even compress
or pack the user data into a smaller byte-representation.  For example,
an uncompressed "cart contents" cookie with three line items might look
like this:

1|PJ00111|c:blue;s:small|1|PJ00103|c:orange;s=small|8|ACC00101|s:5|

The server can then do product lookup queries on each of these
three items to build a more readable or detailed list:

	Qty  SKU         Price    Description
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	1    PJ00111     49.95    Sweet Dreams Kimono
	                           Size: Small, Color: Blue
	1    PJ00103     75.95    Rose Garden Gown
	                           Size: Small, Color: Orange
	8    ACC00101    12.95    Pink Fleece Sleep Socks
	                            Size: 5/8

(Yes, this is for a pajama-selling site (pajamagram.com).)


	I would really like to make HTTP cookies do the work
that we normally impose on central databases, because then we
can scale a server cluster linearly, simply by adding more
hardware.  Thanks again for your comments.

Best, George.

George Webb
gw.nyphp at gwprogramming.com


From wfan at encogent.com  Mon Aug 18 18:06:11 2003
From: wfan at encogent.com (Wellington Fan)
Date: Mon, 18 Aug 2003 18:06:11 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <20030818201151.GC9441@panix.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHEIEAMEBAA.wfan@encogent.com>

Folks,

I have always thought that the underlying problem is that when a page is
requested via POST, most browsers will be (understandably) hesitant about
re-POSTING all the data that was sent to draw the page, hence the warning
messages.

I've restructured my apps, whereever applicable, to POST to a backend script
that NEVER prints to the browser, but at the end of its processing, redirects
to a 'landing' page:

[form page] -(SUBMITS TO)-> [backend page] -(REDIRECTS TO)-> [landing page]

1. formpage.php: page with form elements; user fills and submits to
backend.php
2. backend.php: does processing AND NEVER PRINTS ANYTHING TO BROWSER.
	a. Save the submitted data to a session var if you'd like (
unset($_SESSION['form']); $_SESSION['form'] = $_POST; )
	b. Process data (insert into db, etc.)
	c. Redirect to landing page ( header('Location: landingpage.php'); )
3. landingpage.php (or, formpage.php?mode=complete ) : Can use
$_SESSION['form'] if need be to echo user-supplied data.

No matter cache settings (which can be complex, and not all cache settings are
respected by all browsers AND there are both proxy caches and browser caches,
etc, etc....), this scheme has worked well for me -- I never have the 'expired
page' errors I used to have.

Please provide constructive criticism or comments about this!

Thanks,

Wellington





> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Analysis & Solutions
> Sent: Monday, August 18, 2003 4:12 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] form posts, back button, IE page expired
>
>
> Brian:
>
> On Mon, Aug 18, 2003 at 04:08:42PM -0400, Brian Pang wrote:
> >
> > How do you guys/gals deal with the IE Page Expired page which is
> > generated if you use the back button to return to a page which had form
> > POST information in it originally?
>
> Sounds like you/your server is setting cache headers.  Don't.  Then your
> problems will disappear.
>
> Enjoy,
>
> --Dan
>



From shiflett at php.net  Mon Aug 18 18:26:42 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 18 Aug 2003 15:26:42 -0700 (PDT)
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <NGBBIDLNCJJKIBJPNEHEIEAMEBAA.wfan@encogent.com>
Message-ID: <20030818222642.5204.qmail@web14307.mail.yahoo.com>

--- Wellington Fan <wfan at encogent.com> wrote:
> Please provide constructive criticism or comments about this!

I thought you gave a nice explanation of the "redirect to another page" method
that was mentioned. It was one of the two methods brought up.

The only flaw that stood out to me was this:

> header('Location: landingpage.php');

While this actually works on most browsers, a Location header is supposed to
provide an absolute URL, not a relative one.

The only reason caching is worth mentioning as well is that it might possibly
be easier to implement, depending on how much of the application's architecture
is already developed. I don't think there is a clearly better method in terms
of doing the Right Thing, so it's good to point out all options (which is why I
enjoy the way mailing lists typically answer a question several times in as
many different ways).

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From wfan at encogent.com  Mon Aug 18 18:59:55 2003
From: wfan at encogent.com (Wellington Fan)
Date: Mon, 18 Aug 2003 18:59:55 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <20030818222642.5204.qmail@web14307.mail.yahoo.com>
Message-ID: <NGBBIDLNCJJKIBJPNEHEGEANEBAA.wfan@encogent.com>

Chris & List,

Thanks for the comments! Only after I posted did I notice that you had
mentioned the 'intermediate' page method earlier. Anyway, the list has an
elaboration on that.


> The only flaw that stood out to me was this:
>
> > header('Location: landingpage.php');
>
> While this actually works on most browsers, a Location header is supposed to
> provide an absolute URL, not a relative one.

Again, thanks! Its always a good idea to go back to the sources and read up on
the HTTP spec once in a while... BTW, on this point, I have almost always
passed in full URLs because browsers sometimes render the URL of the
intermediate page if you don't. Another reason to read, understand & implement
according to spec...



> The only reason caching is worth mentioning as well is that it
<snip>

Yes! Caching is VERY important and I suggest everyone reads
http://www.mnot.net/cache_docs/ or something like it to understand the
different kinds of caching, implementation strangeness & strategies for
getting the results you want.

--
Wellington



From soazine at erols.com  Mon Aug 18 19:00:54 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 19:00:54 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>	<3F412A27.9000809@chxo.com><0be201c365c2$165f7000$67a76244@philofsoa>	<3F413344.7040205@chxo.com><0c4e01c365cd$5708ee50$67a76244@philofsoa>
	<3F414521.9060901@chxo.com>
Message-ID: <0ceb01c365dc$9428d3e0$67a76244@philofsoa>

Could you show me an example of this? I honestly can't follow what you want
me to do.  Perhaps overcomplicating the issue, but I am totally lost.

Phil

----- Original Message ----- 
From: "Chris Snyder" <csnyder at chxo.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 5:29 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
viewingnon-ASCII


> Any reason why header("Content-type: image/jpeg") wouldn't work with CGI?
>
> Phil Powell wrote:
>
> >I am thinking of doing CGI as a good interim solution for the /content
> >problem, however, there is one area I cannot figure out.
> >
> >Whereas I could use CGI to display a list of files, and CGI to view an
> >ASCII-based file (.txt, .html, .php, etc.) and display within the CGI
> >wrapper, what would I do about non-ASCII files such as .doc or .pdf  or
even
> >.jpg?
> >
> >
> >
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From csnyder at chxo.com  Mon Aug 18 19:14:11 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Mon, 18 Aug 2003 19:14:11 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
In-Reply-To: <0ceb01c365dc$9428d3e0$67a76244@philofsoa>
References: <E19ope6-0006up-Ha@rslrs1-server.com><0bc101c365bf$2808a540$67a76244@philofsoa>	<3F412A27.9000809@chxo.com><0be201c365c2$165f7000$67a76244@philofsoa>	<3F413344.7040205@chxo.com><0c4e01c365cd$5708ee50$67a76244@philofsoa>	<3F414521.9060901@chxo.com>
	<0ceb01c365dc$9428d3e0$67a76244@philofsoa>
Message-ID: <3F415DC3.2000209@chxo.com>

Phil Powell wrote:

>Could you show me an example of this? I honestly can't follow what you want
>me to do.  Perhaps overcomplicating the issue, but I am totally lost.
>  
>

Why certainly:

<?php
define("CONTENT_ROOT", "/home/foo/content"); // outside of HTTP 
DOCUMENT_ROOT

$filename= CONTENT_ROOT."/path/to/image.jpg";
if  ( file_exists($filename) )
{
    header("Content-type: image/jpg");
    $content= file_get_contents($filename);
    print $content;
    exit;
}
else {
    print "<h1>File Not Found</h1><p>Sorry, $filename does not exist in 
".CONTENT_ROOT.".</p>";
}
?>

Perhaps there are better ways, but that's what I'm getting at.

    chris.



From shiflett at php.net  Mon Aug 18 19:18:45 2003
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 18 Aug 2003 16:18:45 -0700 (PDT)
Subject: [nycphp-talk] Cookies as session database [was php scalability]
In-Reply-To: <20030818180003.B15193@vtbear.com>
Message-ID: <20030818231845.11275.qmail@web14307.mail.yahoo.com>

--- George Webb <gw.nyphp at gwprogramming.com> wrote:
> Security:  assuming that SSL is *not* in use, the cookie data can
> be seen by third parties, as we all know.

Good point about SSL. That does indeed mitigate many security concerns.
However, it does not address concerns about browser vulnerabilities.

Because a simple flaw could cause a browser to send cookies to unauthorized
sites, there is still a risk. IE versions 4.0, 5.0, 5.5, and 6.0 have all had
major security flaws that allow anyone to read any cookie from any domain, and
often these flaws expose cookies with the "secure" directive set.

IE 4.0 and 5.0:
http://www.peacefire.org/security/iecookies/

IE 5.5 and 6.0:
http://www.solutions.fi/iebug/

> But some data does not need to be secure

Another excellent point. Sites such as Google use cookies to allow users to set
preferences without having to log in or establish any sort of account. So,
cookies can actually help to *improve* a user's privacy and/or anonymity,
despite their bad reputation. :-)

> Later when a user enters their personal information such as addresses,
> security seems to become more important.

Right. So, at some point you're going to want to concern yourself with
security. Of course, cookies aren't inherently insecure, else any system which
uses them would be easily compromised. You just want to make cookie theft
useless for the attacker (methods of doing this are probably worthy of an
article of some sort).

> So my question is, for a shopping cart application, what user data
> items really need to be secure?

As the developer, you are by far the most qualified person to answer that.

> Efficiency: as Chris knows since he wrote the book on HTTP, the
> HTTP cookie specifications (both Netscape's as well as the
> "version 2") allow for such cookie data to be transported among
> only a subset of viewed pages on a web site. Therefore, in this
> same shopping cart example, the application can efficiently direct
> the HTTP client (web browser) to send the cookie data to only the
> URLs that will need to see it.

True, and this is a good example of applying your creativity to make cookies
work for what you are trying to do. But, is it worth the effort, when there
might be a method you can use to diminish all unnecessary traffic as well as
allow yourself more flexibility on the server-side to access any of the
client's data at any time? That is up to you, but cookies were intended as a
state management mechanism and not really a session management mechanism.

When you do not actually need to maintain a session (Google's user preferences,
perhaps a user's shopping cart while they are still shopping, etc.), cookies
are probably fine.

> Another efficiency issue relates to the size of the HTTP cookies.
> To this end we could specially format and even compress or pack the
> user data into a smaller byte-representation. For example, an
> uncompressed "cart contents" cookie with three line items might look
> like this:
> 
> 1|PJ00111|c:blue;s:small|1|PJ00103|c:orange;s=small|8|ACC00101|s:5|
> 
> The server can then do product lookup queries on each of these
> three items to build a more readable or detailed list

This is similar to looking up a client's data based on the unique identifier.
It seems to be a similar problem with the exception that the client data is
more volatile.

> I would really like to make HTTP cookies do the work that we normally
> impose on central databases, because then we can scale a server cluster
> linearly, simply by adding more hardware.

There are many creative ideas out there for addressing this problem. You could
use different hostnames much like you mentioned using different cookies paths.
You could implement a more intelligent "sticky sessions" mechanism. Another
option might be to look into using msession, since it allows you to use
sessions in a cluster without a central database. In the end, whatever you're
most comfortable with is probably going to be what gets the job done.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From gw.nyphp at gwprogramming.com  Mon Aug 18 21:12:30 2003
From: gw.nyphp at gwprogramming.com (George Webb)
Date: Mon, 18 Aug 2003 21:12:30 -0400
Subject: [nycphp-talk] msession  [was Cookies as session database...]
Message-ID: <20030818211230.C15193@vtbear.com>

> > I would really like to make HTTP cookies do the work that we normally
> > impose on central databases, because then we can scale a server cluster
> > linearly, simply by adding more hardware.
> 
> There are many creative ideas out there for addressing this problem. You could
> use different hostnames much like you mentioned using different cookies paths.
> You could implement a more intelligent "sticky sessions" mechanism. Another
> option might be to look into using msession, since it allows you to use
> sessions in a cluster without a central database. In the end, whatever you're
> most comfortable with is probably going to be what gets the job done.

	msession is a very interesting idea.

	Has anyone had any good or bad experiences with msession?  

	Chris, thanks for the other great suggestions too; I will
continue to ponder them....


Regards, George.

George Webb
gw.nyphp at gwprogramming.com


From soazine at erols.com  Mon Aug 18 23:48:39 2003
From: soazine at erols.com (Phil Powell)
Date: Mon, 18 Aug 2003 23:48:39 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
References: <E19orWZ-0000DV-Be@rslrs1-server.com>
Message-ID: <0dcd01c36604$c7159a90$67a76244@philofsoa>

CGI just failed.  My script produces TCL-level errors that state.. guess
what.. Permission DENIED!

Yes, cgi-bin does not even have permissions to the /content folder!

I'm out of ideas

Phil



From danielc at analysisandsolutions.com  Tue Aug 19 01:05:21 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 19 Aug 2003 01:05:21 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
In-Reply-To: <0dcd01c36604$c7159a90$67a76244@philofsoa>
References: <E19orWZ-0000DV-Be@rslrs1-server.com>
	<0dcd01c36604$c7159a90$67a76244@philofsoa>
Message-ID: <20030819050521.GA28908@panix.com>

Phil:

On Mon, Aug 18, 2003 at 11:48:39PM -0400, Phil Powell wrote:
> CGI just failed.  My script produces TCL-level errors that state.. guess
> what.. Permission DENIED!
> 
> Yes, cgi-bin does not even have permissions to the /content folder!
> 
> I'm out of ideas

Don't give up so easlily.  You've got to be a hacker to get things done!  

First off, you're saying that the PHP script ran as CGI and produced a PHP 
Warning saying something like "Permission denied ... on line x?"  So, 
please copy and paste the error message here.  It includes the path, which 
we'll need to diagnose the problem.

I bet the ownership, permissions and/or path of the dirs/files in
question is not set up correctly.

In your shell terminal do an "ls -la /path/to/secure/dir" of the directory
where those secured files are.  Also, do an "ls -la /path/to/web/dir"
where the script you're running is.  Send us the results for ., .. and the
script/file in question, including the exact command you typed in.

Hmmm...  You're just reading files, right?  Try this in your shell and let
us know what happens:  "whoami" and then
"cat /path/to/secue/dir/testfile.txt"

Also, some servers have path mappings that are different from the shell
than from a CGI executing on the web host.  Ask the system administrator
if there's something like that going on here.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From soazine at erols.com  Tue Aug 19 01:17:55 2003
From: soazine at erols.com (Phil Powell)
Date: Tue, 19 Aug 2003 01:17:55 -0400
Subject: [nycphp-talk] Single-Logon User Authentication,
	PHP and viewingnon-ASCII
References: <E19orWZ-0000DV-Be@rslrs1-server.com><0dcd01c36604$c7159a90$67a76244@philofsoa>
	<20030819050521.GA28908@panix.com>
Message-ID: <0e0c01c36611$3f147b90$67a76244@philofsoa>

Dan, out of fairness I completely DID give up on PHP using as CGI and
decided on TCL instead as CGI.  The results are quite positive, except now I
have no way of knowing exactly how to view non-ASCII (binary) files with
permissions of 0700.

So, more reserach until dawn!

Everything is working on the CGI scripts, turns out they were the
inevitable: SYNTAX ERRORS.  Some hacker I'll make :(  After quick fixing I
am able now to list all files, upload a file and delete a file.  I could not
do it in PHP and did not think I would ever come up with a timely solution
using PHP, whereas using TCL as CGI I was able to do so with few problems
(except, of course, the inability to view non-ASCII files at this time).

Phil

BTW I
----- Original Message ----- 
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 19, 2003 1:05 AM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
viewingnon-ASCII


> Phil:
>
> On Mon, Aug 18, 2003 at 11:48:39PM -0400, Phil Powell wrote:
> > CGI just failed.  My script produces TCL-level errors that state.. guess
> > what.. Permission DENIED!
> >
> > Yes, cgi-bin does not even have permissions to the /content folder!
> >
> > I'm out of ideas
>
> Don't give up so easlily.  You've got to be a hacker to get things done!
>
> First off, you're saying that the PHP script ran as CGI and produced a PHP
> Warning saying something like "Permission denied ... on line x?"  So,
> please copy and paste the error message here.  It includes the path, which
> we'll need to diagnose the problem.
>
> I bet the ownership, permissions and/or path of the dirs/files in
> question is not set up correctly.
>
> In your shell terminal do an "ls -la /path/to/secure/dir" of the directory
> where those secured files are.  Also, do an "ls -la /path/to/web/dir"
> where the script you're running is.  Send us the results for ., .. and the
> script/file in question, including the exact command you typed in.
>
> Hmmm...  You're just reading files, right?  Try this in your shell and let
> us know what happens:  "whoami" and then
> "cat /path/to/secue/dir/testfile.txt"
>
> Also, some servers have path mappings that are different from the shell
> than from a CGI executing on the web host.  Ask the system administrator
> if there's something like that going on here.
>
> --Dan
>
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Tue Aug 19 11:09:27 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 19 Aug 2003 11:09:27 -0400
Subject: [nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from
	SecurityFocus Newsletter # 210
In-Reply-To: <3F4141AC.7090000@nyphp.org>
References: <20030818200724.GA9441@panix.com> <3F4141AC.7090000@nyphp.org>
Message-ID: <20030819150927.GA14168@panix.com>

Folks:

On Mon, Aug 18, 2003 at 05:14:20PM -0400, Hans Zaunere wrote:
> 
> >PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
> >http://www.securityfocus.com/bid/8405
>
> Hmm... does this strike anyone else as an odd report?

Yes, I thought so when I first read it, but I didn't feel like bothering 
with commentary when I posted.

First, it seemed more like an Apache issue.  Then, why would this one
function be a problem?  Doesn't everything go into memory?  So, I went to
php.net/dlopen to research what this function does.  Turns out it's not in
the manual.  Is this a function that's used by PHP internals or something?

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From soazine at erols.com  Tue Aug 19 11:20:18 2003
From: soazine at erols.com (Phil Powell)
Date: Tue, 19 Aug 2003 11:20:18 -0400
Subject: [nycphp-talk] PHPNuke and handling "human translation" multilingual
	solutions
Message-ID: <00b801c36665$663debd0$67a76244@philofsoa>

My experience in the past has been with Vignette as a content management solution for use especially with sites that need to deliver "human translation" multilingual content.  Does PHPNuke offer the same solution?  I have some .txt files that illustrate the concept of what I'm hoping PHPNuke can do, or anything PHP-based.

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030819/228a22b1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: contentmanagementconcept.rtf
Type: application/octet-stream
Size: 2466 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030819/228a22b1/attachment.obj>

From danielc at analysisandsolutions.com  Tue Aug 19 15:28:37 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 19 Aug 2003 15:28:37 -0400
Subject: [nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from
	SecurityFocus Newsletter # 210
In-Reply-To: <20030819150927.GA14168@panix.com>
References: <20030818200724.GA9441@panix.com> <3F4141AC.7090000@nyphp.org>
	<20030819150927.GA14168@panix.com>
Message-ID: <20030819192836.GA7257@panix.com>

Howdy Again:

On Tue, Aug 19, 2003 at 11:09:27AM -0400, Analysis & Solutions wrote:
> 
> Is this a function that's used by PHP internals or something?

As it turns out, yes it is something in PHP's source code.  I wrote 
Security Focus to have them clarify such in the database/webpage and to 
fix the broken links to the exploit code.  They responded accordingly.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From max at idsociety.com  Tue Aug 19 15:34:15 2003
From: max at idsociety.com (max goldberg)
Date: Tue, 19 Aug 2003 15:34:15 -0400
Subject: [nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from
	SecurityFocus Newsletter # 210
In-Reply-To: <20030819150927.GA14168@panix.com>
References: <20030818200724.GA9441@panix.com> <3F4141AC.7090000@nyphp.org>
	<20030819150927.GA14168@panix.com>
Message-ID: <3F427BB7.4090704@idsociety.com>

dlopen is a c command used by php for opening a shared object.
similar to the php command dl().

Analysis & Solutions wrote:

> Folks:
> 
> On Mon, Aug 18, 2003 at 05:14:20PM -0400, Hans Zaunere wrote:
> 
>>>PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
>>>http://www.securityfocus.com/bid/8405
>>
>>Hmm... does this strike anyone else as an odd report?
> 
> 
> Yes, I thought so when I first read it, but I didn't feel like bothering 
> with commentary when I posted.
> 
> First, it seemed more like an Apache issue.  Then, why would this one
> function be a problem?  Doesn't everything go into memory?  So, I went to
> php.net/dlopen to research what this function does.  Turns out it's not in
> the manual.  Is this a function that's used by PHP internals or something?
> 
> --Dan
> 



From nyphp at websapp.com  Tue Aug 19 15:49:18 2003
From: nyphp at websapp.com (Daniel Kushner)
Date: Tue, 19 Aug 2003 15:49:18 -0400
Subject: [nycphp-talk] Microsoft, Sun Seek to Embrace Open Source Scripting
Message-ID: <OKEHLLMAFAOHECBMOGEPIEBAFAAA.nyphp@websapp.com>

http://www.oetrends.com/cgi-bin/page_display.cgi?242

Interesting read.

Best,
Daniel Kushner




From hans at nyphp.org  Tue Aug 19 16:43:16 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 19 Aug 2003 16:43:16 -0400
Subject: [nycphp-talk] PHP DLOpen Vulnerability WAS: php problems from
	SecurityFocus Newsletter # 210
In-Reply-To: <20030819192836.GA7257@panix.com>
References: <20030818200724.GA9441@panix.com>
	<3F4141AC.7090000@nyphp.org>	<20030819150927.GA14168@panix.com>
	<20030819192836.GA7257@panix.com>
Message-ID: <3F428BE4.8010106@nyphp.org>



Analysis & Solutions wrote:

> Howdy Again:
> 
> On Tue, Aug 19, 2003 at 11:09:27AM -0400, Analysis & Solutions wrote:
> 
>>Is this a function that's used by PHP internals or something?
> 
> 
> As it turns out, yes it is something in PHP's source code.  I wrote 
> Security Focus to have them clarify such in the database/webpage and to 
> fix the broken links to the exploit code.  They responded accordingly.

As Max pointed out, dlopen() will load a shared object, akin to dl() in PHP-land (IIRC).  But I still don't see how this is a valid security hole.  When you load a shared object, its implied that it'll have access to the process.  It's like saying: my apartment's front door is a vulnerability because when I invite someone in, they can see my apartment.

It's quite possible I'm missing something, but I wish securityfocus.com would acknowledge this as erroneous.  Although I'm not holding my breath.

H




From suzerain at suzerain.com  Tue Aug 19 17:12:54 2003
From: suzerain at suzerain.com (Marc Antony Vose)
Date: Tue, 19 Aug 2003 17:12:54 -0400
Subject: [nycphp-talk] MySQL index question
In-Reply-To: <3F428BE4.8010106@nyphp.org>
References: <20030818200724.GA9441@panix.com>	<3F4141AC.7090000@nyphp.org>
	<20030819150927.GA14168@panix.com>	<20030819192836.GA7257@panix.com>
	<3F428BE4.8010106@nyphp.org>
Message-ID: <a06001a0fbb68430cce72@[192.168.1.44]>

Hi there:

I was wondering if someone could direct me to a really good book (2nd 
choice) or Web site (1st choice) which really explains everything 
there is to know about indexes in MySQL...what all the options are, 
what they do, and when you want to use them.

Thanks,

-- 
Marc Antony Vose
http://www.suzerain.com/

I'm looking for something in an *after dinner* burrito.
-- Homer Simpson


From tim_gales at email.msn.com  Tue Aug 19 17:15:33 2003
From: tim_gales at email.msn.com (Tim Gales)
Date: Tue, 19 Aug 2003 17:15:33 -0400
Subject: [nycphp-talk] MySQL index question
In-Reply-To: <a06001a0fbb68430cce72@[192.168.1.44]>
Message-ID: <000001c36697$06b7ceb0$c48e3818@OBERON1>

Marc, 

Did you try:

http://www.dwam.net/docs/mysqle3.23/manuel_MySQL_indexes.html

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Marc Antony Vose
Sent: Tuesday, August 19, 2003 5:13 PM
To: NYPHP Talk
Subject: [nycphp-talk] MySQL index question

Hi there:

I was wondering if someone could direct me to a really good book (2nd 
choice) or Web site (1st choice) which really explains everything 
there is to know about indexes in MySQL...what all the options are, 
what they do, and when you want to use them.

Thanks,

-- 
Marc Antony Vose
http://www.suzerain.com/

I'm looking for something in an *after dinner* burrito.
-- Homer Simpson
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


From mlevy at hypersol.com  Tue Aug 19 18:58:48 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Tue, 19 Aug 2003 18:58:48 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
In-Reply-To: <NGBBIDLNCJJKIBJPNEHEGEANEBAA.wfan@encogent.com>
Message-ID: <BB6823E8.1488F%mlevy@hypersol.com>

On 8/18/2003 18:59, "Wellington Fan" <wfan at encogent.com> scribbled:

>> The only flaw that stood out to me was this:
>> 
>>> header('Location: landingpage.php');
>> 
>> While this actually works on most browsers, a Location header is supposed to
>> provide an absolute URL, not a relative one.
> 
> Again, thanks! Its always a good idea to go back to the sources and read up on
> the HTTP spec once in a while... BTW, on this point, I have almost always
> passed in full URLs because browsers sometimes render the URL of the
> intermediate page if you don't. Another reason to read, understand & implement
> according to spec...

Hi,

I find this discussion very interesting, since redirecting is a subject that
comes up in just about every project I can remember. Also, I think I can
finally contribute my $0.02 to the list...

I'd like to point out that is usually safe practice to put an exit; line
after the header/Location call. I have been baffled by weird results more
than once, usually because something was echoed after the header call.

Best regards,
Mauricio

---
Mauricio L. Sadicoff            mlevy at hypersol.com
CEO / President
HyperSol LLC.                   http://www.hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From bpang at bpang.com  Tue Aug 19 22:46:28 2003
From: bpang at bpang.com (Brian Pang)
Date: Tue, 19 Aug 2003 22:46:28 -0400
Subject: [nycphp-talk] form posts, back button, IE page expired
Message-ID: <E19pIzU-0002fh-TQ@rslrs1-server.com>

I'm going to have to do as you suggest and hack away at this.

While it solved my back button issue, setting it to 'private' completely
screwed up everything with the site having to do with cookies and
sessions, at least in IE on a PC. For now I've removed it while I work
it out.

As I've thought about it and what changing the session_cache_limiter is
doing, it makes sense that it would have these sort of repercussions.
Maybe it's my approach, I'm not sure yet.

My theory is revolving around the page being cached (which seemingly
allowed for using the back button to a POST result page) and thus not
redisplaying with new information contained in cookies/sessions when
that page is reloaded.

I know that sounds confusing... I will investigate and provide a report
of some sort.

The header("Location: ") approach does seem interesting.. I need to
re-read the thread, but what, if any, cross browser/platform issues with
this are there?


sigh... all this and my connection is super slow because "Verizon's
DSLAMs are still struggling with the msblast virus load" (so sayeth my ISP)




> Hi Brian:
> 
> On Mon, Aug 18, 2003 at 04:29:58PM -0400, Brian Pang wrote:
> >
> > session_cache_limiter()
> > 
> > which setting do you recommend.. it looks like, from comments, to use
> > 'private' or are you suggesting 'none' ?
> 
> Depends on the behavior you want.  I'd guess as long as it's not 
> "nocache," you'll be fine.  Do some hacking and let us know what works
for 
> you.
> 
> --Dan
> 
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jonbaer at jonbaer.net  Tue Aug 19 22:53:03 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 20 Aug 2003 02:53:03 -0000
Subject: [nycphp-talk] dsl line speeds today?
In-Reply-To: <E19orEO-0006xs-PQ@rslrs1-server.com>
References: <E19orEO-0006xs-PQ@rslrs1-server.com>
Message-ID: <1061346424.1529.1.camel@jonbaer.net>

today my dsl *really* sucked (verizon) ... literally crawling to a halt
and the firewall was being pounded all day w/crap no matter how many
times i powered up + down for a new ip ... 

- jon

On Mon, 2003-08-18 at 17:08, Brian Pang wrote:
> Is it just me or is anyone else experiencing slow(er) connection speeds
> today?
> 
> I'm in Brooklyn Heights if location helps at all.
> 
> thanks
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
-- 
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47



From csnyder at chxo.com  Tue Aug 19 22:59:29 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 19 Aug 2003 22:59:29 -0400
Subject: [nycphp-talk] dsl line speeds today?
In-Reply-To: <1061346424.1529.1.camel@jonbaer.net>
References: <E19orEO-0006xs-PQ@rslrs1-server.com>
	<1061346424.1529.1.camel@jonbaer.net>
Message-ID: <3F42E411.4000809@chxo.com>

Jon Baer wrote:

>the firewall was being pounded all day w/crap 
>
it's nice to know that our neighbors are so industrious, though, isn't it?
too bad we can't generate electricity from all the packets we drop.



From bpang at bpang.com  Wed Aug 20 00:14:15 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 20 Aug 2003 00:14:15 -0400
Subject: [nycphp-talk] dsl line speeds today?
Message-ID: <E19pKMR-00081x-KM@rslrs1-server.com>

apparently it's the msblast worm overloading the DSLAMs.. at least that
is what my ISP told me... 

seems to have cleared up over the last 10 minutes... perhaps something
to do with midnight and a new day? I don't really know the details of
the virus since I wasn't personally concerned about it and how it
wouldn't affect me (RedHat, X Windows, Gnome).

I guess I was wrong and it had me by the cojones all day. That is, until
I decided it was too nice of a day outside to sit here and wait for web
pages to load. :)



> today my dsl *really* sucked (verizon) ... literally crawling to a halt
> and the firewall was being pounded all day w/crap no matter how many
> times i powered up + down for a new ip ... 
> 
> - jon
> 
> On Mon, 2003-08-18 at 17:08, Brian Pang wrote:
> > Is it just me or is anyone else experiencing slow(er) connection speeds
> > today?
> > 
> > I'm in Brooklyn Heights if location helps at all.
> > 
> > thanks
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> -- 
> pgp key: http://www.jonbaer.net/jonbaer.asc
> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From louie at zibi.co.il  Wed Aug 20 04:20:29 2003
From: louie at zibi.co.il (louie)
Date: Wed, 20 Aug 2003 01:20:29 -0700
Subject: [nycphp-talk] dsl line speeds today?
References: <E19pKMR-00081x-KM@rslrs1-server.com>
Message-ID: <00f401c366f3$eb0ba1c0$7552fea9@shalomssq336e8>

yeah, blame everythin' on windows //i love it
                                                            //i love it
                                                            //i love it
i'm using verzion dsl @ work,
no problem whatsoever.
bologny,
switch i tell you SWITCH! ^_^
show 'em "whois" the man.

best,
louie
--  good day, i sad, GOOD DAY.  (my boss response for my raise request).



----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 19, 2003 9:14 PM
Subject: Re: [nycphp-talk] dsl line speeds today?


> apparently it's the msblast worm overloading the DSLAMs.. at least that
> is what my ISP told me...
>
> seems to have cleared up over the last 10 minutes... perhaps something
> to do with midnight and a new day? I don't really know the details of
> the virus since I wasn't personally concerned about it and how it
> wouldn't affect me (RedHat, X Windows, Gnome).
>
> I guess I was wrong and it had me by the cojones all day. That is, until
> I decided it was too nice of a day outside to sit here and wait for web
> pages to load. :)
>
>
>
> > today my dsl *really* sucked (verizon) ... literally crawling to a halt
> > and the firewall was being pounded all day w/crap no matter how many
> > times i powered up + down for a new ip ...
> >
> > - jon
> >
> > On Mon, 2003-08-18 at 17:08, Brian Pang wrote:
> > > Is it just me or is anyone else experiencing slow(er) connection
speeds
> > > today?
> > >
> > > I'm in Brooklyn Heights if location helps at all.
> > >
> > > thanks
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> > -- 
> > pgp key: http://www.jonbaer.net/jonbaer.asc
> > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>




From bpang at bpang.com  Wed Aug 20 01:14:42 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 20 Aug 2003 01:14:42 -0400
Subject: [nycphp-talk] dsl line speeds today?
Message-ID: <E19pLIw-0002lr-RN@rslrs1-server.com>

switch to what?

Verizon is the backbone for all things dsl... (at least in these parts)

blah blah road runner blah blah ;)


> yeah, blame everythin' on windows //i love it
>                                                             //i love it
>                                                             //i love it
> i'm using verzion dsl @ work,
> no problem whatsoever.
> bologny,
> switch i tell you SWITCH! ^_^
> show 'em "whois" the man.
> 
> best,
> louie
> --  good day, i sad, GOOD DAY.  (my boss response for my raise request).
> 
> 
> 
> ----- Original Message ----- 
> From: "Brian Pang" <bpang at bpang.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Tuesday, August 19, 2003 9:14 PM
> Subject: Re: [nycphp-talk] dsl line speeds today?
> 
> 
> > apparently it's the msblast worm overloading the DSLAMs.. at least that
> > is what my ISP told me...
> >
> > seems to have cleared up over the last 10 minutes... perhaps something
> > to do with midnight and a new day? I don't really know the details of
> > the virus since I wasn't personally concerned about it and how it
> > wouldn't affect me (RedHat, X Windows, Gnome).
> >
> > I guess I was wrong and it had me by the cojones all day. That is, until
> > I decided it was too nice of a day outside to sit here and wait for web
> > pages to load. :)
> >
> >
> >
> > > today my dsl *really* sucked (verizon) ... literally crawling to a
halt
> > > and the firewall was being pounded all day w/crap no matter how many
> > > times i powered up + down for a new ip ...
> > >
> > > - jon
> > >
> > > On Mon, 2003-08-18 at 17:08, Brian Pang wrote:
> > > > Is it just me or is anyone else experiencing slow(er) connection
> speeds
> > > > today?
> > > >
> > > > I'm in Brooklyn Heights if location helps at all.
> > > >
> > > > thanks
> > > > _______________________________________________
> > > > talk mailing list
> > > > talk at lists.nyphp.org
> > > > http://lists.nyphp.org/mailman/listinfo/talk
> > > -- 
> > > pgp key: http://www.jonbaer.net/jonbaer.asc
> > > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > >
> >
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From rolan at datawhorehouse.com  Wed Aug 20 12:03:35 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Wed, 20 Aug 2003 12:03:35 -0400
Subject: [nycphp-talk] compiling php with an external module?
Message-ID: <3F439BD7.8070007@datawhorehouse.com>

I'm trying to compile php-4.3.2 to include cybercash support.

In previous versions, there was a --enable-cybercash option,
but that seems to have been moved to something called PECL.

George Schlossnagle wrote a pear module which can be found
at http://pear.php.net/package-info.php?package=cybercash&version=1.18p1

I have downloaded and un-tgz'd it, however, I'm not sure
what to do with this file, where it should be placed, or what
role it plays in the compile process.

I first untargz'd it into the ext directory of the source tree, renamed
it cybercash then tried to compile with --with-cybercash
that did not work.

I also did a "pear install cybercash-1.18p1.tgz"
The pear installer responded with "success" but the cybercash
module will still not compile into binary.

Can someone please point me in the right direction here?

~Rolan



From danielc at analysisandsolutions.com  Wed Aug 20 14:27:37 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 20 Aug 2003 14:27:37 -0400
Subject: [nycphp-talk] compiling php with an external module?
In-Reply-To: <3F439BD7.8070007@datawhorehouse.com>
References: <3F439BD7.8070007@datawhorehouse.com>
Message-ID: <20030820182737.GA6741@panix.com>

Hi Rolan:

On Wed, Aug 20, 2003 at 12:03:35PM -0400, Rolan wrote:
> 
> I also did a "pear install cybercash-1.18p1.tgz"
> The pear installer responded with "success" but the cybercash
> module will still not compile into binary.

You don't need to compile items in PEAR.  In your scripts, just include
the relevant PEAR file and start using the package's methods.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From rolan at datawhorehouse.com  Wed Aug 20 15:25:29 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Wed, 20 Aug 2003 15:25:29 -0400
Subject: [nycphp-talk] compiling php with an external module?
In-Reply-To: <20030820182737.GA6741@panix.com>
References: <3F439BD7.8070007@datawhorehouse.com>
	<20030820182737.GA6741@panix.com>
Message-ID: <3F43CB29.8020305@datawhorehouse.com>

sad to say, I think the pear module is only 1/2 the picture
in the source of the php modules, it says that php needs
to be compiled with cybercash support. I've tried different
combinations in attempt to compile the cybercash libaries
into php and none of them have succeeded. Google
searches for php and cybercash only lead to more
pleas from people begging for advice on how to compile it.

Cybercash had provided pre-compiled binaries with their
package "mck-3.3.1-i586-pc-linux-gnulibc2"

The old way with php was to simply ./configure 
--with-cybercash=../mck-3.3.1-i586-pc-linux-gnulibc2
but when I do that now... the results of the config show nothing.
It doesn't even try to detect it.

~Rolan

Analysis & Solutions wrote:

>Hi Rolan:
>
>On Wed, Aug 20, 2003 at 12:03:35PM -0400, Rolan wrote:
>  
>
>>I also did a "pear install cybercash-1.18p1.tgz"
>>The pear installer responded with "success" but the cybercash
>>module will still not compile into binary.
>>    
>>
>
>You don't need to compile items in PEAR.  In your scripts, just include
>the relevant PEAR file and start using the package's methods.
>
>--Dan
>
>  
>



From hans at nyphp.org  Wed Aug 20 16:37:35 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 20 Aug 2003 16:37:35 -0400
Subject: [nycphp-talk] compiling php with an external module?
In-Reply-To: <3F43CB29.8020305@datawhorehouse.com>
References: <3F439BD7.8070007@datawhorehouse.com>	<20030820182737.GA6741@panix.com>
	<3F43CB29.8020305@datawhorehouse.com>
Message-ID: <3F43DC0F.6010109@nyphp.org>



Rolan wrote:

> sad to say, I think the pear module is only 1/2 the picture
> in the source of the php modules, it says that php needs
> to be compiled with cybercash support. I've tried different
> combinations in attempt to compile the cybercash libaries
> into php and none of them have succeeded. Google
> searches for php and cybercash only lead to more
> pleas from people begging for advice on how to compile it.
> 
> Cybercash had provided pre-compiled binaries with their
> package "mck-3.3.1-i586-pc-linux-gnulibc2"
> 
> The old way with php was to simply ./configure 
> --with-cybercash=../mck-3.3.1-i586-pc-linux-gnulibc2
> but when I do that now... the results of the config show nothing.
> It doesn't even try to detect it.

I think some of the stuff is outdated, as is the docs for PECL/PEAR.

http://pear.php.net/manual/en/pecl.apd.php has some good tips on getting modules to work in general, and I think there are some docs in PHP's CVS regarding these topics.

H




From hans at nyphp.org  Wed Aug 20 17:26:50 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 20 Aug 2003 17:26:50 -0400
Subject: [nycphp-talk] Free hardware and Books
Message-ID: <3F43E79A.10803@nyphp.org>


Hi all,

I have a stack of stuff that I'd like to give away.  It's not super-great, but it is totally free, and anything I'm left with I'll probably end up throwing away.  Some of the boxes, though, are especially good for those wanting to learn some Linux basics.  Contact me offlist and I'll be happy to meet you somewhere in Manhattan (east side would be best :) or at our meeting next week.  


------ Hardware

Creative Labs Sound Blaster 32 PNP  (ISA)

Adaptec SCSI AHA-1542C  (ISA)

Standard 3 1/2 Floppy Drive (may not work)

Maxtor MXT-1240S (SCSI with 5.25 brackets)

1 HP PS/2 Mouse

1 Microsoft PS/2 Mouse (with scroll wheel)

1 Microsoft PS/2 Mouse

Assortment of cables, connectors and bracket (oddball and common)

Acer CD-ROM CD-747E

Creative 52X CD-ROM CD5233E (may not work)



------ Books

Linux Configuration & Installation, Second Edition - MIS Press (1-55828-492-3)

Linux System Security - Prentice Hall (0-13-015807-0)

ODBC 2.0 Programmer's Reference and SDK Guide - Microsoft Press (1-55615-658-8)

Protecting Networks with SATAN - O'Reilly (1-56592-425-8)

Linux System Administration Handbook - Prentice Hall (0-13-680596-5)

Sair Linux and GNU Certification Level 1: Installation & Configuration - John Wiley & Sons (0-471-36978-0)

A Visual Introduction to SQL - John Wiley & Sons (0-471-61684-2)

Teach Yourself Visual C++ 5 in 21 Days, Fourth Edition - Sams Publishing (0-672-31014-7)

Visual C++ Programming - Brady (1-56686-048-2)






From smusgrav at musgrave.org  Thu Aug 21 06:32:35 2003
From: smusgrav at musgrave.org (Stephen Musgrave)
Date: Thu, 21 Aug 2003 10:32:35 +0000 (GMT)
Subject: [nycphp-talk] Free hardware and Books
In-Reply-To: <3F43E79A.10803@nyphp.org>
Message-ID: <Pine.BSF.4.40.0308211030460.312-100000@musgrave.org>


If you have items left over, you may want to donate the rest to one of the
non-profits here in NYC that are helping other non-profits use technology.
Check out npowerny.org... they are a good organizationa and always looking
for old machines for inner city labs.

And if you should throw any electronics away, be sure they don't go to the
landfill due to all the toxic contents.  Check department of sanitation
web site for proper disposal.

Stephen.


On Wed, 20 Aug 2003, Hans Zaunere wrote:

>
> Hi all,
>
> I have a stack of stuff that I'd like to give away.  It's not super-great, but it is totally free, and anything I'm left with I'll probably end up throwing away.  Some of the boxes, though, are especially good for those wanting to learn some Linux basics.  Contact me offlist and I'll be happy to meet you somewhere in Manhattan (east side would be best :) or at our meeting next week.
>
>
> ------ Hardware
>
> Creative Labs Sound Blaster 32 PNP  (ISA)
>
> Adaptec SCSI AHA-1542C  (ISA)
>
> Standard 3 1/2 Floppy Drive (may not work)
>
> Maxtor MXT-1240S (SCSI with 5.25 brackets)
>
> 1 HP PS/2 Mouse
>
> 1 Microsoft PS/2 Mouse (with scroll wheel)
>
> 1 Microsoft PS/2 Mouse
>
> Assortment of cables, connectors and bracket (oddball and common)
>
> Acer CD-ROM CD-747E
>
> Creative 52X CD-ROM CD5233E (may not work)
>
>
>
> ------ Books
>
> Linux Configuration & Installation, Second Edition - MIS Press (1-55828-492-3)
>
> Linux System Security - Prentice Hall (0-13-015807-0)
>
> ODBC 2.0 Programmer's Reference and SDK Guide - Microsoft Press (1-55615-658-8)
>
> Protecting Networks with SATAN - O'Reilly (1-56592-425-8)
>
> Linux System Administration Handbook - Prentice Hall (0-13-680596-5)
>
> Sair Linux and GNU Certification Level 1: Installation & Configuration - John Wiley & Sons (0-471-36978-0)
>
> A Visual Introduction to SQL - John Wiley & Sons (0-471-61684-2)
>
> Teach Yourself Visual C++ 5 in 21 Days, Fourth Edition - Sams Publishing (0-672-31014-7)
>
> Visual C++ Programming - Brady (1-56686-048-2)
>
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From cmerlo at ncc.edu  Thu Aug 21 12:07:48 2003
From: cmerlo at ncc.edu (Christopher R. Merlo)
Date: Thu, 21 Aug 2003 12:07:48 -0400
Subject: [nycphp-talk] I need a function that will compare IP addresses
In-Reply-To: <022b01c362ee$3dd89b10$67a76244@philofsoa>
References: <022b01c362ee$3dd89b10$67a76244@philofsoa>
Message-ID: <20030821160748.GB4912@ncc.edu>

On 2003-08-15 01:29 -0400, Phil Powell <soazine at erols.com> wrote:

>    Is there an existing function out there that can do this? I want to
>    compare "127.0.0.1" with "127.0.0.100" and come with as a "match", or
>    "127.0.0.1" with "127.0.0.1", but no "match if "127.0.0.1" and
>    "127.255.0.0".

This'll work:

function ipmatch ( $ip1, $ip2 ) {
  if( ereg( "(([0-9]{1,3}\.){3})[0-9]{1,3}", $ip1, $match1 ) &&
      ereg( "(([0-9]{1,3}\.){3})[0-9]{1,3}", $ip2, $match2 ) ) {
    return( $match1[ 1 ] == $match2[ 1 ] );
  }
}

-c

-- 
  cmerlo at ncc.edu             http://turing.matcmp.ncc.edu/~cmerlo

Q: How many Microsoft support staff does it take to change a light bulb?
A: Four. One to ask "What is the registration number of the light bulb?",
   one to ask "Have you tried rebooting it?", another to ask "Have you
   tried reinstalling it?" and the last one to say "It must be your hardware
   because the light bulb in our office works fine..."


From soazine at erols.com  Thu Aug 21 16:00:39 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 21 Aug 2003 16:00:39 -0400
Subject: [nycphp-talk] Anyone know why the "select" query will die?
Message-ID: <129a01c3681e$e5f8c7e0$67a76244@philofsoa>

 $sql = 'INSERT INTO fs_usermetadata (' . substr(trim($cols), 0, strrpos(trim($cols), ',')) .
          ') VALUES (' . substr(trim($values), 0, strrpos(trim($values), ',')) . ')';

    if (!mysql_query($sql)) {
     $hasSubmittedUser = 0;
     $errorMsg .= $font . '<font color=cc0000><li>Could not insert record into db</li></font>' .
                    '</font><p>';
    }
   
   if ($hasSubmittedUser) {
    // THIS BLOCK WILL ENSURE THAT THE ID WILL BE PASSED AND ALL DATA GATHERED FOR EDITING
    // OF RECENTLY SUBMITTED INFORMATION
    $willEditUser = 1; 
    $sql = 'SELECT fs_userid FROM fs_usermetadata ' .
           'WHERE fs_username = \'' . $fs_username . '\' ' .
           ' AND fs_password = \'' . $fs_password . '\' ';
    $query = mysql_query($sql) or die('Could not run updated data select query: ' . $sql);
    while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) $id = $row["fs_userid"];
   }

On occasions the "select" query will die for no apparent reason.  The "insert statement" is nullified and not done either.  However, upon the user hitting the back browser button and resubmitting both work fine and then continue to work fine for an indeterminate amount of time.

Perhaps I'm missing something here: what I'm trying to do is insert a new record and immediately obtain the id column field value from the new record.

Thanks
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/514d4def/attachment.html>

From shiflett at php.net  Thu Aug 21 16:37:31 2003
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 21 Aug 2003 13:37:31 -0700 (PDT)
Subject: [nycphp-talk] Anyone know why the "select" query will die?
In-Reply-To: <129a01c3681e$e5f8c7e0$67a76244@philofsoa>
Message-ID: <20030821203731.22892.qmail@web14305.mail.yahoo.com>

--- Phil Powell <soazine at erols.com> wrote:
> On occasions the "select" query will die for no apparent reason.
> The "insert statement" is nullified and not done either. However,
> upon the user hitting the back browser button and resubmitting both
> work fine and then continue to work fine for an indeterminate amount
> of time.

Maybe you should output mysql_error() on failure. That will be far more
informative than any guess I can make. You could have too many connections or
any number of other errors that could cause sporadic behavior.

> Perhaps I'm missing something here: what I'm trying to do is insert
> a new record and immediately obtain the id column field value from
> the new record.

You should use the function for tht and save yourself a query:

http://www.php.net/mysql_insert_id

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From soazine at erols.com  Thu Aug 21 16:39:33 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 21 Aug 2003 16:39:33 -0400
Subject: [nycphp-talk] Anyone know why the "select" query will die?
References: <20030821203731.22892.qmail@web14305.mail.yahoo.com>
Message-ID: <12f301c36824$543f1ec0$67a76244@philofsoa>

How do you people know so many PHP commands out there? DO you know every
single one of them? WOW, thanx!! That was a brand new one for me, saves me a
db query connection!

Phil

----- Original Message ----- 
From: "Chris Shiflett" <shiflett at php.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, August 21, 2003 4:37 PM
Subject: Re: [nycphp-talk] Anyone know why the "select" query will die?


> --- Phil Powell <soazine at erols.com> wrote:
> > On occasions the "select" query will die for no apparent reason.
> > The "insert statement" is nullified and not done either. However,
> > upon the user hitting the back browser button and resubmitting both
> > work fine and then continue to work fine for an indeterminate amount
> > of time.
>
> Maybe you should output mysql_error() on failure. That will be far more
> informative than any guess I can make. You could have too many connections
or
> any number of other errors that could cause sporadic behavior.
>
> > Perhaps I'm missing something here: what I'm trying to do is insert
> > a new record and immediately obtain the id column field value from
> > the new record.
>
> You should use the function for tht and save yourself a query:
>
> http://www.php.net/mysql_insert_id
>
> Hope that helps.
>
> Chris
>
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From soazine at erols.com  Thu Aug 21 17:04:24 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 21 Aug 2003 17:04:24 -0400
Subject: [nycphp-talk] if mysql_query() produces an error....
Message-ID: <131401c36827$cd6cf8f0$67a76244@philofsoa>

...is it not true that mysql_error() will persist?  I have a case on a site where the admin enters a new user and, for some reason, does it wrong, producing a mysql_error() instance.  If they try to, again, enter this user immediately after the error is shown, mysql_select_db dies.

I am thinking that this can be resolved by clearing mysql_error() immediately after the error is reported.  How can that be done, or am I way offbase here?

Thanx
Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/52648755/attachment.html>

From mlevy at hypersol.com  Thu Aug 21 17:13:15 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Thu, 21 Aug 2003 17:13:15 -0400
Subject: [nycphp-talk] if mysql_query() produces an error....
In-Reply-To: <131401c36827$cd6cf8f0$67a76244@philofsoa>
Message-ID: <BB6AAE2B.14990%mlevy@hypersol.com>

On 8/21/2003 17:04, "Phil Powell" <soazine at erols.com> scribbled:

> ...is it not true that mysql_error() will persist?  I have a case on a site
> where the admin enters a new user and, for some reason, does it wrong,
> producing a mysql_error() instance.  If they try to, again, enter this user
> immediately after the error is shown, mysql_select_db dies.
>  
> I am thinking that this can be resolved by clearing mysql_error() immediately
> after the error is reported.  How can that be done, or am I way offbase here?

It does not "persist", meaning it will only show the latest error, according
to the manual, on page:

http://us2.php.net/manual/en/function.mysql-error.php

They also mention that it will not be changed if the user does not have
permission to do what you intend or if the connection has been closed
already.

Good luck,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/354f6671/attachment.html>

From soazine at erols.com  Thu Aug 21 17:27:37 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 21 Aug 2003 17:27:37 -0400
Subject: [nycphp-talk] if mysql_query() produces an error....
References: <BB6AAE2B.14990%mlevy@hypersol.com>
Message-ID: <137801c3682b$0ba48680$67a76244@philofsoa>

Re: [nycphp-talk] if mysql_query() produces an error....Then I'm confused.  Why is it then that mysql_select_db() will bomb after the user attempted to enter erroneous data into mysql_query()?  That is, the user enters bad data within mysql_query(); it throws mysql_error() and delivers the page to the user; the user attempts AGAIN to enter somethng and then mysql_select_db dies!  Why does that occur?

Phil
  ----- Original Message ----- 
  From: Mauricio Sadicoff 
  To: NYPHP Talk 
  Sent: Thursday, August 21, 2003 5:13 PM
  Subject: Re: [nycphp-talk] if mysql_query() produces an error....


  On 8/21/2003 17:04, "Phil Powell" <soazine at erols.com> scribbled:


    ...is it not true that mysql_error() will persist?  I have a case on a site where the admin enters a new user and, for some reason, does it wrong, producing a mysql_error() instance.  If they try to, again, enter this user immediately after the error is shown, mysql_select_db dies.

    I am thinking that this can be resolved by clearing mysql_error() immediately after the error is reported.  How can that be done, or am I way offbase here?


  It does not "persist", meaning it will only show the latest error, according to the manual, on page:

  http://us2.php.net/manual/en/function.mysql-error.php

  They also mention that it will not be changed if the user does not have permission to do what you intend or if the connection has been closed already.

  Good luck,
  Mauricio

  --- 
   Mauricio L. Sadicoff      
   mlevy at hypersol.com


  "Peace of mind isn't at all superficial, really," I expound. "It's the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. What we call workability of the machine is just an objectification of this peace of mind. The ultimate test is always your own serenity." - Zen and the Art of Motorcycle Maintenance.



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/e8e898c2/attachment.html>

From mlevy at hypersol.com  Thu Aug 21 18:01:03 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Thu, 21 Aug 2003 18:01:03 -0400
Subject: [nycphp-talk] if mysql_query() produces an error....
In-Reply-To: <137801c3682b$0ba48680$67a76244@philofsoa>
Message-ID: <BB6AB95F.149A1%mlevy@hypersol.com>

On 8/21/2003 17:27, "Phil Powell" <soazine at erols.com> scribbled:

> Then I'm confused.  Why is it then that mysql_select_db() will bomb after the
> user attempted to enter erroneous data into mysql_query()?  That is, the user
> enters bad data within mysql_query(); it throws mysql_error() and delivers the
> page to the user; the user attempts AGAIN to enter somethng and then
> mysql_select_db dies!  Why does that occur?

Difficult to say without knowing the page code, but I would var_dump the
variables (particularly the queries) prior to running them. Make sure to
test the connection state as well. I have a feeling you might be closing it
and not reopening. Maybe the call that opens the connection does not show up
in the second time you run the page...?

Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/9d5c7926/attachment.html>

From soazine at erols.com  Thu Aug 21 18:17:05 2003
From: soazine at erols.com (Phil Powell)
Date: Thu, 21 Aug 2003 18:17:05 -0400
Subject: [nycphp-talk] if mysql_query() produces an error....
References: <BB6AB95F.149A1%mlevy@hypersol.com>
Message-ID: <13b501c36831$f4a5d220$67a76244@philofsoa>

Re: [nycphp-talk] if mysql_query() produces an error....I think I might have found the problem.. again, proving my limited knowledge of PHP functions (can I switch brains with any of you guys?), I did not know about this:

mysql_free_result($query);

I was using

$query = ''; mysql_close($dbConn);

This, I thought, from my ASP days, would free the query resources, as it does in ASP, however, in PHP it's not the case.

This might have caused the latent issues involving mysql_select_db() failing.

Phil
  ----- Original Message ----- 
  From: Mauricio Sadicoff 
  To: NYPHP Talk 
  Sent: Thursday, August 21, 2003 6:01 PM
  Subject: Re: [nycphp-talk] if mysql_query() produces an error....


  On 8/21/2003 17:27, "Phil Powell" <soazine at erols.com> scribbled:


    Then I'm confused.  Why is it then that mysql_select_db() will bomb after the user attempted to enter erroneous data into mysql_query()?  That is, the user enters bad data within mysql_query(); it throws mysql_error() and delivers the page to the user; the user attempts AGAIN to enter somethng and then mysql_select_db dies!  Why does that occur?


  Difficult to say without knowing the page code, but I would var_dump the variables (particularly the queries) prior to running them. Make sure to test the connection state as well. I have a feeling you might be closing it and not reopening. Maybe the call that opens the connection does not show up in the second time you run the page...?

  Best regards,
  Mauricio

  --- 
   Mauricio L. Sadicoff      
   mlevy at hypersol.com


  "Peace of mind isn't at all superficial, really," I expound. "It's the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. What we call workability of the machine is just an objectification of this peace of mind. The ultimate test is always your own serenity." - Zen and the Art of Motorcycle Maintenance.



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030821/06e93293/attachment.html>

From patrick.fee at baesystems.com  Fri Aug 15 10:21:59 2003
From: patrick.fee at baesystems.com (Fee, Patrick J)
Date: Fri, 15 Aug 2003 10:21:59 -0400
Subject: [nycphp-talk] Database code solutions
Message-ID: <E7F20B466062D511973800508B6DBC6C0586BFE0@mdrci-c02-exch.tst.tracor.com>

You're right Matthew.  Dreamweaver does have the ability to build SQL
queries in a GUI-type environment (and also to view the pages in WYSIWYG
fashion with true data in the dynamic page).  I've fiddled around with that
part of the application while building some php pages.

IMHO, Dreamweaver does still favor ASP and CFM pages (that's where they
started from).  However the PHP support has increased dramatically in the
last couple of releases.

And you can always stay with "code only" views if you're more of a purist.
But the WYSIWYG option HAS allowed me to bring more graphic-centric staff
into the dynamic-coding environment by building queries or content
graphically and then review the code with them.  Of course this sometimes
becomes more of a "don't code this way" exercise... but helpful
none-the-less.

Just my Friday morning 2 cents worth....

Below the "Blackout Line" in DC,

Patrick

Patrick J. Fee
Web & Database Group Manager
BAE SYSTEMS
600 Maryland Ave. SW  Suite 700
Washington D.C. 20024
Patrick.Fee at BAESYSTEMS.com
Tel: (202) 548-3759
Fax: (202) 608-5970


-----Original Message-----
From: Matthew Zimmerman [mailto:mz34 at nyu.edu] 
Sent: Thursday, August 14, 2003 4:02 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Database code solutions

If I am not mistaken, Dreamweaver might have this functionality. I know 
it is a pretty heavy commercial product and not sure if they have a 
Linux version, but I remember one of our students using it as a GUI to 
build SQL Queries.


On Wednesday, August 13, 2003, at 01:18  PM, Ophir Prusak wrote:

> I checked our your class and the ezsql class as well.
> These are great classes and definitely big helpers but I already have 
> code
> that takes care of much of this "low level plumbing".
>
> phplens gives you a web based interface that actually creates the php
> necessary for the forms themselves.
> It looks like I'll need to play around with it myself and I'll post a
> mini-review.
>
> Ophir
>
>> Ophir wrote two messages back...
>>>
>>> and not spend so much time creating the "plumbing" for basic database
>>> operations such as create a new row, edit a row, read a row or 
>>> delete a
> row.
>>
>> These operations are handled by simple queries.  There's no way around
>> programming that... until artificial intelligence, I guess.
>>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
MZ
_________________
Matthew Zimmerman
Humanities Computing Group, NYU
Tel: 212.998.3038
Fax: 212.995.4120

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


From hans at nyphp.org  Thu Aug 21 21:35:23 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Thu, 21 Aug 2003 21:35:23 -0400
Subject: [nycphp-talk] Free hardware and Books
In-Reply-To: <Pine.BSF.4.40.0308211030460.312-100000@musgrave.org>
References: <Pine.BSF.4.40.0308211030460.312-100000@musgrave.org>
Message-ID: <3F45735B.5020100@nyphp.org>



Stephen Musgrave wrote:

> If you have items left over, you may want to donate the rest to one of the
> non-profits here in NYC that are helping other non-profits use technology.
> Check out npowerny.org... they are a good organizationa and always looking
> for old machines for inner city labs.

That's a good thought.  I'll send what ever is left over to them.

H




From ejp at well.com  Thu Aug 21 23:03:50 2003
From: ejp at well.com (Edward Potter)
Date: Thu, 21 Aug 2003 23:03:50 -0400
Subject: [nycphp-talk] Free hardware and Books
In-Reply-To: <3F45735B.5020100@nyphp.org>
Message-ID: <4189993C-D44D-11D7-9555-000393D9EBFA@well.com>

Can you imagine what would come out of Crown Heights, Brooklyn  if they 
actually gave the KIDS ROCKING G5's?  I mean they could take over the 
world.

-ed


On Thursday, August 21, 2003, at 09:35 PM, Hans Zaunere wrote:

>
>
> Stephen Musgrave wrote:
>
>> If you have items left over, you may want to donate the rest to one 
>> of the
>> non-profits here in NYC that are helping other non-profits use 
>> technology.
>> Check out npowerny.org... they are a good organizationa and always 
>> looking
>> for old machines for inner city labs.
>
> That's a good thought.  I'll send what ever is left over to them.
>
> H
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From jsiegel1 at optonline.net  Fri Aug 22 07:21:36 2003
From: jsiegel1 at optonline.net (jsiegel1 at optonline.net)
Date: Fri, 22 Aug 2003 07:21:36 -0400
Subject: [nycphp-talk] Database code solutions
Message-ID: <414bb43dd1.43dd1414bb@optonline.net>

Be careful about relying too much on the code generated by DreamWeaver. It's gotten me in to TONS of trouble! I've rewritten the vast majority of the code it generates. 

Jeff

----- Original Message -----
From: "Fee, Patrick J" <patrick.fee at baesystems.com>
Date: Friday, August 15, 2003 10:21 am
Subject: RE: [nycphp-talk] Database code solutions

> You're right Matthew.  Dreamweaver does have the ability to build SQL
> queries in a GUI-type environment (and also to view the pages in 
> WYSIWYGfashion with true data in the dynamic page).  I've fiddled 
> around with that
> part of the application while building some php pages.
> 
> IMHO, Dreamweaver does still favor ASP and CFM pages (that's where 
> theystarted from).  However the PHP support has increased 
> dramatically in the
> last couple of releases.
> 
> And you can always stay with "code only" views if you're more of a 
> purist.But the WYSIWYG option HAS allowed me to bring more graphic-
> centric staff
> into the dynamic-coding environment by building queries or content
> graphically and then review the code with them.  Of course this 
> sometimesbecomes more of a "don't code this way" exercise... but 
> helpfulnone-the-less.
> 
> Just my Friday morning 2 cents worth....
> 
> Below the "Blackout Line" in DC,
> 
> Patrick
> 
> Patrick J. Fee
> Web & Database Group Manager
> BAE SYSTEMS
> 600 Maryland Ave. SW  Suite 700
> Washington D.C. 20024
> Patrick.Fee at BAESYSTEMS.com
> Tel: (202) 548-3759
> Fax: (202) 608-5970
> 
> 
> -----Original Message-----
> From: Matthew Zimmerman [mz34 at nyu.edu] 
> Sent: Thursday, August 14, 2003 4:02 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] Database code solutions
> 
> If I am not mistaken, Dreamweaver might have this functionality. I 
> know 
> it is a pretty heavy commercial product and not sure if they have 
> a 
> Linux version, but I remember one of our students using it as a 
> GUI to 
> build SQL Queries.
> 
> 
> On Wednesday, August 13, 2003, at 01:18  PM, Ophir Prusak wrote:
> 
> > I checked our your class and the ezsql class as well.
> > These are great classes and definitely big helpers but I already 
> have 
> > code
> > that takes care of much of this "low level plumbing".
> >
> > phplens gives you a web based interface that actually creates 
> the php
> > necessary for the forms themselves.
> > It looks like I'll need to play around with it myself and I'll 
> post a
> > mini-review.
> >
> > Ophir
> >
> >> Ophir wrote two messages back...
> >>>
> >>> and not spend so much time creating the "plumbing" for basic 
> database>>> operations such as create a new row, edit a row, read 
> a row or 
> >>> delete a
> > row.
> >>
> >> These operations are handled by simple queries.  There's no way 
> around>> programming that... until artificial intelligence, I guess.
> >>
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
> MZ
> _________________
> Matthew Zimmerman
> Humanities Computing Group, NYU
> Tel: 212.998.3038
> Fax: 212.995.4120
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From mwithington at PLMresearch.com  Fri Aug 22 08:09:50 2003
From: mwithington at PLMresearch.com (Mark Withington)
Date: Fri, 22 Aug 2003 08:09:50 -0400
Subject: [nycphp-talk] Database code solutions
Message-ID: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3586A6354@network.PLMresearch.com>

Very true!  It doesn't like some php stuff and will conveniently throw in
extra characters to suit its needs - resulting in a needle/haystack when the
compiler pukes.  I've found the Zend IDE much better (although it lacks the
DW HTML tools).

--------------------------
Mark L. Withington
PLMresearch
"eBusiness for the Midsize Enterprise"
PO Box 1354
Plymouth, MA  02362
o: 800-310-3992
f: 508-746-4973
v: 508-746-2383
m: 508-801-0181
http://www.PLMresearch.com
Netscape/AOL/MSN IM: PLMresearch
mwithington at plmresearch.com
Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc
Calendar: http://www.plmresearch.com/calendar.php



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of jsiegel1 at optonline.net
Sent: Friday, August 22, 2003 7:22 AM
To: NYPHP Talk
Subject: Re: RE: [nycphp-talk] Database code solutions


Be careful about relying too much on the code generated by DreamWeaver. It's
gotten me in to TONS of trouble! I've rewritten the vast majority of the
code it generates. 

Jeff

----- Original Message -----
From: "Fee, Patrick J" <patrick.fee at baesystems.com>
Date: Friday, August 15, 2003 10:21 am
Subject: RE: [nycphp-talk] Database code solutions

> You're right Matthew.  Dreamweaver does have the ability to build SQL 
> queries in a GUI-type environment (and also to view the pages in 
> WYSIWYGfashion with true data in the dynamic page).  I've fiddled 
> around with that part of the application while building some php 
> pages.
> 
> IMHO, Dreamweaver does still favor ASP and CFM pages (that's where
> theystarted from).  However the PHP support has increased 
> dramatically in the
> last couple of releases.
> 
> And you can always stay with "code only" views if you're more of a
> purist.But the WYSIWYG option HAS allowed me to bring more graphic-
> centric staff
> into the dynamic-coding environment by building queries or content
> graphically and then review the code with them.  Of course this 
> sometimesbecomes more of a "don't code this way" exercise... but 
> helpfulnone-the-less.
> 
> Just my Friday morning 2 cents worth....
> 
> Below the "Blackout Line" in DC,
> 
> Patrick
> 
> Patrick J. Fee
> Web & Database Group Manager
> BAE SYSTEMS
> 600 Maryland Ave. SW  Suite 700
> Washington D.C. 20024
> Patrick.Fee at BAESYSTEMS.com
> Tel: (202) 548-3759
> Fax: (202) 608-5970
> 
> 
> -----Original Message-----
> From: Matthew Zimmerman [mz34 at nyu.edu]
> Sent: Thursday, August 14, 2003 4:02 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] Database code solutions
> 
> If I am not mistaken, Dreamweaver might have this functionality. I
> know 
> it is a pretty heavy commercial product and not sure if they have 
> a 
> Linux version, but I remember one of our students using it as a 
> GUI to 
> build SQL Queries.
> 
> 
> On Wednesday, August 13, 2003, at 01:18  PM, Ophir Prusak wrote:
> 
> > I checked our your class and the ezsql class as well.
> > These are great classes and definitely big helpers but I already
> have
> > code
> > that takes care of much of this "low level plumbing".
> >
> > phplens gives you a web based interface that actually creates
> the php
> > necessary for the forms themselves.
> > It looks like I'll need to play around with it myself and I'll
> post a
> > mini-review.
> >
> > Ophir
> >
> >> Ophir wrote two messages back...
> >>>
> >>> and not spend so much time creating the "plumbing" for basic
> database>>> operations such as create a new row, edit a row, read
> a row or
> >>> delete a
> > row.
> >>
> >> These operations are handled by simple queries.  There's no way
> around>> programming that... until artificial intelligence, I guess.
> >>
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
> MZ
> _________________
> Matthew Zimmerman
> Humanities Computing Group, NYU
> Tel: 212.998.3038
> Fax: 212.995.4120
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


From soazine at erols.com  Fri Aug 22 14:23:41 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 14:23:41 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <021001c368da$83eecb50$67a76244@philofsoa>

Has anyone have anything like this happen to them? How have you handled it, I'm out of ideas.

Thanks
Phil

Phil,

Unfortunately, this means that you were really not able to provide what I had asked for.  As was explained in my original bid request "The key to this will be that I would like to be able to add the pages in the password protected part of the site by either filling in a form OR using FrontPage 2002."  Since I am not able to do this with adding text and images in a way that people can read it, I am going to have to find another alternative.  I will be deleting your files from the web site and starting over and hopefully will still be able to have this finished by Sunday

Lawrence


On Fri, 22 Aug 2003 12:34:55 -0400, Phil Powell wrote

> If you have Adobe Illustrator then you can export the Word documents 
> into a PDF, which is universally viewable by everyone (provided they 
> download Adobe Acrobat Reader, which is extremely easy to do and I 
> can even provide a link for them to do so).  That way even Mac and 
> Linux users, and those (like me) that have neither Word nor Word 
> Viewer can view the files, images and all.
> 
> Otherwise, I'm sorry, but there are few other technical alternatives.
> Images cannot be placed into a converted HTML file from a Word document
> unless the path to the images points to an actual image, and that 
> does not happen if you are converting a local Word document into an 
> HTML file since the images are on the same local machine (i.e.,
>  yours) as the doc itself. In order for the HTML files to be 
> accessible you would have to come up with a way to move all of the 
> images to a folder on the site and then change the paths on every 
> single <img src> tag in the HTML to point to those images in order 
> for them to render as existing.
> 
> That is literally all I could come up with and this after asking 
> other techies I know too.
> 
> Phil
> ----- Original Message ----- 
> Subject: Re: Site Update
> 
> > Since not everyone has Microsoft Word on their computers I don't want to
> > leave them as a Word Document.
> >
> > My reason for having a second web site created for this project was to
> > simplify things for me.  This was the whole reason for saying I wanted to
> be
> > able to do this using a form or using FrontPage.  If I have to upload
> images
> > into a folder and start making adjustments to other folders, that defeats
> my
> > whole purpose.
> >
> > If I can't get this done, this weekend, I am going to have to find 
another
> > way to get this done
> >
> > Lawrence
> >
> > On Fri, 22 Aug 2003 12:20:49 -0400, Phil Powell wrote
> > > Let me ask a few people; from what I understand it is looking for 
images
> > > with paths that don't exist since you converted a .doc into .htm
> > > (BTW you could leave it at .doc if you like it's viewable that way
> > > too).  You might have to upload the images into the /images folder,
> > >  name them properly, and then adjust your .doc file to point to the
> > > images in the /images folder in the meantime.
> > >
> > > Phil
> > > ----- Original Message ----- 
> > > Subject: Re: Site Update
> > >
> > > > Phil,
> > > >
> > > > I tried uploading a couple of the pages to the
> > 
> > > > page by creating them in Microsoft Word and then saving as html and
> > > > everything worked except that the diagrams don't show up (they just
> have
> > > an
> > > > x where the diagram should be as if the jpg couldn't load).  Any
> > > suggestions?
> > > >
> > > > Lawrence
> > > >
> > > > On Thu, 21 Aug 2003 15:09:30 -0400, Phil Powell wrote
> > > > > I've been monitoring the  site now off
> > > > > and on for a few days and everything seems completely stable.
> > > > > Wasn't sure if you have had a chance lately but I wanted you to 
know
> > > > > that everything looks OK for now.
> > > > >
> > > > > Please do let me know if there is anything else you need.
> > > > >
> > > > > Phil
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/04c41e49/attachment.html>

From agfische at email.smith.edu  Fri Aug 22 14:46:37 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 22 Aug 2003 14:46:37 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <021001c368da$83eecb50$67a76244@philofsoa>
Message-ID: <F5CE2E78-D4D0-11D7-9199-0003930D07F2@email.smith.edu>

OK, so if he is creating them in Word, he can output them straight to 
PDF from there.  All he needs is the full version of Acrobat.  Then he 
can just FTP them to the secure area and provide a link.

 From Word, outputting to PDF is very easy once Acrobat is installed.  
File > Print, choose the PDF writer as the printer.

HTH,

Aaron

On Friday, Aug 22, 2003, at 14:23 US/Eastern, Phil Powell wrote:

> Has anyone have anything like this happen to them? How have you 
> handled it, I'm out of ideas.
> ?
> Thanks
> Phil
> ?
> Phil,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 801 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/54d5b49f/attachment.bin>

From soazine at erols.com  Fri Aug 22 14:47:36 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 14:47:36 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <F5CE2E78-D4D0-11D7-9199-0003930D07F2@email.smith.edu>
Message-ID: <024b01c368dd$db0efec0$67a76244@philofsoa>

I suggested it, that is what prompted his response.  He refuses to get Acrobat and expects ME to do everything about it!

Phil
  ----- Original Message ----- 
  From: Aaron Fischer 
  To: NYPHP Talk 
  Sent: Friday, August 22, 2003 2:46 PM
  Subject: Re: [nycphp-talk] PHP project from Hell Story


  OK, so if he is creating them in Word, he can output them straight to PDF from there. All he needs is the full version of Acrobat. Then he can just FTP them to the secure area and provide a link.

  From Word, outputting to PDF is very easy once Acrobat is installed. File > Print, choose the PDF writer as the printer.

  HTH,

  Aaron

  On Friday, Aug 22, 2003, at 14:23 US/Eastern, Phil Powell wrote:


    Has anyone have anything like this happen to them? How have you handled it, I'm out of ideas.
     
    Thanks
    Phil
     
    Phil,


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/ecd2a626/attachment.html>

From agfische at email.smith.edu  Fri Aug 22 14:57:16 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 22 Aug 2003 14:57:16 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <024b01c368dd$db0efec0$67a76244@philofsoa>
Message-ID: <72CCD87E-D4D2-11D7-9199-0003930D07F2@email.smith.edu>

1. You did, but you also said if he had Illustrator.  Maybe he is 
thinking he needs to buy Illustrator as well?

2.  Another option:
He can output them directly to html from Word.  Word creates the page 
and a folder to hold the images and an xml file.  If he FTP's the page 
and the folder to a directory it will work.  No renaming necessary.  I 
just did it, took me under a minute.

3. Of course, you could build him a form page that lets him type in 
some text and upload the image file and write the php which creates the 
html page upon submission...

-A

On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:

> I suggested it, that is what prompted his response.? He refuses to get 
> Acrobat and expects ME to do everything about it!
> ?
> Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 905 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/69c96aa6/attachment.bin>

From soazine at erols.com  Fri Aug 22 14:59:41 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 14:59:41 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <72CCD87E-D4D2-11D7-9199-0003930D07F2@email.smith.edu>
Message-ID: <029601c368df$8b689af0$67a76244@philofsoa>

See below!
  ----- Original Message ----- 
  From: Aaron Fischer 
  To: NYPHP Talk 
  Sent: Friday, August 22, 2003 2:57 PM
  Subject: Re: [nycphp-talk] PHP project from Hell Story


  1. You did, but you also said if he had Illustrator. Maybe he is thinking he needs to buy Illustrator as well?

  He has Illustrator and doesn't want to use that because he says it wants to "keep it simple" for his clients.

  2. Another option:
  He can output them directly to html from Word. Word creates the page and a folder to hold the images and an xml file. If he FTP's the page and the folder to a directory it will work. No renaming necessary. I just did it, took me under a minute.

  He doesn't want to FTP either.  I suggested that and he refuses stating that it's more work than he wants.  He wants it so that the HTML file, images and all, go at once to the same server, embedded as if they were the original .doc file.

  3. Of course, you could build him a form page that lets him type in some text and upload the image file and write the php which creates the html page upon submission...

  Nixed that too.  He wants a single upload.  He doesn't want to do any more work because it's "out of scope" with what he wants.

  -A

  On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:


    I suggested it, that is what prompted his response.  He refuses to get Acrobat and expects ME to do everything about it!
     
    Phil


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/b648733b/attachment.html>

From eric.cogswell at innlink.com  Fri Aug 22 15:04:08 2003
From: eric.cogswell at innlink.com (Cogswell, Eric)
Date: Fri, 22 Aug 2003 14:04:08 -0500
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <C33C210B505AE448ACDB84D71C45E23D7F2654@shosv2b.sholodge.corp>

While PDF is obviously the best solution here, I belive FrontPage has an FTP upload utility built into it that he could use to upload the pages directly to the server.  And I know that in Dreamweaver, there is an option to include dependant files during an ftp upload which will automatically upload any image files needed by the page and place them in the correct directories.  It makes uploading super easy for lazy users.  Im not terribly familiar with FrontPage, but I would assume it has something similar.

-----Original Message-----
From: Phil Powell [mailto:soazine at erols.com]
Sent: Friday, August 22, 2003 2:00 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP project from Hell Story


See below!

----- Original Message ----- 
From: Aaron Fischer <mailto:agfische at email.smith.edu>  
To: NYPHP Talk <mailto:talk at lists.nyphp.org>  
Sent: Friday, August 22, 2003 2:57 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


1. You did, but you also said if he had Illustrator. Maybe he is thinking he needs to buy Illustrator as well?



He has Illustrator and doesn't want to use that because he says it wants to "keep it simple" for his clients.

2. Another option:
He can output them directly to html from Word. Word creates the page and a folder to hold the images and an xml file. If he FTP's the page and the folder to a directory it will work. No renaming necessary. I just did it, took me under a minute.

He doesn't want to FTP either.  I suggested that and he refuses stating that it's more work than he wants.  He wants it so that the HTML file, images and all, go at once to the same server, embedded as if they were the original .doc file.

3. Of course, you could build him a form page that lets him type in some text and upload the image file and write the php which creates the html page upon submission...

Nixed that too.  He wants a single upload.  He doesn't want to do any more work because it's "out of scope" with what he wants.

-A

On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:



<?fontfamily><?param Arial><?smaller>I suggested it, that is what prompted his response.  He refuses to get Acrobat and expects ME to do everything about it!<?/smaller><?/fontfamily>
 
<?fontfamily><?param Arial><?smaller>Phil<?/smaller><?/fontfamily>



  _____  




_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/129f2bb7/attachment.html>

From soazine at erols.com  Fri Aug 22 15:01:39 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:01:39 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <72CCD87E-D4D2-11D7-9199-0003930D07F2@email.smith.edu>
	<029601c368df$8b689af0$67a76244@philofsoa>
Message-ID: <02aa01c368df$d15d8a70$67a76244@philofsoa>

More on Pt 2, Aaron..

I know about how Word creates the subfolder for images and XML.  However, he is doing this on his own machine which has no network connection to the remote server where everything has to go.  In order for the stuff to be on the remote server he would have to FTP it, create appropriate folders, etc., populate them with images, on the remote box.  He won't do that.

Phil
  ----- Original Message ----- 
  From: Phil Powell 
  To: NYPHP Talk 
  Sent: Friday, August 22, 2003 2:59 PM
  Subject: Re: [nycphp-talk] PHP project from Hell Story


  See below!
    ----- Original Message ----- 
    From: Aaron Fischer 
    To: NYPHP Talk 
    Sent: Friday, August 22, 2003 2:57 PM
    Subject: Re: [nycphp-talk] PHP project from Hell Story


    1. You did, but you also said if he had Illustrator. Maybe he is thinking he needs to buy Illustrator as well?

    He has Illustrator and doesn't want to use that because he says it wants to "keep it simple" for his clients.

    2. Another option:
    He can output them directly to html from Word. Word creates the page and a folder to hold the images and an xml file. If he FTP's the page and the folder to a directory it will work. No renaming necessary. I just did it, took me under a minute.

    He doesn't want to FTP either.  I suggested that and he refuses stating that it's more work than he wants.  He wants it so that the HTML file, images and all, go at once to the same server, embedded as if they were the original .doc file.

    3. Of course, you could build him a form page that lets him type in some text and upload the image file and write the php which creates the html page upon submission...

    Nixed that too.  He wants a single upload.  He doesn't want to do any more work because it's "out of scope" with what he wants.

    -A

    On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:


      I suggested it, that is what prompted his response.  He refuses to get Acrobat and expects ME to do everything about it!
       
      Phil


----------------------------------------------------------------------------


    _______________________________________________
    talk mailing list
    talk at lists.nyphp.org
    http://lists.nyphp.org/mailman/listinfo/talk



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/77428338/attachment.html>

From mlevy at hypersol.com  Fri Aug 22 15:03:25 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 15:03:25 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <021001c368da$83eecb50$67a76244@philofsoa>
Message-ID: <BB6BE13D.14A17%mlevy@hypersol.com>

On 8/22/2003 14:23, "Phil Powell" <soazine at erols.com> scribbled:

> Has anyone have anything like this happen to them? How have you handled it,
> I'm out of ideas.
> 
> Thanks
> Phil
> 
> Phil,
> 
> Unfortunately, this means that you were really not able to provide what I had
> asked for.  As was explained in my original bid request "The key to this will
> be that I would like to be able to add the pages in the password protected
> part of the site by either filling in a form OR using FrontPage 2002."  Since
> I am not able to do this with adding text and images in a way that people can
> read it, I am going to have to find another alternative.  I will be deleting
> your files from the web site and starting over and hopefully will still be
> able to have this finished by Sunday
> 
> Lawrence

Suggestion: Make an "upload" page. Something inside the pwd protected page
that would allow him to upload many files. They will all upload to the same
directory, so the images will be there. Tell him that he has to have the
images in the same directory in his computer when he creates the file, this
should not be a problem.

In the "upload" page, to avoid further discussion, you can even call one of
the upload fields "Word document" and the others images. You're just using
HTML input fields, really, and uploading them to a specific directory.

That should do it. If it does, 10% is my going rate, hehehe ;-)
 
Cheers,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From soazine at erols.com  Fri Aug 22 15:03:22 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:03:22 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <C33C210B505AE448ACDB84D71C45E23D7F2654@shosv2b.sholodge.corp>
Message-ID: <02c001c368e0$0ef758c0$67a76244@philofsoa>

Yep, and trust me I tried to convince him to go the PDF route but he not only refused, he deleted all of the PHP, TCL, XML and SQL scripts I wrote and scrapped everything I did claiming that I did not do as he "required".

Phil
  ----- Original Message ----- 
  From: Cogswell, Eric 
  To: NYPHP Talk 
  Sent: Friday, August 22, 2003 3:04 PM
  Subject: RE: [nycphp-talk] PHP project from Hell Story


  While PDF is obviously the best solution here, I belive FrontPage has an FTP upload utility built into it that he could use to upload the pages directly to the server.  And I know that in Dreamweaver, there is an option to include dependant files during an ftp upload which will automatically upload any image files needed by the page and place them in the correct directories.  It makes uploading super easy for lazy users.  Im not terribly familiar with FrontPage, but I would assume it has something similar.
    -----Original Message-----
    From: Phil Powell [mailto:soazine at erols.com]
    Sent: Friday, August 22, 2003 2:00 PM
    To: NYPHP Talk
    Subject: Re: [nycphp-talk] PHP project from Hell Story


    See below!
      ----- Original Message ----- 
      From: Aaron Fischer 
      To: NYPHP Talk 
      Sent: Friday, August 22, 2003 2:57 PM
      Subject: Re: [nycphp-talk] PHP project from Hell Story


      1. You did, but you also said if he had Illustrator. Maybe he is thinking he needs to buy Illustrator as well?

      He has Illustrator and doesn't want to use that because he says it wants to "keep it simple" for his clients.

      2. Another option:
      He can output them directly to html from Word. Word creates the page and a folder to hold the images and an xml file. If he FTP's the page and the folder to a directory it will work. No renaming necessary. I just did it, took me under a minute.

      He doesn't want to FTP either.  I suggested that and he refuses stating that it's more work than he wants.  He wants it so that the HTML file, images and all, go at once to the same server, embedded as if they were the original .doc file.

      3. Of course, you could build him a form page that lets him type in some text and upload the image file and write the php which creates the html page upon submission...

      Nixed that too.  He wants a single upload.  He doesn't want to do any more work because it's "out of scope" with what he wants.

      -A

      On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:


        I suggested it, that is what prompted his response.  He refuses to get Acrobat and expects ME to do everything about it!
         
        Phil


--------------------------------------------------------------------------


      _______________________________________________
      talk mailing list
      talk at lists.nyphp.org
      http://lists.nyphp.org/mailman/listinfo/talk



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/7b879cbc/attachment.html>

From soazine at erols.com  Fri Aug 22 15:04:48 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:04:48 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <BB6BE13D.14A17%mlevy@hypersol.com>
Message-ID: <02cb01c368e0$425f2300$67a76244@philofsoa>

I suggested that too, Mauricio.  He refused to do so, it was "more work than
what I expect from an upload page".  He has, or rather HAD an upload page
(he deleted what I did now) that uploads the file, but he wanted it to
upload only a SINGLE file, complete with images intact if need be.

Phil
----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:03 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> On 8/22/2003 14:23, "Phil Powell" <soazine at erols.com> scribbled:
>
> > Has anyone have anything like this happen to them? How have you handled
it,
> > I'm out of ideas.
> >
> > Thanks
> > Phil
> >
> > Phil,
> >
> > Unfortunately, this means that you were really not able to provide what
I had
> > asked for.  As was explained in my original bid request "The key to this
will
> > be that I would like to be able to add the pages in the password
protected
> > part of the site by either filling in a form OR using FrontPage 2002."
Since
> > I am not able to do this with adding text and images in a way that
people can
> > read it, I am going to have to find another alternative.  I will be
deleting
> > your files from the web site and starting over and hopefully will still
be
> > able to have this finished by Sunday
> >
> > Lawrence
>
> Suggestion: Make an "upload" page. Something inside the pwd protected page
> that would allow him to upload many files. They will all upload to the
same
> directory, so the images will be there. Tell him that he has to have the
> images in the same directory in his computer when he creates the file,
this
> should not be a problem.
>
> In the "upload" page, to avoid further discussion, you can even call one
of
> the upload fields "Word document" and the others images. You're just using
> HTML input fields, really, and uploading them to a specific directory.
>
> That should do it. If it does, 10% is my going rate, hehehe ;-)
>
> Cheers,
> Mauricio
>
> --- 
>  Mauricio L. Sadicoff
>  mlevy at hypersol.com
>
>
> "Peace of mind isn't at all superficial, really," I expound. "It's the
whole
> thing. That which produces it is good maintenance; that which disturbs it
is
> poor maintenance. What we call workability of the machine is just an
> objectification of this peace of mind. The ultimate test is always your
own
> serenity." - Zen and the Art of Motorcycle Maintenance.
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From agfische at email.smith.edu  Fri Aug 22 15:11:59 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 22 Aug 2003 15:11:59 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <02cb01c368e0$425f2300$67a76244@philofsoa>
Message-ID: <8109AA4C-D4D4-11D7-9199-0003930D07F2@email.smith.edu>

WOW.

F&%$ him.  He's not worth your time.

I mean, what's the big difference in uploading ONE file vs. uploading 
ONE file and ONE folder?  It can be done in the same session on the 
same page.  Just have to brows on your computer for a file/folder TWICE 
instead of ONCE?!

He's really asking for the impossible as far as I can tell.  The only 
thing that creates a file with embedded images so it is all in one is 
Acrobat, as far as I know.  AND, if his users can work in Word, they 
can certainly print, and if they can print, they can change the little 
dialogue box from their printer to PDF distiller.

-A

On Friday, Aug 22, 2003, at 15:04 US/Eastern, Phil Powell wrote:

> I suggested that too, Mauricio.  He refused to do so, it was "more 
> work than
> what I expect from an upload page".  He has, or rather HAD an upload 
> page
> (he deleted what I did now) that uploads the file, but he wanted it to
> upload only a SINGLE file, complete with images intact if need be.
>
> Phil



From bpang at bpang.com  Fri Aug 22 15:12:32 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 15:12:32 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qHKq-00004z-E6@rslrs1-server.com>

I can't think of any way that it could possibly be a SINGLE upload.

Even, as was mentioned in the origial post, FrontPage was used. There
would still be multiple files sent to the server.



> This is a multi-part message in MIME format.
> 
> 
> See below!
>   ----- Original Message ----- 
>   From: Aaron Fischer 
>   To: NYPHP Talk 
>   Sent: Friday, August 22, 2003 2:57 PM
>   Subject: Re: [nycphp-talk] PHP project from Hell Story
> 
> 
>   1. You did, but you also said if he had Illustrator. Maybe he is
thinking he needs to buy Illustrator as well?
> 
>   He has Illustrator and doesn't want to use that because he says it
wants to "keep it simple" for his clients.
> 
>   2. Another option:
>   He can output them directly to html from Word. Word creates the page
and a folder to hold the images and an xml file. If he FTP's the page
and the folder to a directory it will work. No renaming necessary. I
just did it, took me under a minute.
> 
>   He doesn't want to FTP either.  I suggested that and he refuses
stating that it's more work than he wants.  He wants it so that the HTML
file, images and all, go at once to the same server, embedded as if they
were the original .doc file.
> 
>   3. Of course, you could build him a form page that lets him type in
some text and upload the image file and write the php which creates the
html page upon submission...
> 
>   Nixed that too.  He wants a single upload.  He doesn't want to do
any more work because it's "out of scope" with what he wants.
> 
>   -A
> 
>   On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:
> 
> 
>     I suggested it, that is what prompted his response.  He refuses to
get Acrobat and expects ME to do everything about it!
>      
>     Phil
> 
> 
>
------------------------------------------------------------------------------
> 
> 
>   _______________________________________________
>   talk mailing list
>   talk at lists.nyphp.org
>   http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jlacey at ix.netcom.com  Fri Aug 22 15:14:16 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Fri, 22 Aug 2003 13:14:16 -0600
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <8109AA4C-D4D4-11D7-9199-0003930D07F2@email.smith.edu>
References: <8109AA4C-D4D4-11D7-9199-0003930D07F2@email.smith.edu>
Message-ID: <3F466B88.6060204@ix.netcom.com>


for what it's worth (can you say free? :)  OpenOffice.org 1.1 can export 
a pdf

John


Aaron Fischer wrote:

> WOW.
>
> F&%$ him.  He's not worth your time.
>
> I mean, what's the big difference in uploading ONE file vs. uploading 
> ONE file and ONE folder?  It can be done in the same session on the 
> same page.  Just have to brows on your computer for a file/folder 
> TWICE instead of ONCE?!
>
> He's really asking for the impossible as far as I can tell.  The only 
> thing that creates a file with embedded images so it is all in one is 
> Acrobat, as far as I know.  AND, if his users can work in Word, they 
> can certainly print, and if they can print, they can change the little 
> dialogue box from their printer to PDF distiller.
>
> -A
>
> On Friday, Aug 22, 2003, at 15:04 US/Eastern, Phil Powell wrote:
>
>> I suggested that too, Mauricio.  He refused to do so, it was "more 
>> work than
>> what I expect from an upload page".  He has, or rather HAD an upload 
>> page
>> (he deleted what I did now) that uploads the file, but he wanted it to
>> upload only a SINGLE file, complete with images intact if need be.
>>
>> Phil
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>





From rolan at datawhorehouse.com  Fri Aug 22 15:16:46 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Fri, 22 Aug 2003 15:16:46 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <021001c368da$83eecb50$67a76244@philofsoa>
References: <021001c368da$83eecb50$67a76244@philofsoa>
Message-ID: <3F466C1E.6010601@datawhorehouse.com>

You might want to look into a content management system.
Check out ewebeditpro by ektron. I believe
there is also a freeware alternative, but it might require
some hacking on your part to arrive at a polished solution.
That will allow him to add/update wysiwyg pages within the browser.
That includes uploading/using images.


~Rolan

Phil Powell wrote:

> Has anyone have anything like this happen to them? How have you 
> handled it, I'm out of ideas.
>  
> Thanks
> Phil
>  
> Phil,
>  
> Unfortunately, this means that you were really not able to provide 
> what I had asked for.  As was explained in my original bid request 
> "The key to this will be that I would like to be able to add the pages 
> in the password protected part of the site by either filling in a form 
> OR using FrontPage 2002."  Since I am not able to do this with adding 
> text and images in a way that people can read it, I am going to have 
> to find another alternative.  I will be deleting your files from the 
> web site and starting over and hopefully will still be able to have 
> this finished by Sunday
>  
> Lawrence
>  
>
> On Fri, 22 Aug 2003 12:34:55 -0400, Phil Powell wrote
>  
> > If you have Adobe Illustrator then you can export the Word documents
> > into a PDF, which is universally viewable by everyone (provided they
> > download Adobe Acrobat Reader, which is extremely easy to do and I
> > can even provide a link for them to do so).  That way even Mac and
> > Linux users, and those (like me) that have neither Word nor Word
> > Viewer can view the files, images and all.
> >
> > Otherwise, I'm sorry, but there are few other technical alternatives.
> > Images cannot be placed into a converted HTML file from a Word document
> > unless the path to the images points to an actual image, and that
> > does not happen if you are converting a local Word document into an
> > HTML file since the images are on the same local machine (i.e.,
> >  yours) as the doc itself. In order for the HTML files to be
> > accessible you would have to come up with a way to move all of the
> > images to a folder on the site and then change the paths on every
> > single <img src> tag in the HTML to point to those images in order
> > for them to render as existing.
> >
> > That is literally all I could come up with and this after asking
> > other techies I know too.
> >
> > Phil
> > ----- Original Message -----
> > Subject: Re: Site Update
> >
> > > Since not everyone has Microsoft Word on their computers I don't 
> want to
> > > leave them as a Word Document.
> > >
> > > My reason for having a second web site created for this project was to
> > > simplify things for me.  This was the whole reason for saying I 
> wanted to
> > be
> > > able to do this using a form or using FrontPage.  If I have to upload
> > images
> > > into a folder and start making adjustments to other folders, that 
> defeats
> > my
> > > whole purpose.
> > >
> > > If I can't get this done, this weekend, I am going to have to find
> another
> > > way to get this done
> > >
> > > Lawrence
> > >
> > > On Fri, 22 Aug 2003 12:20:49 -0400, Phil Powell wrote
> > > > Let me ask a few people; from what I understand it is looking for
> images
> > > > with paths that don't exist since you converted a .doc into .htm
> > > > (BTW you could leave it at .doc if you like it's viewable that way
> > > > too).  You might have to upload the images into the /images folder,
> > > >  name them properly, and then adjust your .doc file to point to the
> > > > images in the /images folder in the meantime.
> > > >
> > > > Phil
> > > > ----- Original Message -----
> > > > Subject: Re: Site Update
> > > >
> > > > > Phil,
> > > > >
> > > > > I tried uploading a couple of the pages to the
> > >
> > > > > page by creating them in Microsoft Word and then saving as 
> html and
> > > > > everything worked except that the diagrams don't show up (they 
> just
> > have
> > > > an
> > > > > x where the diagram should be as if the jpg couldn't load).  Any
> > > > suggestions?
> > > > >
> > > > > Lawrence
> > > > >
> > > > > On Thu, 21 Aug 2003 15:09:30 -0400, Phil Powell wrote
> > > > > > I've been monitoring the  site now off
> > > > > > and on for a few days and everything seems completely stable.
> > > > > > Wasn't sure if you have had a chance lately but I wanted you to
> know
> > > > > > that everything looks OK for now.
> > > > > >
> > > > > > Please do let me know if there is anything else you need.
> > > > > >
> > > > > > Phil
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > >
>
>------------------------------------------------------------------------
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>  
>



From soazine at erols.com  Fri Aug 22 15:19:10 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:19:10 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <021001c368da$83eecb50$67a76244@philofsoa>
	<3F466C1E.6010601@datawhorehouse.com>
Message-ID: <02f801c368e2$44255220$67a76244@philofsoa>

Considering he removed me from the project, deleted all the files and
everything else, I couldn't give a rat's arse what he does at this point,
but that's good to know for the future.

I just wanted to know if I were the only one on earth that gets clients from
Hell.

Phil
----- Original Message ----- 
From: "Rolan" <rolan at datawhorehouse.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:16 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> You might want to look into a content management system.
> Check out ewebeditpro by ektron. I believe
> there is also a freeware alternative, but it might require
> some hacking on your part to arrive at a polished solution.
> That will allow him to add/update wysiwyg pages within the browser.
> That includes uploading/using images.
>
>
> ~Rolan
>
> Phil Powell wrote:
>
> > Has anyone have anything like this happen to them? How have you
> > handled it, I'm out of ideas.
> >
> > Thanks
> > Phil
> >
> > Phil,
> >
> > Unfortunately, this means that you were really not able to provide
> > what I had asked for.  As was explained in my original bid request
> > "The key to this will be that I would like to be able to add the pages
> > in the password protected part of the site by either filling in a form
> > OR using FrontPage 2002."  Since I am not able to do this with adding
> > text and images in a way that people can read it, I am going to have
> > to find another alternative.  I will be deleting your files from the
> > web site and starting over and hopefully will still be able to have
> > this finished by Sunday
> >
> > Lawrence
> >
> >
> > On Fri, 22 Aug 2003 12:34:55 -0400, Phil Powell wrote
> >
> > > If you have Adobe Illustrator then you can export the Word documents
> > > into a PDF, which is universally viewable by everyone (provided they
> > > download Adobe Acrobat Reader, which is extremely easy to do and I
> > > can even provide a link for them to do so).  That way even Mac and
> > > Linux users, and those (like me) that have neither Word nor Word
> > > Viewer can view the files, images and all.
> > >
> > > Otherwise, I'm sorry, but there are few other technical alternatives.
> > > Images cannot be placed into a converted HTML file from a Word
document
> > > unless the path to the images points to an actual image, and that
> > > does not happen if you are converting a local Word document into an
> > > HTML file since the images are on the same local machine (i.e.,
> > >  yours) as the doc itself. In order for the HTML files to be
> > > accessible you would have to come up with a way to move all of the
> > > images to a folder on the site and then change the paths on every
> > > single <img src> tag in the HTML to point to those images in order
> > > for them to render as existing.
> > >
> > > That is literally all I could come up with and this after asking
> > > other techies I know too.
> > >
> > > Phil
> > > ----- Original Message -----
> > > Subject: Re: Site Update
> > >
> > > > Since not everyone has Microsoft Word on their computers I don't
> > want to
> > > > leave them as a Word Document.
> > > >
> > > > My reason for having a second web site created for this project was
to
> > > > simplify things for me.  This was the whole reason for saying I
> > wanted to
> > > be
> > > > able to do this using a form or using FrontPage.  If I have to
upload
> > > images
> > > > into a folder and start making adjustments to other folders, that
> > defeats
> > > my
> > > > whole purpose.
> > > >
> > > > If I can't get this done, this weekend, I am going to have to find
> > another
> > > > way to get this done
> > > >
> > > > Lawrence
> > > >
> > > > On Fri, 22 Aug 2003 12:20:49 -0400, Phil Powell wrote
> > > > > Let me ask a few people; from what I understand it is looking for
> > images
> > > > > with paths that don't exist since you converted a .doc into .htm
> > > > > (BTW you could leave it at .doc if you like it's viewable that way
> > > > > too).  You might have to upload the images into the /images
folder,
> > > > >  name them properly, and then adjust your .doc file to point to
the
> > > > > images in the /images folder in the meantime.
> > > > >
> > > > > Phil
> > > > > ----- Original Message -----
> > > > > Subject: Re: Site Update
> > > > >
> > > > > > Phil,
> > > > > >
> > > > > > I tried uploading a couple of the pages to the
> > > >
> > > > > > page by creating them in Microsoft Word and then saving as
> > html and
> > > > > > everything worked except that the diagrams don't show up (they
> > just
> > > have
> > > > > an
> > > > > > x where the diagram should be as if the jpg couldn't load).  Any
> > > > > suggestions?
> > > > > >
> > > > > > Lawrence
> > > > > >
> > > > > > On Thu, 21 Aug 2003 15:09:30 -0400, Phil Powell wrote
> > > > > > > I've been monitoring the  site now off
> > > > > > > and on for a few days and everything seems completely stable.
> > > > > > > Wasn't sure if you have had a chance lately but I wanted you
to
> > know
> > > > > > > that everything looks OK for now.
> > > > > > >
> > > > > > > Please do let me know if there is anything else you need.
> > > > > > >
> > > > > > > Phil
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >talk mailing list
> >talk at lists.nyphp.org
> >http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From bpang at bpang.com  Fri Aug 22 15:20:37 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 15:20:37 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qHSf-00006f-FH@rslrs1-server.com>

actually, i take that back

you could base64_encode() the image file data into a single php file,
with the call to the image then setting the headers and delivering
base64_decode()d image data

something like



fool.php
---

<?
if (!$_GET['imageID']) {
?>
blah blah blah
<img src="<?=$_SERVER['PHP_SELF']?>?imageID=1">
<?
}
else {
    switch($_GET) {
        case "1":
            header("Content-type: image/jpg");
            base64_decode("INSERT BASE 64 ENCODED IMAGE HERE");
            break;
    }
}
?>

right? Wouldn't this work? It's spastic and this is just a (more or
less) theoretical example that would need to be properly written.

Thoughts?





> I can't think of any way that it could possibly be a SINGLE upload.
> 
> Even, as was mentioned in the origial post, FrontPage was used. There
> would still be multiple files sent to the server.
> 
> 
> 
> > This is a multi-part message in MIME format.
> > 
> > 
> > See below!
> >   ----- Original Message ----- 
> >   From: Aaron Fischer 
> >   To: NYPHP Talk 
> >   Sent: Friday, August 22, 2003 2:57 PM
> >   Subject: Re: [nycphp-talk] PHP project from Hell Story
> > 
> > 
> >   1. You did, but you also said if he had Illustrator. Maybe he is
> thinking he needs to buy Illustrator as well?
> > 
> >   He has Illustrator and doesn't want to use that because he says it
> wants to "keep it simple" for his clients.
> > 
> >   2. Another option:
> >   He can output them directly to html from Word. Word creates the page
> and a folder to hold the images and an xml file. If he FTP's the page
> and the folder to a directory it will work. No renaming necessary. I
> just did it, took me under a minute.
> > 
> >   He doesn't want to FTP either.  I suggested that and he refuses
> stating that it's more work than he wants.  He wants it so that the HTML
> file, images and all, go at once to the same server, embedded as if they
> were the original .doc file.
> > 
> >   3. Of course, you could build him a form page that lets him type in
> some text and upload the image file and write the php which creates the
> html page upon submission...
> > 
> >   Nixed that too.  He wants a single upload.  He doesn't want to do
> any more work because it's "out of scope" with what he wants.
> > 
> >   -A
> > 
> >   On Friday, Aug 22, 2003, at 14:47 US/Eastern, Phil Powell wrote:
> > 
> > 
> >     I suggested it, that is what prompted his response.  He refuses to
> get Acrobat and expects ME to do everything about it!
> >      
> >     Phil
> > 
> > 
> >
>
------------------------------------------------------------------------------
> > 
> > 
> >   _______________________________________________
> >   talk mailing list
> >   talk at lists.nyphp.org
> >   http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > 
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From bpang at bpang.com  Fri Aug 22 15:21:30 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 15:21:30 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qHTW-0000IJ-IF@rslrs1-server.com>

I believe you are in very good company.

> I just wanted to know if I were the only one on earth that gets
clients from
> Hell.



From agfische at email.smith.edu  Fri Aug 22 15:21:43 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 22 Aug 2003 15:21:43 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <02f801c368e2$44255220$67a76244@philofsoa>
Message-ID: <DD4F73D6-D4D5-11D7-9199-0003930D07F2@email.smith.edu>

There's also Macromedia Contribute CMS which is $99 and I've heard good 
reviews although haven't had a chance to use yet.

I've got client from hell stories as well, but yours is a keeper!  Feel 
your pain...

-A

On Friday, Aug 22, 2003, at 15:19 US/Eastern, Phil Powell wrote:

> Considering he removed me from the project, deleted all the files and
> everything else, I couldn't give a rat's arse what he does at this 
> point,
> but that's good to know for the future.
>
> I just wanted to know if I were the only one on earth that gets 
> clients from
> Hell.
>
> Phil



From soazine at erols.com  Fri Aug 22 15:25:54 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:25:54 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <DD4F73D6-D4D5-11D7-9199-0003930D07F2@email.smith.edu>
Message-ID: <033201c368e3$346c6610$67a76244@philofsoa>

The simplest solution for him was to convert to PDF.  He already has
Illustrator and I'm sure PageMaker along with it, import the .doc, export as
.PDF, everyone (even those without Word, on Mac or Linux OS!) can view it.
You'd think the simplest solution would have swayed him; he went off!

Phil
----- Original Message ----- 
From: "Aaron Fischer" <agfische at email.smith.edu>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:21 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> There's also Macromedia Contribute CMS which is $99 and I've heard good
> reviews although haven't had a chance to use yet.
>
> I've got client from hell stories as well, but yours is a keeper!  Feel
> your pain...
>
> -A
>
> On Friday, Aug 22, 2003, at 15:19 US/Eastern, Phil Powell wrote:
>
> > Considering he removed me from the project, deleted all the files and
> > everything else, I couldn't give a rat's arse what he does at this
> > point,
> > but that's good to know for the future.
> >
> > I just wanted to know if I were the only one on earth that gets
> > clients from
> > Hell.
> >
> > Phil
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From mlevy at hypersol.com  Fri Aug 22 15:36:08 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 15:36:08 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <02f801c368e2$44255220$67a76244@philofsoa>
Message-ID: <BB6BE8E8.14A2D%mlevy@hypersol.com>

On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:

> Considering he removed me from the project, deleted all the files and
> everything else, I couldn't give a rat's arse what he does at this point,
> but that's good to know for the future.
> 
> I just wanted to know if I were the only one on earth that gets clients from
> Hell.
> 
> Phil

Wow... That's cold... I do believe you have a small courts case in your
hand, if the money he was paying is worth the trouble. Was there a contract?

Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From mlevy at hypersol.com  Fri Aug 22 15:38:09 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 15:38:09 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <033201c368e3$346c6610$67a76244@philofsoa>
Message-ID: <BB6BE961.14A2E%mlevy@hypersol.com>

On 8/22/2003 15:25, "Phil Powell" <soazine at erols.com> scribbled:

> The simplest solution for him was to convert to PDF.  He already has
> Illustrator and I'm sure PageMaker along with it, import the .doc, export as
> .PDF, everyone (even those without Word, on Mac or Linux OS!) can view it.
> You'd think the simplest solution would have swayed him; he went off!
> 
> Phil

Or you could tell him to buy a Mac. Any program on MacOS X can print preview
to PDF. Second thought, don't tell him to buy a Mac. Mac Users are usually
nice people ;-)

Cheers,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From soazine at erols.com  Fri Aug 22 15:37:50 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:37:50 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <BB6BE8E8.14A2D%mlevy@hypersol.com>
Message-ID: <035001c368e4$df2cc030$67a76244@philofsoa>

There was indeed a contract through rentacoder.com - but the hilarious part
of all of this is this:

1) He ALREADY paid me!
2) He already gave me a 10/10 excellent rating after closing the project
(and on rentacoder.com your rating upon a closed project CANNOT be changed!)
3) [no official comment on any backup copies of code]

Phil

----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:36 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
>
> > Considering he removed me from the project, deleted all the files and
> > everything else, I couldn't give a rat's arse what he does at this
point,
> > but that's good to know for the future.
> >
> > I just wanted to know if I were the only one on earth that gets clients
from
> > Hell.
> >
> > Phil
>
> Wow... That's cold... I do believe you have a small courts case in your
> hand, if the money he was paying is worth the trouble. Was there a
contract?
>
> Best regards,
> Mauricio
>
> --- 
>  Mauricio L. Sadicoff
>  mlevy at hypersol.com
>
>
> "Peace of mind isn't at all superficial, really," I expound. "It's the
whole
> thing. That which produces it is good maintenance; that which disturbs it
is
> poor maintenance. What we call workability of the machine is just an
> objectification of this peace of mind. The ultimate test is always your
own
> serenity." - Zen and the Art of Motorcycle Maintenance.
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From bpang at bpang.com  Fri Aug 22 15:40:34 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 15:40:34 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qHly-0002QE-JY@rslrs1-server.com>

Phil,

I'm sorry, but based on this new information, this no longer qualifies
as a "Project From Hell."

:)



> There was indeed a contract through rentacoder.com - but the hilarious
part
> of all of this is this:
> 
> 1) He ALREADY paid me!
> 2) He already gave me a 10/10 excellent rating after closing the project
> (and on rentacoder.com your rating upon a closed project CANNOT be
changed!)
> 3) [no official comment on any backup copies of code]
> 
> Phil
> 
> ----- Original Message ----- 
> From: "Mauricio Sadicoff" <mlevy at hypersol.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Friday, August 22, 2003 3:36 PM
> Subject: Re: [nycphp-talk] PHP project from Hell Story
> 
> 
> > On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
> >
> > > Considering he removed me from the project, deleted all the files and
> > > everything else, I couldn't give a rat's arse what he does at this
> point,
> > > but that's good to know for the future.
> > >
> > > I just wanted to know if I were the only one on earth that gets
clients
> from
> > > Hell.
> > >
> > > Phil
> >
> > Wow... That's cold... I do believe you have a small courts case in your
> > hand, if the money he was paying is worth the trouble. Was there a
> contract?
> >
> > Best regards,
> > Mauricio
> >
> > --- 
> >  Mauricio L. Sadicoff
> >  mlevy at hypersol.com
> >
> >
> > "Peace of mind isn't at all superficial, really," I expound. "It's the
> whole
> > thing. That which produces it is good maintenance; that which
disturbs it
> is
> > poor maintenance. What we call workability of the machine is just an
> > objectification of this peace of mind. The ultimate test is always your
> own
> > serenity." - Zen and the Art of Motorcycle Maintenance.
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From soazine at erols.com  Fri Aug 22 15:44:58 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:44:58 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <E19qHly-0002QE-JY@rslrs1-server.com>
Message-ID: <035f01c368e5$ded11630$67a76244@philofsoa>

Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.

The part that really galled me was the incredible architecture I laid out
for his user registration process making it fully automated; he chucked that
last week because he wanted it "simple": people submit an email and he
enters them himself.

I was tempted to respond with "So why do you need a CMA? Use the service
provider's bloody administrative site and put them into mySQL yourself!"
but I needed that $68.00

Phil
----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:40 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> Phil,
>
> I'm sorry, but based on this new information, this no longer qualifies
> as a "Project From Hell."
>
> :)
>
>
>
> > There was indeed a contract through rentacoder.com - but the hilarious
> part
> > of all of this is this:
> >
> > 1) He ALREADY paid me!
> > 2) He already gave me a 10/10 excellent rating after closing the project
> > (and on rentacoder.com your rating upon a closed project CANNOT be
> changed!)
> > 3) [no official comment on any backup copies of code]
> >
> > Phil
> >
> > ----- Original Message ----- 
> > From: "Mauricio Sadicoff" <mlevy at hypersol.com>
> > To: "NYPHP Talk" <talk at lists.nyphp.org>
> > Sent: Friday, August 22, 2003 3:36 PM
> > Subject: Re: [nycphp-talk] PHP project from Hell Story
> >
> >
> > > On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
> > >
> > > > Considering he removed me from the project, deleted all the files
and
> > > > everything else, I couldn't give a rat's arse what he does at this
> > point,
> > > > but that's good to know for the future.
> > > >
> > > > I just wanted to know if I were the only one on earth that gets
> clients
> > from
> > > > Hell.
> > > >
> > > > Phil
> > >
> > > Wow... That's cold... I do believe you have a small courts case in
your
> > > hand, if the money he was paying is worth the trouble. Was there a
> > contract?
> > >
> > > Best regards,
> > > Mauricio
> > >
> > > --- 
> > >  Mauricio L. Sadicoff
> > >  mlevy at hypersol.com
> > >
> > >
> > > "Peace of mind isn't at all superficial, really," I expound. "It's the
> > whole
> > > thing. That which produces it is good maintenance; that which
> disturbs it
> > is
> > > poor maintenance. What we call workability of the machine is just an
> > > objectification of this peace of mind. The ultimate test is always
your
> > own
> > > serenity." - Zen and the Art of Motorcycle Maintenance.
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From jlacey at ix.netcom.com  Fri Aug 22 15:48:17 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Fri, 22 Aug 2003 13:48:17 -0600
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <035f01c368e5$ded11630$67a76244@philofsoa>
References: <E19qHly-0002QE-JY@rslrs1-server.com>
	<035f01c368e5$ded11630$67a76244@philofsoa>
Message-ID: <3F467381.3090504@ix.netcom.com>


um, didn't you just spend $68.50 in time for all these emails?  

:)


Phil Powell wrote:

>Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.
>
>The part that really galled me was the incredible architecture I laid out
>for his user registration process making it fully automated; he chucked that
>last week because he wanted it "simple": people submit an email and he
>enters them himself.
>
>I was tempted to respond with "So why do you need a CMA? Use the service
>provider's bloody administrative site and put them into mySQL yourself!"
>but I needed that $68.00
>
>Phil
>----- Original Message ----- 
>From: "Brian Pang" <bpang at bpang.com>
>To: "NYPHP Talk" <talk at lists.nyphp.org>
>Sent: Friday, August 22, 2003 3:40 PM
>Subject: Re: [nycphp-talk] PHP project from Hell Story
>
>
>  
>
>>Phil,
>>
>>I'm sorry, but based on this new information, this no longer qualifies
>>as a "Project From Hell."
>>
>>:)
>>
>>
>>
>>    
>>
>>>There was indeed a contract through rentacoder.com - but the hilarious
>>>      
>>>
>>part
>>    
>>
>>>of all of this is this:
>>>
>>>1) He ALREADY paid me!
>>>2) He already gave me a 10/10 excellent rating after closing the project
>>>(and on rentacoder.com your rating upon a closed project CANNOT be
>>>      
>>>
>>changed!)
>>    
>>
>>>3) [no official comment on any backup copies of code]
>>>
>>>Phil
>>>
>>>----- Original Message ----- 
>>>From: "Mauricio Sadicoff" <mlevy at hypersol.com>
>>>To: "NYPHP Talk" <talk at lists.nyphp.org>
>>>Sent: Friday, August 22, 2003 3:36 PM
>>>Subject: Re: [nycphp-talk] PHP project from Hell Story
>>>
>>>
>>>      
>>>
>>>>On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
>>>>
>>>>        
>>>>
>>>>>Considering he removed me from the project, deleted all the files
>>>>>          
>>>>>
>and
>  
>
>>>>>everything else, I couldn't give a rat's arse what he does at this
>>>>>          
>>>>>
>>>point,
>>>      
>>>
>>>>>but that's good to know for the future.
>>>>>
>>>>>I just wanted to know if I were the only one on earth that gets
>>>>>          
>>>>>
>>clients
>>    
>>
>>>from
>>>      
>>>
>>>>>Hell.
>>>>>
>>>>>Phil
>>>>>          
>>>>>
>>>>Wow... That's cold... I do believe you have a small courts case in
>>>>        
>>>>
>your
>  
>
>>>>hand, if the money he was paying is worth the trouble. Was there a
>>>>        
>>>>
>>>contract?
>>>      
>>>
>>>>Best regards,
>>>>Mauricio
>>>>
>>>>--- 
>>>> Mauricio L. Sadicoff
>>>> mlevy at hypersol.com
>>>>
>>>>
>>>>"Peace of mind isn't at all superficial, really," I expound. "It's the
>>>>        
>>>>
>>>whole
>>>      
>>>
>>>>thing. That which produces it is good maintenance; that which
>>>>        
>>>>
>>disturbs it
>>    
>>
>>>is
>>>      
>>>
>>>>poor maintenance. What we call workability of the machine is just an
>>>>objectification of this peace of mind. The ultimate test is always
>>>>        
>>>>
>your
>  
>
>>>own
>>>      
>>>
>>>>serenity." - Zen and the Art of Motorcycle Maintenance.
>>>>
>>>>_______________________________________________
>>>>talk mailing list
>>>>talk at lists.nyphp.org
>>>>http://lists.nyphp.org/mailman/listinfo/talk
>>>>        
>>>>
>>>_______________________________________________
>>>talk mailing list
>>>talk at lists.nyphp.org
>>>http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>
>>>      
>>>
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>    
>>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/5ee53204/attachment.html>

From bpang at bpang.com  Fri Aug 22 15:51:02 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 15:51:02 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qHw6-0003QO-Tc@rslrs1-server.com>

Phil,

Based on this new information, your story has been re-instated with
"Project From Hell" status.

$68? I understand that you need it, but what sort of slave driver does
your (former) client think he is?

If you have a chance, for educational purposes, at least, try working
out that suggested solution I posted and let us know if you can get it
to work. Just in case Lawrence calls up any of us instead, then we can
tell him that it CAN be done. :)



> Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.
> 
> The part that really galled me was the incredible architecture I laid out
> for his user registration process making it fully automated; he
chucked that
> last week because he wanted it "simple": people submit an email and he
> enters them himself.
> 
> I was tempted to respond with "So why do you need a CMA? Use the service
> provider's bloody administrative site and put them into mySQL yourself!"
> but I needed that $68.00
> 
> Phil




From soazine at erols.com  Fri Aug 22 15:56:37 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 15:56:37 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <E19qHly-0002QE-JY@rslrs1-server.com><035f01c368e5$ded11630$67a76244@philofsoa>
	<3F467381.3090504@ix.netcom.com>
Message-ID: <038501c368e7$7f689400$67a76244@philofsoa>

oh yeah the phone bill, thanx for reminding me :(  

Phil
  ----- Original Message ----- 
  From: John Lacey 
  To: NYPHP Talk 
  Sent: Friday, August 22, 2003 3:48 PM
  Subject: Re: [nycphp-talk] PHP project from Hell Story



  um, didn't you just spend $68.50 in time for all these emails?   

  :)


  Phil Powell wrote:

Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.

The part that really galled me was the incredible architecture I laid out
for his user registration process making it fully automated; he chucked that
last week because he wanted it "simple": people submit an email and he
enters them himself.

I was tempted to respond with "So why do you need a CMA? Use the service
provider's bloody administrative site and put them into mySQL yourself!"
but I needed that $68.00

Phil
----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:40 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


  Phil,

I'm sorry, but based on this new information, this no longer qualifies
as a "Project From Hell."

:)



    There was indeed a contract through rentacoder.com - but the hilarious
      part
    of all of this is this:

1) He ALREADY paid me!
2) He already gave me a 10/10 excellent rating after closing the project
(and on rentacoder.com your rating upon a closed project CANNOT be
      changed!)
    3) [no official comment on any backup copies of code]

Phil

----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 3:36 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


      On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:

        Considering he removed me from the project, deleted all the files
          and
  everything else, I couldn't give a rat's arse what he does at this
          point,
      but that's good to know for the future.

I just wanted to know if I were the only one on earth that gets
          clients
    from
      Hell.

Phil
          Wow... That's cold... I do believe you have a small courts case in
        your
  hand, if the money he was paying is worth the trouble. Was there a
        contract?
      Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the
        whole
      thing. That which produces it is good maintenance; that which
        disturbs it
    is
      poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always
        your
  own
      serenity." - Zen and the Art of Motorcycle Maintenance.

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
        _______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


      
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
    
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk

  



------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030822/a5739403/attachment.html>

From mlevy at hypersol.com  Fri Aug 22 16:10:12 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 16:10:12 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <E19qHw6-0003QO-Tc@rslrs1-server.com>
Message-ID: <BB6BF0E4.14A3D%mlevy@hypersol.com>

On 8/22/2003 15:51, "Brian Pang" <bpang at bpang.com> scribbled:

> Based on this new information, your story has been re-instated with
> "Project From Hell" status.
> 
> $68? I understand that you need it, but what sort of slave driver does
> your (former) client think he is?
> 
> If you have a chance, for educational purposes, at least, try working
> out that suggested solution I posted and let us know if you can get it
> to work. Just in case Lawrence calls up any of us instead, then we can
> tell him that it CAN be done. :)
> 
>> Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.

Wouldn't that be funny? Laurence calls one of us to do that. We tell him it
will cost him $134, "hey, you get what you pay for, right? (nudge, nudge)".
Then pass the project and the money to Phil. :-)

If he comes my way, that's what will happen, I guarantee it.

Cheers,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From joshmccormack at travelersdiary.com  Fri Aug 22 16:11:06 2003
From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com)
Date: Fri, 22 Aug 2003 15:11:06 -0500 (CDT)
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <035f01c368e5$ded11630$67a76244@philofsoa>
Message-ID: <Pine.LNX.4.44.0308221510010.21866-100000@westhost39.westhost.net>

whoa... hold on... you were doing this - with a laid out architecture and registration system and what not, for $68? 

Josh

On Fri, 22 Aug 2003, Phil Powell wrote:

> Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.
> 
> The part that really galled me was the incredible architecture I laid out
> for his user registration process making it fully automated; he chucked that
> last week because he wanted it "simple": people submit an email and he
> enters them himself.
> 
> I was tempted to respond with "So why do you need a CMA? Use the service
> provider's bloody administrative site and put them into mySQL yourself!"
> but I needed that $68.00
> 
> Phil
> ----- Original Message ----- 
> From: "Brian Pang" <bpang at bpang.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Friday, August 22, 2003 3:40 PM
> Subject: Re: [nycphp-talk] PHP project from Hell Story
> 
> 
> > Phil,
> >
> > I'm sorry, but based on this new information, this no longer qualifies
> > as a "Project From Hell."
> >
> > :)
> >
> >
> >
> > > There was indeed a contract through rentacoder.com - but the hilarious
> > part
> > > of all of this is this:
> > >
> > > 1) He ALREADY paid me!
> > > 2) He already gave me a 10/10 excellent rating after closing the project
> > > (and on rentacoder.com your rating upon a closed project CANNOT be
> > changed!)
> > > 3) [no official comment on any backup copies of code]
> > >
> > > Phil
> > >
> > > ----- Original Message ----- 
> > > From: "Mauricio Sadicoff" <mlevy at hypersol.com>
> > > To: "NYPHP Talk" <talk at lists.nyphp.org>
> > > Sent: Friday, August 22, 2003 3:36 PM
> > > Subject: Re: [nycphp-talk] PHP project from Hell Story
> > >
> > >
> > > > On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
> > > >
> > > > > Considering he removed me from the project, deleted all the files
> and
> > > > > everything else, I couldn't give a rat's arse what he does at this
> > > point,
> > > > > but that's good to know for the future.
> > > > >
> > > > > I just wanted to know if I were the only one on earth that gets
> > clients
> > > from
> > > > > Hell.
> > > > >
> > > > > Phil
> > > >
> > > > Wow... That's cold... I do believe you have a small courts case in
> your
> > > > hand, if the money he was paying is worth the trouble. Was there a
> > > contract?
> > > >
> > > > Best regards,
> > > > Mauricio
> > > >
> > > > --- 
> > > >  Mauricio L. Sadicoff
> > > >  mlevy at hypersol.com
> > > >
> > > >
> > > > "Peace of mind isn't at all superficial, really," I expound. "It's the
> > > whole
> > > > thing. That which produces it is good maintenance; that which
> > disturbs it
> > > is
> > > > poor maintenance. What we call workability of the machine is just an
> > > > objectification of this peace of mind. The ultimate test is always
> your
> > > own
> > > > serenity." - Zen and the Art of Motorcycle Maintenance.
> > > >
> > > > _______________________________________________
> > > > talk mailing list
> > > > talk at lists.nyphp.org
> > > > http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > >
> >
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From soazine at erols.com  Fri Aug 22 16:26:33 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 16:26:33 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <Pine.LNX.4.44.0308221510010.21866-100000@westhost39.westhost.net>
Message-ID: <03b001c368eb$ad91c280$67a76244@philofsoa>

I come as an apparent bargain.  I am waiting for him to come crawling back
after realizing that his alternatives will cost him in the hundreds of
dollars (provided he gets either an out-of-the-box CMS package, PageMaker or
someone to code the multi-file upload against his wishes) and then I can
say, "Oh, no problem, but pro-rated costs for such an architecture will now
cost you $800!"

Phil

----- Original Message ----- 
From: <joshmccormack at travelersdiary.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 4:11 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> whoa... hold on... you were doing this - with a laid out architecture and
registration system and what not, for $68?
>
> Josh
>
> On Fri, 22 Aug 2003, Phil Powell wrote:
>
> > Oh CRAP I failed.. but hey, it was only $68.00 I got paid for this.
> >
> > The part that really galled me was the incredible architecture I laid
out
> > for his user registration process making it fully automated; he chucked
that
> > last week because he wanted it "simple": people submit an email and he
> > enters them himself.
> >
> > I was tempted to respond with "So why do you need a CMA? Use the service
> > provider's bloody administrative site and put them into mySQL yourself!"
> > but I needed that $68.00
> >
> > Phil
> > ----- Original Message ----- 
> > From: "Brian Pang" <bpang at bpang.com>
> > To: "NYPHP Talk" <talk at lists.nyphp.org>
> > Sent: Friday, August 22, 2003 3:40 PM
> > Subject: Re: [nycphp-talk] PHP project from Hell Story
> >
> >
> > > Phil,
> > >
> > > I'm sorry, but based on this new information, this no longer qualifies
> > > as a "Project From Hell."
> > >
> > > :)
> > >
> > >
> > >
> > > > There was indeed a contract through rentacoder.com - but the
hilarious
> > > part
> > > > of all of this is this:
> > > >
> > > > 1) He ALREADY paid me!
> > > > 2) He already gave me a 10/10 excellent rating after closing the
project
> > > > (and on rentacoder.com your rating upon a closed project CANNOT be
> > > changed!)
> > > > 3) [no official comment on any backup copies of code]
> > > >
> > > > Phil
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Mauricio Sadicoff" <mlevy at hypersol.com>
> > > > To: "NYPHP Talk" <talk at lists.nyphp.org>
> > > > Sent: Friday, August 22, 2003 3:36 PM
> > > > Subject: Re: [nycphp-talk] PHP project from Hell Story
> > > >
> > > >
> > > > > On 8/22/2003 15:19, "Phil Powell" <soazine at erols.com> scribbled:
> > > > >
> > > > > > Considering he removed me from the project, deleted all the
files
> > and
> > > > > > everything else, I couldn't give a rat's arse what he does at
this
> > > > point,
> > > > > > but that's good to know for the future.
> > > > > >
> > > > > > I just wanted to know if I were the only one on earth that gets
> > > clients
> > > > from
> > > > > > Hell.
> > > > > >
> > > > > > Phil
> > > > >
> > > > > Wow... That's cold... I do believe you have a small courts case in
> > your
> > > > > hand, if the money he was paying is worth the trouble. Was there a
> > > > contract?
> > > > >
> > > > > Best regards,
> > > > > Mauricio
> > > > >
> > > > > --- 
> > > > >  Mauricio L. Sadicoff
> > > > >  mlevy at hypersol.com
> > > > >
> > > > >
> > > > > "Peace of mind isn't at all superficial, really," I expound. "It's
the
> > > > whole
> > > > > thing. That which produces it is good maintenance; that which
> > > disturbs it
> > > > is
> > > > > poor maintenance. What we call workability of the machine is just
an
> > > > > objectification of this peace of mind. The ultimate test is always
> > your
> > > > own
> > > > > serenity." - Zen and the Art of Motorcycle Maintenance.
> > > > >
> > > > > _______________________________________________
> > > > > talk mailing list
> > > > > talk at lists.nyphp.org
> > > > > http://lists.nyphp.org/mailman/listinfo/talk
> > > >
> > > > _______________________________________________
> > > > talk mailing list
> > > > talk at lists.nyphp.org
> > > > http://lists.nyphp.org/mailman/listinfo/talk
> > > >
> > > >
> > >
> > >
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From shiflett at php.net  Fri Aug 22 16:28:04 2003
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 22 Aug 2003 13:28:04 -0700 (PDT)
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <BB6BF0E4.14A3D%mlevy@hypersol.com>
Message-ID: <20030822202804.107.qmail@web14310.mail.yahoo.com>

> Wouldn't that be funny? Laurence calls one of us to do that. We
> tell him it will cost him $134, "hey, you get what you pay for,
> right? (nudge, nudge)". Then pass the project and the money to Phil.

I think you need at least another 0 there ($1340), else it is Phil you are
hurting, not this Laurence guy.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From bill at ilovett.com  Fri Aug 22 16:36:28 2003
From: bill at ilovett.com (Bill Lovett)
Date: Fri, 22 Aug 2003 16:36:28 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <E19qHKq-00004z-E6@rslrs1-server.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>
Message-ID: <20030822203628.GA11122@unicron.ilovett.com>

I'm not saying I've ever done this , and I'm not saying it would
even be worth it given the overall situation, but just for the sake of
the idea...

A single upload of a word document would be possible if you could
manipulate it once you got it to the server. If it were a Windows
server, you'd be able to programmatically perform the save-as-html
operation by driving Word via vbscript. I'm not sure where the images folder would go. On
Linux, meanwhile, maybe you could script OpenOffice to achieve the same
result. Or possibly some other utility.

It's possible, theoretically, but also a lot of work.

-Bill


On Fri, Aug 22, 2003 at 03:12:32PM -0400, Brian Pang wrote:
> I can't think of any way that it could possibly be a SINGLE upload.
> 
> Even, as was mentioned in the origial post, FrontPage was used. There
> would still be multiple files sent to the server.
> 


From mlevy at hypersol.com  Fri Aug 22 16:42:44 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 16:42:44 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <20030822202804.107.qmail@web14310.mail.yahoo.com>
Message-ID: <BB6BF884.14A4A%mlevy@hypersol.com>

On 8/22/2003 16:28, "Chris Shiflett" <shiflett at php.net> scribbled:

>> Wouldn't that be funny? Laurence calls one of us to do that. We
>> tell him it will cost him $134, "hey, you get what you pay for,
>> right? (nudge, nudge)". Then pass the project and the money to Phil.
> 
> I think you need at least another 0 there ($1340), else it is Phil you are
> hurting, not this Laurence guy.

I figured I'd double the original price but you are right. Phil, what were
you thinking?

Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From soazine at erols.com  Fri Aug 22 16:47:56 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 16:47:56 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <BB6BF884.14A4A%mlevy@hypersol.com>
Message-ID: <03dd01c368ee$aa376c90$67a76244@philofsoa>

Well at rentacoder they usually have fixed bid ceilings you have to adhere
to, so were I to suggest a fairer price than $80 (- rentacoder fees comes to
$68.00) it would not be acceptable by rentacoder themselves.

Then again, I am being considered for two PHP projects, one for $1000 and
the other for $3000! :) :)  And I have a 10/10 rating, thanx to our pal
Laurence.

Phil
----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "shiflett at php.net, NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 4:42 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> On 8/22/2003 16:28, "Chris Shiflett" <shiflett at php.net> scribbled:
>
> >> Wouldn't that be funny? Laurence calls one of us to do that. We
> >> tell him it will cost him $134, "hey, you get what you pay for,
> >> right? (nudge, nudge)". Then pass the project and the money to Phil.
> >
> > I think you need at least another 0 there ($1340), else it is Phil you
are
> > hurting, not this Laurence guy.
>
> I figured I'd double the original price but you are right. Phil, what were
> you thinking?
>
> Best regards,
> Mauricio
>
> --- 
>  Mauricio L. Sadicoff
>  mlevy at hypersol.com
>
>
> "Peace of mind isn't at all superficial, really," I expound. "It's the
whole
> thing. That which produces it is good maintenance; that which disturbs it
is
> poor maintenance. What we call workability of the machine is just an
> objectification of this peace of mind. The ultimate test is always your
own
> serenity." - Zen and the Art of Motorcycle Maintenance.
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From mlevy at hypersol.com  Fri Aug 22 17:03:18 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Fri, 22 Aug 2003 17:03:18 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <03dd01c368ee$aa376c90$67a76244@philofsoa>
Message-ID: <BB6BFD56.14A54%mlevy@hypersol.com>

On 8/22/2003 16:47, "Phil Powell" <soazine at erols.com> scribbled:

> Well at rentacoder they usually have fixed bid ceilings you have to adhere
> to, so were I to suggest a fairer price than $80 (- rentacoder fees comes to
> $68.00) it would not be acceptable by rentacoder themselves.
> 
> Then again, I am being considered for two PHP projects, one for $1000 and
> the other for $3000! :) :)  And I have a 10/10 rating, thanx to our pal
> Laurence.

LOL... Good, then. Good luck!

Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From bpang at bpang.com  Fri Aug 22 17:16:30 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 17:16:30 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qJGo-0002b9-Fr@rslrs1-server.com>

Because I have too much actual work to do, I decided to put my theory to
the test and write it up myself.

I actually think I was pretty much spot on from the beginning. Damn, I'm
good.

http://www.bpang.com/fool.php
http://www.bpang.com/fool.phps


Of course, it would still be a trick to get the base64_encode()d image
data into the single file in the first place... but that's another issue.

Phil, you owe me $34.25


snip
> If you have a chance, for educational purposes, at least, try working
> out that suggested solution I posted and let us know if you can get it
> to work. Just in case Lawrence calls up any of us instead, then we can
> tell him that it CAN be done. :)
/snip 


From soazine at erols.com  Fri Aug 22 18:33:48 2003
From: soazine at erols.com (Phil Powell)
Date: Fri, 22 Aug 2003 18:33:48 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <E19qJGo-0002b9-Fr@rslrs1-server.com>
Message-ID: <043b01c368fd$74fae480$67a76244@philofsoa>

I'm sorry but w/o a mutual contractual agreement to services rendered I
cannot agree to that.  I'll treat you to water at Rocco's instead. [evil
grin]

Phil

----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 5:16 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> Because I have too much actual work to do, I decided to put my theory to
> the test and write it up myself.
>
> I actually think I was pretty much spot on from the beginning. Damn, I'm
> good.
>
> http://www.bpang.com/fool.php
> http://www.bpang.com/fool.phps
>
>
> Of course, it would still be a trick to get the base64_encode()d image
> data into the single file in the first place... but that's another issue.
>
> Phil, you owe me $34.25
>
>
> snip
> > If you have a chance, for educational purposes, at least, try working
> > out that suggested solution I posted and let us know if you can get it
> > to work. Just in case Lawrence calls up any of us instead, then we can
> > tell him that it CAN be done. :)
> /snip
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From rolan at datawhorehouse.com  Fri Aug 22 18:56:47 2003
From: rolan at datawhorehouse.com (Rolan)
Date: Fri, 22 Aug 2003 18:56:47 -0400
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <E19qJGo-0002b9-Fr@rslrs1-server.com>
References: <E19qJGo-0002b9-Fr@rslrs1-server.com>
Message-ID: <3F469FAF.7040907@datawhorehouse.com>

hah. that is pretty funny.

Actually, you could probably use a procmail script to
forward an html email (chock full 'o images) to the
php script. So, the author of the pages could simply
use outlook or some other html-enabled mail client
to compose the pages, send them to some obscure adderss like
987awef9239823r9238r9823q at bladomain.com and
then the php script would split/decode the payload and
place things wherever they are supposed to go.

Phil, I want a water too.

~Rolan




Brian Pang wrote:

>Because I have too much actual work to do, I decided to put my theory to
>the test and write it up myself.
>
>I actually think I was pretty much spot on from the beginning. Damn, I'm
>good.
>
>http://www.bpang.com/fool.php
>http://www.bpang.com/fool.phps
>
>
>Of course, it would still be a trick to get the base64_encode()d image
>data into the single file in the first place... but that's another issue.
>
>Phil, you owe me $34.25
>
>
>snip
>  
>
>>If you have a chance, for educational purposes, at least, try working
>>out that suggested solution I posted and let us know if you can get it
>>to work. Just in case Lawrence calls up any of us instead, then we can
>>tell him that it CAN be done. :)
>>    
>>
>/snip 
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>



From bpang at bpang.com  Fri Aug 22 19:05:16 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 22 Aug 2003 19:05:16 -0400
Subject: [nycphp-talk] PHP project from Hell Story
Message-ID: <E19qKy4-0003Jb-KN@rslrs1-server.com>

This might work.. somehow. I did get the idea for embedding the base64
image data in the page from the way that emails work.

I don't use outlook, but would there be a way to get Outlook to convert
a word doc for you? Or could word do it itself?



> hah. that is pretty funny.
> 
> Actually, you could probably use a procmail script to
> forward an html email (chock full 'o images) to the
> php script. So, the author of the pages could simply
> use outlook or some other html-enabled mail client
> to compose the pages, send them to some obscure adderss like
> 987awef9239823r9238r9823q at bladomain.com and
> then the php script would split/decode the payload and
> place things wherever they are supposed to go.
> 
> Phil, I want a water too.
> 
> ~Rolan
> 
> 
> 
> 
> Brian Pang wrote:
> 
> >Because I have too much actual work to do, I decided to put my theory to
> >the test and write it up myself.
> >
> >I actually think I was pretty much spot on from the beginning. Damn, I'm
> >good.
> >
> >http://www.bpang.com/fool.php
> >http://www.bpang.com/fool.phps
> >
> >
> >Of course, it would still be a trick to get the base64_encode()d image
> >data into the single file in the first place... but that's another issue.
> >
> >Phil, you owe me $34.25
> >
> >
> >snip
> >  
> >
> >>If you have a chance, for educational purposes, at least, try working
> >>out that suggested solution I posted and let us know if you can get it
> >>to work. Just in case Lawrence calls up any of us instead, then we can
> >>tell him that it CAN be done. :)
> >>    
> >>
> >/snip 
> >_______________________________________________
> >talk mailing list
> >talk at lists.nyphp.org
> >http://lists.nyphp.org/mailman/listinfo/talk
> >
> >  
> >
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jsiegel1 at optonline.net  Sat Aug 23 21:09:44 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Sat, 23 Aug 2003 21:09:44 -0400
Subject: [nycphp-talk] Database code solutions
In-Reply-To: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3586A6354@network.PLMresearch.com>
Message-ID: <018801c369dc$6884a170$6401a8c0@EZDSDELL>

I made the same exact switch, i.e., to the Zend IDE.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Mark Withington
Sent: Friday, August 22, 2003 7:10 AM
To: 'NYPHP Talk'
Subject: RE: RE: [nycphp-talk] Database code solutions


Very true!  It doesn't like some php stuff and will conveniently throw
in
extra characters to suit its needs - resulting in a needle/haystack when
the
compiler pukes.  I've found the Zend IDE much better (although it lacks
the
DW HTML tools).

--------------------------
Mark L. Withington
PLMresearch
"eBusiness for the Midsize Enterprise"
PO Box 1354
Plymouth, MA  02362
o: 800-310-3992
f: 508-746-4973
v: 508-746-2383
m: 508-801-0181
http://www.PLMresearch.com
Netscape/AOL/MSN IM: PLMresearch
mwithington at plmresearch.com
Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc
Calendar: http://www.plmresearch.com/calendar.php



-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On
Behalf Of jsiegel1 at optonline.net
Sent: Friday, August 22, 2003 7:22 AM
To: NYPHP Talk
Subject: Re: RE: [nycphp-talk] Database code solutions


Be careful about relying too much on the code generated by DreamWeaver.
It's
gotten me in to TONS of trouble! I've rewritten the vast majority of the
code it generates. 

Jeff

----- Original Message -----
From: "Fee, Patrick J" <patrick.fee at baesystems.com>
Date: Friday, August 15, 2003 10:21 am
Subject: RE: [nycphp-talk] Database code solutions

> You're right Matthew.  Dreamweaver does have the ability to build SQL 
> queries in a GUI-type environment (and also to view the pages in 
> WYSIWYGfashion with true data in the dynamic page).  I've fiddled 
> around with that part of the application while building some php 
> pages.
> 
> IMHO, Dreamweaver does still favor ASP and CFM pages (that's where
> theystarted from).  However the PHP support has increased 
> dramatically in the
> last couple of releases.
> 
> And you can always stay with "code only" views if you're more of a
> purist.But the WYSIWYG option HAS allowed me to bring more graphic-
> centric staff
> into the dynamic-coding environment by building queries or content
> graphically and then review the code with them.  Of course this 
> sometimesbecomes more of a "don't code this way" exercise... but 
> helpfulnone-the-less.
> 
> Just my Friday morning 2 cents worth....
> 
> Below the "Blackout Line" in DC,
> 
> Patrick
> 
> Patrick J. Fee
> Web & Database Group Manager
> BAE SYSTEMS
> 600 Maryland Ave. SW  Suite 700
> Washington D.C. 20024
> Patrick.Fee at BAESYSTEMS.com
> Tel: (202) 548-3759
> Fax: (202) 608-5970
> 
> 
> -----Original Message-----
> From: Matthew Zimmerman [mz34 at nyu.edu]
> Sent: Thursday, August 14, 2003 4:02 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] Database code solutions
> 
> If I am not mistaken, Dreamweaver might have this functionality. I
> know 
> it is a pretty heavy commercial product and not sure if they have 
> a 
> Linux version, but I remember one of our students using it as a 
> GUI to 
> build SQL Queries.
> 
> 
> On Wednesday, August 13, 2003, at 01:18  PM, Ophir Prusak wrote:
> 
> > I checked our your class and the ezsql class as well.
> > These are great classes and definitely big helpers but I already
> have
> > code
> > that takes care of much of this "low level plumbing".
> >
> > phplens gives you a web based interface that actually creates
> the php
> > necessary for the forms themselves.
> > It looks like I'll need to play around with it myself and I'll
> post a
> > mini-review.
> >
> > Ophir
> >
> >> Ophir wrote two messages back...
> >>>
> >>> and not spend so much time creating the "plumbing" for basic
> database>>> operations such as create a new row, edit a row, read
> a row or
> >>> delete a
> > row.
> >>
> >> These operations are handled by simple queries.  There's no way
> around>> programming that... until artificial intelligence, I guess.
> >>
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
> MZ
> _________________
> Matthew Zimmerman
> Humanities Computing Group, NYU
> Tel: 212.998.3038
> Fax: 212.995.4120
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From soazine at erols.com  Sun Aug 24 13:13:02 2003
From: soazine at erols.com (Phil Powell)
Date: Sun, 24 Aug 2003 13:13:02 -0400
Subject: [nycphp-talk] PHP project from Hell Story
References: <E19qKy4-0003Jb-KN@rslrs1-server.com>
Message-ID: <02a801c36a62$f9beb4b0$67a76244@philofsoa>

Well, the former client "solved" his problem.  He put .htaccess and
.htpasswd onto the root directory and so everyone has to send him $ and he
sends them username and password to enter.  He completely bypassed the
web-based CMA solution and everything else in favor of something that
low-level.

Looks like he THINKS he got the last laugh on me.

Phil
----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, August 22, 2003 7:05 PM
Subject: Re: [nycphp-talk] PHP project from Hell Story


> This might work.. somehow. I did get the idea for embedding the base64
> image data in the page from the way that emails work.
>
> I don't use outlook, but would there be a way to get Outlook to convert
> a word doc for you? Or could word do it itself?
>
>
>
> > hah. that is pretty funny.
> >
> > Actually, you could probably use a procmail script to
> > forward an html email (chock full 'o images) to the
> > php script. So, the author of the pages could simply
> > use outlook or some other html-enabled mail client
> > to compose the pages, send them to some obscure adderss like
> > 987awef9239823r9238r9823q at bladomain.com and
> > then the php script would split/decode the payload and
> > place things wherever they are supposed to go.
> >
> > Phil, I want a water too.
> >
> > ~Rolan
> >
> >
> >
> >
> > Brian Pang wrote:
> >
> > >Because I have too much actual work to do, I decided to put my theory
to
> > >the test and write it up myself.
> > >
> > >I actually think I was pretty much spot on from the beginning. Damn,
I'm
> > >good.
> > >
> > >http://www.bpang.com/fool.php
> > >http://www.bpang.com/fool.phps
> > >
> > >
> > >Of course, it would still be a trick to get the base64_encode()d image
> > >data into the single file in the first place... but that's another
issue.
> > >
> > >Phil, you owe me $34.25
> > >
> > >
> > >snip
> > >
> > >
> > >>If you have a chance, for educational purposes, at least, try working
> > >>out that suggested solution I posted and let us know if you can get it
> > >>to work. Just in case Lawrence calls up any of us instead, then we can
> > >>tell him that it CAN be done. :)
> > >>
> > >>
> > >/snip
> > >_______________________________________________
> > >talk mailing list
> > >talk at lists.nyphp.org
> > >http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > >
> > >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From lsemel at yahoo.com  Mon Aug 25 10:20:08 2003
From: lsemel at yahoo.com (Lee Semel)
Date: Mon, 25 Aug 2003 07:20:08 -0700 (PDT)
Subject: [nycphp-talk] PHP project from Hell Story
In-Reply-To: <DD4F73D6-D4D5-11D7-9199-0003930D07F2@email.smith.edu>
Message-ID: <20030825142008.14083.qmail@web14702.mail.yahoo.com>

I had a guy whose website I had developed.  His office's DSL connection went down for a few days, causing his e-mail box was filling up with emails and spam, and it started bouncing emails.   He expected me to go into his email box and manually delete all the spam for him, and he refused to pay $10/month more to the ISP for a larger email box, because it was a "waste of money".
 
Needless to say I fired him as a client.
 


Aaron Fischer <agfische at email.smith.edu> wrote:
There's also Macromedia Contribute CMS which is $99 and I've heard good 
reviews although haven't had a chance to use yet.

I've got client from hell stories as well, but yours is a keeper! Feel 
your pain...

-A

On Friday, Aug 22, 2003, at 15:19 US/Eastern, Phil Powell wrote:

> Considering he removed me from the project, deleted all the files and
> everything else, I couldn't give a rat's arse what he does at this 
> point,
> but that's good to know for the future.
>
> I just wanted to know if I were the only one on earth that gets 
> clients from
> Hell.
>
> Phil

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030825/23f0f647/attachment.html>

From dmintz at panix.com  Mon Aug 25 14:21:22 2003
From: dmintz at panix.com (David Mintz)
Date: Mon, 25 Aug 2003 14:21:22 -0400 (EDT)
Subject: [nycphp-talk] trouble starting mysql at boot time (RedHat 9)
In-Reply-To: <20030822203628.GA11122@unicron.ilovett.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>
	<20030822203628.GA11122@unicron.ilovett.com>
Message-ID: <Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>


This RedHat novice is having trouble getting MySQL to autostart on boot.

Following instructions found in my MySQL book, I have put a symlink in
/etc/rc3.d as follows

[david at vernon0 rc3.d]$ ls -l S99mysql
lrwxrwxrwx    1 root     root           16 Aug 25 12:02 S99mysql -> ../init.d/mysqld

and init.d/mysql looks like this

[david at vernon0 rc3.d]$ head ../init.d/mysqld
#!/bin/bash
#
# mysqld        This shell script takes care of starting and stopping
#               the MySQL subsystem (mysqld).
#
# chkconfig: - 78 12
# description:  MySQL database server.
# processname: mysqld
# config: /etc/my.cnf
# pidfile: /var/run/mysqld/mysqld.pid
# [ etc ]

and its permission are set thus

[david at vernon0 rc3.d]$ ls -l  ../init.d/mysqld
-rwxr-xr-x    1 root     root         1772 Apr 30 13:31 ../init.d/mysqld


I'm told this mysqld script is the beast that's also known as
mysql.server. My understanding is that when Linux boots and gets to
runlevel 3, it invokes the S99mysql script with an argument of 'start'.

When I reboot, I don't get any mysql starting and I can't find any error
messages saying what went wrong -- maybe because I don't know where to
look. /var/log/mysqld.log is empty.

I can't watch the boot process on the console right now because I'm
accessing the machine via SSH, so I reboot it, then log back in and look
in /var/log/boot.log, and it is silent as far as mysql is concerned.

Suggestions?

TIA




---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas


From jlacey at ix.netcom.com  Mon Aug 25 14:25:13 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Mon, 25 Aug 2003 12:25:13 -0600
Subject: [nycphp-talk] trouble starting mysql at boot time (RedHat 9)
In-Reply-To: <Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>	<20030822203628.GA11122@unicron.ilovett.com>
	<Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>
Message-ID: <3F4A5489.1030401@ix.netcom.com>

David,

rename your symlink to "mysql" instead of "mysqld"... i.e. according to 
what you've written, the startup script in  /etc/init.d is "mysql"
and the symlink is "mysqld"... just make them match

John


David Mintz wrote:

>This RedHat novice is having trouble getting MySQL to autostart on boot.
>
>Following instructions found in my MySQL book, I have put a symlink in
>/etc/rc3.d as follows
>
>[david at vernon0 rc3.d]$ ls -l S99mysql
>lrwxrwxrwx    1 root     root           16 Aug 25 12:02 S99mysql -> ../init.d/mysqld
>
>and init.d/mysql looks like this
>
>[david at vernon0 rc3.d]$ head ../init.d/mysqld
>#!/bin/bash
>#
># mysqld        This shell script takes care of starting and stopping
>#               the MySQL subsystem (mysqld).
>#
># chkconfig: - 78 12
># description:  MySQL database server.
># processname: mysqld
># config: /etc/my.cnf
># pidfile: /var/run/mysqld/mysqld.pid
># [ etc ]
>
>and its permission are set thus
>
>[david at vernon0 rc3.d]$ ls -l  ../init.d/mysqld
>-rwxr-xr-x    1 root     root         1772 Apr 30 13:31 ../init.d/mysqld
>
>
>I'm told this mysqld script is the beast that's also known as
>mysql.server. My understanding is that when Linux boots and gets to
>runlevel 3, it invokes the S99mysql script with an argument of 'start'.
>
>When I reboot, I don't get any mysql starting and I can't find any error
>messages saying what went wrong -- maybe because I don't know where to
>look. /var/log/mysqld.log is empty.
>
>I can't watch the boot process on the console right now because I'm
>accessing the machine via SSH, so I reboot it, then log back in and look
>in /var/log/boot.log, and it is silent as far as mysql is concerned.
>
>Suggestions?
>
>TIA
>
>
>
>
>---
>David Mintz
>http://davidmintz.org/
>Email: See http://dmintzweb.com/whitelist.php first!
>
>"Y d?le p'abajo"
>
>	Tito Rojas
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>





From dmintz at panix.com  Mon Aug 25 15:25:11 2003
From: dmintz at panix.com (David Mintz)
Date: Mon, 25 Aug 2003 15:25:11 -0400 (EDT)
Subject: [nycphp-talk] trouble starting mysql at boot time (RedHat 9)
In-Reply-To: <3F4A5489.1030401@ix.netcom.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>
	<20030822203628.GA11122@unicron.ilovett.com>
	<Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>
	<3F4A5489.1030401@ix.netcom.com>
Message-ID: <Pine.NEB.4.56.0308251521520.27465@panix5.panix.com>

On Mon, 25 Aug 2003, John Lacey wrote:

> David,
>
> rename your symlink to "mysql" instead of "mysqld"... i.e. according to
> what you've written, the startup script in  /etc/init.d is "mysql"
> and the symlink is "mysqld"... just make them match


Thanks for the reply. I've done that and now I have this:

[root at vernon0 rc3.d]# ls -l *mysql*
lrwxrwxrwx    1 root     root           15 Aug 25 15:13 K12mysql -> ../init.d/mysql
lrwxrwxrwx    1 root     root           15 Aug 25 15:13 S99mysql -> ../init.d/mysql
[root at vernon0 rc3.d]# ls -l /etc/init.d/mysql
-rwxr-xr-x    1 root     root         1772 Apr 30 13:31 /etc/init.d/mysql

and I reboot, and mysql still doesn't start.

Any more suggestions?

	Thanks


From jlacey at ix.netcom.com  Mon Aug 25 15:33:08 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Mon, 25 Aug 2003 13:33:08 -0600
Subject: [nycphp-talk] trouble starting mysql at boot time (RedHat 9)
In-Reply-To: <Pine.NEB.4.56.0308251521520.27465@panix5.panix.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>	<20030822203628.GA11122@unicron.ilovett.com>	<Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>	<3F4A5489.1030401@ix.netcom.com>
	<Pine.NEB.4.56.0308251521520.27465@panix5.panix.com>
Message-ID: <3F4A6474.1090400@ix.netcom.com>

David Mintz wrote:

>On Mon, 25 Aug 2003, John Lacey wrote:
>
>  
>
>>David,
>>
>>rename your symlink to "mysql" instead of "mysqld"... i.e. according to
>>what you've written, the startup script in  /etc/init.d is "mysql"
>>and the symlink is "mysqld"... just make them match
>>    
>>
>
>
>Thanks for the reply. I've done that and now I have this:
>
>[root at vernon0 rc3.d]# ls -l *mysql*
>lrwxrwxrwx    1 root     root           15 Aug 25 15:13 K12mysql -> ../init.d/mysql
>lrwxrwxrwx    1 root     root           15 Aug 25 15:13 S99mysql -> ../init.d/mysql
>[root at vernon0 rc3.d]# ls -l /etc/init.d/mysql
>-rwxr-xr-x    1 root     root         1772 Apr 30 13:31 /etc/init.d/mysql
>
>and I reboot, and mysql still doesn't start.
>
>Any more suggestions?
>
>  
>
Do you have it configured to start automatically?  (ntsysv at a terminal 
prompt as root on a RedHat system should work)

also, if you cd to /etc/init.d/
and enter   ./mysql start

you can start it manually... don't forget the "period slash" in front of 
the command (which I seem to do regularly :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030825/8638ccab/attachment.html>

From dmintz at panix.com  Mon Aug 25 15:54:16 2003
From: dmintz at panix.com (David Mintz)
Date: Mon, 25 Aug 2003 15:54:16 -0400 (EDT)
Subject: [nycphp-talk] trouble starting mysql at boot time (RedHat 9)
In-Reply-To: <3F4A6474.1090400@ix.netcom.com>
References: <E19qHKq-00004z-E6@rslrs1-server.com>
	<20030822203628.GA11122@unicron.ilovett.com>
	<Pine.NEB.4.56.0308251311120.27465@panix5.panix.com>
	<3F4A5489.1030401@ix.netcom.com>
	<Pine.NEB.4.56.0308251521520.27465@panix5.panix.com>
	<3F4A6474.1090400@ix.netcom.com>
Message-ID: <Pine.NEB.4.56.0308251552550.27465@panix5.panix.com>

On Mon, 25 Aug 2003, John Lacey wrote:

> Do you have it configured to start automatically?  (ntsysv at a terminal
> prompt as root on a RedHat system should work)


Bingo!

Thank you, thank you, thank you.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas


From oprusak at trafficmac.com  Mon Aug 25 16:03:33 2003
From: oprusak at trafficmac.com (Ophir Prusak)
Date: Mon, 25 Aug 2003 16:03:33 -0400
Subject: [nycphp-talk] Creating PDFs
References: <E19qHKq-00004z-E6@rslrs1-server.com><20030822203628.GA11122@unicron.ilovett.com><Pine.NEB.4.56.0308251311120.27465@panix5.panix.com><3F4A5489.1030401@ix.netcom.com><Pine.NEB.4.56.0308251521520.27465@panix5.panix.com><3F4A6474.1090400@ix.netcom.com>
	<Pine.NEB.4.56.0308251552550.27465@panix5.panix.com>
Message-ID: <00c701c36b43$f6ac8c70$9601a8c0@DEVOP>

Hi All,

I was wondering what solutions any of you have used to created PDF files
(from a php script running on a unix server).
We're currently using HTML to PDF - http://www.rustyparts.com/pdf.php which
works ok, but we're finding it cifficult to get some of the fine tuning we
want.

Thanx
Ophir



From jsiegel1 at optonline.net  Mon Aug 25 17:38:52 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Mon, 25 Aug 2003 17:38:52 -0400
Subject: [nycphp-talk] Driving in to meeting at Digital Pulp...place to park?
Message-ID: <006501c36b51$47c39970$6401a8c0@EZDSDELL>

Anyone know of a place to park near Digital Pulp?

Jeff



From pl at eskimo.com  Mon Aug 25 17:46:40 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Mon, 25 Aug 2003 17:46:40 -0400
Subject: [nycphp-talk] Driving in to meeting at Digital Pulp...place to
	park?
References: <006501c36b51$47c39970$6401a8c0@EZDSDELL>
Message-ID: <007501c36b52$600f1f80$4a2c0242@peter1>

There are meters on 23rd.

Peter L.
----- Original Message -----
From: "Jeff" <jsiegel1 at optonline.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Monday, August 25, 2003 5:38 PM
Subject: [nycphp-talk] Driving in to meeting at Digital Pulp...place to park?


> Anyone know of a place to park near Digital Pulp?
>
> Jeff
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From jsiegel1 at optonline.net  Mon Aug 25 20:00:11 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Mon, 25 Aug 2003 20:00:11 -0400
Subject: [nycphp-talk] Driving in to meeting at Digital Pulp...place
	to	park?
In-Reply-To: <007501c36b52$600f1f80$4a2c0242@peter1>
Message-ID: <000e01c36b65$057bbc50$6401a8c0@EZDSDELL>

Thanks! Now I have to bring quarters.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Peter Lehrer
Sent: Monday, August 25, 2003 4:47 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Driving in to meeting at Digital Pulp...place
to park?


There are meters on 23rd.

Peter L.
----- Original Message -----
From: "Jeff" <jsiegel1 at optonline.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Monday, August 25, 2003 5:38 PM
Subject: [nycphp-talk] Driving in to meeting at Digital Pulp...place to
park?


> Anyone know of a place to park near Digital Pulp?
>
> Jeff
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From danielc at analysisandsolutions.com  Mon Aug 25 20:55:23 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Mon, 25 Aug 2003 20:55:23 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
Message-ID: <20030826005523.GA25761@panix.com>

INTERESTING ARTICLES
--------------------
Slow Down Internet Worms With Tarpits
http://www.securityfocus.com/infocus/1723

IPtables handles this by allowing a tarpitted port to accept any incoming 
TCP connection. When data transfer begins to occur, the TCP window size is 
set to zero, so no data can be transferred within the session. The 
connection is then held open, and any requests by the remote side to close 
the session are ignored. This means that the attacker must wait for the 
connection to timeout in order to disconnect. This kind of behavior is bad 
news for automated scanning tools (like worms) because they rely on a 
quick turnaround from their potential victims.


Slammer worm crashed Ohio nuke plant network
http://www.securityfocus.com/news/6767



VULNERABILITIES IN PHP APPS
---------------------------
Horde Application Framework Account Hijacking Vulnerability
http://www.securityfocus.com/bid/8399

HostAdmin Path Disclosure Vulnerability
http://www.securityfocus.com/bid/8401

Xoops BBCode HTML Injection Vulnerability
http://www.securityfocus.com/bid/8414

HolaCMS HTMLtags.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/8416

PHPSecureSite SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/8427

MatrikzGB Guestbook Administrative Privilege Escalation Vuln...
http://www.securityfocus.com/bid/8430

Atilla PHP Content Management System Multiple Web Vulnerabil...
http://www.securityfocus.com/bid/8437

Fusion News Unauthorized Account Addition Vulnerability
http://www.securityfocus.com/bid/8441


-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From jonbaer at jonbaer.net  Mon Aug 25 22:12:23 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Mon, 25 Aug 2003 22:12:23 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
References: <20030826005523.GA25761@panix.com>
Message-ID: <006201c36b77$7d2df530$6700a8c0@thinkpad>

just as a request ...

id like to see some demos of some security vulnerabilities that are
constantly listed in security focus alerts @ some of the meetings ... for
one @ the beginning of getting into php id dive into code that was part of
some of these apps to notice how certain things were accomplished and then
for the apps to be listed like this makes me a little nervous ... either
that or a good white paper on secure php coding practices would help ...

i mean can this be taken as a joke:
PHPSecureSite SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/8427

(keep in mind this has already been fixed in the product) but the patch for
the problem was not easily located to see what was done.  anyone have a link
for these issues?

- jon



From jonbaer at jonbaer.net  Mon Aug 25 22:27:16 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Mon, 25 Aug 2003 22:27:16 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
Message-ID: <000501c36b79$9337fa40$6700a8c0@thinkpad>

ive recently downloaded a demo of this app and was looking for feedback to
see if anyone else was using it ... ive noticed it does not handle php well
or linked stylesheets but on the whole for editing material it seems
extremely simplistic ...

im not a big fan of wysiwyg when it comes to editing web material (since all
of them see to !@#$ with ur stuff when writing file to disk) ... but the app
seems like a clean client to use on a dev server before publishing, is
anyone else using it?

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47



From jsiegel1 at optonline.net  Mon Aug 25 23:55:04 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Mon, 25 Aug 2003 23:55:04 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <000501c36b79$9337fa40$6700a8c0@thinkpad>
Message-ID: <000e01c36b85$d5553760$6401a8c0@EZDSDELL>

I set up a client to use Contribute. Admittedly the site is straight
html (no php) but there are no problems with linked stylesheets. All
pages are based on a DreamWeaver template and Contribute will allow you
to choose whether to "lock down" sections of the template or to allow
changes even to template sections.

The client, I should add, is quite happy with Contribute.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Jon Baer
Sent: Monday, August 25, 2003 9:27 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Macromedia Contribute ...


ive recently downloaded a demo of this app and was looking for feedback
to
see if anyone else was using it ... ive noticed it does not handle php
well
or linked stylesheets but on the whole for editing material it seems
extremely simplistic ...

im not a big fan of wysiwyg when it comes to editing web material (since
all
of them see to !@#$ with ur stuff when writing file to disk) ... but the
app
seems like a clean client to use on a dev server before publishing, is
anyone else using it?

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Tue Aug 26 00:02:07 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 26 Aug 2003 00:02:07 -0400
Subject: [nycphp-talk] [Fwd: [ANNOUNCE] PHP 4.3.3 released]
Message-ID: <3F4ADBBF.9080009@nyphp.org>


FYI


-------- Original Message --------
Subject: [ANNOUNCE] PHP 4.3.3 released
Date: Mon, 25 Aug 2003 09:53:24 -0400
From: Ilia Alshanetsky <ilia at prohost.org>
Reply-To: ilia at prohost.org
Organization: Prohost.org
To: php-announce at lists.php.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After a lengthy QA process, PHP 4.3.3 is finally out! This maintenance
release solves a fair number of bugs found in prior PHP versions and
addresses several security issues. All users are *strongly* advised to
upgrade to 4.3.3 as soon as possible.

PHP 4.3.3 contains, among others, following important fixes, additions and
improvements:

* Improved the engine to use POSIX/socket IO where feasible.
* Fixed several potentially hazardous integer and buffer overflows.
* Fixed corruption of multibyte character including 0x5c as second byte in 
multipart/form-data.
* Fixed each() to be binary safe for keys.
* Major improvements to the NSAPI SAPI
* Improvements to the IMAP extension
* Improvements to the InterBase extension
* Added DBA handler 'inifile' to support ini files.
* Added long options into CLI & CGI (e.g. --version).
* Added a new parameter to preg_match*() that can be used to specify the 
starting offset in the subject string to match from.
* Upgraded the bundled Expat library to version 1.95.6
* Upgraded the bundled PCRE library to version 4.3
* Upgraded the bundled GD library to version GD 2.0.15
* Over 100 various bug fixes!

For a full list of changes in PHP 4.3.2, see the NEWS file.
(http://www.php.net/ChangeLog-4.php#4.3.3).

md5sums:

1171d96104e2ff2cff9e19789a4a1536	php-4.3.3.tar.bz2
fe3fede4115354155fc6185522f7c6b2	php-4.3.3.tar.gz
c3497c394b3f5829136eb2ff614da241	php-4.3.3-Win32.zip
140b98d796e81402776a133f273f0b38	php-4.3.3-installer.exe

Have fun,

Ilia Alshanetsky
ilia at php.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/ShTULKekh381/CERAhcYAKCHWwiJqs76kB121FYA8nnvQll8QwCdHv7H
DF0UP4g6XX4bWDduo9ZbyU8=
=goOn
-----END PGP SIGNATURE-----

-- 
PHP Announcements Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





From hans at nyphp.org  Tue Aug 26 08:24:02 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 26 Aug 2003 08:24:02 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <006201c36b77$7d2df530$6700a8c0@thinkpad>
References: <20030826005523.GA25761@panix.com>
	<006201c36b77$7d2df530$6700a8c0@thinkpad>
Message-ID: <3F4B5162.5090901@nyphp.org>


> id like to see some demos of some security vulnerabilities that are
> constantly listed in security focus alerts @ some of the meetings ... for
> one @ the beginning of getting into php id dive into code that was part of
> some of these apps to notice how certain things were accomplished and then
> for the apps to be listed like this makes me a little nervous ... either
> that or a good white paper on secure php coding practices would help ...

That's a great idea Jon.  We could even start today! (ok by Sept. for sure :)

> i mean can this be taken as a joke:
> PHPSecureSite SQL Injection Vulnerabilities
> http://www.securityfocus.com/bid/8427

Unfortunately, I've found a lot of securityfocus's postings to be a little far fetched (like the vulnerability I pointed out the other week).

> (keep in mind this has already been fixed in the product) but the patch for
> the problem was not easily located to see what was done.  anyone have a link
> for these issues?

Maybe we should startup a "security corner" to complement the "newbie corner" at our meetings.  Akin to newbie topics, people could bring in security related patches, news and general topics.

H



From tom at supertom.com  Tue Aug 26 09:41:38 2003
From: tom at supertom.com (tom at supertom.com)
Date: Tue, 26 Aug 2003 09:41:38 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron?
In-Reply-To: <Pine.NEB.4.56.0308251521520.27465@panix5.panix.com>
Message-ID: <LBEDJMJGLEPEKJAJMHBDKEDEFLAA.tom@supertom.com>

Hey folks -

Anyone know of a PHP script/program to manipulate cron entries?  If not, I
may just look at the perl code in webmin for cron.

See you guys tonight at the meeting - the Long Island guy is heading to the
"big city" tonight!

Tom
http://www.liphp.org



***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php





From hans at nyphp.org  Tue Aug 26 10:00:09 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 26 Aug 2003 10:00:09 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron?
In-Reply-To: <LBEDJMJGLEPEKJAJMHBDKEDEFLAA.tom@supertom.com>
References: <LBEDJMJGLEPEKJAJMHBDKEDEFLAA.tom@supertom.com>
Message-ID: <3F4B67E9.3080400@nyphp.org>


> Anyone know of a PHP script/program to manipulate cron entries?  If not, I
> may just look at the perl code in webmin for cron.

I had written something like this once, but the one here is probably better:

http://phpclasses.mirrors.nyphp.org/browse.html/class/24.html

> See you guys tonight at the meeting - the Long Island guy is heading to the
> "big city" tonight!

It'll be good to meet again.  See you tonight,

H



From agfische at email.smith.edu  Tue Aug 26 10:17:17 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 26 Aug 2003 10:17:17 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <000501c36b79$9337fa40$6700a8c0@thinkpad>
Message-ID: <FF41DF7C-D7CF-11D7-9D11-0003930D07F2@email.smith.edu>

I haven't used it yet but plan to install for a client that I am 
working with.  I had a walkthrough demo by a Macromedia developer at 
Macworld.  Seemed very nice, easy to use.  There were some cool 
features that I didn't know about like being able to make specific 
parts of certain pages editable and prevent the user from screwing up 
other parts.

Aaron

On Monday, Aug 25, 2003, at 22:27 US/Eastern, Jon Baer wrote:

> im not a big fan of wysiwyg when it comes to editing web material 
> (since all
> of them see to !@#$ with ur stuff when writing file to disk) ... but 
> the app
> seems like a clean client to use on a dev server before publishing, is
> anyone else using it?



From jeffknight at mac.com  Tue Aug 26 10:33:49 2003
From: jeffknight at mac.com (Jeff Knight)
Date: Tue, 26 Aug 2003 10:33:49 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <FF41DF7C-D7CF-11D7-9D11-0003930D07F2@email.smith.edu>
Message-ID: <4EF32E44-D7D2-11D7-BB2C-000393B9FB36@mac.com>

If the Macromedia of the future is going to be anything like the way 
Macromedia has been developing over the last five years, you're going 
to get locked into using a buggy, unstable application. Any future 
bug-fixes will be released as upgrades you must pay for loaded with new 
buggy features.


On Tuesday, August 26, 2003, at 10:17  AM, Aaron Fischer wrote:

> I haven't used it yet but plan to install for a client that I am 
> working with.  I had a walkthrough demo by a Macromedia developer at 
> Macworld.  Seemed very nice, easy to use.  There were some cool 
> features that I didn't know about like being able to make specific 
> parts of certain pages editable and prevent the user from screwing up 
> other parts.
>
> Aaron
>
> On Monday, Aug 25, 2003, at 22:27 US/Eastern, Jon Baer wrote:
>
>> im not a big fan of wysiwyg when it comes to editing web material 
>> (since all
>> of them see to !@#$ with ur stuff when writing file to disk) ... but 
>> the app
>> seems like a clean client to use on a dev server before publishing, is
>> anyone else using it?
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
Jeff Knight
jeff at lushmedia.com
212/213-6558 x 203
LUSH media
110 W 40th St #1502
New York, NY 10018



From danielc at analysisandsolutions.com  Tue Aug 26 10:40:40 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Tue, 26 Aug 2003 10:40:40 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <006201c36b77$7d2df530$6700a8c0@thinkpad>
References: <20030826005523.GA25761@panix.com>
	<006201c36b77$7d2df530$6700a8c0@thinkpad>
Message-ID: <20030826144040.GA10118@panix.com>

Hi Jon:

> id like to see some demos of some security vulnerabilities that are
> constantly listed in security focus alerts @ some of the meetings
> ... either
> that or a good white paper on secure php coding practices would help ...

Part of my presentation tonight will discuss a data validation routine.  

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From tom at supertom.com  Tue Aug 26 10:35:58 2003
From: tom at supertom.com (tom at supertom.com)
Date: Tue, 26 Aug 2003 10:35:58 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron?
In-Reply-To: <3F4B67E9.3080400@nyphp.org>
Message-ID: <LBEDJMJGLEPEKJAJMHBDEEDJFLAA.tom@supertom.com>

Ok, that works, and I'll probably borrow the interface from here:

http://www.mtsdev.com/opensource/phpcrontab.php

as when I click on the submit button, nothing seems to happen.

Thanks,

Tom





***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php




-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
Sent: Tuesday, August 26, 2003 10:00 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP script to manipulate Cron?



> Anyone know of a PHP script/program to manipulate cron entries?  If not, I
> may just look at the perl code in webmin for cron.

I had written something like this once, but the one here is probably better:

http://phpclasses.mirrors.nyphp.org/browse.html/class/24.html

> See you guys tonight at the meeting - the Long Island guy is heading to
the
> "big city" tonight!

It'll be good to meet again.  See you tonight,

H

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Tue Aug 26 10:44:53 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 10:44:53 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <4EF32E44-D7D2-11D7-BB2C-000393B9FB36@mac.com>
Message-ID: <004301c36be0$9d6f76c0$6401a8c0@EZDSDELL>

First, I believe there is no extra charge for the buggy features. ;)

Second, if your pages are based on a DreamWeaver template then you can
easily lock down aspects of the page(s). In addition, you can set
Contribute to only allow, say, text changes.

Third, the one "quirk" is that Contribute performs its "magic" by using
a very old trick, namely, placing a bunch of files on the webserver to
handle locking issues so that if the client is editing page X and you
try to edit Page X you'll get a message saying that it is being edited
by someone else. These "lock" files tell Contribute what is going on.
This works decently well but, depending on the particular host, it can
be a small problem, e.g., Contribute may have problems FTPing files back
and forth; problems checking on the "lock" files, etc. With one
particular ISP/webserver, I couldn't get Contribute to work at all.

Jeff 

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Jeff Knight
Sent: Tuesday, August 26, 2003 9:34 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Macromedia Contribute ...


If the Macromedia of the future is going to be anything like the way 
Macromedia has been developing over the last five years, you're going 
to get locked into using a buggy, unstable application. Any future 
bug-fixes will be released as upgrades you must pay for loaded with new 
buggy features.


On Tuesday, August 26, 2003, at 10:17  AM, Aaron Fischer wrote:

> I haven't used it yet but plan to install for a client that I am 
> working with.  I had a walkthrough demo by a Macromedia developer at 
> Macworld.  Seemed very nice, easy to use.  There were some cool 
> features that I didn't know about like being able to make specific 
> parts of certain pages editable and prevent the user from screwing up 
> other parts.
>
> Aaron
>
> On Monday, Aug 25, 2003, at 22:27 US/Eastern, Jon Baer wrote:
>
>> im not a big fan of wysiwyg when it comes to editing web material 
>> (since all
>> of them see to !@#$ with ur stuff when writing file to disk) ... but 
>> the app
>> seems like a clean client to use on a dev server before publishing,
is
>> anyone else using it?
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
Jeff Knight
jeff at lushmedia.com
212/213-6558 x 203
LUSH media
110 W 40th St #1502
New York, NY 10018

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From agfische at email.smith.edu  Tue Aug 26 10:48:27 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 26 Aug 2003 10:48:27 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <4EF32E44-D7D2-11D7-BB2C-000393B9FB36@mac.com>
Message-ID: <5A087D36-D7D4-11D7-9D11-0003930D07F2@email.smith.edu>

It may have room for improvement but their stuff is still better then 
anything else that's out there.  Dreamweaver is the best wysiwig and 
Fireworks totally blew away Photoshop as far as creating graphics for 
the web and is still well ahead.

Aren't bugs and fixes/upgrades a symptom of most commercially produced 
apps out there?  They all seem to suck in one regard or the other.  
Pick your poison.  The solution is to hire high paid in house 
developers...  :-)

-A

On Tuesday, Aug 26, 2003, at 10:33 US/Eastern, Jeff Knight wrote:

> If the Macromedia of the future is going to be anything like the way 
> Macromedia has been developing over the last five years, you're going 
> to get locked into using a buggy, unstable application. Any future 
> bug-fixes will be released as upgrades you must pay for loaded with 
> new buggy features.



From agfische at email.smith.edu  Tue Aug 26 10:50:06 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 26 Aug 2003 10:50:06 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <004301c36be0$9d6f76c0$6401a8c0@EZDSDELL>
Message-ID: <952AAEE6-D7D4-11D7-9D11-0003930D07F2@email.smith.edu>

For future reference, Jeff, what types of servers, OS's were they 
running that it couldn't work on?

TIA,

-A

On Tuesday, Aug 26, 2003, at 10:44 US/Eastern, Jeff wrote:

> With one
> particular ISP/webserver, I couldn't get Contribute to work at all.
>
> Jeff 



From jsiegel1 at optonline.net  Tue Aug 26 11:22:46 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 11:22:46 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <5A087D36-D7D4-11D7-9D11-0003930D07F2@email.smith.edu>
Message-ID: <004501c36be5$e827ef80$6401a8c0@EZDSDELL>

I've been using DreamWeaver and Fireworks since ver. 3. I've been quite
pleased with the results.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Aaron Fischer
Sent: Tuesday, August 26, 2003 9:48 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Macromedia Contribute ...


It may have room for improvement but their stuff is still better then 
anything else that's out there.  Dreamweaver is the best wysiwig and 
Fireworks totally blew away Photoshop as far as creating graphics for 
the web and is still well ahead.

Aren't bugs and fixes/upgrades a symptom of most commercially produced 
apps out there?  They all seem to suck in one regard or the other.  
Pick your poison.  The solution is to hire high paid in house 
developers...  :-)

-A

On Tuesday, Aug 26, 2003, at 10:33 US/Eastern, Jeff Knight wrote:

> If the Macromedia of the future is going to be anything like the way 
> Macromedia has been developing over the last five years, you're going 
> to get locked into using a buggy, unstable application. Any future 
> bug-fixes will be released as upgrades you must pay for loaded with 
> new buggy features.

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Tue Aug 26 11:22:46 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 11:22:46 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <952AAEE6-D7D4-11D7-9D11-0003930D07F2@email.smith.edu>
Message-ID: <004601c36be5$ea583d00$6401a8c0@EZDSDELL>

I wish I could give you details (I think they're using Linux but don't
quote me on that) but the particular ISP was DirectNic.com. They have
some dirt cheap hosting ($30 per year for like 20mb of space...you can
only put up plain HTML...no scripts or stuff like that). When I last
attempted to use Contribute with DirectNic, it didn't work
well...Contribute kept timing out. One of my other clients is on XO.com
and Contribute works nicely. 

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Aaron Fischer
Sent: Tuesday, August 26, 2003 9:50 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Macromedia Contribute ...


For future reference, Jeff, what types of servers, OS's were they 
running that it couldn't work on?

TIA,

-A

On Tuesday, Aug 26, 2003, at 10:44 US/Eastern, Jeff wrote:

> With one
> particular ISP/webserver, I couldn't get Contribute to work at all.
>
> Jeff 

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jonbaer at jonbaer.net  Tue Aug 26 11:17:59 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 26 Aug 2003 11:17:59 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
References: <5A087D36-D7D4-11D7-9D11-0003930D07F2@email.smith.edu>
Message-ID: <001f01c36be5$3c75ecf0$6700a8c0@thinkpad>

Yeah this is the BIG problem here ... basically people want high end
graphical CMS stuff but don't want to pay inhouse staff to develop, before
you welcome me to the real world, id like to point out a pretty big security
issue with Contribute ...

As someone pointed out they could not get Contribute to work with an ISP,
after researching some more around for dev notes it seems magic directories
are created with some pretty important info on the server, something which
should have been pointed out during installation but was not ... they make
assumptions ...

http://www.macromedia.com/support/contribute/connections/webserver_contribut
e/webserver_contribute03.html

Im trying to check if there is a Nessus plugin for _contribute directories
but they should ask what ur setup is during installation before doing
anything (IIS vs. Apache) ...

- jon

----- Original Message -----
From: "Aaron Fischer" <agfische at email.smith.edu>

> Pick your poison.  The solution is to hire high paid in house
> developers...  :-)





From agfische at email.smith.edu  Tue Aug 26 11:30:37 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 26 Aug 2003 11:30:37 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <004601c36be5$ea583d00$6401a8c0@EZDSDELL>
Message-ID: <3DFDCF06-D7DA-11D7-9D11-0003930D07F2@email.smith.edu>

That may be your problem with Contribute, as I believe it needs the 
server side scripting to make it work.

-A

On Tuesday, Aug 26, 2003, at 11:22 US/Eastern, Jeff wrote:

> They have
> some dirt cheap hosting ($30 per year for like 20mb of space...you can
> only put up plain HTML...no scripts or stuff like that).



From agfische at email.smith.edu  Tue Aug 26 11:40:11 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 26 Aug 2003 11:40:11 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <001f01c36be5$3c75ecf0$6700a8c0@thinkpad>
Message-ID: <945401CA-D7DB-11D7-9D11-0003930D07F2@email.smith.edu>

Uh, yeah!  That's not cool.

-A

On Tuesday, Aug 26, 2003, at 11:17 US/Eastern, Jon Baer wrote:

> but they should ask what ur setup is during installation before doing
> anything (IIS vs. Apache) ...



From jsiegel1 at optonline.net  Tue Aug 26 11:54:09 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 11:54:09 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <3DFDCF06-D7DA-11D7-9D11-0003930D07F2@email.smith.edu>
Message-ID: <004701c36bea$4af0a4f0$6401a8c0@EZDSDELL>

Not sure about that one...since it didn't work we just dropped the
idea...it wasn't so important that we needed to research the problem.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Aaron Fischer
Sent: Tuesday, August 26, 2003 10:31 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Macromedia Contribute ...


That may be your problem with Contribute, as I believe it needs the 
server side scripting to make it work.

-A

On Tuesday, Aug 26, 2003, at 11:22 US/Eastern, Jeff wrote:

> They have
> some dirt cheap hosting ($30 per year for like 20mb of space...you can
> only put up plain HTML...no scripts or stuff like that).

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Tue Aug 26 11:54:09 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 11:54:09 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <001f01c36be5$3c75ecf0$6700a8c0@thinkpad>
Message-ID: <004801c36bea$4e3f0ca0$6401a8c0@EZDSDELL>

Thanks for pointing this out.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Jon Baer
Sent: Tuesday, August 26, 2003 10:18 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Macromedia Contribute ...


Yeah this is the BIG problem here ... basically people want high end
graphical CMS stuff but don't want to pay inhouse staff to develop,
before
you welcome me to the real world, id like to point out a pretty big
security
issue with Contribute ...

As someone pointed out they could not get Contribute to work with an
ISP,
after researching some more around for dev notes it seems magic
directories
are created with some pretty important info on the server, something
which
should have been pointed out during installation but was not ... they
make
assumptions ...

http://www.macromedia.com/support/contribute/connections/webserver_contr
ibut
e/webserver_contribute03.html

Im trying to check if there is a Nessus plugin for _contribute
directories
but they should ask what ur setup is during installation before doing
anything (IIS vs. Apache) ...

- jon

----- Original Message -----
From: "Aaron Fischer" <agfische at email.smith.edu>

> Pick your poison.  The solution is to hire high paid in house
> developers...  :-)



_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From tom at supertom.com  Tue Aug 26 11:53:43 2003
From: tom at supertom.com (tom at supertom.com)
Date: Tue, 26 Aug 2003 11:53:43 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron (continued)
In-Reply-To: <3F4B67E9.3080400@nyphp.org>
Message-ID: <LBEDJMJGLEPEKJAJMHBDCEEAFLAA.tom@supertom.com>

Ok, I have the interface and class file working, so I can add entries to the
webservers cron (thanks guys!).  But now....

Anyone have any good ideas about a safe and organized way to have these cron
entries be entered under their own users?  I have access to
username/passwords of the accounts if that helps.

Any thoughts?

Thanks,

Tom

http://www.liphp.org





***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php





From jonbaer at jonbaer.net  Tue Aug 26 13:39:36 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 26 Aug 2003 13:39:36 -0400
Subject: [nycphp-talk] Security Issue -> Contribute ...
Message-ID: <006b01c36bf9$04ceb430$6700a8c0@thinkpad>

if anyone wants to see what i was rambling about in regards to contribute,
have a look for yourself here ... seems like alot of sites are using it :-)

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=index+of+_mm

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47



From jsiegel1 at optonline.net  Tue Aug 26 14:12:46 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Tue, 26 Aug 2003 14:12:46 -0400
Subject: [nycphp-talk] Security Issue -> Contribute ...
In-Reply-To: <006b01c36bf9$04ceb430$6700a8c0@thinkpad>
Message-ID: <007901c36bfd$a7d92670$6401a8c0@EZDSDELL>

There's an easy solution to that one...don't Google "index of _mm" ;)

I do wonder, however, if it's not possible to tinker with Apache
settings, to just drop an "index.html" file in there that redirects
someone to another page.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Jon Baer
Sent: Tuesday, August 26, 2003 12:40 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Security Issue -> Contribute ...


if anyone wants to see what i was rambling about in regards to
contribute,
have a look for yourself here ... seems like alot of sites are using it
:-)

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=index+of+_mm

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jonbaer at jonbaer.net  Tue Aug 26 14:06:15 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Tue, 26 Aug 2003 14:06:15 -0400
Subject: [nycphp-talk] Security Issue -> Contribute ...
References: <007901c36bfd$a7d92670$6401a8c0@EZDSDELL>
Message-ID: <000701c36bfc$bdf645b0$6700a8c0@thinkpad>

either that or they should make the .htaccess files for you as it would not
hurt ... btw, is it common knowledge for IIS to kill all traffic requests
for directories beginning with an underscore?  (only used apache my whole
life) ...

- jon

----- Original Message -----
From: "Jeff" <jsiegel1 at optonline.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Tuesday, August 26, 2003 2:12 PM
Subject: RE: [nycphp-talk] Security Issue -> Contribute ...


> There's an easy solution to that one...don't Google "index of _mm" ;)
>
> I do wonder, however, if it's not possible to tinker with Apache
> settings, to just drop an "index.html" file in there that redirects
> someone to another page.
>
> Jeff
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Jon Baer
> Sent: Tuesday, August 26, 2003 12:40 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] Security Issue -> Contribute ...
>
>
> if anyone wants to see what i was rambling about in regards to
> contribute,
> have a look for yourself here ... seems like alot of sites are using it
> :-)
>
> http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=index+of+_mm
>
> - jon
>
> pgp key: http://www.jonbaer.net/jonbaer.asc
> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From hans at nyphp.org  Tue Aug 26 14:48:08 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 26 Aug 2003 14:48:08 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron (continued)
In-Reply-To: <LBEDJMJGLEPEKJAJMHBDCEEAFLAA.tom@supertom.com>
References: <LBEDJMJGLEPEKJAJMHBDCEEAFLAA.tom@supertom.com>
Message-ID: <3F4BAB68.4010902@nyphp.org>



tom at supertom.com wrote:

> Ok, I have the interface and class file working, so I can add entries to the
> webservers cron (thanks guys!).  But now....
> 
> Anyone have any good ideas about a safe and organized way to have these cron
> entries be entered under their own users?  I have access to
> username/passwords of the accounts if that helps.

Needless to say, this is risky business.  You could use su/sudo to execute commands as other users, which would let you add/change/delete their cronjobs.  Or, you could su commands as root, which would let you inject cronjobs as other users, but then your webserver is doing stuff as root.  If we're talking Apache, which I'm sure we are :) there's suEXEC, which if setup properly can be pretty safe.  Also, maybe if you're running PHP as CGI, you could play with permissions and so forth like that.  I've also written local daemons that run as root and listen for requests from the webserver to execute a very limited set of commands - this is probably safe, but a pain in the neck to do.

There isn't really any nice way of doing, AFAIK, and I'd see if there's an architectural change possible, to avoid doing it at all.  Maybe just have one cronjob running as root that wakes up on a regular interval and queries a MySQL table or some /flat files/lock files/queue directory/ for what needs to be done?

H




From tom at supertom.com  Tue Aug 26 15:10:59 2003
From: tom at supertom.com (tom at supertom.com)
Date: Tue, 26 Aug 2003 15:10:59 -0400
Subject: [nycphp-talk] PHP script to manipulate Cron (continued)
In-Reply-To: <3F4BAB68.4010902@nyphp.org>
Message-ID: <LBEDJMJGLEPEKJAJMHBDKEEOFLAA.tom@supertom.com>

"here isn't really any nice way of doing, AFAIK, and I'd see if there's an
architectural change possible, to avoid doing it at all.  Maybe just have
one cronjob running as root that wakes up on a regular interval and queries
a MySQL table or some /flat files/lock files/queue directory/ for what needs
to be done?"

Yup, we just talked about it here - and that's what we are going to do.

Thanks for the help, and see you in 3 1/2 hours (if I don't get lost). :-)

Tom





***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php




-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere
Sent: Tuesday, August 26, 2003 2:48 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP script to manipulate Cron (continued)




tom at supertom.com wrote:

> Ok, I have the interface and class file working, so I can add entries to
the
> webservers cron (thanks guys!).  But now....
>
> Anyone have any good ideas about a safe and organized way to have these
cron
> entries be entered under their own users?  I have access to
> username/passwords of the accounts if that helps.

Needless to say, this is risky business.  You could use su/sudo to execute
commands as other users, which would let you add/change/delete their
cronjobs.  Or, you could su commands as root, which would let you inject
cronjobs as other users, but then your webserver is doing stuff as root.  If
we're talking Apache, which I'm sure we are :) there's suEXEC, which if
setup properly can be pretty safe.  Also, maybe if you're running PHP as
CGI, you could play with permissions and so forth like that.  I've also
written local daemons that run as root and listen for requests from the
webserver to execute a very limited set of commands - this is probably safe,
but a pain in the neck to do.

There isn't really any nice way of doing, AFAIK, and I'd see if there's an
architectural change possible, to avoid doing it at all.  Maybe just have
one cronjob running as root that wakes up on a regular interval and queries
a MySQL table or some /flat files/lock files/queue directory/ for what needs
to be done?

H


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From shiflett at php.net  Tue Aug 26 17:47:06 2003
From: shiflett at php.net (Chris Shiflett)
Date: Tue, 26 Aug 2003 14:47:06 -0700 (PDT)
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <3F4B5162.5090901@nyphp.org>
Message-ID: <20030826214706.82902.qmail@web14303.mail.yahoo.com>

> Maybe we should startup a "security corner" to complement the "newbie corner"
> at our meetings.  Akin to newbie topics, people could bring in security
> related patches, news and general topics.

Or one of us could give a "very dark gray hat" presentation sometime. :-)

I know I always take a vulnerability more seriously if I can see an exploit
and/or a very detailed analysis of it. Vague desciptions do nothing for me.

Chris


From hans at nyphp.org  Tue Aug 26 17:51:08 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Tue, 26 Aug 2003 17:51:08 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <20030826214706.82902.qmail@web14303.mail.yahoo.com>
References: <20030826214706.82902.qmail@web14303.mail.yahoo.com>
Message-ID: <3F4BD64C.2000601@nyphp.org>



Chris Shiflett wrote:

>>Maybe we should startup a "security corner" to complement the "newbie corner"
>>at our meetings.  Akin to newbie topics, people could bring in security
>>related patches, news and general topics. 
> 
> Or one of us could give a "very dark gray hat" presentation sometime. :-)

How's September 23rd work for you?  :)

H



From jkitses at mindspring.com  Tue Aug 26 18:10:49 2003
From: jkitses at mindspring.com (John Kitses)
Date: Tue, 26 Aug 2003 18:10:49 -0400
Subject: [nycphp-talk] intro question
Message-ID: <a05210601bb718b3df176@[24.239.155.75]>

Hello...

I would like to know if PHP and/or MySQL is the answer to my design 
problem. I have been told so, but I am a beginner to both, and need a 
good intro tutorial also.

Here it is: I am designing a website for a store, and want users to 
be able to search the merchandise by various criteria (price, style, 
manufacturer, etc). It's a fishing lure store, so the products will 
be similar - all will feature a photo and descriptive text.

Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a 
designer, I know HTML, basic Javascript, and understand programming 
concepts, generally. How can I get started?

much thanks
JK


From soazine at erols.com  Tue Aug 26 18:15:31 2003
From: soazine at erols.com (Phil Powell)
Date: Tue, 26 Aug 2003 18:15:31 -0400
Subject: [nycphp-talk] intro question
References: <a05210601bb718b3df176@[24.239.155.75]>
Message-ID: <02f101c36c1f$90412400$67a76244@philofsoa>

I personally think so!  PHP is an extremely robust scripting language that I
have seen can easily be tailored for personalization and authentication
needs, which would address your store issues.

I in fact helped to built a "mall" of sorts (a portal leading to multiple
stores with their own personalization solutions), however, not in PHP, but
in TCL as CGI, but I can easily envision that being done in PHP with a mySQL
backend.

I've seen how mySQL is becoming very robust and data-resourceful as well.

I would get a few books on both PHP and mySQL and the people here are on top
of the programming food chain and would be able to answer anything
whatsoever you could possibly imagine, so you picked the right group!

Good luck!

Phil
----- Original Message ----- 
From: "John Kitses" <jkitses at mindspring.com>
To: <talk at lists.nyphp.org>
Sent: Tuesday, August 26, 2003 6:10 PM
Subject: [nycphp-talk] intro question


> Hello...
>
> I would like to know if PHP and/or MySQL is the answer to my design
> problem. I have been told so, but I am a beginner to both, and need a
> good intro tutorial also.
>
> Here it is: I am designing a website for a store, and want users to
> be able to search the merchandise by various criteria (price, style,
> manufacturer, etc). It's a fishing lure store, so the products will
> be similar - all will feature a photo and descriptive text.
>
> Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a
> designer, I know HTML, basic Javascript, and understand programming
> concepts, generally. How can I get started?
>
> much thanks
> JK
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From nyphp at enobrev.com  Tue Aug 26 18:19:49 2003
From: nyphp at enobrev.com (Mark Armendariz)
Date: Tue, 26 Aug 2003 18:19:49 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <a05210601bb718b3df176@[24.239.155.75]>
Message-ID: <001101c36c20$29e36eb0$0100a8c0@enobrev>

I highly recommend using oscommerce for your store.  There's a great
community behind it and it does a fantastic job for ecommerce stores.  Best
of all, it's a free solution.

http://www.oscommerce.com/

Here's an example of one of my client's sites using it (getting about 15000
visits a month and handling beutifully) :
http://www.videogamedeals.com/

Good luck!!

Mark

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of John Kitses
Sent: Tuesday, August 26, 2003 6:11 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] intro question


Hello...

I would like to know if PHP and/or MySQL is the answer to my design 
problem. I have been told so, but I am a beginner to both, and need a 
good intro tutorial also.

Here it is: I am designing a website for a store, and want users to 
be able to search the merchandise by various criteria (price, style, 
manufacturer, etc). It's a fishing lure store, so the products will 
be similar - all will feature a photo and descriptive text.

Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a 
designer, I know HTML, basic Javascript, and understand programming 
concepts, generally. How can I get started?

much thanks
JK
_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk





From eric.cogswell at innlink.com  Tue Aug 26 18:26:07 2003
From: eric.cogswell at innlink.com (Cogswell, Eric)
Date: Tue, 26 Aug 2003 17:26:07 -0500
Subject: [nycphp-talk] intro question
Message-ID: <C33C210B505AE448ACDB84D71C45E23D7F2668@shosv2b.sholodge.corp>

I agree with Phil 100%!  PHP-MySQL is a perfect solution for this project.  Its a perfect platform for developing small projects like this that have a potential to grow into something large.  If you implement it right, its a very scalable solution.  I have personally built 2 or 3 sites similar in nature.

As far as advice, I would reccomend starting out by focusing on an Object Oriented approach, since PHP 5 will bring in many enahncements in that area and code maintainence will be made easier in the future.  Dont waste too much money on books though, you can usually find everything you need online via Google.

Good luck and enjoy :)

-E

-----Original Message-----
From: Phil Powell [mailto:soazine at erols.com]
Sent: Tuesday, August 26, 2003 5:16 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] intro question


I personally think so!  PHP is an extremely robust scripting language that I
have seen can easily be tailored for personalization and authentication
needs, which would address your store issues.

I in fact helped to built a "mall" of sorts (a portal leading to multiple
stores with their own personalization solutions), however, not in PHP, but
in TCL as CGI, but I can easily envision that being done in PHP with a mySQL
backend.

I've seen how mySQL is becoming very robust and data-resourceful as well.

I would get a few books on both PHP and mySQL and the people here are on top
of the programming food chain and would be able to answer anything
whatsoever you could possibly imagine, so you picked the right group!

Good luck!

Phil
----- Original Message ----- 
From: "John Kitses" <jkitses at mindspring.com>
To: <talk at lists.nyphp.org>
Sent: Tuesday, August 26, 2003 6:10 PM
Subject: [nycphp-talk] intro question


> Hello...
>
> I would like to know if PHP and/or MySQL is the answer to my design
> problem. I have been told so, but I am a beginner to both, and need a
> good intro tutorial also.
>
> Here it is: I am designing a website for a store, and want users to
> be able to search the merchandise by various criteria (price, style,
> manufacturer, etc). It's a fishing lure store, so the products will
> be similar - all will feature a photo and descriptive text.
>
> Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a
> designer, I know HTML, basic Javascript, and understand programming
> concepts, generally. How can I get started?
>
> much thanks
> JK
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk


From csnyder at chxo.com  Tue Aug 26 23:09:03 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Tue, 26 Aug 2003 23:09:03 -0400
Subject: [nycphp-talk] Macromedia Contribute ...
In-Reply-To: <4EF32E44-D7D2-11D7-BB2C-000393B9FB36@mac.com>
References: <4EF32E44-D7D2-11D7-BB2C-000393B9FB36@mac.com>
Message-ID: <3F4C20CF.3000905@chxo.com>

Amen, brother. That's why I still recommend Dreamweaver 4 if someone 
wants a WYSIWYG html editor.

Jeff Knight wrote:

> If the Macromedia of the future is going to be anything like the way 
> Macromedia has been developing over the last five years, you're going 
> to get locked into using a buggy, unstable application. Any future 
> bug-fixes will be released as upgrades you must pay for loaded with 
> new buggy features.




From tom at supertom.com  Wed Aug 27 08:29:40 2003
From: tom at supertom.com (tom at supertom.com)
Date: Wed, 27 Aug 2003 08:29:40 -0400
Subject: [nycphp-talk] LIPHP Meeting Tonight (8/27) in Hauppauge!
Message-ID: <LBEDJMJGLEPEKJAJMHBDIEHNFLAA.tom@supertom.com>

Hey folks,

Tonight is the 6th LIPHP meeting in Hauppauge - location and directions are
here:

http://www.liphp.org

Tonight's topic will be an review/discussion of the new Zend IDE, which is
currently in Beta now.  You can also download your own copy of the  Zend
Studio at:

http://www.zend.com/store/products/zend-studio-beta.php

In addition, we will be giving away a copy of the 5th edition of "Core PHP
Programming" by Atkinson and Suraski, which covers PHP5.  Plus, thanks to
the folks at NYPHP, we have 3 additional PHP books to give away.  The
general attendance at our meetings is always under 20 - so your odds of
walking away with some free stuff are pretty good (much better than lotto!)!


Of course, the Krispy Kremes will be plentiful (its not like you guys come
to see me)!







***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php





From pl at eskimo.com  Wed Aug 27 08:47:52 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Wed, 27 Aug 2003 08:47:52 -0400
Subject: [nycphp-talk] intro question
References: <a05210601bb718b3df176@[24.239.155.75]>
Message-ID: <006e01c36c99$6f143fe0$612c0242@peter1>

If you are looking for a book you can start with "PHP & MySQL for Dummies".
In the book, the author builds a web site of the type you describe you need.
Also, it includes a pretty good introduction to MySQL and PHP. In addition,
it comes with copies of php, mysql and apache and the installation is pretty
easy, especially on windows. I installed it on Windows 95 and 98 and it was
a breeze.

Peter Lehrer
----- Original Message -----
From: "John Kitses" <jkitses at mindspring.com>
To: <talk at lists.nyphp.org>
Sent: Tuesday, August 26, 2003 6:10 PM
Subject: [nycphp-talk] intro question


> Hello...
>
> I would like to know if PHP and/or MySQL is the answer to my design
> problem. I have been told so, but I am a beginner to both, and need a
> good intro tutorial also.
>
> Here it is: I am designing a website for a store, and want users to
> be able to search the merchandise by various criteria (price, style,
> manufacturer, etc). It's a fishing lure store, so the products will
> be similar - all will feature a photo and descriptive text.
>
> Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a
> designer, I know HTML, basic Javascript, and understand programming
> concepts, generally. How can I get started?
>
> much thanks
> JK
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From shiflett at php.net  Wed Aug 27 10:37:45 2003
From: shiflett at php.net (Chris Shiflett)
Date: Wed, 27 Aug 2003 07:37:45 -0700 (PDT)
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <3F4BD64C.2000601@nyphp.org>
Message-ID: <20030827143745.96156.qmail@web14303.mail.yahoo.com>

--- Hans Zaunere <hans at nyphp.org> wrote:
> How's September 23rd work for you?  :)

Very funny. :-)

I guess I could give such a talk if we can't find another presenter. Is this
topic (demonstrating exploits) something that many people would be interested
in?

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From dmintz at panix.com  Wed Aug 27 10:42:05 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 27 Aug 2003 10:42:05 -0400 (EDT)
Subject: [nycphp-talk] intro question
In-Reply-To: <006e01c36c99$6f143fe0$612c0242@peter1>
References: <a05210601bb718b3df176@[24.239.155.75]>
	<006e01c36c99$6f143fe0$612c0242@peter1>
Message-ID: <Pine.NEB.4.56.0308270928080.6937@panix5.panix.com>

Here's my newbie preachment:

Learn from my newbie mistakes! I was in much the same boat when I decided
to learn PHP/MySQL by developing an ambitious scheduling and record
keeping system for ourselves, the court interpreters in the federal court
downtown.

* The urge to just do it is powerful, but time spent reading, planning
your design, and playing with and testing techniques, is well invested. (I
did my app in an improvisatory, ad hoc way that makes me marvel that it
works as well as it does.)

* While you might not do full-blown Test Driven Development, where you
literally write tests for your code before you write the code itself, you
should use an approach that is similar in spirit and strategy. Test the
hell out of little pieces and make them prove themselves under every
scenario you can think of.
(http://www.phpbuilder.com/columns/reiersol20030126.php3)

* If some piece of code looks like it's getting too complicated, it
probably is too complicated. Step back and rethink.

* Consider using a templating system like Smarty. When HTML and PHP are
blended together indiscriminately, it is torture to read and maintain.
Torture! (http://smarty.php.net/)

* Think about security from Day One, not as an afterthought.

* Consider using classes and objects, like somebody just said. There are
different schools on this, but one nice thing about OOP is that the moment
you begin to think about a name for your classes, you are thinking about
what they are supposed to do and where they fit in with the rest of the
picture -- it automatically encourages you to think.

* Be pretty anal about following your own variable, class and method
naming conventions consistently. For example, will it be this_style or
thisStyle?

* Think about your database schema carefully before you commit to it, then
try to avoid the promiscuous hard-coding of things like table and column
names to the extent possible, so it doesn't cost hours of acute pain when
someone decides that a table needs to be altered. This will also make it
easier to re-use your code on future projects.

* Consider using version control, like CVS. Yes it's yet another tool to
learn, and it can drive you insane when you don't understand it, but
someday you will be grateful for it.(http://cvshome.org/)

* Comment abundantly

* Have fun!


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas

> Subject: [nycphp-talk] intro question
>
>
> > Hello...
> >
> > I would like to know if PHP and/or MySQL is the answer to my design
> > problem. I have been told so, but I am a beginner to both, and need a
> > good intro tutorial also.


From dmintz at panix.com  Wed Aug 27 10:44:20 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 27 Aug 2003 10:44:20 -0400 (EDT)
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
In-Reply-To: <20030827143745.96156.qmail@web14303.mail.yahoo.com>
References: <20030827143745.96156.qmail@web14303.mail.yahoo.com>
Message-ID: <Pine.NEB.4.56.0308271042310.6937@panix5.panix.com>

On Wed, 27 Aug 2003, Chris Shiflett wrote:

>
> I guess I could give such a talk if we can't find another presenter. Is this
> topic (demonstrating exploits) something that many people would be interested
> in?

I'm not many people, but... yes.


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas


From jonbaer at jonbaer.net  Wed Aug 27 10:36:14 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 27 Aug 2003 10:36:14 -0400
Subject: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211
References: <20030827143745.96156.qmail@web14303.mail.yahoo.com>
Message-ID: <006f01c36ca8$9182a670$6700a8c0@thinkpad>

Id be interested (althought Ive just found Tuesday nights to be inconvienent
for the meetings all of a sudden :-(

Are there slides from last night?  I bet it was an excellent talk.

Id like to find a more expanded + updated version of this as a presentation
with demos:

http://www.zend.com/zend/art/art-oertli.php

- Jon

----- Original Message -----
From: "Chris Shiflett" <shiflett at php.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 10:37 AM
Subject: Re: [nycphp-talk] php vulns from SecurityFocus Newsletter # 211


> --- Hans Zaunere <hans at nyphp.org> wrote:
> > How's September 23rd work for you?  :)
>
> Very funny. :-)
>
> I guess I could give such a talk if we can't find another presenter. Is
this
> topic (demonstrating exploits) something that many people would be
interested
> in?
>
> Chris
>
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From jonbaer at jonbaer.net  Wed Aug 27 10:46:03 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Wed, 27 Aug 2003 10:46:03 -0400
Subject: [nycphp-talk] Using an IDS to lock down web apps ...
Message-ID: <007d01c36ca9$f09d9d80$6700a8c0@thinkpad>

i wanted to ask a quick question ...

does anyone here use an ids (like snort/dragon/etc) to lock down their web
apps + track anomalies?

it does not seem like a common scenerio but after writing a bunch of
signatures based on mysql error codes it seems like there are no papers on
it or any advise on the approach ...

a typical example would be as such tracking down bad login attempts over
time or bad variable string formatting or submission of a selection not in a
preformed array, etc.

i dont know if it make sense to go through all the trouble but just wanted
to see if anyone here already does this approach (w/
iptables/netfilter/etc).

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47



From mlevy at hypersol.com  Wed Aug 27 12:19:43 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Wed, 27 Aug 2003 12:19:43 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <001101c36c20$29e36eb0$0100a8c0@enobrev>
Message-ID: <BB72525F.14CC5%mlevy@hypersol.com>

I second that!

OSCommerce is excellent, the community is very helpful and extremely fond of
newbies, the code is easy to modify and expand and is well maintained. Did I
mention it's easy to setup? Well, it is.

Plus, if you intend to cater to an international public, OSCommerce cannot
be beat, with the multi-language support.

Cheers,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.


On 8/26/2003 18:19, "Mark Armendariz" <nyphp at enobrev.com> scribbled:

> I highly recommend using oscommerce for your store.  There's a great
> community behind it and it does a fantastic job for ecommerce stores.  Best
> of all, it's a free solution.
> 
> http://www.oscommerce.com/
> 
> Here's an example of one of my client's sites using it (getting about 15000
> visits a month and handling beutifully) :
> http://www.videogamedeals.com/
> 
> Good luck!!
> 
> Mark
> 
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of John Kitses
> Sent: Tuesday, August 26, 2003 6:11 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] intro question
> 
> 
> Hello...
> 
> I would like to know if PHP and/or MySQL is the answer to my design
> problem. I have been told so, but I am a beginner to both, and need a
> good intro tutorial also.
> 
> Here it is: I am designing a website for a store, and want users to
> be able to search the merchandise by various criteria (price, style,
> manufacturer, etc). It's a fishing lure store, so the products will
> be similar - all will feature a photo and descriptive text.
> 
> Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a
> designer, I know HTML, basic Javascript, and understand programming
> concepts, generally. How can I get started?
> 
> much thanks
> JK
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> 
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From hans at nyphp.org  Wed Aug 27 12:38:52 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 27 Aug 2003 12:38:52 -0400
Subject: [nycphp-talk] Using an IDS to lock down web apps ...
In-Reply-To: <007d01c36ca9$f09d9d80$6700a8c0@thinkpad>
References: <007d01c36ca9$f09d9d80$6700a8c0@thinkpad>
Message-ID: <3F4CDE9C.8060306@nyphp.org>



Jon Baer wrote:

> i wanted to ask a quick question ...
> 
> does anyone here use an ids (like snort/dragon/etc) to lock down their web
> apps + track anomalies?

Not here.  I've used the packages for the common case, general network integrity, but not specific to the web application.  Strictly log analysis and alerts in the app logic for that.

> it does not seem like a common scenerio but after writing a bunch of
> signatures based on mysql error codes it seems like there are no papers on
> it or any advise on the approach ...
> 
> a typical example would be as such tracking down bad login attempts over
> time or bad variable string formatting or submission of a selection not in a
> preformed array, etc.

There was an apache mod posted around these parts that did request verification, although I can't put my finger on it now.  Having an IDS be so deeply knowledgeable about an app, however, may be tricky and costly (in regards to performance and maintenance).

H



From csnyder at chxo.com  Wed Aug 27 12:40:04 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 12:40:04 -0400
Subject: [nycphp-talk] Using an IDS to lock down web apps ...
In-Reply-To: <3F4CDE9C.8060306@nyphp.org>
References: <007d01c36ca9$f09d9d80$6700a8c0@thinkpad>
	<3F4CDE9C.8060306@nyphp.org>
Message-ID: <3F4CDEE4.7090705@chxo.com>

Hans Zaunere wrote:

> There was an apache mod posted around these parts that did request 
> verification, although I can't put my finger on it now.  Having an IDS 
> be so deeply knowledgeable about an app, however, may be tricky and 
> costly (in regards to performance and maintenance).
>
mod_security I believe. http://www.modsecurity.org/

As I recall, nobody on the list had tried it yet, but it might do what 
you want.



From soazine at erols.com  Wed Aug 27 12:41:56 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 27 Aug 2003 12:41:56 -0400
Subject: [nycphp-talk] intro question
References: <BB72525F.14CC5%mlevy@hypersol.com>
Message-ID: <072801c36cba$2108d650$67a76244@philofsoa>

multilingual support - does it also involve "human translation" multilingual
content management?

Just wondering
Phil
----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 12:19 PM
Subject: Re: [nycphp-talk] intro question


> I second that!
>
> OSCommerce is excellent, the community is very helpful and extremely fond
of
> newbies, the code is easy to modify and expand and is well maintained. Did
I
> mention it's easy to setup? Well, it is.
>
> Plus, if you intend to cater to an international public, OSCommerce cannot
> be beat, with the multi-language support.
>
> Cheers,
> Mauricio
>
> --- 
>  Mauricio L. Sadicoff
>  mlevy at hypersol.com
>
>
> "Peace of mind isn't at all superficial, really," I expound. "It's the
whole
> thing. That which produces it is good maintenance; that which disturbs it
is
> poor maintenance. What we call workability of the machine is just an
> objectification of this peace of mind. The ultimate test is always your
own
> serenity." - Zen and the Art of Motorcycle Maintenance.
>
>
> On 8/26/2003 18:19, "Mark Armendariz" <nyphp at enobrev.com> scribbled:
>
> > I highly recommend using oscommerce for your store.  There's a great
> > community behind it and it does a fantastic job for ecommerce stores.
Best
> > of all, it's a free solution.
> >
> > http://www.oscommerce.com/
> >
> > Here's an example of one of my client's sites using it (getting about
15000
> > visits a month and handling beutifully) :
> > http://www.videogamedeals.com/
> >
> > Good luck!!
> >
> > Mark
> >
> > -----Original Message-----
> > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On
> > Behalf Of John Kitses
> > Sent: Tuesday, August 26, 2003 6:11 PM
> > To: talk at lists.nyphp.org
> > Subject: [nycphp-talk] intro question
> >
> >
> > Hello...
> >
> > I would like to know if PHP and/or MySQL is the answer to my design
> > problem. I have been told so, but I am a beginner to both, and need a
> > good intro tutorial also.
> >
> > Here it is: I am designing a website for a store, and want users to
> > be able to search the merchandise by various criteria (price, style,
> > manufacturer, etc). It's a fishing lure store, so the products will
> > be similar - all will feature a photo and descriptive text.
> >
> > Are PHP and MySQL the solution? I use a Mac G4 running OSX. I'm a
> > designer, I know HTML, basic Javascript, and understand programming
> > concepts, generally. How can I get started?
> >
> > much thanks
> > JK
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Wed Aug 27 13:00:02 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 13:00:02 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <Pine.NEB.4.56.0308270928080.6937@panix5.panix.com>
Message-ID: <003501c36cbc$a926f560$6401a8c0@EZDSDELL>

Dave,

Hope you don't mind if I "steal" this piece and use it for the new
"fundamentals" section of NYPHP which will be dealing with newbie
questions/issues.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of David Mintz
Sent: Wednesday, August 27, 2003 9:42 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] intro question


Here's my newbie preachment:

Learn from my newbie mistakes! I was in much the same boat when I
decided
to learn PHP/MySQL by developing an ambitious scheduling and record
keeping system for ourselves, the court interpreters in the federal
court
downtown.

* The urge to just do it is powerful, but time spent reading, planning
your design, and playing with and testing techniques, is well invested.
(I
did my app in an improvisatory, ad hoc way that makes me marvel that it
works as well as it does.)

* While you might not do full-blown Test Driven Development, where you
literally write tests for your code before you write the code itself,
you
should use an approach that is similar in spirit and strategy. Test the
hell out of little pieces and make them prove themselves under every
scenario you can think of.
(http://www.phpbuilder.com/columns/reiersol20030126.php3)

* If some piece of code looks like it's getting too complicated, it
probably is too complicated. Step back and rethink.

* Consider using a templating system like Smarty. When HTML and PHP are
blended together indiscriminately, it is torture to read and maintain.
Torture! (http://smarty.php.net/)

* Think about security from Day One, not as an afterthought.

* Consider using classes and objects, like somebody just said. There are
different schools on this, but one nice thing about OOP is that the
moment
you begin to think about a name for your classes, you are thinking about
what they are supposed to do and where they fit in with the rest of the
picture -- it automatically encourages you to think.

* Be pretty anal about following your own variable, class and method
naming conventions consistently. For example, will it be this_style or
thisStyle?

* Think about your database schema carefully before you commit to it,
then
try to avoid the promiscuous hard-coding of things like table and column
names to the extent possible, so it doesn't cost hours of acute pain
when
someone decides that a table needs to be altered. This will also make it
easier to re-use your code on future projects.

* Consider using version control, like CVS. Yes it's yet another tool to
learn, and it can drive you insane when you don't understand it, but
someday you will be grateful for it.(http://cvshome.org/)

* Comment abundantly

* Have fun!


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas

> Subject: [nycphp-talk] intro question
>
>
> > Hello...
> >
> > I would like to know if PHP and/or MySQL is the answer to my design
> > problem. I have been told so, but I am a beginner to both, and need
a
> > good intro tutorial also.
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jemaxwell at jaymax.com  Wed Aug 27 13:23:13 2003
From: jemaxwell at jaymax.com (Joseph Maxwell)
Date: Wed, 27 Aug 2003 10:23:13 -0700
Subject: [nycphp-talk] Script for Database[MySQL]::Web interfacing
Message-ID: <3F4CE901.FEE7269D@jaymax.com>

Hello,

Could someone recommend a decent php script that could be used for
database[MySQL]::Web interfacing and management. Preferably open source,
freeware or otherwise [I'll just have to grin & bare it]

Thanks

--  Joe  --



From csnyder at chxo.com  Wed Aug 27 13:32:50 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 13:32:50 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <003501c36cbc$a926f560$6401a8c0@EZDSDELL>
References: <003501c36cbc$a926f560$6401a8c0@EZDSDELL>
Message-ID: <3F4CEB42.90607@chxo.com>

It really is a great collection of advice, Dave!

Jeff wrote:

>Dave,
>
>Hope you don't mind if I "steal" this piece and use it for the new
>"fundamentals" section of NYPHP which will be dealing with newbie
>questions/issues.
>
>Jeff
>
>
>  
>



From dmintz at panix.com  Wed Aug 27 13:44:27 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 27 Aug 2003 13:44:27 -0400 (EDT)
Subject: [nycphp-talk] Script for Database[MySQL]::Web interfacing
In-Reply-To: <3F4CE901.FEE7269D@jaymax.com>
References: <3F4CE901.FEE7269D@jaymax.com>
Message-ID: <Pine.NEB.4.56.0308271343370.8244@panix5.panix.com>


You mean, something like http://www.phpmyadmin.net/ ?

HTH.


On Wed, 27 Aug 2003, Joseph Maxwell wrote:

> Hello,
>
> Could someone recommend a decent php script that could be used for
> database[MySQL]::Web interfacing and management. Preferably open source,
> freeware or otherwise [I'll just have to grin & bare it]
>
> Thanks
>
> --  Joe  --
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>


---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas


From danielc at analysisandsolutions.com  Wed Aug 27 14:06:46 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 27 Aug 2003 14:06:46 -0400
Subject: [nycphp-talk] Script for Database[MySQL]::Web interfacing
In-Reply-To: <3F4CE901.FEE7269D@jaymax.com>
References: <3F4CE901.FEE7269D@jaymax.com>
Message-ID: <20030827180646.GA22675@panix.com>

Hey Joe:

On Wed, Aug 27, 2003 at 10:23:13AM -0700, Joseph Maxwell wrote:
> 
> Could someone recommend a decent php script that could be used for
> database[MySQL]::Web interfacing and management.

While not management, the following help with interfacing...

PEAR DB       http://pear.php.net/package/DB
PEAR MDB      http://pear.php.net/package/MDB
SQL Solution  http://www.analysisandsolutions.com/software/sql/

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From pl at eskimo.com  Wed Aug 27 14:20:19 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Wed, 27 Aug 2003 14:20:19 -0400
Subject: [nycphp-talk] warning - mysql resource
Message-ID: <014001c36cc7$e3a2e0e0$612c0242@peter1>

I am performing 2 mysql_query statements in one program and the second doesn't return a
"valid MySQL result resource."

Are you suppose to reconnect to the database with each mysql query?

Peter Lehrer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030827/53f1836d/attachment.html>

From soazine at erols.com  Wed Aug 27 14:25:03 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 27 Aug 2003 14:25:03 -0400
Subject: [nycphp-talk] warning - mysql resource
References: <014001c36cc7$e3a2e0e0$612c0242@peter1>
Message-ID: <081f01c36cc8$88abb800$67a76244@philofsoa>

I never have to reconnect after each query, however, you might want to check in your program if you have done this statement prematurely:

mysql_free_result($query)

I had that statement prematurely and it caused db reconnection issues as well.


Phil
  ----- Original Message ----- 
  From: Peter Lehrer 
  To: NYPHP Talk 
  Sent: Wednesday, August 27, 2003 2:20 PM
  Subject: [nycphp-talk] warning - mysql resource


  I am performing 2 mysql_query statements in one program and the second doesn't return a
  "valid MySQL result resource."

  Are you suppose to reconnect to the database with each mysql query?

  Peter Lehrer


------------------------------------------------------------------------------


  _______________________________________________
  talk mailing list
  talk at lists.nyphp.org
  http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030827/895ddd2e/attachment.html>

From csnyder at chxo.com  Wed Aug 27 14:38:10 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 14:38:10 -0400
Subject: [nycphp-talk] warning - mysql resource
In-Reply-To: <014001c36cc7$e3a2e0e0$612c0242@peter1>
References: <014001c36cc7$e3a2e0e0$612c0242@peter1>
Message-ID: <3F4CFA92.8040900@chxo.com>

Peter Lehrer wrote:

> I am performing 2 mysql_query statements in one program and the second 
> doesn't return a
> "valid MySQL result resource."
>  
> Are you suppose to reconnect to the database with each mysql query?

No, you can definitely use the same db connection for as many queries as 
you like.

Take a look at the mysql_error() function, you could use it to see what 
is going wrong if you don't get a result from mysql_query().

  chris.



From southwell at dneba.com  Wed Aug 27 14:46:25 2003
From: southwell at dneba.com (Michael Southwell)
Date: Wed, 27 Aug 2003 14:46:25 -0400
Subject: [nycphp-talk] ${$variable}
Message-ID: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>

A line of code says this:
   if (!(${$foo})) do something if the value is empty

If $foo="bar" and $bar="something" then will ${$foo} evaluate to 
"something"--which I assume is the purpose of the curly brackets?  But it 
doesn't seem to work when the value is empty, though I would swear it used 
to.  or maybe there is something with an empty value evaluating true 
anyway, so I need to use =="" or ==="", or =='' or ==='' (single quotation 
marks)?  Is this tricky, or am I just ignorant?

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================




From csnyder at chxo.com  Wed Aug 27 14:56:23 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 14:56:23 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
Message-ID: <3F4CFED7.1010308@chxo.com>

Michael Southwell wrote:

> A line of code says this:
>   if (!(${$foo})) do something if the value is empty
>
> If $foo="bar" and $bar="something" then will ${$foo} evaluate to 
> "something"--which I assume is the purpose of the curly brackets?  

Most definitely.

> But it doesn't seem to work when the value is empty, though I would 
> swear it used to.  or maybe there is something with an empty value 
> evaluating true anyway, so I need to use =="" or ==="", or =='' or 
> ==='' (single quotation marks)?  

You could use =="" -- if ( ${$foo}=="" ) do something -- which is 
testing for an empty string instead of boolean false, which is what your 
sample is doing. If $bar=0 then the code you have would work.

 chris.



From pl at eskimo.com  Wed Aug 27 14:59:47 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Wed, 27 Aug 2003 14:59:47 -0400
Subject: [nycphp-talk] warning - mysql resource
References: <014001c36cc7$e3a2e0e0$612c0242@peter1> <3F4CFA92.8040900@chxo.com>
Message-ID: <017901c36ccd$645392c0$612c0242@peter1>

the code that is triggering the warning is:

$row = mysql_fetch_array($result) or trigger_error("MySQL error nr
".mysql_errno().": ".mysql_error());

It is triggering the warning:
"Warning: Supplied argument is not a valid MySQL result resource in
c:\program files\apache\htdocs\books\confirm.php on line 16

Notice: MySQL error nr 0: in c:\program
files\apache\htdocs\books\confirm.php on line 16"

The mysql_query function actually gives no warnings or errors. Sorry about
the confusion.

Peter Lehrer

----- Original Message -----
From: "Chris Snyder" <csnyder at chxo.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 2:38 PM
Subject: Re: [nycphp-talk] warning - mysql resource


> Peter Lehrer wrote:
>
> > I am performing 2 mysql_query statements in one program and the second
> > doesn't return a
> > "valid MySQL result resource."
> >
> > Are you suppose to reconnect to the database with each mysql query?
>
> No, you can definitely use the same db connection for as many queries as
> you like.
>
> Take a look at the mysql_error() function, you could use it to see what
> is going wrong if you don't get a result from mysql_query().
>
>   chris.
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From csnyder at chxo.com  Wed Aug 27 15:06:12 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 15:06:12 -0400
Subject: [nycphp-talk] warning - mysql resource
In-Reply-To: <017901c36ccd$645392c0$612c0242@peter1>
References: <014001c36cc7$e3a2e0e0$612c0242@peter1> <3F4CFA92.8040900@chxo.com>
	<017901c36ccd$645392c0$612c0242@peter1>
Message-ID: <3F4D0124.6020808@chxo.com>

Could it be that the query is not finding any records?

Peter Lehrer wrote:

>the code that is triggering the warning is:
>
>$row = mysql_fetch_array($result) or trigger_error("MySQL error nr
>".mysql_errno().": ".mysql_error());
>
>It is triggering the warning:
>"Warning: Supplied argument is not a valid MySQL result resource in
>c:\program files\apache\htdocs\books\confirm.php on line 16
>
>Notice: MySQL error nr 0: in c:\program
>files\apache\htdocs\books\confirm.php on line 16"
>
>The mysql_query function actually gives no warnings or errors. Sorry about
>the confusion.
>
>Peter Lehrer
>
>----- Original Message -----
>From: "Chris Snyder" <csnyder at chxo.com>
>To: "NYPHP Talk" <talk at lists.nyphp.org>
>Sent: Wednesday, August 27, 2003 2:38 PM
>Subject: Re: [nycphp-talk] warning - mysql resource
>
>
>  
>
>>Peter Lehrer wrote:
>>
>>    
>>
>>>I am performing 2 mysql_query statements in one program and the second
>>>doesn't return a
>>>"valid MySQL result resource."
>>>
>>>Are you suppose to reconnect to the database with each mysql query?
>>>      
>>>
>>No, you can definitely use the same db connection for as many queries as
>>you like.
>>
>>Take a look at the mysql_error() function, you could use it to see what
>>is going wrong if you don't get a result from mysql_query().
>>
>>  chris.
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>>
>>    
>>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>  
>



From danielc at analysisandsolutions.com  Wed Aug 27 15:07:04 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 27 Aug 2003 15:07:04 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
Message-ID: <20030827190704.GA29296@panix.com>

On Wed, Aug 27, 2003 at 02:46:25PM -0400, Michael Southwell wrote:
> A line of code says this:
>   if (!(${$foo})) do something if the value is empty
> 
> If $foo="bar" and $bar="something" then will ${$foo} evaluate to 
> "something"--which I assume is the purpose of the curly brackets?  But it 
> doesn't seem to work when the value is empty, though I would swear it used 
> to.

What?  Your code works as I expected it to.  Perhaps you have different 
expectations.

Code:
   $foo="bar";
   $bar="";
   if (!(${$foo})) echo 'something if the value is empty';

Results:
   something if the value is empty

But, if I set
   $bar="blah"; 
then no output is generated, just as the code requests.

In english, the code says if the variable variable "foo" -- which refers
in this case to the value of the real variable "bar" -- is empty, equals 
0 or equals false, then print the message out.

Is that what you thought it means?

By the way, the curleys aren't needed in this context, nor are the inner 
set of parentheses.  Personally, for clarity, I'd write it like this:

   $foo = 'bar';
   $bar = '';
   if (!$$foo) {
       echo 'something if the value is empty';
   }

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From crisscott at netzero.com  Wed Aug 27 15:08:09 2003
From: crisscott at netzero.com (crisscott at netzero.com)
Date: Wed, 27 Aug 2003 19:08:09 GMT
Subject: [nycphp-talk] warning - mysql resource
Message-ID: <20030827.120841.116.90014@webmail03.lax.untd.com>


Check the syntax of your query.  Usually when I see this it is because I don't have a value in quotes that needs to be or I am missing something.  It is saying that the nothing was returned by the query not that no results were found.  I hope that makes sense.
Scott Mattocks


From agfische at email.smith.edu  Wed Aug 27 15:10:13 2003
From: agfische at email.smith.edu (Aaron Fischer)
Date: Wed, 27 Aug 2003 15:10:13 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <3F4CEB42.90607@chxo.com>
Message-ID: <15FD4590-D8C2-11D7-B413-0003930D07F2@email.smith.edu>

Hhmm, is this "fundamentals" section live on the website?  Going to 
nyphp.org I haven't been able to find it by navigating through the site.

Aaron

On Wednesday, Aug 27, 2003, at 13:32 US/Eastern, Chris Snyder wrote:

> It really is a great collection of advice, Dave!
>
> Jeff wrote:
>
>> Dave,
>>
>> Hope you don't mind if I "steal" this piece and use it for the new
>> "fundamentals" section of NYPHP which will be dealing with newbie
>> questions/issues.
>>
>> Jeff



From shiflett at php.net  Wed Aug 27 15:20:12 2003
From: shiflett at php.net (Chris Shiflett)
Date: Wed, 27 Aug 2003 12:20:12 -0700 (PDT)
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827190704.GA29296@panix.com>
Message-ID: <20030827192012.46413.qmail@web14311.mail.yahoo.com>

I'd like to make a small note regarding this topic. I think it's much more
readable (and correct) to use the empty() function, especially if that is what
you are wanting to check.

Consider this:

<?
$foo = 'bar';
$bar = 0;

if (!$$foo)
{
     echo '<p>$bar is empty</p>';
}
?>

That echo statement isn't exactly telling the whole truth, is it? $bar isn't
empty; it is the integer 0. Conditional statements are evaluated as boolean,
and 0 evaluates to false.

Consider this as an alternative:

<?
$foo = 'bar';
$bar = 0;

if (empty($$foo))
{
     echo '<p>$bar is empty</p>';
}
?>

To me, it is much easier to read, and it might be more valid, depending on
whether you are really wanting to test whether something is empty and not
whether it is false.

Hope that helps.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From rsd at electronink.com  Wed Aug 27 15:21:46 2003
From: rsd at electronink.com (Russ Demarest)
Date: Wed, 27 Aug 2003 15:21:46 -0400
Subject: [nycphp-talk] Script for Database[MySQL]::Web interfacing
In-Reply-To: <3F4CE901.FEE7269D@jaymax.com>
Message-ID: <B3253346-D8C3-11D7-B00F-000A957E8754@electronink.com>

I don't know if this one has been answered but PHPMyAdmin is a great 
tool for what it sounds like you need.



On Wednesday, August 27, 2003, at 01:23  PM, Joseph Maxwell wrote:

> Hello,
>
> Could someone recommend a decent php script that could be used for
> database[MySQL]::Web interfacing and management. Preferably open 
> source,
> freeware or otherwise [I'll just have to grin & bare it]
>
> Thanks
>
> --  Joe  --
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From pl at eskimo.com  Wed Aug 27 15:22:01 2003
From: pl at eskimo.com (Peter Lehrer)
Date: Wed, 27 Aug 2003 15:22:01 -0400
Subject: [nycphp-talk] warning - mysql resource
References: <20030827.120841.116.90014@webmail03.lax.untd.com>
Message-ID: <018c01c36cd0$81cb7d60$612c0242@peter1>

Turns out I was fetching rows on an update query. Not good.

Peter Lehrer
----- Original Message -----
From: <crisscott at netzero.com>
To: <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 3:08 PM
Subject: Re: [nycphp-talk] warning - mysql resource


>
> Check the syntax of your query.  Usually when I see this it is because I
don't have a value in quotes that needs to be or I am missing something.  It
is saying that the nothing was returned by the query not that no results
were found.  I hope that makes sense.
> Scott Mattocks
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From bpang at bpang.com  Wed Aug 27 15:25:22 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 15:25:22 -0400
Subject: [nycphp-talk] php & oracle 9i
Message-ID: <E19s5v0-00027W-89@rslrs1-server.com>

client (without telling me, of course) updated an oracle8i server to 9i
and now I'm unable to connect from php

This is a problem, right? They're telling me that another machine is
able to connect using the 8i client, but I don't think it's php.

I don't see anything in the php manual about 9i.

thanks, Brian



From danielc at analysisandsolutions.com  Wed Aug 27 15:29:41 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 27 Aug 2003 15:29:41 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827192012.46413.qmail@web14311.mail.yahoo.com>
References: <20030827190704.GA29296@panix.com>
	<20030827192012.46413.qmail@web14311.mail.yahoo.com>
Message-ID: <20030827192941.GA13205@panix.com>

Hey Chris:

On Wed, Aug 27, 2003 at 12:20:12PM -0700, Chris Shiflett wrote:

> I'd like to make a small note regarding this topic. I think it's much
> more
> readable (and correct) to use the empty() function, especially if that 
> is what
> you are wanting to check.

Yeah.  I was thinking of throwing that in in the mix of my explanation, 
but decided not to, since it might cloud the matter.

But, of course, folks must keep in mind that empty() returns true under 
all of the following circumstances:
    $bar = '';
    $bar = null;
    $bar = 0;
    $bar = false;
    or if $bar is not set at all

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From bpang at bpang.com  Wed Aug 27 15:31:43 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 15:31:43 -0400
Subject: [nycphp-talk] ${$variable}
Message-ID: <E19s619-0002aB-Jx@rslrs1-server.com>

right, isn't !$$foo checking to see if whether the var is defined or
not? or if it's been explicitly set to untrue, as in $foo = false

in this case, it works out that it has been set, to 0 (zero), which is
not "empty" nor is it "false"


> I'd like to make a small note regarding this topic. I think it's much more
> readable (and correct) to use the empty() function, especially if that
is what
> you are wanting to check.
> 
> Consider this:
> 
> <?
> $foo = 'bar';
> $bar = 0;
> 
> if (!$$foo)
> {
>      echo '<p>$bar is empty</p>';
> }
> ?>
> 
> That echo statement isn't exactly telling the whole truth, is it? $bar
isn't
> empty; it is the integer 0. Conditional statements are evaluated as
boolean,
> and 0 evaluates to false.
> 
> Consider this as an alternative:
> 
> <?
> $foo = 'bar';
> $bar = 0;
> 
> if (empty($$foo))
> {
>      echo '<p>$bar is empty</p>';
> }
> ?>
> 
> To me, it is much easier to read, and it might be more valid, depending on
> whether you are really wanting to test whether something is empty and not
> whether it is false.
> 
> Hope that helps.
> 
> Chris
> 
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From tom at supertom.com  Wed Aug 27 15:27:26 2003
From: tom at supertom.com (tom at supertom.com)
Date: Wed, 27 Aug 2003 15:27:26 -0400
Subject: [nycphp-talk] php & oracle 9i
In-Reply-To: <E19s5v0-00027W-89@rslrs1-server.com>
Message-ID: <LBEDJMJGLEPEKJAJMHBDMEKAFLAA.tom@supertom.com>

Brian,

The LIPHP Oracle Guru (Matt Surico) is currently on vacation, but he did a
demonstration with Oracle9i and PHP a few months back, so the two "do" work
together.  From what I remember, he used the oci8 functions (even though it
is 9i), not the ora functions.

Sorry I can't be more help.

Tom





***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php




-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Brian Pang
Sent: Wednesday, August 27, 2003 3:25 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] php & oracle 9i


client (without telling me, of course) updated an oracle8i server to 9i
and now I'm unable to connect from php

This is a problem, right? They're telling me that another machine is
able to connect using the 8i client, but I don't think it's php.

I don't see anything in the php manual about 9i.

thanks, Brian

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From dmintz at panix.com  Wed Aug 27 15:34:52 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 27 Aug 2003 15:34:52 -0400 (EDT)
Subject: [nycphp-talk] intro question
In-Reply-To: <3F4CEB42.90607@chxo.com>
References: <003501c36cbc$a926f560$6401a8c0@EZDSDELL> <3F4CEB42.90607@chxo.com>
Message-ID: <Pine.NEB.4.56.0308271529450.8244@panix5.panix.com>


Coming from you guys, the kudos are a great honor indeed. Thanks. I'd be
delighted to contribute it to the Fundamentals section.


On Wed, 27 Aug 2003, Chris Snyder wrote:

> It really is a great collection of advice, Dave!
>
> Jeff wrote:
>
> >Dave,
> >
> >Hope you don't mind if I "steal" this piece and use it for the new
> >"fundamentals" section of NYPHP which will be dealing with newbie
> >questions/issues.
> >
> >Jeff
> >



---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas


From soazine at erols.com  Wed Aug 27 15:35:04 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 27 Aug 2003 15:35:04 -0400
Subject: [nycphp-talk] ${$variable}
References: <E19s619-0002aB-Jx@rslrs1-server.com>
Message-ID: <08a701c36cd2$504f6ba0$67a76244@philofsoa>

Wait, I'm confused.  If a variable is set to 0, then it is also false as
well, am I right??

$foo = 'bar';
$bar = 0;

then !${$foo} would be true only if $bar is set to what can be considered
false, which can be 0.  If $bar were not set or set to something other than
0 then the statement itself would throw an error because it is not a boolean
check.

Hmm.. conundrum.. I defer this to higher brains than mine..

Phil


----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: <shiflett at php.net>; "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 3:31 PM
Subject: Re: [nycphp-talk] ${$variable}


> right, isn't !$$foo checking to see if whether the var is defined or
> not? or if it's been explicitly set to untrue, as in $foo = false
>
> in this case, it works out that it has been set, to 0 (zero), which is
> not "empty" nor is it "false"
>
>
> > I'd like to make a small note regarding this topic. I think it's much
more
> > readable (and correct) to use the empty() function, especially if that
> is what
> > you are wanting to check.
> >
> > Consider this:
> >
> > <?
> > $foo = 'bar';
> > $bar = 0;
> >
> > if (!$$foo)
> > {
> >      echo '<p>$bar is empty</p>';
> > }
> > ?>
> >
> > That echo statement isn't exactly telling the whole truth, is it? $bar
> isn't
> > empty; it is the integer 0. Conditional statements are evaluated as
> boolean,
> > and 0 evaluates to false.
> >
> > Consider this as an alternative:
> >
> > <?
> > $foo = 'bar';
> > $bar = 0;
> >
> > if (empty($$foo))
> > {
> >      echo '<p>$bar is empty</p>';
> > }
> > ?>
> >
> > To me, it is much easier to read, and it might be more valid, depending
on
> > whether you are really wanting to test whether something is empty and
not
> > whether it is false.
> >
> > Hope that helps.
> >
> > Chris
> >
> > =====
> > Become a better Web developer with the HTTP Developer's Handbook
> > http://httphandbook.org/
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From bpang at bpang.com  Wed Aug 27 15:36:14 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 15:36:14 -0400
Subject: [nycphp-talk] php & oracle 9i
Message-ID: <E19s65W-0002za-37@rslrs1-server.com>

Tom,
thanks. That does help to know that it _does_ work. I am using the oci
functions, not ora.
I think I may need to recompile php, and maybe apache, too? still
researching.

any additional insight anyone has would be appreciated.

Or if you happen to have Matt's cell #. He did take his phone with him,
didn't he? :)



> Brian,
> 
> The LIPHP Oracle Guru (Matt Surico) is currently on vacation, but he did a
> demonstration with Oracle9i and PHP a few months back, so the two "do"
work
> together.  From what I remember, he used the oci8 functions (even
though it
> is 9i), not the ora functions.
> 
> Sorry I can't be more help.
> 
> Tom
> 
> 
> 
> 
> 
> ***************************************************
> What's Tom listening to right now?  Find out here:
> http://www.supertom.com/current_track.php
> 
> 
> 
> 
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Brian Pang
> Sent: Wednesday, August 27, 2003 3:25 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] php & oracle 9i
> 
> 
> client (without telling me, of course) updated an oracle8i server to 9i
> and now I'm unable to connect from php
> 
> This is a problem, right? They're telling me that another machine is
> able to connect using the 8i client, but I don't think it's php.
> 
> I don't see anything in the php manual about 9i.
> 
> thanks, Brian
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From shiflett at php.net  Wed Aug 27 15:43:56 2003
From: shiflett at php.net (Chris Shiflett)
Date: Wed, 27 Aug 2003 12:43:56 -0700 (PDT)
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <08a701c36cd2$504f6ba0$67a76244@philofsoa>
Message-ID: <20030827194356.77800.qmail@web14308.mail.yahoo.com>

--- Phil Powell <soazine at erols.com> wrote:
> Wait, I'm confused.  If a variable is set to 0, then it is also false
> as well, am I right??

You're right. I think my comments were very misleading, after reading them over
again.

I prefer empty() for readability. The fact that it evaluates as false for the
integer 0 is a bit confusing, I agree.

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From jsiegel1 at optonline.net  Wed Aug 27 15:45:48 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 15:45:48 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
Message-ID: <005601c36cd3$d3271900$6401a8c0@EZDSDELL>

My client is using Putty to log into the server (set for SSH2 only,
etc.). The client has the IDENTICAL settings as I do except, of course,
he uses his own user name and password. After entering his user name and
password, Putty closes the window, i.e., just logs out...no error
message...nothing. I can reproduce it at my end so there is something
else going on.

Any ideas on how to troubleshoot this one?

Jeff
 



From nestorflorez at earthlink.net  Wed Aug 27 15:43:24 2003
From: nestorflorez at earthlink.net (Nestor Florez)
Date: Wed, 27 Aug 2003 12:43:24 -0700 (GMT)
Subject: [nycphp-talk] php & oracle 9i
Message-ID: <4988392.1062013605683.JavaMail.nobody@skeeter.psp.pas.earthlink.net>

Any presentation notes?

Nestor :-)
-------Original Message-------
From: tom at supertom.com
Sent: 08/27/03 12:27 PM
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: RE: [nycphp-talk] php & oracle 9i

> 
> Brian,

The LIPHP Oracle Guru (Matt Surico) is currently on vacation, but he did a
demonstration with Oracle9i and PHP a few months back, so the two "do"
work
together.  From what I remember, he used the oci8 functions (even though
it
is 9i), not the ora functions.

Sorry I can't be more help.

Tom





***************************************************
What's Tom listening to right now?  Find out here:
http://www.supertom.com/current_track.php




-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Brian Pang
Sent: Wednesday, August 27, 2003 3:25 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] php & oracle 9i


client (without telling me, of course) updated an oracle8i server to 9i
and now I'm unable to connect from php

This is a problem, right? They're telling me that another machine is
able to connect using the 8i client, but I don't think it's php.

I don't see anything in the php manual about 9i.

thanks, Brian

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
> 


From dkrook at hotmail.com  Wed Aug 27 15:50:37 2003
From: dkrook at hotmail.com (D C Krook)
Date: Wed, 27 Aug 2003 15:50:37 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
Message-ID: <BAY2-F1024ENNUgGTHG0000bd5a@hotmail.com>

Jeff,

Is it possible that your client rejected the hostname key the first time 
s/he ever connected to this server?  It's possible that Putty won't connect 
again if you chose no to begin with.


>My client is using Putty to log into the server (set for SSH2 only,
>etc.). The client has the IDENTICAL settings as I do except, of course,
>he uses his own user name and password. After entering his user name and
>password, Putty closes the window, i.e., just logs out...no error
>message...nothing. I can reproduce it at my end so there is something
>else going on.
>
>Any ideas on how to troubleshoot this one?

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail



From shiflett at php.net  Wed Aug 27 15:50:47 2003
From: shiflett at php.net (Chris Shiflett)
Date: Wed, 27 Aug 2003 12:50:47 -0700 (PDT)
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827194356.77800.qmail@web14308.mail.yahoo.com>
Message-ID: <20030827195047.79523.qmail@web14308.mail.yahoo.com>

> I prefer empty() for readability. The fact that it evaluates as false
> for the integer 0 is a bit confusing, I agree.

Ack! I meant to say that empty() evaluates as true for the integer 0. I'll quit
talking now. :-)

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


From sailer at bnl.gov  Wed Aug 27 15:51:11 2003
From: sailer at bnl.gov (Tim Sailer)
Date: Wed, 27 Aug 2003 15:51:11 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
In-Reply-To: <005601c36cd3$d3271900$6401a8c0@EZDSDELL>
References: <005601c36cd3$d3271900$6401a8c0@EZDSDELL>
Message-ID: <20030827195111.GA19727@bnl.gov>

On Wed, Aug 27, 2003 at 03:45:48PM -0400, Jeff wrote:
> My client is using Putty to log into the server (set for SSH2 only,
> etc.). The client has the IDENTICAL settings as I do except, of course,
> he uses his own user name and password. After entering his user name and
> password, Putty closes the window, i.e., just logs out...no error
> message...nothing. I can reproduce it at my end so there is something
> else going on.
> 
> Any ideas on how to troubleshoot this one?

Log is as yourself, then run 'su - clientname', supply the password,
and see if you get any errors.

Tim

-- 
Tim Sailer <sailer at bnl.gov> 
Information and Special Technologies Program
Office of CounterIntelligence 
Brookhaven National Laboratory  (631) 344-3001


From jsiegel1 at optonline.net  Wed Aug 27 15:51:18 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 15:51:18 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <15FD4590-D8C2-11D7-B413-0003930D07F2@email.smith.edu>
Message-ID: <005701c36cd4$98df6670$6401a8c0@EZDSDELL>

Aaron,

It's not "fully cooked" yet but we've begun to assemble a master list of
topics. 
See: http://cvs.nyphp.org/cvsweb.cgi/fundamentals/fundamental.topics.txt

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Aaron Fischer
Sent: Wednesday, August 27, 2003 2:10 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] intro question


Hhmm, is this "fundamentals" section live on the website?  Going to 
nyphp.org I haven't been able to find it by navigating through the site.

Aaron

On Wednesday, Aug 27, 2003, at 13:32 US/Eastern, Chris Snyder wrote:

> It really is a great collection of advice, Dave!
>
> Jeff wrote:
>
>> Dave,
>>
>> Hope you don't mind if I "steal" this piece and use it for the new
>> "fundamentals" section of NYPHP which will be dealing with newbie
>> questions/issues.
>>
>> Jeff

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jlacey at ix.netcom.com  Wed Aug 27 15:52:49 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Wed, 27 Aug 2003 13:52:49 -0600
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827195047.79523.qmail@web14308.mail.yahoo.com>
References: <20030827195047.79523.qmail@web14308.mail.yahoo.com>
Message-ID: <3F4D0C11.8040101@ix.netcom.com>

Chris Shiflett wrote:

>>I prefer empty() for readability. The fact that it evaluates as false
>>for the integer 0 is a bit confusing, I agree.
>>    
>>
>
>Ack! I meant to say that empty() evaluates as true for the integer 0. I'll quit
>talking now. :-)
>
>Chris
>
>  
>

damn Chris, I just bought yer book and I'm takin it back  :)

John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030827/ed5adba5/attachment.html>

From mlevy at hypersol.com  Wed Aug 27 15:54:44 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Wed, 27 Aug 2003 15:54:44 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <072801c36cba$2108d650$67a76244@philofsoa>
Message-ID: <BB7284C4.14D05%mlevy@hypersol.com>

On 8/27/2003 12:41, "Phil Powell" <soazine at erols.com> scribbled:

> multilingual support - does it also involve "human translation" multilingual
> content management?
> 
> Just wondering
> Phil

Phil,

Pardon my ignorance on this matter, but... What does that mean? I'll tell
you how it's done in OSCommerce, you tell me if it qualifies as "human
translation" multilingual management. I believe it does but I want to make
sure I understand the term...

I had once started on a translation project in OSCommerce, but could not
finish because other projects took precedence and the money for it dried
out. The multilingual support on OSCommerce is implemented as follows:

- Most of the files (probably all of them by now) that have something that
can be viewed by a customer includes
./includes/languages/<user-currently-selected-language>/<page-used>. So, for
the main engine's page named account_history.php and with german selected as
the language, the include looks like this:

./includes/languages/german/account_history.php

The actual call is:

$include_file = DIR_WS_LANGUAGES . $language . '/' .
FILENAME_ACCOUNT_HISTORY;

- In the included file, there are defines like this:

define('TEXT_NO_PURCHASES', 'You have not yet made any purchases...');

- In the account_history.php page, you simply echo the definition, like so:

<? echo TEXT_NO_PURCHASES; ?>

- To add a language you need to copy the English.php file and the english
directory inside includes/languages and change the strings.  Also, you need
to add an option to the administration area to determine your new language
as one of the options, but that is easy as pie.

So, does it qualify?

Cheers,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From bpang at bpang.com  Wed Aug 27 15:59:13 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 15:59:13 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
Message-ID: <E19s6Rl-00050x-FX@rslrs1-server.com>

is his shell properly spec'ed in /etc/passwd


> On Wed, Aug 27, 2003 at 03:45:48PM -0400, Jeff wrote:
> > My client is using Putty to log into the server (set for SSH2 only,
> > etc.). The client has the IDENTICAL settings as I do except, of course,
> > he uses his own user name and password. After entering his user name and
> > password, Putty closes the window, i.e., just logs out...no error
> > message...nothing. I can reproduce it at my end so there is something
> > else going on.
> > 
> > Any ideas on how to troubleshoot this one?
> 
> Log is as yourself, then run 'su - clientname', supply the password,
> and see if you get any errors.
> 
> Tim
> 
> -- 
> Tim Sailer <sailer at bnl.gov> 
> Information and Special Technologies Program
> Office of CounterIntelligence 
> Brookhaven National Laboratory  (631) 344-3001
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From soazine at erols.com  Wed Aug 27 15:59:23 2003
From: soazine at erols.com (Phil Powell)
Date: Wed, 27 Aug 2003 15:59:23 -0400
Subject: [nycphp-talk] intro question
References: <BB7284C4.14D05%mlevy@hypersol.com>
Message-ID: <094c01c36cd5$b6126ac0$67a76244@philofsoa>

Sounds like it, but what about customary phrases your site has that aren't
found in the included files? How are those implemented and subsequently
translated?

Phil
----- Original Message ----- 
From: "Mauricio Sadicoff" <mlevy at hypersol.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, August 27, 2003 3:54 PM
Subject: Re: [nycphp-talk] intro question


> On 8/27/2003 12:41, "Phil Powell" <soazine at erols.com> scribbled:
>
> > multilingual support - does it also involve "human translation"
multilingual
> > content management?
> >
> > Just wondering
> > Phil
>
> Phil,
>
> Pardon my ignorance on this matter, but... What does that mean? I'll tell
> you how it's done in OSCommerce, you tell me if it qualifies as "human
> translation" multilingual management. I believe it does but I want to make
> sure I understand the term...
>
> I had once started on a translation project in OSCommerce, but could not
> finish because other projects took precedence and the money for it dried
> out. The multilingual support on OSCommerce is implemented as follows:
>
> - Most of the files (probably all of them by now) that have something that
> can be viewed by a customer includes
> ./includes/languages/<user-currently-selected-language>/<page-used>. So,
for
> the main engine's page named account_history.php and with german selected
as
> the language, the include looks like this:
>
> ./includes/languages/german/account_history.php
>
> The actual call is:
>
> $include_file = DIR_WS_LANGUAGES . $language . '/' .
> FILENAME_ACCOUNT_HISTORY;
>
> - In the included file, there are defines like this:
>
> define('TEXT_NO_PURCHASES', 'You have not yet made any purchases...');
>
> - In the account_history.php page, you simply echo the definition, like
so:
>
> <? echo TEXT_NO_PURCHASES; ?>
>
> - To add a language you need to copy the English.php file and the english
> directory inside includes/languages and change the strings.  Also, you
need
> to add an option to the administration area to determine your new language
> as one of the options, but that is easy as pie.
>
> So, does it qualify?
>
> Cheers,
> Mauricio
>
> --- 
>  Mauricio L. Sadicoff
>  mlevy at hypersol.com
>
>
> "Peace of mind isn't at all superficial, really," I expound. "It's the
whole
> thing. That which produces it is good maintenance; that which disturbs it
is
> poor maintenance. What we call workability of the machine is just an
> objectification of this peace of mind. The ultimate test is always your
own
> serenity." - Zen and the Art of Motorcycle Maintenance.
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk



From ntang at mail.communityconnect.com  Wed Aug 27 16:01:30 2003
From: ntang at mail.communityconnect.com (Nicholas Tang)
Date: Wed, 27 Aug 2003 20:01:30 -0000
Subject: [nycphp-talk] intro question
In-Reply-To: <005701c36cd4$98df6670$6401a8c0@EZDSDELL>
References: <005701c36cd4$98df6670$6401a8c0@EZDSDELL>
Message-ID: <1062014368.15929.177.camel@dhcp-101-144.hq.communityconnect.com>

It's worth adding something about writing secure php code, about
handling cookies, about scalability (even more importantly about
_affordable_ scalability - i.e. anyone can scale with a million dollar
budget, but doing it on the cheap), and about accelerators/caches...
maybe also about the basics of Apache configuration, since almost all
installs use it.

Nicholas

On Wed, 2003-08-27 at 15:51, Jeff wrote:
> Aaron,
> 
> It's not "fully cooked" yet but we've begun to assemble a master list of
> topics. 
> See: http://cvs.nyphp.org/cvsweb.cgi/fundamentals/fundamental.topics.txt
> 
> Jeff
> 
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Aaron Fischer
> Sent: Wednesday, August 27, 2003 2:10 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] intro question
> 
> 
> Hhmm, is this "fundamentals" section live on the website?  Going to 
> nyphp.org I haven't been able to find it by navigating through the site.
> 
> Aaron
> 
> On Wednesday, Aug 27, 2003, at 13:32 US/Eastern, Chris Snyder wrote:
> 
> > It really is a great collection of advice, Dave!
> >
> > Jeff wrote:
> >
> >> Dave,
> >>
> >> Hope you don't mind if I "steal" this piece and use it for the new
> >> "fundamentals" section of NYPHP which will be dealing with newbie
> >> questions/issues.
> >>
> >> Jeff
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
-- 
Nicholas Tang <ntang at mail.communityconnect.com>
Community Connect Inc. - http://www.communityconnect.com/




From bpang at bpang.com  Wed Aug 27 16:04:01 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 16:04:01 -0400
Subject: [nycphp-talk] ${$variable}
Message-ID: <E19s6WP-0005b4-10@rslrs1-server.com>

oops.. I may also need to retract my last statement on this matter...

I started to investigate and was a bit surprised at the results.

I will post later, I get to go to the dentist now, instead.
Fun...


however, my $0.02 on this is limit the occassions where you have mixed
variable types.
if it's boolean, use a strict boolean test
    and stick to using either true/false or 0/1; don't mix up true/0 or
1/false
use strict string checking for strings




> > I prefer empty() for readability. The fact that it evaluates as false
> > for the integer 0 is a bit confusing, I agree.
> 
> Ack! I meant to say that empty() evaluates as true for the integer 0.
I'll quit
> talking now. :-)
> 
> Chris
> 
> =====
> Become a better Web developer with the HTTP Developer's Handbook
> http://httphandbook.org/
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jsiegel1 at optonline.net  Wed Aug 27 16:07:18 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 16:07:18 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <Pine.NEB.4.56.0308271529450.8244@panix5.panix.com>
Message-ID: <006101c36cd6$d3f36250$6401a8c0@EZDSDELL>

Dave,

It's up there. See: http://cvs.nyphp.org/cvsweb.cgi/fundamentals/ 

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of David Mintz
Sent: Wednesday, August 27, 2003 2:35 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] intro question



Coming from you guys, the kudos are a great honor indeed. Thanks. I'd be
delighted to contribute it to the Fundamentals section.


On Wed, 27 Aug 2003, Chris Snyder wrote:

> It really is a great collection of advice, Dave!
>
> Jeff wrote:
>
> >Dave,
> >
> >Hope you don't mind if I "steal" this piece and use it for the new
> >"fundamentals" section of NYPHP which will be dealing with newbie
> >questions/issues.
> >
> >Jeff
> >



---
David Mintz
http://davidmintz.org/
Email: See http://dmintzweb.com/whitelist.php first!

"Y d?le p'abajo"

	Tito Rojas
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Wed Aug 27 16:22:26 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 16:22:26 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
In-Reply-To: <BAY2-F1024ENNUgGTHG0000bd5a@hotmail.com>
Message-ID: <006201c36cd8$ef5a8ad0$6401a8c0@EZDSDELL>

He clicked yes. Turned out...no shell specified in passwd file.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of D C Krook
Sent: Wednesday, August 27, 2003 2:51 PM
To: talk at lists.nyphp.org
Subject: Re: [nycphp-talk] Putty/SSH automatically disconnecting session


Jeff,

Is it possible that your client rejected the hostname key the first time

s/he ever connected to this server?  It's possible that Putty won't
connect 
again if you chose no to begin with.


>My client is using Putty to log into the server (set for SSH2 only,
>etc.). The client has the IDENTICAL settings as I do except, of course,
>he uses his own user name and password. After entering his user name
and
>password, Putty closes the window, i.e., just logs out...no error
>message...nothing. I can reproduce it at my end so there is something
>else going on.
>
>Any ideas on how to troubleshoot this one?

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Wed Aug 27 16:22:26 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 16:22:26 -0400
Subject: [nycphp-talk] Putty/SSH automatically disconnecting session
In-Reply-To: <E19s6Rl-00050x-FX@rslrs1-server.com>
Message-ID: <006301c36cd8$f2ebc7e0$6401a8c0@EZDSDELL>

That was it! It now works! Thanks so much!

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Brian Pang
Sent: Wednesday, August 27, 2003 2:59 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Putty/SSH automatically disconnecting session


is his shell properly spec'ed in /etc/passwd


> On Wed, Aug 27, 2003 at 03:45:48PM -0400, Jeff wrote:
> > My client is using Putty to log into the server (set for SSH2 only,
> > etc.). The client has the IDENTICAL settings as I do except, of
course,
> > he uses his own user name and password. After entering his user name
and
> > password, Putty closes the window, i.e., just logs out...no error
> > message...nothing. I can reproduce it at my end so there is
something
> > else going on.
> > 
> > Any ideas on how to troubleshoot this one?
> 
> Log is as yourself, then run 'su - clientname', supply the password,
> and see if you get any errors.
> 
> Tim
> 
> -- 
> Tim Sailer <sailer at bnl.gov> 
> Information and Special Technologies Program
> Office of CounterIntelligence 
> Brookhaven National Laboratory  (631) 344-3001
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 



_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From jsiegel1 at optonline.net  Wed Aug 27 16:22:26 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 16:22:26 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <1062014368.15929.177.camel@dhcp-101-144.hq.communityconnect.com>
Message-ID: <006401c36cd8$f61198f0$6401a8c0@EZDSDELL>

Good points...it'll get added to the list.

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Nicholas Tang
Sent: Wednesday, August 27, 2003 2:59 PM
To: NYPHP Talk
Subject: RE: [nycphp-talk] intro question


It's worth adding something about writing secure php code, about
handling cookies, about scalability (even more importantly about
_affordable_ scalability - i.e. anyone can scale with a million dollar
budget, but doing it on the cheap), and about accelerators/caches...
maybe also about the basics of Apache configuration, since almost all
installs use it.

Nicholas

On Wed, 2003-08-27 at 15:51, Jeff wrote:
> Aaron,
> 
> It's not "fully cooked" yet but we've begun to assemble a master list
of
> topics. 
> See:
http://cvs.nyphp.org/cvsweb.cgi/fundamentals/fundamental.topics.txt
> 
> Jeff
> 
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Aaron Fischer
> Sent: Wednesday, August 27, 2003 2:10 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] intro question
> 
> 
> Hhmm, is this "fundamentals" section live on the website?  Going to 
> nyphp.org I haven't been able to find it by navigating through the
site.
> 
> Aaron
> 
> On Wednesday, Aug 27, 2003, at 13:32 US/Eastern, Chris Snyder wrote:
> 
> > It really is a great collection of advice, Dave!
> >
> > Jeff wrote:
> >
> >> Dave,
> >>
> >> Hope you don't mind if I "steal" this piece and use it for the new
> >> "fundamentals" section of NYPHP which will be dealing with newbie
> >> questions/issues.
> >>
> >> Jeff
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
-- 
Nicholas Tang <ntang at mail.communityconnect.com>
Community Connect Inc. - http://www.communityconnect.com/


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From dmintz at panix.com  Wed Aug 27 16:25:34 2003
From: dmintz at panix.com (David Mintz)
Date: Wed, 27 Aug 2003 16:25:34 -0400 (EDT)
Subject: [nycphp-talk] intro question
In-Reply-To: <006101c36cd6$d3f36250$6401a8c0@EZDSDELL>
References: <006101c36cd6$d3f36250$6401a8c0@EZDSDELL>
Message-ID: <Pine.NEB.4.56.0308271614580.15341@panix5.panix.com>

On Wed, 27 Aug 2003, Jeff wrote:

> Dave,
>
> It's up there. See: http://cvs.nyphp.org/cvsweb.cgi/fundamentals/
>


Took ya long enough (-:


From mlevy at hypersol.com  Wed Aug 27 16:35:40 2003
From: mlevy at hypersol.com (Mauricio Sadicoff)
Date: Wed, 27 Aug 2003 16:35:40 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <094c01c36cd5$b6126ac0$67a76244@philofsoa>
Message-ID: <BB728E5C.14D19%mlevy@hypersol.com>

On 8/27/2003 15:59, "Phil Powell" <soazine at erols.com> scribbled:

> Sounds like it, but what about customary phrases your site has that aren't
> found in the included files? How are those implemented and subsequently
> translated?

The way they chose to do was to define them originally as the English
version. So if it's not defined in the translation it showed up in English.

I'm using the past tense because I worked on a Release Candidate, prior to
version 2.2, so they might have changed that.

Best regards,
Mauricio

--- 
 Mauricio L. Sadicoff
 mlevy at hypersol.com


"Peace of mind isn't at all superficial, really," I expound. "It's the whole
thing. That which produces it is good maintenance; that which disturbs it is
poor maintenance. What we call workability of the machine is just an
objectification of this peace of mind. The ultimate test is always your own
serenity." - Zen and the Art of Motorcycle Maintenance.



From csnyder at chxo.com  Wed Aug 27 16:40:30 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 16:40:30 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
Message-ID: <3F4D173E.8040001@chxo.com>

Okay folks, here's the scoop. Based on some extensive testing at
http://chxo.com/scripts/emptytest.php

To test for an empty string, you have to test that it is both empty AND 
a string.

if ( is_string($$foo) && empty($$foo) ) do empty string stuff here

Otherwise $$foo could be 0 or not set at all. I humbly take back any 
misinfo I spread earlier, Michael.

     chris.

Michael Southwell wrote:

> A line of code says this:
>   if (!(${$foo})) do something if the value is empty
>
> If $foo="bar" and $bar="something" then will ${$foo} evaluate to 
> "something"--which I assume is the purpose of the curly brackets?  But 
> it doesn't seem to work when the value is empty, though I would swear 
> it used to.  or maybe there is something with an empty value 
> evaluating true anyway, so I need to use =="" or ==="", or =='' or 
> ==='' (single quotation marks)?  Is this tricky, or am I just ignorant?
>
> Michael G. Southwell =================================
> DNEBA Enterprises
> 81 South Road
> Bloomingdale, NJ 07403-1419
> 973/492-7873 (voice and fax)
> southwell at dneba.com
> http://www.dneba.com
> ======================================================
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




From jsiegel1 at optonline.net  Wed Aug 27 16:53:19 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Wed, 27 Aug 2003 16:53:19 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <Pine.NEB.4.56.0308271614580.15341@panix5.panix.com>
Message-ID: <006801c36cdd$40dca4c0$6401a8c0@EZDSDELL>

Sorry...a bit busy today. :)

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of David Mintz
Sent: Wednesday, August 27, 2003 3:26 PM
To: NYPHP Talk
Subject: RE: [nycphp-talk] intro question


On Wed, 27 Aug 2003, Jeff wrote:

> Dave,
>
> It's up there. See: http://cvs.nyphp.org/cvsweb.cgi/fundamentals/
>


Took ya long enough (-:
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From southwell at dneba.com  Wed Aug 27 16:57:36 2003
From: southwell at dneba.com (Michael Southwell)
Date: Wed, 27 Aug 2003 16:57:36 -0400
Subject: [nycphp-talk] intro question
In-Reply-To: <15FD4590-D8C2-11D7-B413-0003930D07F2@email.smith.edu>
References: <3F4CEB42.90607@chxo.com>
Message-ID: <5.1.0.14.2.20030827165709.00b56370@mail.optonline.net>

We will be announcing it just after Labor Day.

At 03:10 PM 8/27/2003, you wrote:
>Hhmm, is this "fundamentals" section live on the website?  Going to 
>nyphp.org I haven't been able to find it by navigating through the site.
>
>Aaron
>
>On Wednesday, Aug 27, 2003, at 13:32 US/Eastern, Chris Snyder wrote:
>
>>It really is a great collection of advice, Dave!
>>
>>Jeff wrote:
>>
>>>Dave,
>>>
>>>Hope you don't mind if I "steal" this piece and use it for the new
>>>"fundamentals" section of NYPHP which will be dealing with newbie
>>>questions/issues.
>>>
>>>Jeff
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================




From southwell at dneba.com  Wed Aug 27 17:04:01 2003
From: southwell at dneba.com (Michael Southwell)
Date: Wed, 27 Aug 2003 17:04:01 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <3F4D173E.8040001@chxo.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
	<5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
Message-ID: <5.1.0.14.2.20030827170233.00b595c0@mail.optonline.net>

wow, you guys are fabulous (and I thought this was going to be simple)!

Jeff Siegel, this looks like another likely candidate.


At 04:40 PM 8/27/2003, you wrote:
>Okay folks, here's the scoop. Based on some extensive testing at
>http://chxo.com/scripts/emptytest.php
>
>To test for an empty string, you have to test that it is both empty AND a 
>string.
>
>if ( is_string($$foo) && empty($$foo) ) do empty string stuff here
>
>Otherwise $$foo could be 0 or not set at all. I humbly take back any 
>misinfo I spread earlier, Michael.
>
>     chris.
>
>Michael Southwell wrote:
>
>>A line of code says this:
>>   if (!(${$foo})) do something if the value is empty
>>
>>If $foo="bar" and $bar="something" then will ${$foo} evaluate to 
>>"something"--which I assume is the purpose of the curly brackets?  But it 
>>doesn't seem to work when the value is empty, though I would swear it 
>>used to.  or maybe there is something with an empty value evaluating true 
>>anyway, so I need to use =="" or ==="", or =='' or ==='' (single 
>>quotation marks)?  Is this tricky, or am I just ignorant?
>>
>>Michael G. Southwell =================================
>>DNEBA Enterprises
>>81 South Road
>>Bloomingdale, NJ 07403-1419
>>973/492-7873 (voice and fax)
>>southwell at dneba.com
>>http://www.dneba.com
>>======================================================
>>
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org
>>http://lists.nyphp.org/mailman/listinfo/talk
>
>
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================




From danielc at analysisandsolutions.com  Wed Aug 27 17:23:43 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 27 Aug 2003 17:23:43 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <3F4D173E.8040001@chxo.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
	<3F4D173E.8040001@chxo.com>
Message-ID: <20030827212342.GA22289@panix.com>

Hi:

On Wed, Aug 27, 2003 at 04:40:30PM -0400, Chris Snyder wrote:
> 
> To test for an empty string, you have to test that it is both empty AND 
> a string.
> 
> if ( is_string($$foo) && empty($$foo) ) do empty string stuff here

Do that the other way around.  Always do an empty() check first, just in
case the variable isn't set at all.  This prevents PHP from generating an
"undefined variable" Notice error.

Do be aware that...

   $bar = 0;    // is_string() will be false, empty() will be true
   $bar = '0';  // is_string() will be true,  empty() will be true

$var == '' can be the appropriate test in some circumstances.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From csnyder at chxo.com  Wed Aug 27 17:59:41 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 17:59:41 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827212342.GA22289@panix.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>	<3F4D173E.8040001@chxo.com>
	<20030827212342.GA22289@panix.com>
Message-ID: <3F4D29CD.50508@chxo.com>

Thanks Dan, I wasn't checking whether it was set or not.
And it seems like empty() is just misleading all around.

So what we really want, to test for an empty string -- I'm going to drop 
this $$foo business now, it's misleading -- is the following:

// check whether $foo is an empty string...
if ( isset($foo) ) {
    if ( is_string($foo) && $foo=='' ) do stuff here
    }

Wow. I updated http://chxo.com/scripts/emptytest.php to reflect this.



Analysis & Solutions wrote:

>Hi:
>
>On Wed, Aug 27, 2003 at 04:40:30PM -0400, Chris Snyder wrote:
>  
>
>>To test for an empty string, you have to test that it is both empty AND 
>>a string.
>>
>>if ( is_string($$foo) && empty($$foo) ) do empty string stuff here
>>    
>>
>
>Do that the other way around.  Always do an empty() check first, just in
>case the variable isn't set at all.  This prevents PHP from generating an
>"undefined variable" Notice error.
>
>Do be aware that...
>
>   $bar = 0;    // is_string() will be false, empty() will be true
>   $bar = '0';  // is_string() will be true,  empty() will be true
>
>$var == '' can be the appropriate test in some circumstances.
>
>--Dan
>
>  
>



From danielc at analysisandsolutions.com  Wed Aug 27 18:22:05 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Wed, 27 Aug 2003 18:22:05 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <3F4D29CD.50508@chxo.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>
	<3F4D173E.8040001@chxo.com> <20030827212342.GA22289@panix.com>
	<3F4D29CD.50508@chxo.com>
Message-ID: <20030827222205.GA28545@panix.com>

On Wed, Aug 27, 2003 at 05:59:41PM -0400, Chris Snyder wrote:
> 
> if ( isset($foo) ) {
>    if ( is_string($foo) && $foo=='' ) do stuff here
>    }

The is_string() test is unnecessary.  You can just do $foo === ''.

Back to the earlier stage of this discussion, if you're not concerned
about the 0, null or false, you can do this whole thing in one step with
an empty() test.

Again, your style is confusing.  Your bracket is under the second if, even
though it's closing the first if.  Let alone, I (and most style guides)
dislike single line if statements.

I just learned something interesting while confirming stuff:

    $bar = 0;
    if ($bar == '') {
        echo '<br />bar equals empty';
    }

This comparison will evaluate to true, so the message will be printed.

Weird,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From csnyder at chxo.com  Wed Aug 27 18:40:29 2003
From: csnyder at chxo.com (Chris Snyder)
Date: Wed, 27 Aug 2003 18:40:29 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827222205.GA28545@panix.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>	<3F4D173E.8040001@chxo.com>
	<20030827212342.GA22289@panix.com>	<3F4D29CD.50508@chxo.com>
	<20030827222205.GA28545@panix.com>
Message-ID: <3F4D335D.1040008@chxo.com>

Analysis & Solutions wrote:

>I just learned something interesting while confirming stuff:
>
>    $bar = 0;
>    if ($bar == '') {
>        echo '<br />bar equals empty';
>    }
>
>This comparison will evaluate to true, so the message will be printed.
>
>  
>
Which was really the whole point of this exercise -- but you dropped 
another hint there with the strict comparison operator (===).
In "standard" style this time:

    if ( isset($foo) ) {
        if ( $foo==='' ) {
            print "foo is an empty string.";
        }
    }

And that's all we really needed: a fine lesson in strict vs loose 
comparison.
http://www.php.net/manual/en/types.comparisons.php




From jlacey at ix.netcom.com  Wed Aug 27 18:46:26 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Wed, 27 Aug 2003 16:46:26 -0600
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <20030827222205.GA28545@panix.com>
References: <5.1.0.14.2.20030827143839.00b344c0@mail.optonline.net>	<3F4D173E.8040001@chxo.com>
	<20030827212342.GA22289@panix.com>	<3F4D29CD.50508@chxo.com>
	<20030827222205.GA28545@panix.com>
Message-ID: <3F4D34C2.2090707@ix.netcom.com>

Analysis & Solutions wrote:

>On Wed, Aug 27, 2003 at 05:59:41PM -0400, Chris Snyder wrote:
>  
>
>>if ( isset($foo) ) {
>>   if ( is_string($foo) && $foo=='' ) do stuff here
>>   }
>>    
>>
>
>The is_string() test is unnecessary.  You can just do $foo === ''.
>
>Back to the earlier stage of this discussion, if you're not concerned
>about the 0, null or false, you can do this whole thing in one step with
>an empty() test.
>
>Again, your style is confusing.  Your bracket is under the second if, even
>though it's closing the first if.  Let alone, I (and most style guides)
>dislike single line if statements.
>
>I just learned something interesting while confirming stuff:
>
>    $bar = 0;
>    if ($bar == '') {
>        echo '<br />bar equals empty';
>    }
>
>This comparison will evaluate to true, so the message will be printed.
>
>Weird,
>
>--Dan
>
>  
>
I had to run a quick test myself (not that I doubted anyone :)

quote " When one argument to a comparison operator is a number, the 
other argument is cast to a number."

so,

$foo = '';
$bar = (int) $foo;
echo $bar;  // displays zero

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030827/f44d5847/attachment.html>

From jeffknight at mac.com  Wed Aug 27 19:04:34 2003
From: jeffknight at mac.com (putamare)
Date: Wed, 27 Aug 2003 19:04:34 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
Message-ID: <D325B5EA-D8E2-11D7-8C8D-003065F9A07A@mac.com>

Saw a bunch of empty(), is_null(), == and === discussions earlier today 
& thought I'd contribute something  besides smart-ass remarks:
http://www.blueshoes.org/en/developer/php_cheat_sheet/?bcRun=1&js=0

On Wednesday, August 27, 2003, at 06:11  PM, Daniel Kushner wrote:

> Jeff K., can you explain this to Dan?
>
> --Daniel
>

Wha?



From jlacey at ix.netcom.com  Wed Aug 27 19:18:08 2003
From: jlacey at ix.netcom.com (John Lacey)
Date: Wed, 27 Aug 2003 17:18:08 -0600
Subject: [nycphp-talk] PHP Cheat Sheet
In-Reply-To: <D325B5EA-D8E2-11D7-8C8D-003065F9A07A@mac.com>
References: <D325B5EA-D8E2-11D7-8C8D-003065F9A07A@mac.com>
Message-ID: <3F4D3C30.4070707@ix.netcom.com>

putamare wrote:

> Saw a bunch of empty(), is_null(), == and === discussions earlier 
> today & thought I'd contribute something  besides smart-ass remarks:
> http://www.blueshoes.org/en/developer/php_cheat_sheet/?bcRun=1&js=0
>
*very* cool site




From hans at nyphp.org  Wed Aug 27 21:32:28 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 27 Aug 2003 21:32:28 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <E19s6WP-0005b4-10@rslrs1-server.com>
References: <E19s6WP-0005b4-10@rslrs1-server.com>
Message-ID: <3F4D5BAC.9040703@nyphp.org>


> however, my $0.02 on this is limit the occassions where you have mixed
> variable types.
> if it's boolean, use a strict boolean test
>     and stick to using either true/false or 0/1; don't mix up true/0 or
> 1/false
> use strict string checking for strings

I'm 100% with this, Brian.  While loose-typing can be very handy (when used explicitly), I've found it's more trouble when you don't pay attention to it.  I use strict type equality checking (===) *always* and will only do a loose check (==) when I need to for a specific reason.  I've been burned too much by forgetting all the sublties covered in this thread.

It's also a performance boost.  empty() is quite an expensive operation; use isset() where possible, simple boolean checks, ie if( $var ),  and casting.  Explicit casting is fantastic; implicit casts can make your heart jump, which is why:

$bar = 0;
if ($bar == '') {
   echo '<br />bar equals empty';
}

makes output, and using  if( $bar === '' )   wouldn't.

Southwell, right on - this is certainly one for the fundamentals.

H




From hans at nyphp.org  Wed Aug 27 21:37:24 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 27 Aug 2003 21:37:24 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
In-Reply-To: <D325B5EA-D8E2-11D7-8C8D-003065F9A07A@mac.com>
References: <D325B5EA-D8E2-11D7-8C8D-003065F9A07A@mac.com>
Message-ID: <3F4D5CD4.2070901@nyphp.org>



putamare wrote:

> Saw a bunch of empty(), is_null(), == and === discussions earlier today 
> & thought I'd contribute something  besides smart-ass remarks:
> http://www.blueshoes.org/en/developer/php_cheat_sheet/?bcRun=1&js=0

These types of links (and not to mention all the great info today) is why we need a list person to collect and compile list content for nyphp.org  :)

H




From hans at nyphp.org  Wed Aug 27 21:43:26 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Wed, 27 Aug 2003 21:43:26 -0400
Subject: [nycphp-talk] php & oracle 9i
In-Reply-To: <E19s65W-0002za-37@rslrs1-server.com>
References: <E19s65W-0002za-37@rslrs1-server.com>
Message-ID: <3F4D5E3E.3060002@nyphp.org>



Brian Pang wrote:

> Tom,
> thanks. That does help to know that it _does_ work. I am using the oci
> functions, not ora.
> I think I may need to recompile php, and maybe apache, too? still
> researching.

The oracle client for 8i will work against 9i IIRC - but this is the Oracle client itself, not the client libraries.  You'll almost certainly need to recompile PHP, and thusly Apache if it's not a DSO.

And Tom, how about Matt gives a PHP with Oracle presentation over this way, when he gets back from vacation?  :)

H




From bpang at bpang.com  Wed Aug 27 23:38:03 2003
From: bpang at bpang.com (Brian Pang)
Date: Wed, 27 Aug 2003 23:38:03 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
Message-ID: <E19sDbn-000762-QB@rslrs1-server.com>

This is great... between this and Chris' examples I think I'm off the
hook from my pre-dentist post that I would look into this further.

thanks all :)

no cavities, woo hoo
If anyone needs a dentist, I really like this guy. Email me off list.


> 
> 
> putamare wrote:
> 
> > Saw a bunch of empty(), is_null(), == and === discussions earlier today 
> > & thought I'd contribute something  besides smart-ass remarks:
> > http://www.blueshoes.org/en/developer/php_cheat_sheet/?bcRun=1&js=0
> 
> These types of links (and not to mention all the great info today) is
why we need a list person to collect and compile list content for
nyphp.org  :)
> 
> H
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From dan at mx2pro.com  Thu Aug 28 07:51:11 2003
From: dan at mx2pro.com (Dan Horning)
Date: Thu, 28 Aug 2003 07:51:11 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
In-Reply-To: <3F4D5CD4.2070901@nyphp.org>
Message-ID: <000401c36d5a$ad12cac0$0e01a8c0@WebTeam01>

Been doing it since I joined
:-D

> -----Original Message-----
> From: talk-bounces at lists.nyphp.org 
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Hans Zaunere
> Sent: Wednesday, August 27, 2003 9:37 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] PHP Cheat Sheet
> 
> 
> 
> 
> putamare wrote:
> 
> > Saw a bunch of empty(), is_null(), == and === discussions 
> earlier today 
> > & thought I'd contribute something  besides smart-ass remarks:
> > http://www.blueshoes.org/en/developer/php_cheat_sheet/?bcRun=1&js=0
> 
> These types of links (and not to mention all the great info 
> today) is why we need a list person to collect and compile 
> list content for nyphp.org  :)
> 
> H
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From emm at scriptdigital.com  Thu Aug 28 09:35:27 2003
From: emm at scriptdigital.com (Emmanuel. M. Decarie)
Date: Thu, 28 Aug 2003 09:35:27 -0400
Subject: [nycphp-talk] ${$variable}
In-Reply-To: <3F4D5BAC.9040703@nyphp.org>
References: <E19s6WP-0005b4-10@rslrs1-server.com> <3F4D5BAC.9040703@nyphp.org>
Message-ID: <a06001a01bb73b29588d3@[192.168.0.2]>

? (At) 21:32 -0400 27/08/03, Hans Zaunere ?crivait (wrote) :
>
>$bar = 0;
>if ($bar == '') {
>   echo '<br />bar equals empty';
>}
>
>makes output, and using  if( $bar === '' )   wouldn't.

I have been bitten so many times by this that I 
prefer this in my code. I find that its more 
explicit.

$bar = 0;
if ( strlen ($bar) == 0 ) {
   echo '<br />bar equals empty or not set';
} else {
	echo '<br />bar not empty';
}

Output: '<br />bar not empty'

#$bar = 0;
if ( strlen ($bar) == 0 ) {
   echo '<br />bar equals empty or not set';
} else {
	echo '<br />bar not empty';
}

Output: '<br />bar equals empty or not set'

Cheers
-Emmanuel



-- 
______________________________________________________________________
Emmanuel D?carie / Programmation pour le Web - Programming for the Web
<http://scriptdigital.com/> - Blog: 
<http://blog.scriptdigital.com> - AIM: 
scriptdigital


From hans at nyphp.org  Thu Aug 28 09:52:07 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Thu, 28 Aug 2003 09:52:07 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
In-Reply-To: <000401c36d5a$ad12cac0$0e01a8c0@WebTeam01>
References: <000401c36d5a$ad12cac0$0e01a8c0@WebTeam01>
Message-ID: <3F4E0907.4030004@nyphp.org>



Dan Horning wrote:
> Been doing it since I joined
> :-D

Yes yes, share share! :)  If you could maintain something like this for the public good, let me know offlist and I'll get you a CVS account and I'll create a directory like http://lists.nyphp.org/notes/ or something.

H



From jsiegel1 at optonline.net  Thu Aug 28 10:18:41 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Thu, 28 Aug 2003 10:18:41 -0400
Subject: [nycphp-talk] MySQL table optimization
Message-ID: <002301c36d6f$488cf2a0$6401a8c0@EZDSDELL>

I have a particular table that has a very large number of deleted
records (and approx. 500 records are deleted and added each day). The
MySQL docs note that running an "Optimize" statement will clean up this
potentially fractured file. However, I believe I had read somewhere (of
course...don't ask me where "somewhere" is...I don't remember) that
there is the potential that the table itself can become corrupted after
running optimize. Is this true? And if it is true, how can I detect, via
code, that a table has become hosed?

Jeff



From ejp at well.com  Thu Aug 28 11:02:59 2003
From: ejp at well.com (Edward Potter)
Date: Thu, 28 Aug 2003 11:02:59 -0400
Subject: [nycphp-talk] PHP Cheat Sheet
In-Reply-To: <3F4E0907.4030004@nyphp.org>
Message-ID: <B65D7D8A-D968-11D7-8FEB-000393D9EBFA@well.com>

You could also create your own:
"Adventures With PHP"  blogger and add all these tips and tricks to 
your day to day "Life As A Coder" rants.
Check out the new http://www.typepad.com site, I think it's the best 
piece of web software written in years.

Pretty much rocks.

-ed


On Thursday, August 28, 2003, at 09:52 AM, Hans Zaunere wrote:

>
>
> Dan Horning wrote:
>> Been doing it since I joined
>> :-D
>
> Yes yes, share share! :)  If you could maintain something like this 
> for the public good, let me know offlist and I'll get you a CVS 
> account and I'll create a directory like http://lists.nyphp.org/notes/ 
> or something.
>
> H
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



From cahoyos at us.ibm.com  Thu Aug 28 11:24:38 2003
From: cahoyos at us.ibm.com (Carlos A Hoyos)
Date: Thu, 28 Aug 2003 11:24:38 -0400
Subject: [nycphp-talk] MySQL table optimization
In-Reply-To: <002301c36d6f$488cf2a0$6401a8c0@EZDSDELL>
Message-ID: <OF3928F8F7.1E0D1424-ON85256D90.005496EA-85256D90.0054A760@us.ibm.com>






There was a bug that "OPTIMIZE of locked and modified MyISAM table,
reported table corruption" before 3.23.53.

I run maintenance crons that include this optimization on fairly big
tables, with no issues reported so far.

You can check table status by running "analyze table <tablename>", check
"Msg_type" and "Msg_text" in your result set.

Carlos



                                                                                                                                       
                      Jeff                                                                                                             
                      <jsiegel1 at optonli        To:       "'NYPHP Talk'" <talk at lists.nyphp.org>                                         
                      ne.net>                  cc:                                                                                     
                      Sent by:                 Subject:  [nycphp-talk] MySQL table optimization                                         
                      talk-bounces at list                                                                                                
                      s.nyphp.org                                                                                                      
                                                                                                                                       
                                                                                                                                       
                      08/28/2003 10:18                                                                                                 
                      AM                                                                                                               
                      Please respond to                                                                                                
                      NYPHP Talk                                                                                                       
                                                                                                                                       



I have a particular table that has a very large number of deleted
records (and approx. 500 records are deleted and added each day). The
MySQL docs note that running an "Optimize" statement will clean up this
potentially fractured file. However, I believe I had read somewhere (of
course...don't ask me where "somewhere" is...I don't remember) that
there is the potential that the table itself can become corrupted after
running optimize. Is this true? And if it is true, how can I detect, via
code, that a table has become hosed?

Jeff





From markert at optonline.net  Thu Aug 28 11:56:21 2003
From: markert at optonline.net (John W. Markert)
Date: Thu, 28 Aug 2003 11:56:21 -0400
Subject: [nycphp-talk] 
	Pricing methodologies, business practices and copyright
Message-ID: <004701c36d7c$ed597120$0300a8c0@dads>

Greetings...

I would like to start a discussion of pricing and protecting one's work. This would not apply to employees but rather free lance/independent work.

I believe that could be subject to many differing ideas but I'm sure that we will all benefit. To start the discussion, please advise regarding any of the following:

Pricing methodologies...
    hourly ... how to set rate
    perpage ... how to reconcile complexity
    royalty ... calculated as % of sale or other metric for right to use software
    value to customer's business
    other???

Protection ...
    Who will own  the software when it is complete. 
    Copyright ... are rights retained or is non-exclusive license given to customer.
     Is software encripted with product like Zend offers or do customers demand source.
     If source is provided, how can author protect interest when licensing software?
    

Trade groups ...
    Many trade groups have business standards... Is anyone aware of any group that has standards for either PHP or web programming?

Would this be a good start for NYPHP business guidelines codification that could enhance our businesses. 

John



___________________________________________

John W. Markert
14 Joanna Way
Kinnelon, NJ 07405
Phone: (973)838-8956
Cell: (201)788-1740
Fax: (973)838-4561 
email: markert at optonline.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030828/d761fdce/attachment.html>

From sklar at sklar.com  Thu Aug 28 12:13:10 2003
From: sklar at sklar.com (David Sklar)
Date: Thu, 28 Aug 2003 12:13:10 -0400
Subject: [nycphp-talk] Pricing methodologies,
	business practices and copyright
In-Reply-To: <004701c36d7c$ed597120$0300a8c0@dads>
Message-ID: <NFBBJNKBNKCIKGKJIFPJAEKAGJAA.sklar@sklar.com>

When I do consulting, I generally bill based on the time I spend on a
project. (Or I agree on a fixed fee with the client after estimating the
time the project will take.) One motivation for this is to emphasize that
what the client is paying for is my time and attention. Software I write or
recommendations I make for them are obviously a byproduct of that time and
attention, but what they are buying (well, renting, really) is me.

The language in the consulting agreement that I use (and in my professional
liability insurance) also reflects this. Except in extraordinary cases, if
something goes wrong and money has to be refunded (which has never happened
to me) the client is entitled to a refund of whatever they paid me, not
another amount calculated on the potential value of whatever software was to
have been developed, etc.

Within this framework, you have plenty of room to adjust fees based on
project complexity, how much available time you have, how badly the client
needs your services, what kind of business the client is (e.g. perhaps you
want to discount your rate for a non-profit whose mission you agree with),
and so forth.

As for copyright, I like to retain ownership of code and give the client a
perpetual, sublicenseable, whatever-they-want-to-do-with-it license. This is
primarily so I can re-use the code on other projects. Once you've spent some
time developing an web-based data maintenance interface, it saves everyone
time and money to be able to re-use it on future projects. If part of an
assignment involves developing something for a client that they want to own
and I can't re-use (because it's a core competitive advantage for them, they
want to keep it secret, or whatever), I try to adjust my fees to compensate
for that restriction.

If a potential client has a project in an area that I think is
extra-interesting, or I want to gain more experience in, then sometimes that
extra draw of a project is worth discounting my rate.

In general, I try to be as flexible as possible for a client. They pay me
some money to have my attention and skills focused on the problems they need
to solve. I advise them on how best to use my attention and skills, but
ultimately, the decision on how to deploy me is up to them and I try to
present a fee structure that reflects that decision.

Hope this helps,
David


On Thursday, August 28, 2003 11:56 AM, you wrote:

> Greetings...
>
> I would like to start a discussion of pricing and protecting one's
> work. This would not apply to employees but rather free
> lance/independent work.
>
> I believe that could be subject to many differing ideas but I'm sure
> that we will all benefit. To start the discussion, please advise
> regarding any of the following:
>
> Pricing methodologies...
>     hourly ... how to set rate
>     perpage ... how to reconcile complexity
>     royalty ... calculated as % of sale or other metric for right to
>     use software value to customer's business
>     other???
>
> Protection ...
>     Who will own  the software when it is complete.
>     Copyright ... are rights retained or is non-exclusive license
>      given to customer. Is software encripted with product like Zend
>      offers or do customers demand source. If source is provided, how
> can author protect interest when licensing software?
>
>
> Trade groups ...
>     Many trade groups have business standards... Is anyone aware of
> any group that has standards for either PHP or web programming?
>
> Would this be a good start for NYPHP business guidelines codification
> that could enhance our businesses.
>
> John
>
>
>
> ___________________________________________
>
> John W. Markert
> 14 Joanna Way
> Kinnelon, NJ 07405
> Phone: (973)838-8956
> Cell: (201)788-1740
> Fax: (973)838-4561
> email: markert at optonline.net



From bpang at bpang.com  Thu Aug 28 13:35:22 2003
From: bpang at bpang.com (Brian Pang)
Date: Thu, 28 Aug 2003 13:35:22 -0400
Subject: [nycphp-talk] php & oracle 9i
Message-ID: <E19sQg6-0008Ru-SX@rslrs1-server.com>

So, even though php was originally compiled to use 8i, I need to
recompile it to work with 9i?

I need oracle 9i client libraries, then?

I'm not the dba on this project, and not overly familiar with Oracle
(why should I be, when mysql is so great), but I need to be able to at
least speak (pseudo-)intelligently with him.

Thanks,

Brian


> 
> 
> Brian Pang wrote:
> 
> > Tom,
> > thanks. That does help to know that it _does_ work. I am using the oci
> > functions, not ora.
> > I think I may need to recompile php, and maybe apache, too? still
> > researching.
> 
> The oracle client for 8i will work against 9i IIRC - but this is the
Oracle client itself, not the client libraries.  You'll almost certainly
need to recompile PHP, and thusly Apache if it's not a DSO.
> 
> And Tom, how about Matt gives a PHP with Oracle presentation over this
way, when he gets back from vacation?  :)
> 
> H
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jsiegel1 at optonline.net  Thu Aug 28 16:24:18 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Thu, 28 Aug 2003 16:24:18 -0400
Subject: [nycphp-talk] Microsoft Using Linux-Based Network in Wake of Attacks
Message-ID: <000401c36da2$5ecbf420$6401a8c0@EZDSDELL>


 See: http://www.newsfactor.com/perl/story/22171.html



From lists at ny-tech.net  Thu Aug 28 22:53:43 2003
From: lists at ny-tech.net (Nasir Zubair)
Date: Thu, 28 Aug 2003 22:53:43 -0400
Subject: [nycphp-talk] CVS client for windows.
In-Reply-To: <E19sQg6-0008Ru-SX@rslrs1-server.com>
Message-ID: <000001c36dd8$c668b420$6401a8c0@main>

Hi all,

I've been trying to learn CVS. My primary OS is windows and I'm having
trouble finding a good and easy to use CVS client for windows. I downloaded
WinCVS and smartCVS. However, WinCVS is confusing as hell and smartCVS is
giving errors (still waiting for a response from support at smartcvs.com).

Does anyone have a recommendation?

Thanks,
Nasir Zubair




From danielc at analysisandsolutions.com  Thu Aug 28 23:03:22 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Thu, 28 Aug 2003 23:03:22 -0400
Subject: [nycphp-talk] CVS client for windows.
In-Reply-To: <000001c36dd8$c668b420$6401a8c0@main>
References: <E19sQg6-0008Ru-SX@rslrs1-server.com>
	<000001c36dd8$c668b420$6401a8c0@main>
Message-ID: <20030829030322.GA5935@panix.com>

Hi:

I use the command line client that comes with Cygwin.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From jonbaer at jonbaer.net  Thu Aug 28 21:43:08 2003
From: jonbaer at jonbaer.net (Jon Baer)
Date: Thu, 28 Aug 2003 21:43:08 -0400
Subject: [nycphp-talk] CVS client for windows.
References: <E19sQg6-0008Ru-SX@rslrs1-server.com><000001c36dd8$c668b420$6401a8c0@main>
	<20030829030322.GA5935@panix.com>
Message-ID: <004b01c36dce$e6020b10$6400a8c0@thinkpad>

http://www.wincvs.org/

- jon

----- Original Message ----- 
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, August 28, 2003 11:03 PM
Subject: Re: [nycphp-talk] CVS client for windows.


> Hi:
> 
> I use the command line client that comes with Cygwin.
> 
> --Dan
> 
> -- 
>      FREE scripts that make web and database programming easier
>            http://www.analysisandsolutions.com/software/
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 



From southwell at dneba.com  Fri Aug 29 10:14:23 2003
From: southwell at dneba.com (Michael Southwell)
Date: Fri, 29 Aug 2003 10:14:23 -0400
Subject: [nycphp-talk] book reviews
Message-ID: <5.1.0.14.2.20030829101246.00b36168@mail.optonline.net>

Following up on recent discussions of free books for review, here are 
O'Reilly's book review guidelines and hints, 
http://ug.oreilly.com/bookreviews.html, for anyone who might be a bit 
reluctant.

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================




From jsiegel1 at optonline.net  Fri Aug 29 10:47:21 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Fri, 29 Aug 2003 10:47:21 -0400
Subject: [nycphp-talk] MySQL table optimization
In-Reply-To: <OF3928F8F7.1E0D1424-ON85256D90.005496EA-85256D90.0054A760@us.ibm.com>
Message-ID: <005201c36e3c$76bbd420$6401a8c0@EZDSDELL>

Thanks! What would be the msg type/text I would look for? Couldn't find
a list after some Googling and, quite honestly, it's not real obvious
from errmsg.txt. However, the only things that seemed "remotely"
possible in errmsg.txt are the following:

"Table '%-.64s' is marked as crashed and should be repaired",
"Table '%-.64s' is marked as crashed and last (automatic?) repair
failed",

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Carlos A Hoyos
Sent: Thursday, August 28, 2003 10:25 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] MySQL table optimization







There was a bug that "OPTIMIZE of locked and modified MyISAM table,
reported table corruption" before 3.23.53.

I run maintenance crons that include this optimization on fairly big
tables, with no issues reported so far.

You can check table status by running "analyze table <tablename>", check
"Msg_type" and "Msg_text" in your result set.

Carlos



 

                      Jeff

                      <jsiegel1 at optonli        To:       "'NYPHP Talk'"
<talk at lists.nyphp.org>                                         
                      ne.net>                  cc:

                      Sent by:                 Subject:  [nycphp-talk]
MySQL table optimization                                         
                      talk-bounces at list

                      s.nyphp.org

 

 

                      08/28/2003 10:18

                      AM

                      Please respond to

                      NYPHP Talk

 




I have a particular table that has a very large number of deleted
records (and approx. 500 records are deleted and added each day). The
MySQL docs note that running an "Optimize" statement will clean up this
potentially fractured file. However, I believe I had read somewhere (of
course...don't ask me where "somewhere" is...I don't remember) that
there is the potential that the table itself can become corrupted after
running optimize. Is this true? And if it is true, how can I detect, via
code, that a table has become hosed?

Jeff



_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From keremtuzemen at hotmail.com  Fri Aug 29 11:01:33 2003
From: keremtuzemen at hotmail.com (Kerem Tuzemen)
Date: Fri, 29 Aug 2003 11:01:33 -0400
Subject: [nycphp-talk] CVS client for windows.
References: <000001c36dd8$c668b420$6401a8c0@main>
Message-ID: <Law14-OE18HOQGZaooj00001bd0@hotmail.com>

Hey Nasir,

Check out TortoiseCVS (http://www.tortoisecvs.org/), it's so easy to use and
well thought.

Kerem


----- Original Message ----- 
From: "Nasir Zubair" <lists at ny-tech.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Thursday, August 28, 2003 10:53 PM
Subject: [nycphp-talk] CVS client for windows.


> Hi all,
>
> I've been trying to learn CVS. My primary OS is windows and I'm having
> trouble finding a good and easy to use CVS client for windows. I
downloaded
> WinCVS and smartCVS. However, WinCVS is confusing as hell and smartCVS is
> giving errors (still waiting for a response from support at smartcvs.com).
>
> Does anyone have a recommendation?
>
> Thanks,
> Nasir Zubair
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>


From hans at nyphp.org  Fri Aug 29 11:42:43 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 11:42:43 -0400
Subject: [nycphp-talk] MySQL table optimization
In-Reply-To: <002301c36d6f$488cf2a0$6401a8c0@EZDSDELL>
References: <002301c36d6f$488cf2a0$6401a8c0@EZDSDELL>
Message-ID: <3F4F7473.1040905@nyphp.org>



Jeff wrote:

> I have a particular table that has a very large number of deleted
> records (and approx. 500 records are deleted and added each day). The
> MySQL docs note that running an "Optimize" statement will clean up this
> potentially fractured file. However, I believe I had read somewhere (of
> course...don't ask me where "somewhere" is...I don't remember) that
> there is the potential that the table itself can become corrupted after
> running optimize. Is this true? And if it is true, how can I detect, via
> code, that a table has become hosed?

As Carlos points out, this used to be a problem.  On a 4.0.13 database, we delete/insert about 5000+ three times a day without issue.  The general progression we use:

-- LOCK TABLES as write (optional, but can't hurt if you can afford it)
-- DELETE QUICK the old rows
-- INSERT the new rows
-- ANALYZE, OPTIMIZE, FLUSH the table

Some of that is probably overkill, but it can't hurt, especially if you can afford the slight performance penalty.  With over 350,000 records in the table, we've had no problems doing this type of thing many times a day.

H



From hans at nyphp.org  Fri Aug 29 11:47:47 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 11:47:47 -0400
Subject: [nycphp-talk] php & oracle 9i
In-Reply-To: <E19sQg6-0008Ru-SX@rslrs1-server.com>
References: <E19sQg6-0008Ru-SX@rslrs1-server.com>
Message-ID: <3F4F75A3.7000205@nyphp.org>



Brian Pang wrote:

> So, even though php was originally compiled to use 8i, I need to
> recompile it to work with 9i?
> 
> I need oracle 9i client libraries, then?

Don't quote me, but I think so.  Oracle's own clients will work, but from what I've heard 3rd party applications will need to be linked against the new libs.

> I'm not the dba on this project, and not overly familiar with Oracle
> (why should I be, when mysql is so great), but I need to be able to at
> least speak (pseudo-)intelligently with him.

Like I say, I may be wrong, so pseudo-intelligently is a good call :)

H




From hans at nyphp.org  Fri Aug 29 11:56:25 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 11:56:25 -0400
Subject: [nycphp-talk] Pricing methodologies,
	business practices and copyright
In-Reply-To: <004701c36d7c$ed597120$0300a8c0@dads>
References: <004701c36d7c$ed597120$0300a8c0@dads>
Message-ID: <3F4F77A9.4000409@nyphp.org>


> Trade groups ...
>     Many trade groups have business standards... Is anyone aware of any 
> group that has standards for either PHP or web programming?

Unfortunately I haven't seen any.

> Would this be a good start for NYPHP business guidelines codification 
> that could enhance our businesses.

Certainly, and it's been briefly talked about in the past.  We can kick some things around at the dev meeting, 9/9/03.  ....and have David write it up  :)

H




From bpang at bpang.com  Fri Aug 29 11:54:00 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 29 Aug 2003 11:54:00 -0400
Subject: [nycphp-talk] php & oracle 9i
Message-ID: <E19slZY-0005T6-HP@rslrs1-server.com>

ok, well, we installed php-4.3.3 and it works now...

We didn't change anything with the oracle8 client or libraries on the
machine, at least that I know of. The DBA said that 9 is backwards
compatible with 8.

however, post-install I also noticed I had another location where the db
host was still looking to the wrong place. (The code is all hacked up. I
know, it should all be in one common place).

I guess it's possible that the re-install wasn't completely necessary,
but now I'll never know. oh well.. at least it works now. PHP needed to
be upgraded from 4.2 anyhow.


I did make 1 interesting discovery in all of this, but it's not related
to Oracle. I didn't know that GD was bundled into php as of 4.3.
I couldn't get it to install properly with it on Solaris 5.7 and I
didn't feel like taking the time to investigate it further.
If anyone has anything to say about this, probably best to put it into a
new thread.



> 
> 
> Brian Pang wrote:
> 
> > So, even though php was originally compiled to use 8i, I need to
> > recompile it to work with 9i?
> > 
> > I need oracle 9i client libraries, then?
> 
> Don't quote me, but I think so.  Oracle's own clients will work, but
from what I've heard 3rd party applications will need to be linked
against the new libs.
> 
> > I'm not the dba on this project, and not overly familiar with Oracle
> > (why should I be, when mysql is so great), but I need to be able to at
> > least speak (pseudo-)intelligently with him.
> 
> Like I say, I may be wrong, so pseudo-intelligently is a good call :)
> 
> H
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From jsiegel1 at optonline.net  Fri Aug 29 12:06:09 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Fri, 29 Aug 2003 12:06:09 -0400
Subject: [nycphp-talk] MySQL table optimization
In-Reply-To: <3F4F7473.1040905@nyphp.org>
Message-ID: <005b01c36e47$7a22cbe0$6401a8c0@EZDSDELL>

Hans,

I'm using MySQL 3.23.56 (the ver with RH 7.3). Based on Carlos' message,
the known "bug" shouldn't be in this version.

The insert is done during the course of the day - not all at once - so I
can skip that step. This gives me a GREAT outline of steps (THANKS!!!).
I'll share some code once it's ready.

Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Hans Zaunere
Sent: Friday, August 29, 2003 10:43 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] MySQL table optimization




Jeff wrote:

> I have a particular table that has a very large number of deleted
> records (and approx. 500 records are deleted and added each day). The
> MySQL docs note that running an "Optimize" statement will clean up
this
> potentially fractured file. However, I believe I had read somewhere
(of
> course...don't ask me where "somewhere" is...I don't remember) that
> there is the potential that the table itself can become corrupted
after
> running optimize. Is this true? And if it is true, how can I detect,
via
> code, that a table has become hosed?

As Carlos points out, this used to be a problem.  On a 4.0.13 database,
we delete/insert about 5000+ three times a day without issue.  The
general progression we use:

-- LOCK TABLES as write (optional, but can't hurt if you can afford it)
-- DELETE QUICK the old rows
-- INSERT the new rows
-- ANALYZE, OPTIMIZE, FLUSH the table

Some of that is probably overkill, but it can't hurt, especially if you
can afford the slight performance penalty.  With over 350,000 records in
the table, we've had no problems doing this type of thing many times a
day.

H

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk



From anthony.leung at virgin.net  Fri Aug 29 12:10:53 2003
From: anthony.leung at virgin.net (Anthony)
Date: Fri, 29 Aug 2003 17:10:53 +0100
Subject: [nycphp-talk] security focus "vulnerability" in apache process with
	php.
In-Reply-To: <20030829160002.4F08AA8651@virtu.nyphp.org>
References: <20030829160002.4F08AA8651@virtu.nyphp.org>
Message-ID: <hke2a5.f3mdv8@www.mmkm.net>

I'm (tenuously) responsibile for looking at php in my company and thought it
isn't really approved for use yet, I was wondering if people could share any
light on this "vulnerability". It's been discussed before, but I really need
to know if this is something that is a threat: ie, could an external attacker
get apache to dump logins and passwords to whatever place, or to get it to
serve items not intended to be available?

Cheers,
Anthony

===============================================
PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
BugTraq ID: 8405
Remote: No
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8405
Summary:
PHP is the Personal Home Page web application development suite.  It is
available for the Unix, Linux, and Microsoft platforms.

A problem has been reported in the dlopen function of PHP when used with
the Apache web server.  Because of this, an attacker may be able to gain
unauthorized access to potentially sensitive information.

The problem is in the ability to access the memory of the calling process.
 When a PHP script is executed by an Apache process, it is possible to dump
the contents of the Apache process memory to a text file.  This could be
used by an attacker to gain access to potentially sensitive information
which could include authentication credentials.  The function may also
permit other attacks, such as allowing an attacker to deliver different
content other than what the server is configured to serve.

_________________________________________________________
This mail sent using V-webmail - http://www.v-webmail.org



From rob at nyc.yamaha.com  Fri Aug 29 12:12:03 2003
From: rob at nyc.yamaha.com (Robert Redcay)
Date: Fri, 29 Aug 2003 12:12:03 -0400
Subject: [nycphp-talk] e-commerce application design
Message-ID: <3F4F7B53.1040101@nyc.yamaha.com>

Hi all,
I apologise if these questions are too broad in scope, but I'm working 
on redesigning a medium-sized e-commerce web application written in PHP 
with a Postgres database. I've already decided on the frame work 
(MVC-type model based on the Phrame project using smarty for the view, 
objects for my business model and a php file as the controller), but 
there are a lot of other pieces I'm still considering and the same 
question keeps coming up.. "Is this just overkill or will it help with 
maintainability, reusability, etc.?"

Some of these questions are as follows:
1. I'll be using Pear's DB abstraction layer, but am still wondering 
about a database class to encapsulate my sql, querying the db, and data 
retrieval.  I've seen libraries (like DB_DataObject) which create a 
class for each table (with that table's columns as its class attributes) 
that extend a base class which has functionality for building sql for 
simple selects updates and deletes. I like this idea, but it seems to 
get pretty squarely when it comes to joins and more complex queries. I'm 
wondering if any of you have had a good experience with DB_DataObject or 
similar libraries. My alternative is to have hard-coded sql and database 
calls within each script, which seems like a poor choice.

2. I've also seen "form" classes to handle form elements and data 
validation for all html forms (think oohforms, and others). This is a 
little bit more difficult to implement when using Smarty templates, but 
still possible. However, with only about 10-20 forms on the entire site, 
it seems like it's potential overkill. Does the group have any opinions 
about the best way to handle forms?

3. Lastly is a question that's specific to my frame work (the MVC 
model). The Phrame project includes a huge array used to map the user's 
request to an action. Although this provides a loose coupling between 
requests and actions, which would be good for extensibility, it seems 
like a pain to have to build and maintain this array. Alternatively, I 
could just assume a 1-to-1 relationship between requests and actions. Do 
any PHP/MVC gurus have an opinion about this?


Also, if anyone has any general tips for designing profesional-grade web 
applications that they'd like to share, please do so.

-Rob





From stephen at musgrave.org  Fri Aug 29 14:00:54 2003
From: stephen at musgrave.org (Stephen Musgrave)
Date: Fri, 29 Aug 2003 14:00:54 -0400
Subject: [nycphp-talk] MIME multipart email frustrations
Message-ID: <BB750D16.F0EE%stephen@musgrave.org>


I've looked through the list archives, and didn't see a close enough issue
to what I'm experiencing.

So, I've got this PHP function that sends a multipart email.  For a long
while I was having problems sending it to AOL (of course) and found that
using "\r\n" in the 4th argument caused it to choke and now I only use "\r".
But now one of my testers is reporting that her Outlook Express is showing
all the header and html code.. while my Outlook Express is seeing it just
fine.  I've had another OE user look at it and it looks good there, too.  It
also looks fine on Entourage (Mac), Netscape 7.1 (XP) (but not 7.0).

I feel like I'm just hacking.  Is there some help out there?

Here's a link to the resulting email file:

http://musgrave.org/mutlipart-source.txt

Thanks,

Stephen Musgrave

//  stephen at musgrave.org
//  http://musgrave.org
//  718-486-6514



From bpang at bpang.com  Fri Aug 29 14:12:08 2003
From: bpang at bpang.com (Brian Pang)
Date: Fri, 29 Aug 2003 14:12:08 -0400
Subject: [nycphp-talk] MIME multipart email frustrations
Message-ID: <E19snjE-0002eF-3s@rslrs1-server.com>

It looks like you're purposefully setting a second boundary
"=inner_boundary"

I've never tried or seen this, so I'm not sure if it's actually allowed.

But, I also don't think it's 100% necessary.

Did you try it just using "=this_is_the_boundary"

I believe your frustration with MIME multipart emails is widely shared.
I have something that I use, although I know it has certain (limited)
flaws. I finally decided that I just didn't care if Lotus Notes users
got the email exactly as it was intended.

Quite honestly, a LOT of email I get from various senders using various
email clients (including AOL and Outlook) as well as a lot of spam that
I get comes through all eff'ed up in one way or another. (I use only a
webmail client, but that should be a moot point).
Maybe this fact also helped me to come to ease with the fact that I
could never get 100% success rates with my own php email scripts.


> 
> I've looked through the list archives, and didn't see a close enough issue
> to what I'm experiencing.
> 
> So, I've got this PHP function that sends a multipart email.  For a long
> while I was having problems sending it to AOL (of course) and found that
> using "\r\n" in the 4th argument caused it to choke and now I only use
"\r".
> But now one of my testers is reporting that her Outlook Express is showing
> all the header and html code.. while my Outlook Express is seeing it just
> fine.  I've had another OE user look at it and it looks good there,
too.  It
> also looks fine on Entourage (Mac), Netscape 7.1 (XP) (but not 7.0).
> 
> I feel like I'm just hacking.  Is there some help out there?
> 
> Here's a link to the resulting email file:
> 
> http://musgrave.org/mutlipart-source.txt
> 
> Thanks,
> 
> Stephen Musgrave
> 
> //  stephen at musgrave.org
> //  http://musgrave.org
> //  718-486-6514
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> 





From danielc at analysisandsolutions.com  Fri Aug 29 14:16:46 2003
From: danielc at analysisandsolutions.com (Analysis & Solutions)
Date: Fri, 29 Aug 2003 14:16:46 -0400
Subject: [nycphp-talk] MIME multipart email frustrations
In-Reply-To: <BB750D16.F0EE%stephen@musgrave.org>
References: <BB750D16.F0EE%stephen@musgrave.org>
Message-ID: <20030829181646.GA22402@panix.com>

Hi Stephen:

Without looking at your code, please note, this subject has been covered 
many times on the php.general mailing list.  See groups.google.com for the 
archive.  Also, there are several classes out there, including some in 
PEAR, I believe, that handle this stuff for you already.

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409


From hans at nyphp.org  Fri Aug 29 17:49:48 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 17:49:48 -0400
Subject: [nycphp-talk] MIME multipart email frustrations
In-Reply-To: <BB750D16.F0EE%stephen@musgrave.org>
References: <BB750D16.F0EE%stephen@musgrave.org>
Message-ID: <3F4FCA7C.5060002@nyphp.org>


> Here's a link to the resulting email file:
> 
> http://musgrave.org/mutlipart-source.txt

A couple of points... for one, according to the RFCs, all line-endings should be \r\n 

And, the general form is a bit off; while the top level header's Content-type is correct, the empty Status: header field might throw some clients off.  And, if I remember correctly, ending boundaries need an trailing '--'.  But, as Dan said, PEAR and phpclasses.org have tons of fairly complete classes for this type of thing.

H




From hans at nyphp.org  Fri Aug 29 18:03:13 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 18:03:13 -0400
Subject: [nycphp-talk] security focus "vulnerability" in apache process
	with	php.
In-Reply-To: <hke2a5.f3mdv8@www.mmkm.net>
References: <20030829160002.4F08AA8651@virtu.nyphp.org>
	<hke2a5.f3mdv8@www.mmkm.net>
Message-ID: <3F4FCDA1.3000403@nyphp.org>



Anthony wrote:

> I'm (tenuously) responsibile for looking at php in my company and thought it
> isn't really approved for use yet, I was wondering if people could share any
> light on this "vulnerability". It's been discussed before, but I really need
> to know if this is something that is a threat: ie, could an external attacker
> get apache to dump logins and passwords to whatever place, or to get it to
> serve items not intended to be available?

No.  dlopen() is a powerful feature of the language, and with power comes ability.  When you load an extension into Apache/PHP, you would hope it could read the memory of that process; otherwise, it'd be pretty useless.

It's a real shame that securityfocus blindly registers this as a vulnerability.  I've emailed them twice, questioning who it was that actually submitted this, and whether they reviewed this as a true security hole.  I haven't heard from them yet.  Furthermore, if you dig on the internet for the author's name (who, I might add, doesn't supply any valid contact information) it becomes quite clear that it's some kid who just wanted to get their name on securityfocus.com.

I'd continue to be wary of securityfocus.com's claims, as this type of behavior isn't an isolated incident.

H





From hans at nyphp.org  Fri Aug 29 18:34:01 2003
From: hans at nyphp.org (Hans Zaunere)
Date: Fri, 29 Aug 2003 18:34:01 -0400
Subject: [nycphp-talk] e-commerce application design
In-Reply-To: <3F4F7B53.1040101@nyc.yamaha.com>
References: <3F4F7B53.1040101@nyc.yamaha.com>
Message-ID: <3F4FD4D9.2050805@nyphp.org>



Robert Redcay wrote:

> Hi all,
> I apologise if these questions are too broad in scope, but I'm working 
> on redesigning a medium-sized e-commerce web application written in PHP 
> with a Postgres database. I've already decided on the frame work 
> (MVC-type model based on the Phrame project using smarty for the view, 
> objects for my business model and a php file as the controller), but 
> there are a lot of other pieces I'm still considering and the same 
> question keeps coming up.. "Is this just overkill or will it help with 
> maintainability, reusability, etc.?"

In my opinion... yes  :)

> Some of these questions are as follows:
> 1. I'll be using Pear's DB abstraction layer, but am still wondering 
> about a database class to encapsulate my sql, querying the db, and data 
> retrieval.  I've seen libraries (like DB_DataObject) which create a 
> class for each table (with that table's columns as its class attributes) 
> that extend a base class which has functionality for building sql for 
> simple selects updates and deletes. I like this idea, but it seems to 
> get pretty squarely when it comes to joins and more complex queries. I'm 
> wondering if any of you have had a good experience with DB_DataObject or 
> similar libraries. My alternative is to have hard-coded sql and database 
> calls within each script, which seems like a poor choice.

I've never used DB_DataObject itself, but have played at writting similar structures on my own, and have seen code based heavily on this type of model.  For one, there's a great deal of overhead involved for all this abstraction.  Secondly, as you mention, things begin to fall apart with complex queries, joins, etc. and you will end up making many hacks to get things to work.  Thus, there's a good chance you'll end up with hackish code, that's slow.  If you're using PostgreSQL, take advantage of one of the better ideas in abstraction modeling since a bread slicing machine; stored procedures and views.

> 2. I've also seen "form" classes to handle form elements and data 
> validation for all html forms (think oohforms, and others). This is a 
> little bit more difficult to implement when using Smarty templates, but 
> still possible. However, with only about 10-20 forms on the entire site, 
> it seems like it's potential overkill. Does the group have any opinions 
> about the best way to handle forms?

Abstraction with forms, and input from browsers in general, can be a good thing, although again being careful not to go too far.  For larger projects I use a "unified request processor" which is a single page, or set of included pages, that validates and aggregates input before handing it off to the real logic of the application.  As for rendering the form's HTML itself, PHP is a templating engine :)

> 3. Lastly is a question that's specific to my frame work (the MVC 
> model). The Phrame project includes a huge array used to map the user's 
> request to an action. Although this provides a loose coupling between 
> requests and actions, which would be good for extensibility, it seems 
> like a pain to have to build and maintain this array. Alternatively, I 
> could just assume a 1-to-1 relationship between requests and actions. Do 
> any PHP/MVC gurus have an opinion about this?

Of all the places for abstraction, I've had the best luck adding it to "where the rubber meets the road."  Once you can easily manage the requests that come in, and either reject or cleanse them, your business logic becomes much simpler and abstracted, since there's isn't the need for pedantic validation, security, etc.

http://phrame.sourceforge.net/docs/guide/controller.php is maybe a little heavier than I've done a similer model, but fairly close IMHO.

> Also, if anyone has any general tips for designing profesional-grade web 
> applications that they'd like to share, please do so.

All I can say is there's never a free lunch.  Abstracting things out tremendously may initially appear to reduce work and increase flexibility, but in the end there will always be workarounds needed.  And, if thing's are too far out, you'll end up with more pain than gain.  Somewhere in the code, the actual work has to happen and I haven't found that wrapping it in an onion of abstraction layers is that beneficial.

H




From lists at ny-tech.net  Fri Aug 29 23:48:43 2003
From: lists at ny-tech.net (Nasir Zubair)
Date: Fri, 29 Aug 2003 23:48:43 -0400
Subject: [nycphp-talk] CVS client for windows.
In-Reply-To: <Law14-OE18HOQGZaooj00001bd0@hotmail.com>
Message-ID: <000001c36ea9$a01a6a80$6401a8c0@main>

Thanks Kerem. 


- Nasir

-----Original Message-----
From: Kerem Tuzemen [mailto:keremtuzemen at hotmail.com] 
Sent: Friday, August 29, 2003 11:02 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] CVS client for windows.


Hey Nasir,

Check out TortoiseCVS (http://www.tortoisecvs.org/), it's so easy to use and
well thought.

Kerem


----- Original Message ----- 
From: "Nasir Zubair" <lists at ny-tech.net>
To: "'NYPHP Talk'" <talk at lists.nyphp.org>
Sent: Thursday, August 28, 2003 10:53 PM
Subject: [nycphp-talk] CVS client for windows.


> Hi all,
>
> I've been trying to learn CVS. My primary OS is windows and I'm having 
> trouble finding a good and easy to use CVS client for windows. I
downloaded
> WinCVS and smartCVS. However, WinCVS is confusing as hell and smartCVS 
> is giving errors (still waiting for a response from 
> support at smartcvs.com).
>
> Does anyone have a recommendation?
>
> Thanks,
> Nasir Zubair
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
>
_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk






From soazine at erols.com  Sat Aug 30 18:43:29 2003
From: soazine at erols.com (Phil Powell)
Date: Sat, 30 Aug 2003 18:43:29 -0400
Subject: [nycphp-talk] Anyone know what qpmd8376.bin is?
Message-ID: <002c01c36f48$2356b7c0$67a76244@philofsoa>

I have this mysterious file on my C:/ drive, qpmd8376.bin - contains a rather large integer value and nothing more.  I read up somewhere that .bin files are normally associated with email clients like Outlook and Outlook Express (I have Outlook Express).  Am I correct in assuming so, else, what the heck is this thing?

Thanx

Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030830/f36a04f4/attachment.html>

From chendry at nyc.rr.com  Sat Aug 30 21:16:41 2003
From: chendry at nyc.rr.com (Christopher Hendry)
Date: Sat, 30 Aug 2003 21:16:41 -0400
Subject: [nycphp-talk] Anyone know what qpmd8376.bin is?
In-Reply-To: <002c01c36f48$2356b7c0$67a76244@philofsoa>
Message-ID: <JMEHLOIOFHBEJDCDJNLOGEKDDNAA.chendry@nyc.rr.com>

looks like I have the little sucker too, but dunno what it is either...

sorry that does not help, but at least you are not alone.

:)
  -----Original Message-----
  From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On
Behalf Of Phil Powell
  Sent: Saturday, August 30, 2003 6:43 PM
  To: NYPHP Talk
  Subject: [nycphp-talk] Anyone know what qpmd8376.bin is?


  I have this mysterious file on my C:/ drive, qpmd8376.bin - contains a
rather large integer value and nothing more.  I read up somewhere that .bin
files are normally associated with email clients like Outlook and Outlook
Express (I have Outlook Express).  Am I correct in assuming so, else, what
the heck is this thing?

  Thanx

  Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030830/b145aa5e/attachment.html>

From jsiegel1 at optonline.net  Sat Aug 30 21:46:27 2003
From: jsiegel1 at optonline.net (Jeff)
Date: Sat, 30 Aug 2003 21:46:27 -0400
Subject: [nycphp-talk] Anyone know what qpmd8376.bin is?
In-Reply-To: <002c01c36f48$2356b7c0$67a76244@philofsoa>
Message-ID: <001901c36f61$b1ff3830$6401a8c0@EZDSDELL>

Found this on Google.
http://groups.google.com/groups?q=qpmd8376.bin
<http://groups.google.com/groups?q=qpmd8376.bin&hl=en&lr=&ie=UTF-8&oe=UT
F-8&filter=0> &hl=en&lr=&ie=UTF-8&oe=UTF-8&filter=0
 
File seems harmless (see the "Groups" messages).
 
Jeff

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Phil Powell
Sent: Saturday, August 30, 2003 5:43 PM
To: NYPHP Talk
Subject: [nycphp-talk] Anyone know what qpmd8376.bin is?


I have this mysterious file on my C:/ drive, qpmd8376.bin - contains a
rather large integer value and nothing more.  I read up somewhere that
.bin files are normally associated with email clients like Outlook and
Outlook Express (I have Outlook Express).  Am I correct in assuming so,
else, what the heck is this thing?
 
Thanx
 
Phil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030830/f24cf6ec/attachment.html>